Udostępnij za pośrednictwem


Understanding Windows VMs on Azure – Tutorials, Trainings, Screenshots: Creating a Simple VM with PowerShell

Compiled by Anshuman

Learning Resources, Creating A Simple VM with PowerShell

Azure Windows Virtual Machines provides on-demand, high-scale, secure, virtualized infrastructure using Windows Server.

Lear More: Overview and Design Considerations

 

Download eBook: Click Here

 

Video: Create a Windows Server Virtual Machine. 

 

Video Trainings

 

Step-by-Step Tutorials

Learn how to deploy, manage, and monitor Windows VMs on Azure

  1. Create and manage Windows VMs
  2. Create and manage VM disks
  3. Automate VM configuration
  4. Create custom VM images
  5. Create highly available VMs
  6. Create a VM scale set
  7. Load balance VMs
  8. Manage VMs with virtual networks
  9. Backup VMs
  10. Monitor VMs
  11. Manage security on VMs
  12. Create a continuous integration pipeline with Visual Studio
  13. Install a SQL\IIS\.NET stack
  14. Secure a web server with SSL

 

Creating a Simple Windows VM with PowerShell

Connect to Azure with PowerShell. (See: Install Azure PowerShell module.)

Create an Azure resource group with New-AzureRmResourceGroup. A resource group is a logical container into which Azure resources are deployed and managed.

 

Create the virtual machine with New-AzureRmVM. You just need to provide names for each of the resources and the New-AzureRMVM cmdlet will create them for you if they don't already exist.

When running this step, you are prompted for credentials. The values that you enter are configured as the user name and password for the virtual machine.

 

A progress bar appears.

 

You can check the details of the VM with the command Get-AzureRmVM. In the commands above, I had saved the output for New-AzureRmVM to a variable. And below are the details.

 

Check the hardware profile. It has created a DS1V2 VM. To create VMs with an alternate profile, check this article.

 

After the deployment has completed, create a remote desktop connection with the virtual machine.+

Use the Get-AzureRmPublicIpAddress command to return the public IP address of the virtual machine.

 

You can use the command, as in the screenshot, on your local machine, to create a remote desktop session with the virtual machine. Replace the IP address with the publicIPAddress of your virtual machine. When prompted, enter the credentials used when creating the virtual machine.

 

 

 

 

When no longer needed, you can use the Remove-AzureRmResourceGroup command to remove the resource group, VM, and all related resources.

 

 

Sample Architectures

Single VM

This reference architecture shows a set of proven practices for running a Windows virtual machine (VM) on Azure. It includes recommendations for provisioning the VM along with networking and storage components. This architecture can be used to run a single VM instance, and is the basis for more complex architectures such as N-tier applications. Deploy this solution. +

Provisioning an Azure VM requires additional components, such as compute, networking, and storage resources.

  • Resource group.  A resource group is a container that holds related resources. In general, you should group resources in a solution based on their lifetime and who will manage the resources. For a single VM workload, you may want to create a single resource group for all resources.
  • VM. You can provision a VM from a list of published images, or from a custom managed image or virtual hard disk (VHD) file uploaded to Azure Blob storage.
  • OS disk.  The OS disk is a VHD stored in Azure Storage, so it persists even when the host machine is down.
  • Temporary disk.  The VM is created with a temporary disk (the D: drive on Windows). This disk is stored on a physical drive on the host machine. It is not saved in Azure Storage and may be deleted during reboots and other VM lifecycle events. Use this disk only for temporary data, such as page or swap files.
  • Data disks.  A data disk is a persistent VHD used for application data. Data disks are stored in Azure Storage, like the OS disk.
  • Virtual network (VNet) and subnet.  Every Azure VM is deployed into a VNet that can be segmented into multiple subnets.
  • Public IP address.  A public IP address is needed to communicate with the VM — for example, via remote desktop (RDP).
  • Azure DNSAzure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services.
  • Network interface (NIC) . An assigned NIC enables the VM to communicate with the virtual network.
  • Network security group (NSG)Network security groups are used to allow or deny network traffic to a network resource. You can associate an NSG with an individual NIC or with a subnet. If you associate it with a subnet, the NSG rules apply to all VMs in that subnet.
  • Diagnostics.  Diagnostic logging is crucial for managing and troubleshooting the VM.

 

Load Balanced VM

This reference architecture shows a set of proven practices for running multiple Windows virtual machines (VMs) in a scale set behind a load balancer, to improve availability and scalability. This architecture can be used for any stateless workload, such as a web server, and is a foundation for deploying n-tier applications. Deploy this solution.

 

 

This architecture builds on the Single VM reference architecture. Those recommendations also apply to this architecture.+

In this architecture, a workload is distributed across multiple VM instances. There is a single public IP address, and Internet traffic is distributed to the VMs using a load balancer. This architecture can be used for a single-tier application, such as a stateless web application.

 

The architecture has the following components:

  • Azure Load Balancer. The load balancer distributes incoming Internet requests to the VM instances.
  • Public IP address. A public IP address is needed for the load balancer to receive Internet traffic.
  • Azure DNSAzure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services.
  • VM scale set. A VM scale set is a set of identical VMs used to host a workload. Scale sets allow the number of VMs to be scaled in or out manually, or automatically based on predefined rules.
  • Availability set. The availability set contains the VMs, making the VMs eligible for a higher service level agreement (SLA). For the higher SLA to apply, the availability set must include a minimum of two VMs. Availability sets are implicit in scale sets. If you create VMs outside a scale set, you need to create the availability set independently.
  • Managed disks. Azure Managed Disks manage the virtual hard disk (VHD) files for the VM disks.
  • Storage. Create an Azure Storage acount to hold diagnostic logs for the VMs.

 

 

N-tier Application

This reference architecture shows a set of proven practices for running Windows virtual machines (VMs) for an N-tier application. Deploy this solution.

 

There are many ways to implement an N-tier architecture. The diagram shows a typical 3-tier web application. This architecture builds on Run load-balanced VMs for scalability and availability. The web and business tiers use load-balanced VMs.

 

  • Availability sets.  Create an availability set for each tier, and provision at least two VMs in each tier. This makes the VMs eligible for a higher service level agreement (SLA) for VMs. You can deploy a single VM in an availability set, but the single VM will not qualify for an SLA guarantee unless the single VM is using Azure Premium Storage for all OS and data disks.
  • Subnets.  Create a separate subnet for each tier. Specify the address range and subnet mask using CIDR notation.
  • Load balancers.  Use an Internet-facing load balancer to distribute incoming Internet traffic to the web tier, and an internal load balancer to distribute network traffic from the web tier to the business tier.
  • Jumpbox.  Also called a bastion host. A secure VM on the network that administrators use to connect to the other VMs. The jumpbox has an NSG that allows remote traffic only from public IP addresses on a safe list. The NSG should permit remote desktop (RDP) traffic.
  • Monitoring.  Monitoring software such as NagiosZabbix, or Icinga can give you insight into response time, VM uptime, and the overall health of your system. Install the monitoring software on a VM that's placed in a separate management subnet.
  • NSGs.  Use network security groups (NSGs) to restrict network traffic within the VNet. For example, in the 3-tier architecture shown here, the database tier does not accept traffic from the web front end, only from the business tier and the management subnet.
  • SQL Server Always On Availability Group.  Provides high availability at the data tier, by enabling replication and failover.
  • Active Directory Domain Services (AD DS) Servers. Prior to Windows Server 2016, SQL Server Always On Availability Groups must be joined to a domain. This is because Availability Groups depend on Windows Server Failover Cluster (WSFC) technology. Windows Server 2016 introduces the ability to create a Failover Cluster without Active Directory, in which case the AD DS servers are not required for this architecture. For more information, see What's new in Failover Clustering in Windows Server 2016.
  • Azure DNSAzure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services.

 

Multi-region Application

Reference

This reference architecture shows a set of proven practices for running an N-tier application in multiple Azure regions, in order to achieve availability and a robust disaster recovery infrastructure.

This architecture builds on the one shown in Run Windows VMs for an N-tier application.

  • Primary and secondary regions. Use two regions to achieve higher availability. One is the primary region. The other region is for failover.
  • Azure DNSAzure DNS is a hosting service for DNS domains, providing name resolution using Microsoft Azure infrastructure. By hosting your domains in Azure, you can manage your DNS records using the same credentials, APIs, tools, and billing as your other Azure services.
  • Azure Traffic ManagerTraffic Manager routes incoming requests to one of the regions. During normal operations, it routes requests to the primary region. If that region becomes unavailable, Traffic Manager fails over to the secondary region. For more information, see the section Traffic Manager configuration.
  • Resource groups. Create separate resource groups for the primary region, the secondary region, and for Traffic Manager. This gives you the flexibility to manage each region as a single collection of resources. For example, you could redeploy one region, without taking down the other one. Link the resource groups, so that you can run a query to list all the resources for the application.
  • VNets. Create a separate VNet for each region. Make sure the address spaces do not overlap.
  • SQL Server Always On Availability Group. If you are using SQL Server, we recommend SQL Always On Availability Groups for high availability. Create a single availability group that includes the SQL Server instances in both regions.
  • Note

    Also consider Azure SQL Database, which provides a relational database as a cloud service. With SQL Database, you don't need to configure an availability group or manage failover.

  • VPN Gateways. Create a VPN gateway in each VNet, and configure a VNet-to-VNet connection, to enable network traffic between the two VNets. This is required for the SQL Always On Availability Group.