Microsoft Azure Virtual Machines Cheatsheet: Cloud Computing Platform

Overview

Microsoft Azure Virtual Machines provide scalable, on-demand computing resources in the cloud, offering flexible infrastructure deployment and management.

Core Concepts

• Infrastructure as a Service (IaaS)
• Scalable Compute Resources
• Hybrid Cloud Integration
• Pay-as-you-go Pricing Model
• Trusted Launch (default for Gen2 VMs)
• Confidential Computing

Key Components

1. Virtual Machines

   • Compute resources with customizable configurations
   • Multiple VM series and sizes
   • Generation 2 (Gen2) VMs recommended for new deployments

2. Azure Resource Manager (ARM)

   • Deployment and management framework
   • Infrastructure as Code (IaC) support
   • Bicep as the preferred DSL over raw ARM JSON templates

3. Virtual Networks

   • Network isolation
   • Subnet configuration
   • Network security groups
   • Application security groups

VM Series and Types

1. General Purpose

   • Balanced CPU-to-memory ratio
   • Current generations: Dv5/Dsv5, Dv6/Dsv6, Dasv6 (AMD), Dpsv6 (Arm-based Cobalt 100)
   • Web servers, small-to-medium databases

2. Compute Optimized

   • High CPU performance
   • Current generations: Fsv2, Fasv6/Falsv6 (AMD), Fxmsv2
   • Batch processing, application servers

3. Memory Optimized

   • Large memory capacity
   • Current generations: Ev5/Esv5, Easv6 (AMD), Epsv6 (Arm), Mv3
   • Relational database servers, in-memory analytics

4. Storage Optimized

   • High disk I/O performance
   • Current generations: Lsv3, Lasv3 (AMD)
   • Big data, NoSQL, data warehousing

5. GPU

   • NCads H100 v5, ND H100/H200 v5, NVadsA10 v5, NGads V620
   • Graphics rendering, ML training/inference, HPC

6. HPC

   • HBv4, HX series (AMD EPYC)
   • Tightly coupled HPC workloads with InfiniBand

Provisioning Workflow

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Azure CLI VM Creation (UbuntuLTS alias is deprecated/removed — use a URN)
az vm create \
    --resource-group MyResourceGroup \
    --name MyVM \
    --image Canonical:ubuntu-24_04-lts:server:latest \
    --size Standard_D2s_v5 \
    --admin-username azureuser \
    --generate-ssh-keys \
    --security-type TrustedLaunch \
    --public-ip-sku Standard

# PowerShell VM Deployment (Az PowerShell module)
New-AzVM `
    -ResourceGroupName "MyResourceGroup" `
    -Name "MyVM" `
    -Image "Ubuntu2404" `
    -Size "Standard_D2s_v5" `
    -SecurityType "TrustedLaunch"

1
2
3
4
5
6
7
8
9
10
11
12
13
// Bicep is the preferred IaC for Azure
resource vm 'Microsoft.Compute/virtualMachines@2024-07-01' = {
  name: 'MyVM'
  location: resourceGroup().location
  properties: {
    hardwareProfile: { vmSize: 'Standard_D2s_v5' }
    securityProfile: {
      securityType: 'TrustedLaunch'
      uefiSettings: { secureBootEnabled: true, vTpmEnabled: true }
    }
  }
}

Key Management Commands

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# VM Management
az vm list --output table
az vm start --resource-group MyResourceGroup --name MyVM
az vm stop --resource-group MyResourceGroup --name MyVM
az vm deallocate --resource-group MyResourceGroup --name MyVM
az vm delete --resource-group MyResourceGroup --name MyVM --yes

# Run commands inside a VM
az vm run-command invoke -g MyResourceGroup -n MyVM \
    --command-id RunShellScript --scripts "uptime"

# Network Configuration
az network vnet create
az network nsg create
az network nsg rule create

Networking Configurations

• Virtual Networks (VNet)
• Subnet segmentation and delegation
• Network Security Groups (NSGs) and Application Security Groups (ASGs)
• Azure Load Balancer (Standard SKU; Basic SKU retired Sept 2025)
• Application Gateway / Azure Front Door
• VPN Gateway and ExpressRoute
• Public IPs (Standard SKU; Basic Public IP retired Sept 2025)
• Azure Bastion for secure RDP/SSH without public IPs
• Accelerated Networking (SR-IOV) enabled by default on supported sizes
• Private Link and service endpoints

Storage Options

1. Azure Managed Disks

   • Persistent block storage
   • Tiers: Standard HDD, Standard SSD, Premium SSD, Premium SSD v2, Ultra Disk
   • Zone-redundant storage (ZRS) options
   • Automated snapshots and incremental backups
   • Server-side encryption with platform- or customer-managed keys

2. Temporary/Ephemeral Disk

   • Local SSD storage
   • Lost on VM reallocation, stop-deallocate, or resize
   • Ephemeral OS disks supported for stateless workloads

3. Azure Files / NetApp Files / Elastic SAN

   • Shared file and block storage for VM workloads

Security Best Practices

1. Use Microsoft Entra ID (formerly Azure Active Directory) for identity
2. Implement Azure RBAC and least-privilege access
3. Enable Azure Disk Encryption or encryption at host with CMK
4. Apply updates via Azure Update Manager (replaces classic Update Management)
5. Use Network Security Groups and Just-in-Time (JIT) VM access
6. Monitor with Microsoft Defender for Cloud (formerly Azure Security Center)
7. Deploy Gen2 VMs with Trusted Launch (Secure Boot + vTPM) by default
8. Use Confidential VMs (DCasv5/ECasv5, DCesv5/ECesv5) for sensitive workloads
9. Access VMs via Azure Bastion instead of exposed public RDP/SSH
10. Store secrets in Azure Key Vault with managed identities

Cost Optimization Strategies

• Reserved Instances (1-year and 3-year terms)
• Azure Savings Plans for compute (flexible commitment)
• Spot VMs for interruptible workloads
• Auto-scaling with Virtual Machine Scale Sets
• Right-sizing with Azure Advisor recommendations
• Azure Hybrid Benefit (Windows Server and SQL Server / RHEL / SLES)
• Stop/deallocate VMs when not in use
• Microsoft Cost Management + Billing

Performance Optimization

• Select appropriate VM series and generation (prefer v5/v6)
• Use Premium SSD v2 or Ultra Disk for high-IOPS workloads
• Configure host caching (ReadOnly/ReadWrite)
• Enable Accelerated Networking
• Use Proximity Placement Groups for low-latency tiers
• Monitor performance with Azure Monitor metrics and VM Insights

Scaling Techniques

1. Horizontal Scaling

   • Virtual Machine Scale Sets (VMSS) — Flexible orchestration mode is the default and recommended (Uniform mode retired Sept 2024 for new use)
   • Autoscale rules based on metrics or schedule

2. Vertical Scaling

   • Resize VM to a different size within the same family
   • Some resizes require deallocation

Monitoring and Logging

• Azure Monitor (metrics and logs)
• Azure Monitor Agent (AMA) — Log Analytics Agent (MMA) retired August 2024
• VM Insights for guest-level performance and dependency mapping
• Log Analytics workspaces
• Application Insights for application telemetry
• Boot diagnostics and serial console
• Workbooks and Azure dashboards

Backup and Disaster Recovery

• Azure Backup with Recovery Services Vault
• Backup Vault and Enhanced Policy for trusted-launch VMs
• Azure Site Recovery for cross-region/cross-zone failover
• Managed disk snapshots and incremental snapshots
• Availability Zones and Multi-region deployments
• Azure Backup Center for centralized management

Compliance and Governance

• Azure Policy (with Policy as Code via Bicep/Terraform)
• Azure Landing Zones / Cloud Adoption Framework
• Management Groups and subscription hierarchy
• Resource tagging and tag inheritance
• Microsoft Purview for data governance
• Regulatory compliance offerings (ISO, SOC, FedRAMP, HIPAA, PCI DSS)

Note: Azure Blueprints is deprecated and being retired — migrate to Azure Landing Zones and Template Specs / Deployment Stacks.

Integration Ecosystem

• Azure Kubernetes Service (AKS)
• Azure Functions and Container Apps
• Azure Container Instances
• Azure DevOps and GitHub Actions for CI/CD
• Azure Resource Manager, Bicep, Terraform, Pulumi
• Azure Automation and Azure Update Manager

Hybrid and Multi-Cloud Scenarios

• Azure Arc-enabled servers (manage on-prem and other-cloud VMs)
• Azure Stack HCI / Azure Local
• Azure VMware Solution
• Hybrid connectivity via VPN and ExpressRoute
• Workload migration with Azure Migrate
• Consistent management plane across environments

Licensing Models

• Pay-as-you-go
• Reserved Instances (1- or 3-year)
• Azure Savings Plans for compute
• Spot VMs
• Azure Hybrid Benefit (Windows Server, SQL Server, RHEL, SLES)
• Dedicated Hosts for compliance/BYOL scenarios

Operating System Support

• Windows Server (2016, 2019, 2022, 2025)
• Windows 10/11 Enterprise multi-session (via Azure Virtual Desktop)
• Linux distributions: Ubuntu (20.04/22.04/24.04 LTS), RHEL (8/9/10), SLES, Debian, Rocky Linux, AlmaLinux, Oracle Linux, Azure Linux (CBL-Mariner successor)
• Custom images via Azure Compute Gallery (formerly Shared Image Gallery)
• Marketplace images

Note: CentOS reached end of life and is no longer supported — migrate to Azure Linux, Rocky Linux, AlmaLinux, or RHEL.

Recommended Learning Resources

• Microsoft Learn (learn.microsoft.com)
• Azure Architecture Center
• Azure Well-Architected Framework
• Cloud Adoption Framework for Azure
• Azure Certification Paths (AZ-104, AZ-305, AZ-700, AZ-500)
• Hands-on labs and sandbox environments
• Microsoft Q&A and community forums

Recommended Learning Path

1. Cloud computing fundamentals (AZ-900)
2. Azure core services and resource management
3. Virtual Machines and networking deep dive (AZ-104)
4. Architecture design and Well-Architected Framework (AZ-305)
5. Security, identity, and compliance (AZ-500)
6. Infrastructure as Code with Bicep / Terraform
7. Hands-on implementation and advanced configuration