Provisioning a VM in Azure involves more components than the VM itself. With adaptation of ARM Azure has decomposed the VM into set of services.There are compute, networking, storage and other peripheral elements. While provisioning the VM (either from Portal or Template) We should always consider these services as individuals and then provide their references where needed. For example Create the VNet and appropriate subnets and while creating the VM provide Subnet as reference.That way it becomes easy to manage and change things on demand ex- You can detach & attach NIC cards if in case your communication model changes.
Here is high level decomposition of services which constitute a Virtual Machine in Azure-
- Resource Group- A Resource group work as container for set of resources who shares same life cycle and management policies.As stated before VM is actually combination of multiple service glued togather, we do need Resource Group to hold them in one basket.
- Virtual Network-With ARM way of deployment each VM has to be deployed inside a Virtual Network to provide isolation/control on provisioned infrastructure.Once VNet in place we have to divide this further into subnet (VLAN concept in data center) and that is where individual VM will be provisioned.in nutshell it help you defines internal addressing.
- Virtual Machine- For IaaS VM has been primary construct. Now when you are migrating the VM from onprem, you can directly convert the machines into VHD's( Azure supports only VHD, support for VHDX is not yet facilitated).To achieve this we can make use of waagent( if your workload is Linux based)or sysprep ( on Windows front) . Once thats in-place we should port them to Azure storage.While provisioning the VM reference those VHD files from blob storage. On other hand if you are creating a fresh VM you can choose the same from the list of published images on azure gallery.
- OS Disk- It's VHD file backed by Azure storage to provide persistence operating disk for Azure VM's. Because of it's persistence it's immune from host machine going down.
- Temporary disk- This is ephemeral storage given to you free of cost by Azure.Any VM when gets created will always come with temporary disk (the D: drive on Windows). This disk is stored on a physical drive on the host machine. Because it's not backed by Azure storage it's tagged with Machines life cycle events.There is high chance of losing the data even during the reboot of VM. That limits the use of this storage only for the data which is temporary in nature.
- Data Disks- Just like OS disk this also gets stored on Azure storage as Page Blob. In contrast to temporary Disk this provides persistent storage for application data.
- Public IP - When provisioned, VM will get a private IP from the list of available ips in specified subnet. But that cant be used for public communication like RDP till you have VPN connectivity in place.To facilitate the same you can create one Public IP and associate that with aforementioned VM.
- NIC- NIC's(Network Interface Cards) are essential for any Virtual Machine being provisioned in Azure. It encapsulates all the network and communication related informations. With ARM you can associate multiple NIC's on given VM( selected tier has to support that).Given the circumstances you can detach the NIC from one VM and attach the same to another.
- NSG- NSG (Network Security Groups) are used to control the flow of traffic in and out of your VM. It's an extension to ACL's(Access Control Lists) which were used uding the classic model. Under this you can control the traffic(allow/deny) at different level, it presents the opportunity to get associated with subnet ,NIC or both. It's bi-directional in nature which means you can control ingress and egress both the traffic.
- Diagnostics- Diagnostic logging provides you appropriate logs which could latter be used for troubleshooting purpose.
Having discussed the major components, let's dive deep into some of the Best Practices-
1.Use Azure Managed Disks With VMs
When you choose this you don’t have to worry about placing the disks across multiple storage accounts in order to ensure you stay within the scalability limits for the storage accounts.Now it's Azure responsibility to do this management for you. - Azure handles that for you.Earlier to improve IOPS(input output operations per second) you have the responsibility to place each data disks into single storage account.Moreover it provides additional benefits like-Support for Azure backUp Service,simple and scalable VM deployment along with granular access control
2.Preventing Charges For Azure VM When Not In Use
One thing about Azure worth considering is that it makes distinction between "stopped" and "deallocated" states of the VM. You are charged when the VM status is stopped, but not when the VM is deallocated.
If you are operating from Azure Portal, press of Stop button will always deallocates the VM. However, if you are shutting it down through the OS while logged in, the VM goes into stopped mode , while in stopped mode VM's will still be charged.
Same holds true in case of deletion - When you delete delete a VM, the VHDs that are associated with this will not automatically get deleted. That means you can safely delete the VM without losing data. However, you will still be charged for storage. To avoide unnecessary incur you have got to delete the file from blob storage.