How do I create a VM in Azure?

Tags cloud

Follow this guide to set up a Virtual Machine in Azure.

1. Choose Virtual Machines in the left-hand blade of the Azure portal.


Choose Virtual Machines
 

2. Click Add +.
 
3. In the Basics tab, under Project details, make sure the correct subscription is selected and then choose to add to the resource group you’ve previously created.

Project Details
 
4. Under Instance details, type <netID>-TestVM for the Virtual machine name and choose North Central US for your Location. For Image, select Windows Server 2016 Datacenter. Leave the other defaults.

Instance Details
 
5. Under Administrator account, provide a username, such as azureadminuser and a password (e.g. azureadminuserpassword1!). The password must be at least 12 characters long and meet the defined complexity requirements.
 
enter Admin info
6. Under Inbound port rules, choose Allow selected ports and select RDP.

Inbound port rules
7. Select Yes for Already have a Windows license, then check the Confirmation Box.
 
save money page, enter windows details
 
8. Leave the remaining defaults and then select the Review + create button at the bottom of the page.
9. After your VM has passed the validation check, click

NOTE:  In production, you might find Tags useful here as well.  For example, you could tag all your VMs that are running SQL across all resource groups to see how much you might be spending on SQL in azure. 

NOTE: This will take a few minutes to complete.  Not only is your VM being created, but a number of other resources are possibly being created as well. For example, a public IP for your machine as well as other network related resources. 

Connect to the virtual machine

Create a remote desktop connection to the virtual machine. These directions tell you how to connect to your VM from a Windows computer. On a Mac, you need an RDP client.

  1. Click the Connect button on the virtual machine properties page.
    connect button
  2. In the Connect to virtual machine page, keep the default options to connect by DNS name over port 3389 and click Download RDP file.
  3. Open the downloaded RDP file and click Connect when prompted.
  4. In the Windows Security window, select More choices and then Use a different account. Type the username as localhost\username, enter password you created for the virtual machine, and then click OK. In our example, this would be localhost\azureadminuser and azureadminuserpassword1!
  5. You may receive a certificate warning during the sign-in process. Click Yes or Continue to create the connection.
  6. Once Connected, right-click on the desktop and create a blank text file called TextFile.txt
  7. If the connection fails, make sure it’s using the public IP address and try again.

Network Security Groups

The above example automatically created network security group (NSG) rules to allow remote desktop access from all networks.  In practice, you’re likely going to want to restrict access to certain IP ranges.  It helps to think of NSG rules as an additional layer of Windows Firewall rules.

To edit the NSG rules for your VM:

  1. Locate the VM you’ve previously created and click on it.
  2. Along the left-hand side, click on “Networking” under settings.

    networking option in settings
     
  3. Click on the name of the NSG in the right-hand side.
    NSG name

 

  1. Click on “inbound security rules”
    inbound security rules

NOTE:  Prior to this step, you would likely want to click on the three dots next to the security rule that allows RDP access from all IP address ranges and choose to delete it.

  1. Click on “+ Add” add button

 

  1. Fill out the fields as appropriate, and click on “Add”.

NOTE:  Be sure to enter 3389 as the port number to allow Remote Desktop access or the appropriate port for whatever you’re looking to create a rule for and ensure that the priority entered is lower than any existing RDP rules.   Azure works from the lowest priority to the highest and stops once an appropriate rule is reached.  The Source IP address or CIDR range entered should be the IP address/Range of the machine you’re attempting to access Azure from.  Please avoid entering the entire UIC wireless range.  Instead, connect to VPN and connect from there.  At the moment, however, you will not be able to connect from UIC WIFI to an azure Private IP address.

  add inbound security rule

Automatically shutdown your VMs

VMs that have resources allocated, whether in use or not, will likely incur at least some charges.  Particularly when in testing, you may want to schedule your VMs to automatically shutdown to help avoid some unnecessary costs. 

  1. On the VM you want to configure automatic shutdown, click on the VM.
  2. Under “operations”, in the same blade where overview, settings, etc. are shown, click on “Auto-Shutdown”.
  3. Select a time and click on Save.

  save button

Additional Required Settings

  1. Ensure that OS, Data, and unattached disks are encrypted.
    1. Follow the documentation found here: https://docs.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss
  1. Ensure that the latest OS Patches for all Virtual Machines are applied.
  1. Ensure that RDP access is restricted from the internet
    1. For each VM open the networking blade.
    2. Verify that the inbound port rules does not have a rule for RDP such as:

port = 3389

Protocol = TCP

Source = Any Or Internet

  1. Ensure that SSH access is restricted from the internet.
    1. Verify that the INBOUND PORT RULES does not have a rule for SSH such as:

O port = 22

protocol =  TCP

Source =  Any OR  Internet

Print Article

Related Services / Offerings (1)

Microsoft Azure is an ever-expanding set of cloud services to help UIC innovate and meet your organizational needs. It’s the freedom to build, manage, and deploy applications on a massive, global network using your favorite tools and frameworks.