Virtual Machines

Question 1

Virtual Machines

Answer 1

-Full control and access to the OS, files, configuration, and logs
-Ability to install applications, deploy files, or make changes required for apps
-Can be considerably simpler to migrate (lift-and-shift) existing workloads
-Helps reduce upfront spend, provides additional features, more agile, etc

Architecture

1- Create a Virtual Machine: Parent configuration resource, including name, region, sizing.
-VM Family: Influences the size/resourcing, as well as limits for storage and networking. (General Purpose, Compute/Memory/Storage Optimized, High Performance Compute, and GPU)
–The region you pick is going to influence the sizes you can use
-Fees and Quotas: VMs are charged by the second (for PAYG) so long as the VM is not deallocated
–If your VM is deallocated, you will be charged on disks and public IP, and also it will count towards your “subscription quotas” (your subscription may have a limit on how many VMs of a certain sizes you can launch)
-Configuration and Changes: You cannot change a VMs name or VNet, but the OS disk contains most configuration

2. Network: Requires at least on network interface (same region) when deployed

3.Storage: Requires an OS disk, but can also support additional data disks

Question 2

VM Storage

Answer 2

Types of Disks

OS Disk:
-OS preinstalled to disk
-Can use marketplace image, uploaded VHDs, or custom images
-Disks can be resized, but this requires downtime (stop/deallocate VM)
-Cannot be added/deatached, but they can be swapped

Data Disks:
-Used for persistent storage for applications, files, and other data
-Disks can be resized without downtime (for some VM SKUs)
-You can add/detach data disks without downtime (but you should stop activity)

Temp Disk:
-Temporary storage made available through the hypervisor. Data can be lost
-Temporary fast storage
-Mounted by deafult for both Windows (D drive) and Linux (/dev/sdb1)
-Considered ephemeral (data does not persist) and can be lost on restart
Not all VMs come with a temp disk; size/availability based on VM sku

-They all have to reside within the same region as the vm
-VMs runs on a hypervisor and to get access to the O.S and the data disks, these are stored by “blob storage” behind the scenes, by something called “page blobs”. (managed disks)7

Disk Performance
-Standard HDD: Cheap option supporting backup or non-critical workloads
-Standard SSD: Recommended for low-use enterprise applications, web servers, or dev/test
-Premium SSD: For production workloads that are performance-sensitive and require low latency, high IOPS and throughput
-Ultra Disk: Suits IO-intensive workloads, such as top tier databases, or other transaction-heavy workloads

Question 3

Virtual Machine Networking

Answer 3

Configuration

1. Virtual Machine: VM SKU influences network capabilities ((throughput)performance/limits (NICs))
2. Network Interface (NIC): Standalone resource that belongs to a subnet in a VNet (same region)
   -We can have multiple NICs on multiple subnets as long as they are in the same VNet
3. IP Configurations: Configuration of private IPv4/v6 address, and (if any) associated public IP address
   -If you want to have multiple private IP addresses, you don’t need to have multiple NICs, just multiple ip configs

Considerations
-You can change IP addresses, and subnets associated with a network interface
-Changing virtual network is not possible. For this, a virtual machine must be recreated
-IPv6 addresses are supported, but must firstly be enabled for the correspoding vnet/subnet

You have two options for getting IP addressing in another subnet:
-You could have multiple network interface cards or you can turn off your VM and move your existing network interface card to another subnet

Question 4

VM Images and the Compute Gallery

Answer 4

VM images are snapshots or templates of pre-configured virtual machines. They contain an operating system and additional software, allowing you to quickly deploy standardized computing environments.

Marketplace VM images are pre-configured images provided by third-party vendors, often with specialized software and configurations. Generic VM images are more basic and may require manual setup. Marketplace images can save time by offering specific solutions out-of-the-box.

Preparing Images

1. Configuration: Configure the VM and operating system as desired (apps, config, data, etc)
2. Generalize (or Specialize): Remove user/machine specific information by generalizing the machine
   -Specialize is more for on-premise, maybe you have a machine that is configured the way you want to use it and you want to take it to Azure
3. Capture Image: Create either a Managed Image, or Compute Gallery Image (Enterprise capable functionalities)
   -With the Image Gallery, you create an Image Gallery, so you create a definition called “Web Server” and then you get advanced functionality (multiple versions and build numbers for the image, automatic expiry, replication to other regions, etc).

Question 5

VM Configuration Tools

Answer 5

When we think about how we deploy VMs, we also need to think over the long term, in terms of what tasks are available to us, to configure them, to track the configuration, to get that initial deployment the way we want.

We have spoken about VMs for the initial deployment, but there are additional tools at our disposal that we can help to track and manage configuration over the long term.

-Custom Script Extension: Is a tool (extension) that deploys and runs simple to complex scripts on VMs.

1. Script: Stored script to be executed on the VM (e.g Bash, PowerShell, Python, etc).
2. VM Extension: Downloads the script and executes a specified command (and arguments)
3. Execution: Note that the script only runs once (unless settings have changed)

-Automation State Configuration: Is a platform for ongoing deployment and monitoring of standardize configuration. (track configuration of your VM over the long term)

1. DSC Configuration: A declarative model that defines what configuration a device should have. (a text file, where you go and say, “here is what i want my machine to look like”)
2. Azure Automation: A location for centralized monitoring and storage of DSC configuration
3. VM Extension: DSC Extension orchestrates configuration and reporting using DSC

-Cloud-Init: Industry standard tool for initializing Linux machines across cloud providers.

1. VM Provisioning: Cloud-init capabilities are associated with a VM at the time of provisioning
2. Custom Data: Supported cloud-init data for configuration or scripting
   -What about User Data? Within Azure, this is a newer version of custom data available via IMDS

Question 6

Virtual Machine Scale Sets (VMSS)

Answer 6

Are a group of identical, load-balanced virtual machines that automatically scale based on demand or a defined schedule. Benefits include high availability, automatic scaling, and simplified management of VM instances in a distributed application.

Uniform Orchestration
1. Uniform VMSS Model: The parent configuration (imagem SKU, networking, upgrade policy, etc) (this is what i want my machine to look like)
2. VMSS Instances: Identical VMs that run within a VMSS based on the VMSS model
-They are VM scale set instances within the scale set
3. Autoscale Rules: Rules look at signals and casue scale-in/out events

Features

Upgrade Policy: “If i make a change to my VM scale set model, what do i want to happen, with out existing VM scale set instances, that are now going to be out of date”

-Automatic: Microsoft will take care of just going and upgrading all of those instances to match the updated model
-Rolling: Provides more control in saying “i want to just update some of these, and then i’ll update some more”
-Manual: Manually upgrade any of those instances

Automatic OS Updates: “If your VM has an update, what do you want to do”

Flexible Orchestration
1. Flexible Model: Used to manage elements of the VMSS, and model
2. Virtual Machines: VMs deployed per the VMSS model, or VMs created in the VMSS. (VMs associated with the scale set and they don’t necessarily match the VMSS model)
-VMs managed directly
-VMs have to be in the same region and resource group
3. Autoscale Rules: Flexible VMSS supports autoscaling, using the VMSS model for new instances

Question 7

Autoscale Rules

Answer 7

1. Metrics-Based Scaling: “If my VM scale set has really high CPU utilization, i want to add additional machines, so i can meet demant”

-Metrics Rules: The trigger for a scale activity (scale-out and scale-in rules)
-Instance Limits: Min/max and default instance count
–Default: Mean that if the system can’t read the metric, it will ensure that you have at least the amount that you put in

2. Scheduled Scaling
   -Instance Count: Number of instances to scale to
   -Schedule: When the scaling should occur

Question 8

Virtual Machine High Availability

Answer 8

Availability Sets (For Azure Infrastructure faults)

A logical grouping of virtual machines (VMs) within an Azure data center. It helps ensure that during maintenance or hardware failures, not all VMs in the set are affected simultaneously.

1. Availability Sets: Logical container that redundant VMs can be created within (not moved to). (VMs that serve the same purpose and not the same infrastructure)
2. Fault Domain: A group of physical devices that represent a single point of failure. (We don’t want our machines to all be hosted on the same single point of failure)
   -Maximum of 3
3. Update Domain: Requires an OS disk, but can also support additional data disks.
   -Ensures that if Microsoft are running any platform updates, that is not going to result on our entire sulution going offline as well
   -Maximum of 20

-Settings cannot be changed or VMs added
-When FD is set to 1, UD will be 1 also
-Managed Disks should be used (cannot mix)
-Regional VMSS (Implicit Availability Set): FD: 5 - UD: 5

Zone Deployments (For Availability Zone failure)

Proximity Placement Groups

Used to influence the placement of Azure resources such as virtual machines and storage to be close to each other within an Azure data center. (Require low latency connectivity)

1. Placement Group: Indicates that datacenter colocation requirements within a region
2. Virtual Machines: You can add/remove a mix of VMs, VM Scale Sets, and Availability Sets
3. Intent: Specify the VM hardware type (and AZ) you intend to use

Question 9

VM Encryption with Azure Disk Encryption

Answer 9

Azure Disk Encryption (ADE) is a feature in Azure that helps protect and safeguard your data at rest by encrypting the virtual machine’s OS and data disks.

-Occurs at the O.S layer

Implementation

1. Disk(s): All types and tiers supported excluding Ultra disks and Basic VMs
2. Volume Encryption: Encryption performed using BitLocker for Windows and d-crypt for Linux
3. Azure Key Vault: Encryption secret(and optional key) is stored in Key Vault
   -This is where Azure Disk Encryption stores disk encryption keys.
   -Grant necessary permissions to the VM to access the Key Vault.
   -The encryption secret is required to perform the encryption on the O.S
   -The KV must be in the same region as the VM
   -You can optionally use an encryption key, also stored within your KV, to go and wrap, or encrypt if you like, the encryption secret itself