# Azure Virtual Machines

*Azure Virtual Machines (VMs)* are a type of Infrastructure-as-a-Service (IaaS) that enables you to create and run virtual machines in the cloud. 

> A virtual machine is a software emulation of a physical computer system that runs on top of a hypervisor, which is a layer of software that allows multiple virtual machines to run on a single physical server. Each virtual machine has its own operating system, applications, and data, and can be managed independently.

## VM Density

*VM density* refers to the number of virtual machines that can run on a physical server. The density of virtual machines that can be run on a server depends on the hardware resources of the server, such as CPU, memory, and storage capacity, as well as the workload characteristics of the virtual machines.

Azure VMs offer high VM density, which means that you can run multiple virtual machines on a single physical server without sacrificing performance or reliability. This can help you optimize your IT infrastructure and reduce costs.

## When to use Azure VMs?

Azure VMs can be used for a variety of scenarios, such as:
- Hosting web applications and services
- Running enterprise applications and workloads
- Developing and testing applications
- Running virtual desktops
- Storing and managing data

## Benefits of using Azure VMs

Using Azure VMs can provide benefits such as:
- **Scalability**: You can quickly provision new virtual machines as your business needs change
- **Flexibility**: You can choose from a wide range of virtual machine sizes, operating systems, and software configurations
- **Reliability**: Azure VMs are backed by Microsoft's service level agreements (SLAs), which guarantee high availability and reliability
- **Cost-effectiveness**: You pay only for the resources you use, and you can easily scale up or down as needed

## VMs Architecture

Azure Virtual Machines (VMs) are built on a virtualized infrastructure that consists of multiple layers. At the lowest level is the physical server hardware. Above that is the *hypervisor layer*, which is responsible for creating and managing the virtual machines. The hypervisor isolates the virtual machines from each other and from the underlying hardware, allowing multiple virtual machines to run on the same physical server.

Each virtual machine runs its own operating system, which is referred to as the *guest operating system*. The **guest operating system** interacts with the **hypervisor layer** to access the physical resources of the underlying hardware. The hypervisor layer also provides the virtual machine with a set of virtual hardware devices, such as virtual CPUs, virtual network adapters, and virtual disks.

Above the hypervisor layer is the *host operating system layer*. The **host operating system** runs on the physical server and provides a platform for managing the virtual machines. The host operating system is responsible for tasks such as resource allocation, virtual machine monitoring, and virtual machine management.

> Azure VMs are **un-managed**, which means that you are responsible for managing the operating system and applications running on the virtual machine. However, Azure provides tools and services that make it easier to manage virtual machines at scale, such as Azure Automation and Azure Virtual Machine Scale Sets.

## How to create a VM?

Creating a virtual machine in Azure is a straightforward process that can be done through the Azure portal or using Azure command-line interface (CLI). Here we will describe the process of creating one using the Azure portal.

Firstly, from the Azure portal homepage select the **Create a resource** button from the top left corner of the dashboard. **Virtual Machine** will appear under **Popular Azure services**, but can also be found under **Compute** in the **Categories** panel on the left side.


<p align="center">
    <img src="images/CreateVM.png" height="400" width="700"/>
</p>


Click on **Create** to start the process of creating your first Virtual machine. 

To do so, you will need to complete the following details:

### **Project details**

Here, you will first have to select the **Subscription** (your account will only have one subscription to select from). In this section you can allocate the VM to a specific resource group. Let's create a new resource group for the VM, using the **Create new** button and call it `my-vm-rg`.

<p align="center">
    <img src="images/ProjectDetails.png" height="250" width="700"/>
</p>

### **Instance details**

The mandatory fields to complete here are: 
- **Virtual machine name**
- **Region**: Pick the region geographically closest to you
- **Image**: This represents the operating system of your virtual machine
- **Size**: Select the appropriate size of the virtual machine based on the resource requirements of your workload

<p align="center">
    <img src="images/InstanceDetails.png" height="400" width="700"/>
</p>

### **Administrator account**

When creating a virtual machine in Azure, you have two main options for authentication: *password-based authentication* and *SSH-based authentication*.

**Password-based authentication** is the most common method of authentication for Windows virtual machines in Azure. When creating a virtual machine, you can specify an administrator username and password that will be used to log in to the virtual machine's operating system. The password should be strong and secure to prevent unauthorized access to the virtual machine.

**SSH-based authentication** is the most common method of authentication for Linux virtual machines in Azure.

> *SSH (Secure Shell)* is a network protocol that allows secure remote access to the virtual machine's command-line interface.

When creating a virtual machine, you can specify an *SSH public key* that will be used to authenticate access to the virtual machine's operating system. For our VM, we will have the following specifications for the **Administrator account**:

<p align="center">
    <img src="images/AdministratorAccount.png" height="300" width="650"/>
</p>

### **Inbound port rules**

When using SSH-based authentication for virtual machines in Azure, it's important to understand how *inbound port rules* work to allow SSH traffic to access the virtual machine. 

> **Inbound port rules** are a set of instructions that determine how inbound network traffic is handled by a firewall or *network security group (NSG)*. In the context of VMs, inbound port rules are used to control incoming network traffic to a virtual machine.

By default, Azure blocks all incoming traffic to virtual machines, so you need to explicitly allow SSH traffic through the Azure NSG.

> An **NSG** is a virtual firewall that controls inbound and outbound traffic to a virtual network. To allow SSH traffic to access a virtual machine, you need to create an inbound port rule in the NSG that allows traffic on **port 22**, which is the default port used by SSH. 

<p align="center">
    <img src="images/InboundPortRules.png" height="250" width="650"/>
</p>


> It's important to note that SSH-based authentication is more secure than password-based authentication since it uses public-key cryptography. Additionally, SSH public keys can be easily rotated, making it easier to manage access to the virtual machine.

Now that we have completed all the necessary information for provisioning our first VM, we can continue using the **Review + create** button. Azure will now validate our configuration, and once the validation has passed we will click **Create**. This will prompt us to the following pop-up:

<p align="center">
    <img src="images/GenerateKeyPair.png" height="400" width="700"/>
</p>

Select **Download private key and create resource** to download the private key you created for the SSH-based authentication to your VM. The key will be saved locally on your computer. Once the VM has been successfully created you will be met with the following page:

<p align="center">
    <img src="images/FirstVM.png" height="400" width="700"/>
</p>

Congratulations you have just created your first VM in Azure! To see more details about the VM select the **Go to resource** button, this will redirect you to the resource overview page of the VM.

## How to connect to a VM?

To connect to a VM we can simply follow the instructions presented on the resource page under the **Connect** panel:

<p align="center">
    <img src="images/SSHConnect.png" height="400" width="700"/>
</p>

- Open a terminal on your local machine
- Change the working directory to the directory where you have previously downloaded the private key file
- Change the permissions of the private key file to have read-only access, using the command: `chmod 400 <keyname>.pem`
- Run the following command to connect to your VM: `ssh -i <private key path> azureuser@<ip address>`. You will be able to get your own IP address from the **Connect via SSH with client** page (as seen above).

If everything has been set correctly, and the connection is being initiated, you will be prompted to the following message:

<p align="center">
    <img src="images/TerminalConnectVM.png" height="400" width="600"/>
</p>

Type **yes** and then press Enter. Once connected to the VM, you will see the following in your terminal:

<p align="center">
    <img src="images/VMTerminal.png" height="400" width="600"/>
</p>

Now we are ready to start using our VM!

## Key takeaways

- Azure Virtual Machines (VMs) are virtual, not real servers running on physical real servers. They are an un-managed service in the Infrastructure as a Service (IaaS) category.
- VMs can be used for a variety of purposes, including hosting websites, running applications, and performing data analysis
- The architecture of Azure VMs consists of the hypervisor layer, the host operating system layer, and the guest operating system layer
- To create a virtual machine in Azure, you need to specify the virtual machine name, the virtual machine size, the operating system, the administrator account, the authentication type, and the inbound port rules
- When creating a virtual machine, you can choose between password-based authentication and SSH-based authentication. With SSH-based authentication, you need to generate an SSH key pair and upload the public key to the virtual machine during the creation process.
- Inbound port rules are used to control incoming network traffic to a virtual machine. By default, all inbound traffic is blocked, and you need to create inbound port rules to allow incoming traffic for specific ports.