AZ-900 Microsoft Azure Fundamentals Exam

Compute Resources for Virtual Machines

Compute Resources for Virtual Machines

Azure offers a variety of virtual machine (VM) sizes and series, each designed to meet different workload needs. These VMs are built on different processor types, including Intel Xeon and Ampere Altra, and come with varying amounts of vCPUs (virtual central processing units) and memory. Understanding these differences is crucial for selecting the right VM for your application. For example, the B-series VMs are suitable for workloads with burstable performance requirements, while the E-series are better for memory-intensive applications.

The B-series VMs are designed for workloads that don't need consistent high CPU performance. They use a CPU credit model, where the VM accumulates credits when it uses less than its baseline performance and uses those credits to burst above the baseline when needed. This makes them ideal for web servers, small databases, and development environments. The B-series VMs can be deployed on various hardware types and processors, including Intel Xeon Platinum processors.

The Av2-series VMs are designed for entry-level workloads like development and testing. These VMs offer consistent processor performance, regardless of the underlying hardware. They are suitable for low-traffic web servers, small to medium databases, and proof-of-concept projects. The Av2-series also uses Intel Xeon processors, similar to the B-series, but are throttled to provide consistent performance.

The Epsv6-series VMs are powered by Azure's Cobalt 100 processor and are optimized for memory-intensive workloads. These VMs provide a full physical core for each vCPU and offer a high amount of memory per vCPU, making them suitable for large databases and data analytics. Unlike some other series, the Epsv6 VMs do not have local disk storage, which can be a cost-effective option for certain workloads.

The Dlsv5-series VMs run on Intel Xeon Platinum processors and are designed to reduce costs for applications that are not memory intensive. These VMs do not have any temporary storage, which lowers the entry price. They support various disk types, including Standard SSD, Standard HDD, and Premium SSD, and are suitable for a range of general-purpose workloads.

The Esv5 and Esv6-series VMs are built on Intel Xeon Platinum processors and are designed for memory-intensive enterprise applications. The Esv5 series offers up to 104 vCPUs and 672 GiB of RAM, while the Esv6 series, currently in preview, offers up to 128 vCPUs and 1024 GiB of RAM. Both series do not have temporary storage, and support various disk types. The Esv6 series is ideal for applications that benefit from low latency and high-speed local storage.

Finally, the Lsv3-series VMs are designed for high-throughput, low-latency workloads that require direct-mapped local NVMe storage. These VMs use Intel Xeon Platinum processors and are optimized for NoSQL databases like Apache Cassandra and MongoDB. They offer a large amount of local NVMe storage and are ideal for applications that need high IOPS and throughput.

Networking Components for Virtual Machines

When you create virtual machines (VMs) in Azure, each one needs a network interface to connect to the network. This interface is automatically created and attached to the VM during the creation process. Think of it like a physical network card in a computer, allowing the VM to communicate with other resources.

To manage and secure network traffic, you can use Application Security Groups (ASGs). These groups allow you to organize VMs based on their function, such as web servers or management servers. By adding a VM's network interface to an ASG, you can apply specific security rules to all VMs within that group. This makes it easier to control which traffic is allowed to reach your VMs.

Network Security Groups (NSGs) are another key component for securing your VMs. NSGs act as a firewall, filtering network traffic based on rules you define. These rules can allow or deny traffic based on the source, destination, and port. For example, you can allow inbound traffic on port 3389 for Remote Desktop Protocol (RDP) connections to a management VM, while blocking it for web servers. By default, all inbound traffic from the internet is denied.

Virtual networks are the foundation of your network in Azure. VMs within the same virtual network can communicate with each other by default, without any additional configuration. This allows for easy communication between different parts of your application. However, you can also create subnets within a virtual network to further segment your network and apply different security rules to each subnet.

Public IP addresses are used to allow VMs to communicate with the internet. When you assign a public IP address to a VM, it can receive inbound traffic from the internet and send outbound traffic. However, it's important to use NSGs to control which traffic is allowed to reach your VMs from the internet. For example, you might allow traffic on port 80 for web servers, but block all other ports.

In summary, networking components like network interfaces, ASGs, NSGs, virtual networks, subnets, and public IP addresses are essential for creating and managing secure and functional VMs in Azure. These components work together to provide connectivity, security, and control over your virtualized environment.

Monitoring and Management Tools

Azure provides a suite of tools to monitor and manage your virtual machines (VMs), ensuring their health, performance, and security. These tools help you gain insights into your VMs and take necessary actions to maintain optimal operations. Key services include Microsoft Defender for Cloud, Azure Monitor, and Azure Network Watcher. These tools are essential for maintaining a robust and reliable cloud environment.

Microsoft Defender for Cloud is a security management system that helps protect your Azure VMs by monitoring their security settings and identifying potential threats. It assesses the configuration of your resources, looking for vulnerabilities and security issues. It uses Azure role-based access control (Azure RBAC) to manage permissions, ensuring that only authorized users can access security information. Defender for Cloud also uses the Microsoft Monitoring Agent, which collects data and stores it in a Log Analytics workspace. This agent is the same one used by Azure Monitor, streamlining data collection.

Azure Monitor is a fundamental tool for monitoring the performance and health of your Azure services, including VMs. It provides infrastructure-level data about service throughput and the surrounding environment. Azure Monitor includes several components, such as the Azure Activity Log, which provides insight into operations performed on resources, and Azure diagnostic logs, which offer detailed data about the operation of a resource. Additionally, metrics (performance counters) provide telemetry data, allowing you to track the performance of your workloads. Azure Diagnostics enables the collection of diagnostic data on deployed applications, while Azure Network Watcher simplifies monitoring and diagnosing your Azure network.

Azure Network Watcher is a service that helps you monitor and diagnose your Azure network. It provides tools to capture packets on VMs, gain insights into network traffic using flow logs, and diagnose VPN gateway connections. Network Watcher offers capabilities such as Topology, which provides a view of network resource interconnections, and Variable packet capture, which allows you to capture packet data in and out of a VM. These features are crucial for understanding and troubleshooting network issues.

Azure also offers features like Scheduled Events, which provide advance notifications of upcoming availability impacts, and Flash Health events, which provide near real-time information about past availability impacts. These features help you proactively manage your VMs and respond to events quickly. Furthermore, Azure provides options for guest updates, including OS image upgrades, guest VM patching, and guest extension upgrades, ensuring your VMs are up-to-date and secure.

In summary, Azure provides a comprehensive set of monitoring and management tools that are essential for maintaining the health, performance, and security of your virtual machines. Services like Microsoft Defender for Cloud, Azure Monitor, and Azure Network Watcher, along with features like Scheduled Events and guest updates, enable you to proactively manage your VMs, respond to issues quickly, and ensure a reliable cloud environment.

Storage Options for Virtual Machines

When creating virtual machines (VMs) in Azure, understanding the different storage options is crucial for performance and cost optimization. Azure provides several types of disks that serve different purposes, each with its own characteristics and use cases. These include OS disks, data disks, and temporary disks. Choosing the right disk type is essential for ensuring your VM runs efficiently and meets your application's needs.

Every Azure VM has one OS disk attached, which contains the operating system selected when the VM was created. This disk is where the boot volume resides and is typically used for storing the operating system files. While you can store applications and data on the OS disk, it's generally recommended to use separate data disks for this purpose. The OS disk has a maximum capacity of 4,095 GiB, but many operating systems use a master boot record (MBR) that limits the usable size to 2 TiB. If you need more space, you should use data disks or convert the OS disk to a GUID partition table (GPT). On Windows VMs, the OS disk is usually drive C and is persistent storage.

Data disks are managed disks attached to a VM to store application data and other persistent data. These disks are registered as SCSI drives and are labeled with a letter you choose. The number of data disks you can attach depends on the size of the VM. Using data disks for applications and data offers several benefits over using the OS disk, including:

• Improved backup and disaster recovery
• More flexibility and scalability
• Performance isolation
• Easier maintenance
• Improved security and access control

Most VMs also have a temporary disk, which is not a managed disk. This disk provides short-term storage for applications and processes, such as page files, swap files, or SQL Server tempdb files. Data on the temporary disk is not persistent and may be lost during maintenance events, VM redeployment, or when the VM is stopped. On Linux VMs, the temporary disk is typically /dev/sdb, and on Windows VMs, it's drive D by default.

Azure offers two main types of disks: Standard disks and Premium disks. Standard disks are backed by HDDs and provide cost-effective storage suitable for development and testing workloads. Premium disks, on the other hand, are backed by SSDs, offering high performance and low latency, making them ideal for production workloads. VM sizes with an "S" in their name typically support Premium Storage. When selecting a disk size, the value is rounded up to the next type.

Managed disk snapshots are read-only, crash-consistent full copies of managed disks. They are stored as standard managed disks and can be used to back up your disks at any point in time. Snapshots exist independently of the source disk and can be used to create new managed disks. You are billed based on the used size of the snapshot, not the provisioned size.

Azure provides several security features for managed disks, including server-side encryption and Azure Disk Encryption. Server-side encryption is enabled by default for all managed disks, snapshots, and images, providing encryption at rest. Azure Disk Encryption allows you to encrypt the OS and data disks using BitLocker on Windows VMs and DM-Crypt on Linux VMs. You can also use Azure Private Link to import or export managed disks within your virtual network, ensuring data travels only within the secure Microsoft backbone network.

High Availability and Scalability

High availability and scalability are crucial for ensuring that applications remain accessible and perform well, even during maintenance or increased demand. Azure provides several mechanisms to achieve this, including availability zones, availability sets, and virtual machine scale sets. These tools help distribute virtual machines (VMs) across different physical locations and update domains, minimizing downtime and maximizing performance.

Availability zones are unique physical locations within an Azure region, each with independent power, cooling, and networking. By deploying VMs across multiple zones, you ensure that your application remains available even if one zone experiences an outage. Azure ensures that VMs in different zones are not updated simultaneously, further enhancing availability. This distribution across zones also means that your VMs are spread across multiple fault domains and update domains, providing a robust setup.

Availability sets are another way to provide high availability for your applications. When you deploy VMs within an availability set, Azure distributes them across up to 20 update domains. During scheduled maintenance, only one update domain is updated at a time, ensuring that at least one VM remains available. This approach helps protect your application from downtime during planned maintenance events that require a reboot.

Virtual machine scale sets allow you to deploy and manage a set of identical VMs as a single resource. In Flexible orchestration mode, you can choose to spread your instances across multiple zones or fault domains within a single region, combining scalability with regional availability. Uniform scale sets, similar to availability sets, distribute VMs across update domains, ensuring that only one domain is updated at a time during maintenance. This helps maintain application availability while allowing for easy scaling of resources.

Azure periodically updates its platform to improve reliability, performance, and security. Most updates do not require a reboot of the VMs. When a reboot is necessary, Azure provides a self-service window, typically lasting about 35 days, where you can initiate the maintenance yourself. This allows you to control when the maintenance occurs, minimizing disruption to your applications. If you choose not to use the self-service window, Azure will perform the maintenance during a scheduled maintenance window, ensuring that updates are applied in a controlled manner.

For updates that don't require a reboot, Azure often uses live migration. This process moves a VM to a different host without requiring a reboot, typically causing a pause of no more than 5 seconds. Live migration helps maintain application availability during maintenance events. It is used in planned maintenance, hardware failures, and allocation optimizations.

In summary, Azure offers a variety of tools and techniques to ensure high availability and scalability for your virtual machines. By using availability zones, availability sets, and virtual machine scale sets, you can protect your applications from downtime during both planned and unplanned events. Understanding these mechanisms and how they work is essential for building resilient and reliable applications in Azure.

Conclusion

This section covered the essential resources required for Azure Virtual Machines. We explored different VM sizes and series, emphasizing the importance of selecting the right size based on workload requirements. We also discussed networking components like virtual networks, subnets, and network security groups, which are crucial for communication and security. Additionally, we examined monitoring and management tools such as Azure Monitor and Microsoft Defender for Cloud, which help maintain the health and security of VMs. We also reviewed storage options, including managed disks and their types, and finally, we discussed high availability and scalability mechanisms like availability zones and scale sets. Understanding these concepts is vital for effectively deploying and managing virtual machines in Azure.