AZURE : Section 4: AZ-303: Implement VMs for Windows and Linux

 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 The Data center / On-Premises system and the use of VMWare

when you take that concept to cloud computing , we get loads n loads of Instance Type. 



Not all instance type shall be available in every region.




If you want to see more instance type. There is a link that you can refer to .

Azure Compute Units : 



Supported OS versions  :


Linux OS supported on Azure

Limitation : We have got some regional limitation

There are restricted user name and you cannot use any of these user names for your VM User names. 

27. Demo: Deploy VM from Portal

Azure portal  .


In some cases you will get Availability Zones and Availability sets .

Availability sets : Availability sets are inside the same data center and allows you to have two virtual machines in separate Racks of power and network connectivity

Availability Zones : Availability Zones are in the same Region but in separate data-center . So it is another way to get additional redundancy . Now Microsoft is rolling this out to other regions gradually. Microsoft is emphasizing Availability Zones going forward. 

 

You can choose from a verity of VM sizes .


Cheaper one for your Lab purposes.


Allowing RDP to access the server from the internet .


Perhaps you can choose the ports that you want to expose. 


You can further lock them down using Azure Security Center .  In linux VMs e can be prompted to generate Keys and put that there or you can use the user accounts. In windows we just use the User Account .

Next we have the Disk Types .


Because it is an S series that supports Premium SSD

You can add a New Disk or Existing Disk - Perhaps you deleted the machine but left the hard disk. which you can use to attach it to the VMs . 

Scroll down for Advance Option -- If you want to use Managed Disk or if you want to use default disk.


Next we move on to networking.

When you create a VM a Network Interface Card is created for you that is associated with the virtual machine. I will select my Virtual Network that I want to connect this Virtual Machine too .


Whether or not I want to create that Public IP , by default it will prompt to create it . I will choose Public  because I want to RDP into it . if I dont want an Public IP , perhaps I am connecting through my VPN or Express Routes from the data center that I have then I wouldn't need a Public IP to access the machine or  Perhaps I am using P2S - Point-to-Site VPN connection to get into the virtual network in Azure.

Because this is an Isolated Azure environment and I am not connected Via any VPN.

On my subnet I can have NIC - Network Security Group and I can just rely on the rules there .


But I can also have Network Security Group associated with my Network Interface card of the VM itself

The selections we make for our lab


Net we have an option of Accelerated Networking  -  This is available only on certain instance types and certain OS versions , perhaps you have got RedHat 7.4 and you want to accelerated network on this machine and is available on this machine on specific D series of  these machines and that allows faster networking between those VMs which have accelerated networking enabled. Which Bypassed one of the virtualization layers and goes directly to the NIC card and gives better throughput all around and thats when you will use Accelerated networking .

Load Balancing : Next we have load balancing we can place this machine in the back end pool of an existing Load Balancer .

 

Next we will move on to Management section. Here we have boot diagnostics - we keep this on for this help us to diagnose any issue with the Virtual Machine .

We have OS guest diagnostics - this is where you can turn on your guest level metrics of you can keep them off and relay on the host level metrics .

Diagnostic storage account : This is where the diagnostic logs are stored .

Identity :  You can maintain a system managed Identity automatically for you. And you have things like Auto-Shutdown enabling you to -- Turn it On -- Always in the lab environment

Next you have backup it self



For purpose of lab i dont need to backup this machine and therefore i will choose to switch it off .


Then move on to Guest Config . Is more focused up on Powershell DS extension .

finally after giving out all the input to create a VM you will finally have review and create . you have Download option where you can download a template for Automation. 


Highlighted in Yellow. Where you can download the template for  Automation purposes .

28. Demo: Deploy VM from PowerShell

Grab your power shell guide already to begin with , go to page 22

Try to get familiarize with the command on your day to day job as an Azure administrator .

Let us look at the Code it self , we are basically going to look at two basic things here. 

edited the script


There are multiple ways to work with Azure power shell. I am going to do with from the portal itself.

Go to Azure Portal -- Resource Groups to begin with . The click on teh Azure Cloud shell

And this will open the terminal for you



With that the resource group is created . There is nothing inside this resource since we just created this.


Now paste the second set of commands . Paste and hit enter. 

And the resource gets populated immediately .


You can go to the Virtual machines on  the left and you can see the VM already .


Go to the Azure Portal and click Refresh to everything is running fine there. 

The IP address that we are going to connect to


We will use RDP and the IP address on this above screen to connect to .  which is Public I[ address.

 


  Click on Connect this will download an RDP file. There are several option RDP and SSH 

Click on the Download EDP file

This will open up in Microsoft remote desktop.

 


You have three options.

Bastion is like a Jump Box . You perhaps want to connect to a Virtual Network first . Think of this as Jumping into a V-Net and connecting to a machine. 

Double click that RDP file that you have downloaded .

click continue to confirm that you trust it. 

The default Virtual Machine that creates while you give AzVM command is the windows machine. If you need any other OS or machine it comes with additional commands and switches .

Shutting down a VM 


To stop the virtual machine from the portal


29. Lecture: VM Images : Something like AMI Amazon Machine Image

30. Lecture: Configuration Management Overview

Previously we have been spinning up VMs and mostly these would not have Software packages installed in it. How do we keep them consistent , how do add additional configuration on top of that ,

If you look at VMs we break them down into two different sections of configuration management .

This section is basically focused upon Infrastructure settings .


The windows and linux team that really care about the every VM that gets deployed . On top of that we have all of our applications Installations , App configurations setting  , App Monitoring These are things that our middle ware team or the application team cares as well.


In order to get a consistent set of setting for your entire machine , we utilize a verity of Configuration Management tools to achieve those Goals . This means if you want to re-deploy the machine almost everything is setup in configuration management and by deploying the machine we will get the same machine over and over again.

If you look at this now from an End to End process . Think of it you might use an ARM template or terraform or some other tool to deploy your infrastructure first of all. Now think of it this way

Your ARM template and infrastructure automation tools go out and deploy all of your infrastructure resource such as - Network , Storage Accounts , Network Security Groups , and Virtual Machines - everything you have done here is outside of the Virtual Machines itself. Now we want to configure inside of the Virtual Machine on top of the OS

The VM goes off and we use verity of Extensions here , VM extension allows you to use things like DSC  , Custom script extensions extra  to now configure inside of the VMs . Ideally we make use the VM extension that makes the most sense for your particular environment if you are heavy puppet user . And I have a loads of team using Puppet

If you look at Configuration Management , these are three extension provided by Microsoft Azure.


We have a power shell extension which will go in DSC in a moment . The key difference is that the

Puppet and Chef are - Enterprise level configuration management for multiple nodes.


Power shell DSC were very good : DSC (Desired state Configuration ) were  very good and tactical for us to go and deploy a configuration. Does not have the holistic management that Puppet and Chef have

So if you are looking for something like Enterprise on On-Premise like cloud windows and linux definitely take a look at more on puppet and chef . But if you really need your configuration up and running Powershell DSC is still a great tool for you . Powershell DSC script can be used inside puppet and chef as well. 

So if you have a configuration written in Powershell DSC there is nothing stopping you to put it in Chef or Puppet and using them .

Powershell DSC  -- Three major components .

  1. Configuration :  these are you power shell declarative scripts. Which define and configure instances of your resources .
  2. Resources : Microsoft defines itself as make it so part of the DSC , they contain the code that put and keep the target of a configuration in a specified state. 
  3. Logical Configuration Manager :  This is the engine behind DSC . It facilitates the interaction between resources and configuration in a sense to keep the system in a specified state .

If you look at the Powershell DSC example . In the left side you see some code for deploying IIS and ASP.net 

31. Demo: PowerShell DSC Extension : 

The code we just saw we are going to install in the Windows VM .  We have the same code in the Visual Studio Code .



The file name is installiis.ps1

Our configuration name is : SkylineIIS

Nodename : 'localhost'

And I said we need to get the code ready consumption .

Go to the Powershell  .

Let me make it ready for consumption . 



There is one thing that needs to be noted  - if you don't want to do it locally I could actually publish it to the Blob storage and instead of going to the Azure portal to deploy the zip file.  I could reference it in my power-shell script . But in our case we created the Zip file locally . Now we are going to the Azure portal .

We are in the Azure portal .

I am going to use the New VM we created

We click on the VM machine and go a little below - You will see something called Extensions .

Currently we have no extensions as of now. 


click add

 


  Add this selected PowerShell Desired State Configuration

 Click Create 


Select the Zip file created 


Next we need ti use the Module Qulified name for configuration . 


Which is the name of our configuration .

Scrolling down we need to put in the Version of the SKU we need to use. In my case we are going to use 2.26 . Go ahead and clock Ok.

Deployment is under progress. 


As you can see this is deployed. Just took a couple of minutes to complete . If we now go RDP directly into the machine and

Go to manage -- Remove roles and features .



Now we can see the Web server feature is now installed, 

Now lets go to Web Browser .

http://localhost 


32. Lecture: Custom Script Extension

Now that we can see the value of the Powershell DSC script what's then the benefits of customer script extension 

This helps you to execute tasks with out logging into VM .

This is what the extension allows you to do . It allows you to upload via portal . Download scripts from Azure Blob storage or GitHub reference that into the portal and inject that script into the Virtual Machine . This can be automated using Power shell as well.


33. Lecture: VM Availability :

This lecture is about Availablilty this is to ensure how does the VM in Azure remain available even during outages , planned maintenance that Microsoft needs to do . So what are the mechanism that you have to protect your machines. 

So lets start by understanding one of the VMs impact .



 Fault domains

Think of this as RAC in Microsoft Data center . think of this having its own power, networking , RACed hosts there . These are the hypervisor hosts where your VMs will run on top of . If you have only one VM it is going to go inside a Random rac in the data center

 



And if you add additional fault domains , where we put the machines in the Availability sets since we have three  machines we put them in an Availability set in a region that supports Availability sets of three nodes and what will happen if those three node are spread out across those three fault domains . If the machine in one node goes down . If the VM runs on fault domain 0 then the other two in FD 1 and FD 2 would be okay .

Now if you ha d six machines , you have only two in fault domain, In addition we have UPdate domains. Think of update domains differently - these are like the individual physical servers in the rac  And this is more to do with Microsoft patching windows when they want to go patch the servers. They are only going to go through those racs one at a time. Starting with your update domain 0 , 1 and 2 .


You can have more of these Update domains . Because these are more around the Physical machines not the Racs that they fall into . So you are going to separate out your work loads across Fault domain and update domain when you use Availability Sets .

We must also know how we plan for our Availability  . Another mistakes

How do you group your services in Availability sets . One of the mistakes is that people put their Web -App in DB servers . All in the same availability set  because that is not going to help you because . Your web-server you have two of those , two app servers, two db servers - You can put them all in the same availability sets there is nothing stopping to put app servers in Fault domain 0, your web servers in Fault domain 1 and the DB severs in fault domain 2. You don't know where they are going to go. So they can still go wrong going grouped up incorrectly .

And the way you want to do it . you want to create an Availability Set for each tier.

  • You will create one for the Web-Tier . And put your web-service in there
  • Create one for the App tier . You will put your App tier virtual machines in there . 
  • You will create one for the data tier as well that way those machines because they are in their respective tiers have high availability in the event of a Failure. 

 

Availability Zones :


Zonal Services : When you create a VM , Managed Disk and standard ip addressed that you can pin in to the zone of your choice.

Zone - Redundant Service : Zone-redundant services: Resources are replicated or distributed across zones automatically

34. Demo: VM Availability Groups and Zones

Lets take a look at where we setup Availability Set and Zones , when we build in VMs .Lets head over to the Azure Portal .

Lets go to Virtual Machines and click Add. 

The below is the region where I want to focus on.


The below the tutor selected Central US and there is no Availability Zone.


The Availability Zone has Greyed out.  You have only option for an Availability Set in this region. 

When you select Availability Set - it says there is no Availability Set available at your chosen location.

Here you can Click - Create New - This will help you create an Availability set .






















 

 

 

 

 

 





Comments

Post a Comment

Popular posts from this blog

Azure : 400 : Sec : 2 : NEW Configure processes and communication

Image
 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Azure Boards:  How we plan our work using Azure Boards  ?  When you sign into Azure- DevOps - it would have created an Organization and  Project  Azure DevOps Portal : https://azure.microsoft.com/en-us/products/devops Inside Organization > Inside Projects > Boards (Where we do the planning it self) Lets say you want to create a task or you want to create a User Story you will create something as the work Item within a project within your organization Create a New Work Item. I can create the Epic, Issue and Task but I cannot create a User story. Now why is this the case. Now why is this the case.  This is based on the work process model that is chosen within the project when you created within the Organization.  It shows the basic process and based on the basic process these are the ...
Read more

Azure : 104 : Sec: 2 : Azure Concepts

Image
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  Azure Concepts : ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  Azure services are huge . There are literally hundreds of services underneath the Azure Umbrella.  Core services Virtual Machine Virtual Networking Storage Virtual Mahine is a foundation on top of which other compute services provide services. So when you get Kubernetes contains you are actually work with VMs under the hood. Kubernetes is just an abstraction layer about the virtual machines. Virtual Machine Scaleset : It is a way to have load balancers The below are fully managed servers and you do not have remote access into them. Azure Storage Blobs is the most common within which you use containers to store your files.  Microsoft stores 3 copies of your files in case if there was some catastrophy happens  Redundancy Data Services  Data storage in terms of databases. When you are migr...
Read more

Azure-104 : Sec1 :

 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.  Azure Free Account Central URL for Azure is >>> https://portal.azure.com/#home  
Read more