Azure Compute Azure Virtual Machines
Virtual Machines Getting started Select image and VM size New disk persisted in storage Management portal Windows Server Boot VM from new disk >_ Scripting (Windows, Linux and Mac) REST API Comprehensive Networking Linux Extra Small Small Medium Large X-Large Blob Storage Cloud
VM Gallery A COLLECTION OF PREBUILT IMAGES FOR VARIOUS WORKLOADS Windows Server 2012 R2 Ubuntu Server 14.04 LTS CentOS 6.5 SUSE Linux Enterprise Server opensuse 13.1 Oracle Linux 6.4.0.0.0 SQL Server 2014 Standard Oracle Database 11g R2 BizTalk Server 2013 SharePoint Server Farm Microsoft Dynamics GP 2013 Zulu 8 SAP HANA Developer Edition Puppet Enterprise 3.2.3 Barracuda Web Application Oracle WebLogic Server 12.1.2 Visual Studio Ultimate 2013 Windows 8.1 Enterprise Microsoft Azure 3
Before creating VM think: The names of your application resources The location where the resources are stored The size of the VM The maximum number of VMs that can be created The operating system that the VM runs The configuration of the VM after it starts The related resources that the VM needs
Bring Your Own Server/VHD
Imaging VMs in the Cloud
Virtual Machine Sizes
Virtual Machine Storage Architecture Azure Virtual Machine C:\ OS Disk Disk Cache D:\ Temporary Disk (Contents can be lost) E:\, F:\, etc. Data Disks
Disk Storage Images and disks are stored as Windows Azure Storage Blobs Data is triplicated All existing storage tools just work Windows Azure Storage
Availability Sets Availability set SQL Server Primary SQL Server Secondary SLA High Availability Hardware and Software Windows and Linux SLA 99.95
Availability Sets
You can create a VNet before you create a VM or you can as you create a VM. You create these resources to support communication with a VM: Network interfaces IP addresses Virtual network and subnets
Multiple NICs in Azure VMs Up to 4 NICs per VM Multiple NICs enable virtual appliances in Azure MAC/IP addresses persist through VM life cycle Separate frontend-backend traffic, and management-data planes Azure Virtual Machine NIC2 NIC1 Default 10.2.3.33 10.2.2.22 10.2.1.11 Backend Subnet App Subnet Azure Virtual Network Frontend Subnet VIP: 133.44.55.66 Interne
Network security groups A network security group (NSG) contains a list of Access Control List (ACL) rules that allow or deny network traffic to subnets, NICs, or both. NSGs can be associated with either subnets or individual NICs connected to a subnet. When an NSG is associated with a subnet, the ACL rules apply to all the VMs in that subnet. In addition, traffic to an individual NIC can be restricted by associating an NSG directly to a NIC. NSGs contain two sets of rules: inbound and outbound. The priority for a rule must be unique within each set. Each rule has properties of protocol, source and destination port ranges, address prefixes, direction of traffic, priority, and access type. All NSGs contain a set of default rules. The default rules cannot be deleted, but because they are assigned the lowest priority, they can be overridden by the rules that you create. When you associate an NSG to a NIC, the network access rules in the NSG are applied only to that NIC. If an NSG is applied to a single NIC on a multi-nic VM, it does not affect traffic to the other NICs. You can associate different NSGs to a NIC (or VM, depending on the deployment model) and the subnet that a NIC or VM is bound to. Priority is given based on the direction of traffic.
How to monitor virtual machines in Azure Diagnostics and metrics You can set up and monitor the collection of diagnostics data using metrics in the Azure portal, the Azure CLI, Azure PowerShell, and programming Applications Programming Interfaces (APIs) Observe basic metrics for the VM. Enable the collection of boot diagnostics and view it using the Azure portal Enable the collection of guest OS diagnostics data
Alerts You can create alerts based on specific performance metrics. Examples of the issues you can be alerted about include when average CPU usage exceeds a certain threshold, or available free disk space drops below a certain amount. Alerts can be configured in the Azure portal, using Azure PowerShell, or the Azure CLI.
Azure Networking Azure Virtual Network
Azure provides a variety of networking capabilities that can be used together or separately Connectivity between Azure resources Internet connectivity On-premises connectivity Load balancing and traffic direction Security Routing
Internet connectivity All Azure resources connected to a VNet have outbound connectivity to the Internet by default. The private IP address of the resource is source network address translated (SNAT) to a public IP address by the Azure infrastructure.
Connect virtual networks You can connect VNets to each other, enabling resources connected to either VNet to communicate with each other across VNets. You can use either or both of the following options to connect VNets to each other: Peering VNet-to-VNet connection
On-premises connectivity Point-to-site (VPN over SSTP)
Site-to-site (IPsec/IKE VPN tunnel)
ExpressRoute (dedicated private connection)
Route network traffic Azure creates route tables that enable resources connected to any subnet in any VNet to communicate with each other, by default. You can implement either or both of the following options to override the default routes Azure creates: User-defined routes BGP routes
Network Load Balancing
Load Balancer features Hash-based distribution Port forwarding Automatic reconfiguration Service monitoring Source NAT
Application Load Balancing
Web application firewall (WAF) Web application firewall (WAF) is a feature of Application Gateway that provides centralized protection of your web applications from common exploits and vulnerabilities.
Azure Load Balancer works at the transport layer (Layer 4 in the OSI network reference stack). It provides network-level distribution of traffic across instances of an application running in the same Azure data center. Application Gateway works at the application layer (Layer 7 in the OSI network reference stack). It acts as a reverse-proxy service, terminating the client connection and forwarding requests to backend endpoints. Traffic Manager works at the DNS level. It uses DNS responses to direct end-user traffic to globally distributed endpoints. Clients then connect to those endpoints directly.
About VPN Gateway A VPN gateway is a type of virtual network gateway that sends encrypted traffic across a public connection to an on-premises location. You can also use VPN gateways to send encrypted traffic between Azure virtual networks over the Microsoft network. To send encrypted network traffic between your Azure virtual network and your on-premises site, you must create a VPN gateway for your virtual network.
Azure DNS overview he Domain Name System, or DNS, is responsible for translating (or resolving) a website or service name to its IP address. Azure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure.