AZ-104 Objective 3.2: Create and Configure Virtual Machines
AZ-104 Exam Focus: This objective covers the complete lifecycle of Azure Virtual Machines, from creation to advanced configuration. Understanding VM creation, disk encryption, resource management, sizing, disk management, high availability deployment, and Virtual Machine Scale Sets is crucial for Azure administrators. Master these concepts for both exam success and real-world Azure compute management.
Understanding Azure Virtual Machines
Azure Virtual Machines (VMs) are on-demand, scalable compute resources that provide you with the flexibility of virtualization without the need to buy and maintain physical hardware. VMs are ideal for a wide range of workloads, from development and testing to running applications in production environments. VMs are typically deployed into Azure Virtual Networks and can be deployed using ARM templates and Bicep for infrastructure as code.
Key VM Concepts
- Virtual Machine: A software-based computer that runs an operating system and applications
- Virtual Hard Disk (VHD): The storage medium for VMs, stored as blobs in Azure Storage
- Virtual Network Interface Card (NIC): Enables network connectivity for the VM
- Public IP Address: Optional external IP address for internet connectivity
- Network Security Group (NSG): Firewall rules for controlling network traffic
1. Create a Virtual Machine
Creating an Azure VM involves several configuration steps. You can create VMs through the Azure portal, Azure CLI, PowerShell, ARM templates, or Bicep files.
VM Creation Process
Essential Configuration Steps:
- Subscription and Resource Group: Select the appropriate subscription and resource group
- VM Name: Choose a unique name (1-15 characters for Windows, 1-64 for Linux)
- Region: Select the Azure region closest to your users
- Image: Choose the operating system (Windows Server, Ubuntu, CentOS, etc.)
- Size: Select appropriate VM size based on CPU, memory, and storage requirements
- Authentication: Configure username/password or SSH key pair
- Networking: Configure virtual network, subnet, and security rules
- Storage: Configure OS disk type and size
VM Sizes and Types
Azure offers various VM series optimized for different workloads:
| VM Series | Use Case | Characteristics |
|---|---|---|
| B-series | Development, testing, small workloads | Burstable performance, cost-effective |
| D-series | General-purpose applications | Balanced CPU-to-memory ratio |
| F-series | High CPU-to-memory ratio | Fast CPU performance |
| E-series | Memory-intensive applications | High memory-to-CPU ratio |
| N-series | GPU-enabled workloads | NVIDIA GPUs for compute/graphics |
Creating VMs with Azure CLI
# Create a resource group az group create --name myResourceGroup --location eastus # Create a virtual network az network vnet create --resource-group myResourceGroup --name myVNet --address-prefix 10.0.0.0/16 --subnet-name mySubnet --subnet-prefix 10.0.1.0/24 # Create a public IP address az network public-ip create --resource-group myResourceGroup --name myPublicIP --allocation-method Dynamic # Create a network security group az network nsg create --resource-group myResourceGroup --name myNSG # Create a virtual network interface az network nic create --resource-group myResourceGroup --name myNIC --vnet-name myVNet --subnet mySubnet --public-ip-address myPublicIP --network-security-group myNSG # Create the virtual machine az vm create --resource-group myResourceGroup --name myVM --image UbuntuLTS --size Standard_B1s --admin-username azureuser --generate-ssh-keys --nics myNIC
2. Configure Azure Disk Encryption
Azure Disk Encryption (ADE) helps protect and safeguard your data to meet organizational security and compliance commitments. It uses the DM-Crypt feature of Linux and BitLocker feature of Windows to provide volume encryption for the OS and data disks.
Azure Disk Encryption Components
Key Components:
- Azure Key Vault: Stores encryption keys and secrets
- Azure AD App: Authenticates to Key Vault (Windows VMs)
- Extension: AzureDiskEncryption extension handles encryption process
- BitLocker (Windows): Volume encryption for Windows VMs
- DM-Crypt (Linux): Volume encryption for Linux VMs
Enabling Disk Encryption
Prerequisites:
- VM must be in a supported region
- VM must meet minimum memory requirements (7GB for Windows, 2GB for Linux)
- Azure Key Vault must be in the same region and subscription
- VM must have internet connectivity or access to Key Vault
# Enable disk encryption for Windows VM az vm encryption enable --resource-group myResourceGroup --name myVM --disk-encryption-keyvault myKeyVault # Enable disk encryption for Linux VM az vm encryption enable --resource-group myResourceGroup --name myVM --disk-encryption-keyvault myKeyVault --volume-type All # Check encryption status az vm encryption show --resource-group myResourceGroup --name myVM
Encryption Scenarios
| Scenario | OS Disk | Data Disk | Use Case |
|---|---|---|---|
| OS + Data | Encrypted | Encrypted | Full protection |
| Data Only | Not Encrypted | Encrypted | Data protection only |
| OS Only | Encrypted | Not Encrypted | OS protection only |
3. Move a Virtual Machine to Another Resource Group, Subscription, or Region
Moving VMs between resource groups, subscriptions, or regions is a common administrative task. The process and requirements vary depending on the destination.
Moving VMs Between Resource Groups
Requirements:
- Source and destination resource groups must be in the same subscription
- VM must be in a stopped (deallocated) state
- All associated resources move together (NIC, disks, public IP)
- User must have Contributor access to both resource groups
# Move VM to another resource group
az resource move --destination-group newResourceGroup --ids /subscriptions/{subscription-id}/resourceGroups/{source-rg}/providers/Microsoft.Compute/virtualMachines/{vm-name}
# Move VM with all dependencies
az resource move --destination-group newResourceGroup --ids /subscriptions/{subscription-id}/resourceGroups/{source-rg}/providers/Microsoft.Compute/virtualMachines/{vm-name} --include-dependenciesMoving VMs Between Subscriptions
Important Considerations:
- VM must be in a stopped (deallocated) state
- All associated resources must be moved together
- Resource IDs change after the move
- Applications using hardcoded resource IDs need updates
- RBAC assignments are lost and must be recreated
Moving VMs Between Regions
Moving VMs between regions requires using Azure Site Recovery or Azure Resource Mover. This is more complex than moving within the same region.
Azure Resource Mover Process:
- Create a move collection in the target region
- Add source resources to the collection
- Validate dependencies and resolve issues
- Initiate the move process
- Commit or discard the move
4. Manage Virtual Machine Sizes
VM sizing is crucial for performance optimization and cost management. You can resize VMs to meet changing workload requirements.
Resizing VMs
Resize Requirements:
- VM must be in a stopped (deallocated) state
- Target size must be available in the same availability zone
- Target size must be available in the same region
- Some resizes may require moving to a different hardware cluster
# Get available VM sizes in a region az vm list-sizes --location eastus --output table # Resize a VM az vm resize --resource-group myResourceGroup --name myVM --size Standard_D2s_v3 # Check current VM size az vm show --resource-group myResourceGroup --name myVM --query hardwareProfile.vmSize
VM Size Categories
| Size Category | Example Sizes | Best For |
|---|---|---|
| General Purpose | B1s, D2s_v3, D4s_v3 | Web servers, small databases |
| Compute Optimized | F2s_v2, F4s_v2, F8s_v2 | High CPU workloads |
| Memory Optimized | E2s_v3, E4s_v3, E8s_v3 | Large databases, analytics |
| Storage Optimized | L4s, L8s, L16s | High disk throughput |
| GPU | NC6s_v3, ND6s_v3 | Machine learning, rendering |
5. Manage Virtual Machine Disks
Azure VMs use virtual hard disks (VHDs) stored as page blobs in Azure Storage. Understanding disk types, performance tiers, and management operations is essential for optimal VM performance.
Azure Disk Types
| Disk Type | Performance Tier | Max IOPS | Max Throughput | Use Case |
|---|---|---|---|---|
| Standard HDD | Standard | 500 | 60 MB/s | Backup, archive |
| Standard SSD | Standard | 4,000 | 60 MB/s | Web servers, dev/test |
| Premium SSD | Premium | 20,000 | 900 MB/s | Production workloads |
| Ultra SSD | Ultra | 160,000 | 4,000 MB/s | High-performance databases |
Disk Management Operations
# Create a new data disk az vm disk attach --resource-group myResourceGroup --vm-name myVM --disk myDataDisk --new --size-gb 100 # Detach a disk az vm disk detach --resource-group myResourceGroup --vm-name myVM --name myDataDisk # Resize a disk az disk update --resource-group myResourceGroup --name myDataDisk --size-gb 200 # Create a snapshot az snapshot create --resource-group myResourceGroup --source myDataDisk --name mySnapshot # Create a disk from snapshot az disk create --resource-group myResourceGroup --name myNewDisk --source mySnapshot
Disk Performance Optimization
Best Practices:
- Use Premium SSD for production workloads requiring high IOPS
- Enable write acceleration for Premium SSD on M-series VMs
- Use Ultra SSD for extreme performance requirements
- Consider disk bursting for Standard SSD
- Use multiple smaller disks instead of one large disk for better performance
- Enable host caching for read-heavy workloads
6. Deploy Virtual Machines to Availability Zones and Availability Sets
High availability is crucial for production workloads. Azure provides Availability Zones and Availability Sets to protect against hardware failures and planned maintenance.
Availability Zones
Availability Zones are physically separate data centers within an Azure region. Each zone has independent power, cooling, and networking infrastructure.
Availability Zone Benefits:
- Protection against datacenter-level failures
- 99.99% SLA for VMs deployed across multiple zones
- Low-latency connectivity between zones
- Automatic load balancing across zones
# Create VM in specific availability zone az vm create --resource-group myResourceGroup --name myVM --image UbuntuLTS --size Standard_B1s --zone 1 # Create VMs across multiple zones az vm create --resource-group myResourceGroup --name myVM1 --image UbuntuLTS --size Standard_B1s --zone 1 az vm create --resource-group myResourceGroup --name myVM2 --image UbuntuLTS --size Standard_B1s --zone 2 az vm create --resource-group myResourceGroup --name myVM3 --image UbuntuLTS --size Standard_B1s --zone 3
Availability Sets
Availability Sets ensure VMs are distributed across multiple physical servers, storage, and network switches within a single datacenter.
Availability Set Features:
- Fault domains: Separate physical servers
- Update domains: Separate maintenance windows
- 99.95% SLA for VMs in availability sets
- Maximum of 3 fault domains and 20 update domains
# Create availability set az vm availability-set create --resource-group myResourceGroup --name myAvailabilitySet --platform-fault-domain-count 2 --platform-update-domain-count 2 # Create VM in availability set az vm create --resource-group myResourceGroup --name myVM --image UbuntuLTS --size Standard_B1s --availability-set myAvailabilitySet
High Availability Comparison
| Feature | Availability Sets | Availability Zones |
|---|---|---|
| Protection Level | Hardware failures within datacenter | Datacenter-level failures |
| SLA | 99.95% | 99.99% |
| Latency | Very low (same datacenter) | Low (same region) |
| Cost | No additional cost | No additional cost |
| Availability | All regions | Select regions only |
7. Deploy and Configure Azure Virtual Machine Scale Sets
Virtual Machine Scale Sets (VMSS) provide an easy way to create and manage a group of identical, load-balanced VMs. They automatically increase or decrease the number of VM instances based on demand or a defined schedule.
VMSS Key Features
Core Capabilities:
- Auto-scaling: Automatically adjust VM count based on metrics
- Load balancing: Built-in load balancer integration
- Rolling updates: Update VMs without downtime
- Custom images: Use your own VM images
- Multiple placement groups: Distribute VMs across fault domains
- Spot instances: Use low-cost, preemptible VMs
Creating a VMSS
# Create a VMSS with basic configuration az vmss create --resource-group myResourceGroup --name myScaleSet --image UbuntuLTS --upgrade-policy-mode automatic --admin-username azureuser --generate-ssh-keys # Create VMSS with custom configuration az vmss create \ --resource-group myResourceGroup \ --name myScaleSet \ --image UbuntuLTS \ --instance-count 3 \ --vm-sku Standard_B1s \ --upgrade-policy-mode Automatic \ --load-balancer myLoadBalancer \ --public-ip-address myPublicIP \ --admin-username azureuser \ --generate-ssh-keys
Auto-scaling Configuration
# Create autoscale rule az monitor autoscale create \ --resource-group myResourceGroup \ --resource myScaleSet \ --resource-type Microsoft.Compute/virtualMachineScaleSets \ --name myAutoscaleSetting \ --min-count 2 \ --max-count 10 \ --count 3 # Add scale-out rule (CPU > 70%) az monitor autoscale rule create \ --resource-group myResourceGroup \ --autoscale-name myAutoscaleSetting \ --condition "Percentage CPU > 70 avg 5m" \ --scale out 1 # Add scale-in rule (CPU < 30%) az monitor autoscale rule create \ --resource-group myResourceGroup \ --autoscale-name myAutoscaleSetting \ --condition "Percentage CPU < 30 avg 5m" \ --scale in 1
VMSS Management Operations
# Scale VMSS manually az vmss scale --resource-group myResourceGroup --name myScaleSet --new-capacity 5 # Update VMSS instances az vmss update-instances --resource-group myResourceGroup --name myScaleSet --instance-ids 0 1 # Get VMSS status az vmss get-instance-view --resource-group myResourceGroup --name myScaleSet # Delete VMSS az vmss delete --resource-group myResourceGroup --name myScaleSet
VMSS Best Practices
Implementation Guidelines:
- Use managed disks for better performance and reliability
- Configure health probes for load balancer
- Use custom images for consistent deployments
- Implement proper monitoring and alerting
- Use Application Gateway for advanced load balancing
- Consider using Spot instances for cost optimization
- Plan for rolling updates during maintenance windows
Exam Tips and Key Points
Critical Exam Knowledge:
- VM Creation: Understand all configuration options and requirements
- Disk Encryption: Know prerequisites, components, and encryption scenarios
- Resource Movement: Understand limitations and requirements for moving VMs
- VM Sizing: Know when to use different VM series and size categories
- Disk Management: Understand disk types, performance tiers, and optimization
- High Availability: Know differences between Availability Sets and Zones
- VMSS: Understand auto-scaling, load balancing, and management operations
Common Scenarios and Solutions
Real-World Scenarios:
- Performance Issues: Resize VM or upgrade disk type to Premium SSD
- Cost Optimization: Use B-series VMs for dev/test, implement auto-scaling
- High Availability: Deploy across Availability Zones or use Availability Sets
- Security Compliance: Enable Azure Disk Encryption with Key Vault
- Scalability: Implement VMSS with auto-scaling rules
- Disaster Recovery: Use Azure Site Recovery for cross-region protection
Summary
Azure Virtual Machines are the foundation of cloud computing in Azure. This objective covers the complete lifecycle of VM management, from creation to advanced configuration. Key areas include:
- Creating VMs with proper sizing and configuration
- Implementing disk encryption for security compliance
- Moving VMs between resource groups, subscriptions, and regions
- Managing VM sizes for performance and cost optimization
- Configuring and optimizing VM disks for different workloads
- Deploying VMs for high availability using Availability Sets and Zones
- Implementing and managing Virtual Machine Scale Sets for scalability
Understanding these concepts is essential for Azure administrators to effectively manage compute resources, ensure high availability, optimize costs, and maintain security compliance in Azure environments.
Next Steps: Practice creating VMs in the Azure portal and with Azure CLI. Experiment with different VM sizes, disk types, and high availability configurations. Set up a VMSS with auto-scaling to understand the complete lifecycle of scalable compute resources.
Related Topics
Continue your Azure administration learning journey with these related topics:
- Configure and Manage Virtual Networks - Deploy VMs into properly configured networks
- Automate Deployment with ARM Templates and Bicep - Deploy VMs using infrastructure as code
- Configure and Manage Storage Accounts - Set up storage for VM disks and data
- Configure Azure Files and Blob Storage - Connect VMs to file shares and blob storage
- Configure Secure Access to Virtual Networks - Secure VM network access with NSGs
- Monitor Resources in Azure - Monitor VM performance and health
- Implement Backup and Recovery - Backup and recover VMs