Creating your first VM in Azure

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
what's the first thing pretty much everyone wants to do in the cloud create a virtual machine so in this video I'm actually going to walk through a little bit of detail in creating your very first virtual machine in Azure okay so in this video we're gonna walk through actually just create the virtual machine but rather than just hitting all the defaults in the portal I'm gonna walk through a little bit of detail we're gonna do some things manually just you understand what's actually happening behind the scenes now remember I'm gonna show this in the portal ordinarily we'd use a JSON template or terraform in a real production environment for scalability for a prescriptive way that I can change control but for now we'll just use the portal now remember when we create a virtual machine it lives within a certain region we deploy it to a region so we have our Azure subscription which can deploy things in lots of regions we're picking a certain region in our case we're going to use south-central us now what we're gonna do is everything has to live in a resource group so we're going to manually create our resource group and then we're gonna manually create a virtual network so in a critical v-net then we're gonna create a subnet we're like just like a default subnet what we're also going to do is we're gonna put NSG and network security group around that subnet so I'm gonna create an NSG to secure the subnet level we're gonna create a straw account blue a great storage account we're gonna use that for our Diagnostics and as we've done all of those things will actually go ahead and create the butcher machine now remember the resource group is not a boundary of use I could absolutely have the virtual network in a different resource group but I've just done it the same one for cleanliness we can just delete this whole thing afterwards so we go ahead and create our virtual machine and what that's also going to do is create a disk to the OS and it's going to create a network interface card that we're going to tell it to link into that subnet at this point though we can't get to it so what we're then going to do is actually create a public IP and Link it to the network card we will then add an exception to the NSG around the subnet to basically allow in on EP traffic just from our machine not from the whole Internet we're gonna let RDP traffic I mean just from our machine then we'll show how we can turn that off again when we're done with it and then finally we're actually add another disk while it's up and running for data and attach it and after all that's finished we'll go ahead and deallocating so we start paying for it and would actually delete the disks everything else in the entire resource group if we're completely done so let's head over and do this stuff so here we are in the azure portal and the first thing i want to do is create that resource group we talked about remember everything has to live in one and only one resource group so I'm just gonna go to my resource groups if you don't see it go to little hamburger and you'll find resource groups or you could just type in resource groups up here and it will find that type of service I'm gonna hit add to create a new resource group and I'm just gonna call it RG - V M test now you do pick a region I'm not restricted to this region for the resources I create inside it this is just where the metadata about that resource group is going to live I'm gonna pick south-central just to make things easy now for this I'm not gonna set any tags but realize tags are super important normally for tracking resources so maybe seeing building information etc so I'll just go ahead and create that resource group the validation has passed so I'll hit create now that's finished we can go to the resource group it would also be listed under all the resource groups and obviously right now I've got nothing inside it but from here you could see well I could grant certain as rady groups or users to various roles maybe I could make them a contributor to the resource groups they could pretty much do anything in this resource group except change the Ackles at the resource group level I can also do things like assign policies to were the big reasons we like resource groups to group things together but for right now I'm just going to go ahead and the first thing we'll do is actually create a virtual network so in my resource group I'm hitting add and we'll search and I'll just type in virtual network and here you can see it will hit create now as I mentioned you don't have to do all of this individually I could just create a VM and it would do a lot of these things for me but it's nice to kind of see those building blocks behind the scenes it selected the resource group for us automatically as we hit add from within the resource group I then give it a name so I'm going to call this V net self central us one again you should have a naming standard use a consistent pattern then my region the V net has to be in the same regions where I want to create the book so again that's gonna be south-central us then we get to pick what IP address space we want to use for this virtual network by default it's using 10.1 / 16 now if I don't want to use that space I can delete that IP space and pick my own maybe I'm gonna do 1 7 to 16 dot 0 dot 0 and again I can do that as a slash 16 I'll take that entire range I could also add an ipv6 address range and I have to add a subnet now there was a subnet there already in that 10 dot because I deleted that IP space I also lost my default subnet so I'm gonna add a subnet you can call it anything you want maybe I'll call this my intra subnet and for my IP address range it has to be within that range of the virtual network so I might pick one 7 2.16 dot 0 dot 0 / 24 so I'm taking a subset of that address space and here add I'm not gonna set anything like distribute denial of service protection or firewall at this point you get a basic distributed denial of service any way standard gives me more visibility more tweaks to that behavior again I'm not going to set any tags but they're super useful to do validation has passed and I'll hit create so I'm creating that virtual network within that resource group that's now completed so I can go to that resource again you can always jump back if I look at my resource group you'll see the things that I've created inside it so if I hit refresh it's gonna wait a little while to catch up but in there I've got that virtual network there we go so one of the things I definitely want to have on this is my network security group so I'm gonna go into my subnet select my subnet and from here we see I don't have a network security group so I'm gonna say hey I actually want one of those now I do have existing ones what will quickly do is will actually go back out of this and we're gonna create ourselves a network security group that we're going to apply to that subnet and for now we'll just leave it as the default rules now again I'm going to create it in south-central the same region as my actual resource group and all the virtual machines there we go and I'm just going to call it NSG south central us test and again we'll hit create so that completed if we go to the resource it's created inbound and outbound security rules and what we can see is anything within the virtual network to the virtual network either known connected IP space allows anything from the hash a load balancer it allows everything else is denied in terms of going outbound well anything from the virtual network can go to the virtual network anything can go to the internet it is stateful sort of response will be allowed back everything else is denied so pretty much nothing can actually come in to that virtual network so that's the default rule we have now what we want to do is actually use this on our subnet so we go back to our resource group we can see our virtual network will go to our subnet and now we're just going to say to use our nice new NSG and we'll hit save now we've put that set of protections around anything we put inside that subnet the next thing Bona Crete is a storage account flight Diagnostics so once again we'll hit add we'll hit storage account hit create now we have to use lowercase letters for a storage account so I'll call it storage account south-central us VM diag for my VM Diagnostics once again in a credit in south-central us you just want standard the storage v2 is perfect for what we're doing here I don't need it geo redundant so geo redundant is where I would have three copies in my local region and three copies in the paired dr region why don't need that for diagnostic data it'll actually cost me more money so I'll just pick locally redundant storage and my default tier will be hot so we've hot I pay a bit more money for the storage a bit less for the transactions but it's daytime constantly interacting with which for the Diagnostics I will be we could tie in two single private endpoints which we're not going to cover in this I can pick if I have a choir secure transfer to communicate so that's on by default again we have tagging and I'll go ahead and hit create so we're just using this for diagnostic data into a blob container this will also give us queues tables and SMB file shares via the azure file service but now we've got that diagnostic account ready for our various logs from the virtual machine so that is completed again we can go to the resource and when I see all the different types of service available blobs files tables and queues so this point will actually go and create the virtual machine again this takes a little while to catch up but there's a storage in here as well it's now it's shown up what I'm gonna do now is I'm just gonna type virtual machines we don't have any will hit add put a hit also create virtual machine the resource group we're gonna scroll down until we see our resource group that we want so that's our RG VM test and then a virtual machine names you want this very descriptive again for me I'm just gonna call this VM test one I need it to be in the same region as my virtual network so I want to connect it to that virtual network it's going to be south central us I'm not gonna pick availability sets I'm not going to add other VMs that work together that I want distributed over different racks if the region sports availability zones I'd have the option to pick that as well but I don't need any of those things I'm not using VM spot instances I a cheaper VM when that spare computes available for the size of the virtual machine pick send them make sense for now offshore the d2 sv3 is fine now notice for the image it selected Linux I'm going to go ahead and change this to a Windows Server 2019 I have to give you a user name for the local admin account for now I'm just going to do local admin and I have to give it a password or at least 12 characters we have to type that in twice so we've set that local password now by default it's going to enable RDP from the Internet that's because hey I'm creating it from the portal you're pretty good I want to connect to it so I'm gonna give it a public IP we're gonna say none for now we're going to come back and add this afterwards this was a test account and I have a license I II MSDN or my organization has hybrid use benefit I could say yes I already have a Windows Server license I confirm that I'm telling the truth and I would get it for cheaper I don't pay for the renting of the windows license in addition to the computer of the virtual machine now for the disks I can pick the type of disk if it was testing I could just do like a standard SSD or even standard hard disk drive if it's production you probably want the premium SSD for the higher performance and the kind of provisioned I ops and throughput but evil it's a platform managed key I can change it to customer managed if I want to control that key and I can add additional discs again I'm not going to do that right now notice by default it's using managed disks I'm not using ephemeral I get stored in the cache of the local machine so right now I just have a premium SSD for the OS disk now for the networking I'm going to connect it to that existing virtual network we've already created so it can see it if we look in our v-net se us one so it's selected that it selected the first available subnet by default is giving it a public IP for now we're gonna say no do not give it a public IP most of your VMs do not want public heipiess if you do want to offer something to the internet you probably gonna use a load balancer and a load balancer will have a public IP I'm also not going to have an NS G on the Nick no is it detected that hey look the subnet has already got an NS G on it we don't recommend you have a nhd on the NIC and the subnet it gets very hard to manage so we did it at the subnet level so we do not want it on the NIC it's the VM supported it you would do accelerated networking it bypasses the switch and just gives you extra performance and I don't need to use a load balancer for the management notice we can hook in to things like add a security center which have already got protection for we have our boot diagnostic so I can see like a screenshot of the actual console I could turn on guest Diagnostics and we pick where we're gonna save this to so again it's detected that hey look in this resource group you have a storage account let's use that instead of creating our own and then there were various other options because I auto shut down very useful to save you money at a certain time every day just shut down the virtual machine take note of the time zone make sure that's correct for when you work I can turn on automatic backup I can add extensions so extensions give me other types of functionality for example a really useful one I'd probably always want to do it minimum is gonna be anti-malware if I select that I'll hit create I can exclude certain things when it's gonna perform certain scans and I'm done I've now added that I can add things like custom script extension join a domain there are many others available I'm not using dedicated hosts I don't want to use a proximity placement group for the VM generation lead this is Gen 1 Gen 2 is a UEFI based instead of the BIOS basis of the gem 1 but for right now we can just stick with gem 1 again tags super useful this is what could do things like cost center I could do owner date of creation you should use these in the organization for tracking for finding resources so you really want to fill those in and then I'm just reviewing all my options notice this download a template if I select this you will actually show me the arm template that it would use to create this virtual machine so this is actually a really useful thing you could download this save it for later but I'll close that for right now and I'll just hit create then it's gonna go off and create that virtual machine for me and that's gonna bake in the oven for probably about 5 minutes so that's completed and what I actually do is we could go to the resource but I'm actually just gonna jump straight back over go back to our home gonna look at our resource group we can see all the things it created so we're expecting a virtual machine and there it is but it also created the network interface for the virtual machine and the OS disk so there the resources so if we now select the virtual machine that's great there's no public IP it got the first useable private IP from the subnet remember the first IP is the network address and then the next three have all taken by Asia so in this case four is the first available IP but there is no public IP so if I was to hit connect what do we think would happen so ill download an RDP file for us would try and connect with the private IP and it would fail that virtual network is an isolation boundary well there's no way for me to connect I'm not on that virtual network if I'd a point to site VPN to it a site-to-site VPN to it Express route or if I deployed the azure bastian service I could connect I don't have any of that so right now I have no way to get to that virtual machine so we'll actually do is we'll go ahead and add that public IP so we'll create a public IP address we have to create it in the same region as the virtual machine so it's just an ipv4 we just need a basic SKU we call it pub IP south central us VM one it can be dynamic I don't really care if it changes for this test it's gonna get a DNS label name that has to be unique so this could be salve tech south central us VM one pub it's going to create it in my subscription in my resource group in south-central us so it's not going to go ahead and create me that public IP now once again it's going to go ahead and deploy it into my resource group so that's done if we go to it there's the DNS name and I'm going to copy that just so I can track that behind the scenes and use it again a little bit later on so now we need to associate it with the IP configuration of our virtual machine so we'll go to our resource group now at this point I could go to the virtual machine and then go to the NIC or I could actually just go to the NIC directly but we'll go to the VM we're going to look at our networking we can see our IP configuration so we'll pick our network interface I can see my IP configurations we'll select our first IP configuration then we can see there's no public IP so we'll select enabled and we can pick that public IP we created and we'll hit save so at this point it has a public IP address so should we now be able to connect to that virtual machine but we can certainly try it so let's just let this finish doing those updates to the IP stack and then we can try that RDP so that change has been made now we'll go back to our virtual machine again go to my overview and I'll hit connect it's going to use that DNS name of the associated public IP I can download the file let's create an RDP file for me I'll open it up I'll use remote desktop connection and let's can it and it's gonna fail why is it failing we'll remember we have the NSG the NSG is blocking anything inbound unless it's already on the virtual network well I'm not on the virtual network so need to update our NSG now you'll notice on the networking tab it actually shows me the inbound port rules that's attached to the subnet I my NSG se us test and I can add a new rule now I don't want to just open it up from the internet if I can help it let's just test so technically I guess I could but I'm still going to get attacked and hacked so if we add an inbound port wall instead of doing the sauce service tag where I could say internet I only want to allow it from a particular IP address ie mine so what I can do if I jump over for a second I can say what is my IP so this is my public facing IP address that's where request of the Internet will be seen to be coming from that's my net service so what we'll do is we'll take what is my outbound facing IP address and we'll allow that and my destination well it would just be that particular virtual machine so that was 172 16 0.4 and we're gonna use 32 89 which is our DP and the action is going to be allow my priority for this I don't want to make it too low because if my what I do things your front bit in the future so I'm just gonna say it's gonna give me a list of what the valid ones are I can go so of 100 200 300 I'm just gonna say a thousand for this one so we'll set my priority to be a thousand and my name will be RDP VM test one and we'll hit add so it's adding that new rule so if I go and actually look at that NSG again in detail look at my inbound rules you can see all of the default ones and now there's hey look allow from this source only to my 172 16 0.4 again let's just check that if we look at my networking on this virtual machines that's my resource group my virtual machine networking my IP address 1 7 2 16.0 at 4 I'm not saying the public IP that's kind of invisible it's just redirecting I have to enable it to the internal IP address now let's try that RDP again so we'll connect I could use the existing RDP file probably should wasn't being lazy download there's the file connect and this time it works I can go ahead and use that account I created trusts that sir but I'm now connected to my virtual machine so we created a VM we put a network security group on the subnet we added an exception just for us now if I'm sitting in Starbucks if I'm sitting at work remember that public IP address is not unique to me it's anyone that's going through the same network address translation service probably anyone in Starbucks anyone at my office but I have bet it locked it down than just anyone on the internet now we've been that virtual machine we have the operating system we have the various time zone this UTC if I actually go ahead and look at my storage we'll see remember I have my OS disk my C Drive and then the temporary disk this is local storage on a node that happens to be running my virtual machine I never ever ever put anything on here I care about has a data loss warning file I don't put stuff here you can lose it it does put the page file there so we look at hidden items and also its what the options per second if we say we want to see the system they go hi protected let me see the page file as well so that's what it is using it for for Windows it's putting the page file on there but essentially I have those two disks now if I minimize this for a second I can absolutely add other things to it so if I go look at my resource group again I could add a new managed disk so if I just search for disk manage disk I'll create a new one credit my resource group I'm gonna call it VM test one data one I have to create it in the same region as my VM there's no source it's gonna be blank what size do I want it to be can be super small I'll create it really small because I'm cheap encryption can just be encryption at rest using platform managed again I have my tag options review and I'll create it that's creating me that new managed disk well that's completing we'll jump back again there it is so we'll go back to my resource group getting things take a second to show up here but it would show up here eventually I'll go and look at my virtual machine remember it's running so while it's running I'm going to add a day to disk now again I could have kind of created it from here but notice there's a disk already I've already created I'm going to go ahead and add that and hit save and now if I jump back to the virtual machine so I'm inside the guest / startup disk manager I'm old fashioned there's other ways to do this but it's detected the new disk so I'll initialize it GPT from here I'll create a volume I just call it data make sure you always do a fast format and now I have a data drive and there we go so that's what I actually put data I never put things on the D Drive that's a bad day it's temporary but now I've added a day to disk to it and I'm good to go so that was creating a virtual machine now you would do other things you would install applications and everything else you might add services that have ports you'd off on the public etc etc now if I was to shut this down remember I don't stop paying for it just shutting it side if the guest doesn't actually deallocate it from the fabric if I actually want to stop paying for it it I have to shut it down from the fabric itself there's also saying else I want to demonstrate so I'm actually gonna disconnect when you're not using it so you're not using this virtual machine remember you can always go back in that network security group we created inbound rule I can look at this is me remember and I could deny essentially locking myself out of it again now to come back and allow it when I want to connect this is essentially what the just-in-time feature of the azure Security Center is doing it detects your public IP it adds a rule it dis a was it after a certain amount of so now if I went back to my downloads there's my RDP file and we try and connect again and they do actually take a while to take effect so see if it's actually I was too quick this may let me in yep still let me in all right let's give it a second let's make sure my change took effect there's my rule and there's now denied tick tick tick let's try now and the same thing happens when you enable it it normally takes 30 seconds just try and connect again okay so now you can see it's failing so now I've blocked my access to again so if I either connected have to go back into the NSG enable the rule wait 30 seconds then I can connect again a better way is to use the azure Security Center just in time protection that does all of this for me or set up a point to cite a site-to-site Express route or I can use the azure Bastian service important point though I finished using it now we did set up that automatic shutdown rule so it's going to turn itself off anyway if I know I'm kind of done with it right now just shutting it down from having the guest would not be good enough I have to hit stop from the fabric if I hit stop from now it's actually going to deallocate it because I did a dynamic public IP listen to me how you're gonna lose this IP it's gonna change when you start again do you want to reserve it no I really don't care so it's actually gonna go ahead deallocate oh I stopped paying for the virtual machine now even when it's the allocated I'm still gonna be paying for the storage that data disk I created and the OS disk so if I've completely finished I've done my test I don't want this anymore make sure you remember to go ahead and delete the disks delete the network interfaces delete the public IP maybe even the storage account don't need it for other virtual machines also by keeping it in a resource group if I know I'm completely done well I can just delete the resource group and it will delete all of those things so that was kind of a very detailed look at creating a virtual machine in agile so hope that was useful hope it made a bit of sense to actually goes through step by step and manually do a lot of the things that would have kind of just happened behind the scenes but we wouldn't have really understood what happened and why it was happening so until next time please like please subscribe please share please comment I'll see you soon take care [Music] you
Info
Channel: John Savill's Technical Training
Views: 25,369
Rating: undefined out of 5
Keywords: Azure, Introduction, VMCreation
Id: K-FQXgVZyl0
Channel Id: undefined
Length: 36min 27sec (2187 seconds)
Published: Sun Apr 19 2020
Related Videos
AZ-104 Microsoft Azure Administrator Associate Certification SUPER Study Cram
John Savill's Technical Training
47K
31 nooby C++ habits you need to ditch
mCoding
7.2K
Understanding DNS in Azure
John Savill's Technical Training
32K
Kubernetes Tutorial for Beginners [FULL COURSE in 4 Hours]
TechWorld with Nana
2.6M
How to Create an Azure Virtual Machine
Harry Lowton
9.5K
Build a Company in Azure
Daniel Baker
112K
you need to learn Virtual Machines RIGHT NOW!! (Kali Linux VM, Ubuntu, Windows)
NetworkChuck
3.2M
AZ-305 Designing Microsoft Azure Infrastructure Solutions Study Cram
John Savill's Technical Training
14K
Special Lecture: F-22 Flight Controls
MIT OpenCourseWare
2.1M
How To Speak by Patrick Winston
MIT OpenCourseWare
5.1M
Azure Storage and Disk Encryption Deep Dive
John Savill's Technical Training
7.1K
Microsoft Azure Weekly Update - 7th November 2021 - IGNITE FALL 2021 Edition
John Savill's Technical Training
9.1K
Disaster Recovery in Microsoft Azure
John Savill's Technical Training
8.6K
The Line Between AD and Azure AD!
John Savill's Technical Training
20K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.