다음을 통해 공유


Best Practices: Running Linux on Azure

A lot of times we help customers getting the best out of running their workloads on Azure using any of our Endorsed Linux Distributions.

There are a few best practices and recommendations that will sure help getting the most out of your Linux virtual machines and we would like to share a few of them.

A great starting article is Running a Linux VM on Azure which also focus on deploying virtual machines using our Resource Manager (ARM) approach which is recommended for new deployments on Azure.

STORAGE / MEMORY / SWAP

Sometimes you also need extra space on your Linux virtual machines so you might need to use additional data disks or even set them up to use LVM or MDAM if RAID is required, managing and enabling swap space, these are a few good articles on these topics too:

A) How to attach a data disk to a Linux virtual machine
B) Configure LVM on a Linux virtual machine in Azure
C) Configure software RAID on Linux
D) Optimize your Linux vM on Azure
E) Resizing OSDisks on Azure Linux VMs

Configuring SWAP on Linux is easily achieved by using the WAAgent to do that, we do not support/recommend adding swap manually on Linux VMS. To add SWAP on a Linux VM, please have a look at this article:
How to Add SWAP on Azure Linux Azure VMs

KERNELS and LIS Drivers

When we also talk about kernels, it's very important that you are running a stable and updated kernel due to the integration drivers required for Linux VM's to properly run on Hyper-V/Azure, these are the specific links for each distribution which we update constantly with the supported releases and it is always recommended to be in the latest release if possible.

Canonical publishes a link with the End of Life kernels and recommended/supported kernels in their website. They have also recently announced the release of a kernel specific for Linux VMs on Azure, for more information, please check their official release page.

LIS Drivers information can be found in our following articles. Here you will find which features are enabled in which distribution/LIS version, if they are built-in and also steps to get them updated if that is possible in that specific distribution.

Ubuntu
RedHat and CentOS Debian Oracle SUSE FreeBSD

MONITORING / PERFORMANCE

Monitoring should be also a good thing to do as well and for that, we can start by installing and setting up sysstat too. For this we do have an article with steps to get you up and running.

We often use tools such as iPerf, perf and fio to evaluate system performance, it is always good to be familiar with these tools as they can come very handy while you perform performance tests, we will have soon separate articles with a few real world case scenario tests and numbers that can give a better idea.

NETWORKING

From a networking perspective, it is also very important that you don't have any network security groups or firewall rules blocking traffic to and from the 168.63.129.16 IP, for more information about that, please check the following link: What is the IP address 168.63.129.16?

SECURITY

It is highly recommended that you have a good security policy for any types of VMs deployed on Azure, the minimum recommended steps to achieve that for Linux VMs on Azure are:
- Use SSH Keys instead of passwords
- Keep your system up to date as much as possible , including kernel and security patches available from vendors
- Change the external public SSH port
- Do not use xorg/xserver, they are not supported and are not recommended to be exposed due to security concerns. If you must use some sort of graphical interface, you can use xRDP and tunnel that through SSH (still not supported) but a better option than installing xorg/xserver
- Disable any unnecessary services that you don't need on the VM and make sure only the required ports are opened
- Never enable the root account, you should always plan to use sudo for root access as needed

We hope these tips help you having a great experience when running Linux on Azure and we will be updating this article with more information as they are requested by customers or just found to be useful by anyone running Linux on Azure.

Enjoy!
Azure Linux Support Team