Creating and configuring Azure Virtual Machines (VMs) is a fundamental skill in the "Deploy and manage Azure compute resources" domain of the AZ-104 certification. It requires moving beyond simple deployment to mastering Infrastructure-as-a-Service (IaaS) architecture. Administrators must choose th…Creating and configuring Azure Virtual Machines (VMs) is a fundamental skill in the "Deploy and manage Azure compute resources" domain of the AZ-104 certification. It requires moving beyond simple deployment to mastering Infrastructure-as-a-Service (IaaS) architecture. Administrators must choose the optimal deployment method, utilizing the Azure Portal for ad-hoc resources or leveraging automation tools like Azure PowerShell, CLI, and ARM templates/Bicep for reproducible infrastructure.
Configuration begins with High Availability strategies. Administrators must configure Availability Zones to protect against datacenter-level failures or Availability Sets to isolate VMs across Fault Domains (power/network hardware) and Update Domains within a specific datacenter. Selecting the correct VM image (Windows/Linux) and Size (SKU) is critical to balance performance and cost, covering General Purpose, Compute Optimized, or Memory Optimized workloads.
Storage and networking are pivotal configuration aspects. You must configure managed disks, selecting the appropriate tier (Standard HDD to Ultra Disk) based on IOPS and throughput requirements. Networking involves associating the VM with a Virtual Network (VNet) and Subnet, configuring Network Interface Cards (NICs), and managing Public IP addresses. Crucially, Network Security Groups (NSGs) and Application Security Groups (ASGs) must be defined to strictly control inbound and outbound traffic flow.
Finally, configuration management extends to post-deployment actions. Administrators utilize VM Extensions to inject scripts (Custom Script Extension) or monitoring agents, and leverage Cloud-init (Linux) or User Data for boot-time configuration. Secure management is enforced via Azure Bastion to enable RDP/SSH access without exposing public IPs, or by integrating with Microsoft Entra ID (formerly Azure AD) for identity-based login. Mastering these elements ensures scalable, secure, and resilient compute resources.
Guide: Create and Configure Virtual Machines (AZ-104)
Why is this important? Virtual Machines (VMs) serve as the backbone of Azure Infrastructure as a Service (IaaS). For an Azure Administrator, mastering VM creation and configuration is essential because VMs are the primary target for 'lift-and-shift' migrations and hosting legacy applications. This topic represents a significant portion of the 'Deploy and Manage Azure Compute Resources' domain in the AZ-104 exam.
What is it? An Azure Virtual Machine is an on-demand, scalable computing resource. It is essentially a software emulation of a physical computer. While Azure manages the physical hardware and virtualization layer (the Hypervisor), you are responsible for configuring the Operating System (Windows or Linux), middleware, and applications. This is known as the Shared Responsibility Model.
How it works Creating a VM involves configuring several interdependent resources and settings:
1. The Compute Resource (Size & Image) You must select an image (Marketplace or Custom) and a Size/SKU. The SKU dictates the CPU, RAM, and Max IOPS. Common families include: - General Purpose (D-series): Balanced CPU/Memory. - Compute Optimized (F-series): High CPU-to-memory ratio. - Memory Optimized (E-series): High memory-to-CPU ratio. - Burstable (B-series): Low cost, capable of bursting CPU performance.
2. Storage (Disks) Every VM has an OS Disk and a Temporary Disk (data on temp disk is lost upon reboot). You can attach Data Disks for application data. Disk types include: - Standard HDD: Backup/Non-critical. - Standard SSD: Web servers/Dev-Test. - Premium SSD: Production workloads (required for certain SLAs). - Ultra Disk: Extreme performance (SAP HANA, top-tier DBs).
3. Networking A VM connects to a Virtual Network (VNet) via a Network Interface Card (NIC). The NIC is assigned a Private IP and optionally a Public IP. Traffic is filtered using Network Security Groups (NSGs) assigned to the NIC or the Subnet.
4. High Availability - Availability Sets: Distribute VMs across Fault Domains (physical power/rack) and Update Domains (logical reboots) within a single datacenter (99.95% SLA). - Availability Zones: Distribute VMs across physically separate datacenters within a Region (99.99% SLA).
Exam Tips: Answering Questions on Create and configure virtual machines When answering AZ-104 questions regarding VMs, look for these keywords to select the right answer:
1. Post-Deployment Configuration: If a question asks how to install software (like IIS or NGINX) automatically during creation, look for Custom Script Extensions, Cloud-init (Linux), or User Data. Avoid answers suggesting manual RDP/SSH unless specifically required.
2. SLA Requirements: Pay close attention to the required uptime. If the scenario demands 99.99% availability, the answer must involve Availability Zones. If it asks for 99.95%, choose Availability Sets.
3. Public vs. Private Access: If a VM requires administrative access but should not have a Public IP, the answer usually involves Azure Bastion rather than opening port 3389/22 to the internet.
4. Changing Sizes: If asked about resizing a VM, remember that if the new size is not available on the current hardware cluster, the VM must be deallocated (stopped) before resizing. Hot-resizing is only possible if the hardware cluster supports the new size.
5. Password Reset: If an administrator loses access to a VM, the solution is the 'Reset Password' blade in the Azure Portal (or VMAccess extension via CLI), generally not deleting and recreating the VM.