Wilson Mar bio photo

Wilson Mar


Calendar YouTube Github


VMs, Scale Sets, App Services, Websites, Function Apps, Logic Apps, Docker Containers, AKS

US (English)   Norsk (Norwegian)   Español (Spanish)   Français (French)   Deutsch (German)   Italiano   Português   Estonian   اَلْعَرَبِيَّةُ (Egypt Arabic)   Napali   中文 (简体) Chinese (Simplified)   日本語 Japanese   한국어 Korean


This is the hands-on step-by-step tutorial I would give to a developer or administrator getting up and running compute on Azure cloud.

NOTE: Content here are my personal opinions, and not intended to represent any employer (past or present). “PROTIP:” here highlight information I haven’t seen elsewhere on the internet because it is hard-won, little-know but significant facts based on my personal research and experience.

Compute options

  • SaaS (Software as a Service): O365

  • PaaS (Platform as a Service) provides managed hosting environment: custom “Serverless” Azure Logic Apps for “orchestration” of Azure Functions; Azure App Service; Container to run in Docker or K8s (AKS), a static SPA Web Apps using Vue-based Nuxt.js)

  • IaaS (Infrastructure as a Service): Virtual Machines (like AWS EC2) using VHD images and/or Azure Redis Cache server

Decision chart from Microsoft: az-compute-decision-696x546 (Previous version)

“HPC” = (High Performance Computing) workloads run on Batch (not interactive).

VMs Azure Batch App Svc. Azure Functions ACI Svc. Fabric AKS
Load Balancer:
ALB ALB Integrated Integrated No built-in ALB ALB/AG
Scale Sets None Built-in Built-in None Scale Sets Pod & cluster
Minimum # of nodes:
1 1 1 1 Serverless 5 3
Default scale limits:
600 custom, 1000 platform image nodes per scale set 20 core limit (parallel) 30 instances, 100 with App Svc. env. 200 instances per function 20 container groups per sub. 100 nodes per scale set 100 nodes per cluster

Logic apps?

Web jobs?

Event Architecture


Service Purpose Type When to use
Event Grid Reactive programming Event distribution (discrete) React to status changes
Event Hubs Big data pipeline Event streaming (series) Telemetry and distributed data streaming
Service Bus High-value enterprise messaging Message Order processing and financial transactions


Payment options

  • Pay as you go (Billed per second on per-hour prices)
  • Reserved (provisioned) Virtual Machine instances
  • Spot Pricing - discounts for underused time slots, subject to instant removal
  • Azure Hybrid Benefit (through Enterprise Software Assurance from on-prem. licenses)

Azure App Services

Azure App Service (much like AWS Amplify) provides IaaS server infrastructure to run:

Deploy a website to Azure with Azure App Service:

Create an Azure App Service Web App

  • https://docs.microsoft.com/en-us/azure/app-service/
  • https://docs.microsoft.com/en-us/azure/app-service/overview
  • https://docs.microsoft.com/en-us/azure/app-service/quickstart-dotnetcore?tabs=netcore31&pivots=development-environment-vs

Enable diagnostics logging:

  • https://docs.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs

Deploy code to a web app

  • https://docs.microsoft.com/en-us/azure/app-service/deploy-run-package
  • https://docs.microsoft.com/en-us/azure/app-service/deploy-zip
  • https://docs.microsoft.com/en-us/azure/app-service/deploy-local-git?tabs=cli
  • https://docs.microsoft.com/en-us/azure/app-service/deploy-complex-application-predictably

Configure web app settings including SSL, API settings, and connection strings:

  • https://docs.microsoft.com/en-us/azure/app-service/configure-common
  • https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-bindings

Web Apps hosting

DOCS Unlike static web apps, Web Apps (formerly “Websites”) run ASP.NET, NodeJs, PHP, Ruby, Java, etc. to dynamically generate HTML before delivery to a user. So users also wait if the web app needs to start up. Due to caching, subsequent requests for that page is faster because the code is already compiled.

Classic .NET web apps sample URL:


PROTIP: The free plan cannot map to a custom domain of your choice.

Azure Web Apps service provides high availability auto-scaling.

Cold starts are avoided by using slot swaps to deploy to production.

YOUTUBE: How to auto-scale and optimize performance of .NET Web Apps with Microsoft Azure App Service

Create App Service in Bash Shell script


Create App Service in Portal GUI

  1. In a browser, go to “App Services” from the Home menu or in Search.

  2. Click blue “Create app service”
  3. Specify Subscription, Resource Group,

    Name: PROTIP: Include the VM Slot Tier (see below).

  4. The method to publish your app. Also configures the Runtime stack.
  5. Select a Runtime stack (.NET Core 3.1 (LTS)) - the platform on which the app runs.
  6. The operating system: Linux or Windows. Some runtime stacks supports only one.

    Linux Distros include CentOS, CoreOS, Debian, Oracle Linux, Red Hat Enterprise Linux, SUSE Linux Enterprise, openSUSE.

  7. Region (aka Location).
  8. Billing is by a App Service Plan:

    SKU and size defines the pricing tier of the plan and the scaling:

    ACU (Azure Compute Units) normalizes compute costs and performance across VM Types.

    Within Overview -> VM Types ->

    Slots (of different versions)

    LIMIT PROTIP: Each slot’s Tier type has a maximum number of staging slots imposed by Microsoft:

    • Dev/Test: F1 Free, D1 Shared, B1 Basic: 0 (none)
    • Standard: - 5 slots
    • Premium: - 20 slots
    • Isolated: I1, I2, I3 - 20 slots

    PROTIP: higher-priced tiers offer:

    • Immediate rollback option after swap (Staging to production)
    • Additional validation of app changes
    • Slot warming before swap
    • Support for auto-swap

  9. Select Review and Create to navigate to the review page.
  10. “Create”

    The F1 tier, select “Change size to open the Spec Picker wizard.

    On the Dev / Test tab, select F1 from the list, then select Apply.

    Select the App Service for your web app from the list.

    Be sure to select the App Service, and not the App Service plan.

  11. Wait for “Deployment successful”.
  12. In “App Service” (singular), “Configuration”,
  13. ”+ New connection string” and Name: “StorageConnectionString”.
  14. Copy values saved from Storage create earlier.
  15. Deployment slot setting: Not selected.
  16. Type: “MySQL”. ???
  17. OK.
  18. Click “Save” in command bar. Continue.

  19. “Properties” in left menu.
  20. Copy the value of the URL text box, such as


    Note: At this point, the web server at this URL will return a 404 error. You have not deployed any code to the Web App yet. You will deploy code to the Web App later in this lab.

  21. The App services Overview page displays metrics.

    Deployment slots

    Each deployment slot holds a separate instance of the web app with a different host name. Each is a different resource.

    There is an implicit production slot.

    REMEMBER: Each slot shares an App Service plan’s memory, CPU, and disk space.

  22. In the Azure portal, add deployment slots to an App Service web app.

    Create a staging deployment slot where to push code for testing.

    Then swap the staging deployment slot with the production slot.

    • Settings swapped: General settings, handler mappings, monitoring, diagnostics, WebJobs.
    • Setting that are configurable (either swappped or not swapped): App setting and connection strings.
    • Setting that are NOT swapped: publishing endpoints, custom domain names, SSL certs and bindings, scale settings, WebJob schedulers.

    The Azure portal provides out-of-the-box continuous integration and deployment with Azure DevOps, GitHub, Bitbucket, FTP, or a local Git repository on your development machine.

    Connect your web app with any of the above sources and App Service will do the rest for you by automatically syncing your code and any future changes on the code into the web app.

    In the Azure portal, create a Web App resource. This allocates a set of hosting resources in App Service, which hosts a web-based application written in ASP.NET Core, Node.js, Java, Python.

    PROTIP: Canary deployments need a different technology.

  23. An App Service plan is a set of virtual server resources that run App Service apps.

  24. Every App Service web app created must be assigned to a single App Service plan that runs it.

  25. A single App Service plan can host multiple App Service web apps.

    In most cases, the number of apps run on a single plan will be limited by the performance characteristics of the apps and the resource limitations of the plan.

    App Service plans are the unit of billing for App Service. The size of each App Service plan in your subscription, in addition to the bandwidth resources used by the apps deployed to those plans, determines the price that you pay.

    The number of web apps deployed to your App Service plans has no effect on your bill.

Service Fabric

Service Fabric is a distributed systems platform for packaging, deploying, and managing microservices.

Microservices can be deployed to Service Fabric as containers, as binary executables, or as Reliable Services.

Using the Reliable Services programming model, services can directly use Service Fabric programming APIs to query the system, report health, receive notifications about configuration and code changes, and discover other services.

Azure Logic Apps


Azure Logic Apps schedules, automates, and orchestrates tasks, business processes, and workflows.

It’s used to integrate apps, data, systems, and services across enterprises or organizations.

An example is a Trigger which fires when the stream of Tweets (or Slack posts) is found to contain a monitored keyword (@account, company name, #hashtag, etc).


A Cognitive (AI/ML) can run Text Analytics on the text to determine sentiment. If the score is >.5 (neutral), Actions can:

  • send email, SMS, etc. via Twillo
  • add a log entry
  • insert a row in a SQL database

  1. Have a Resource Group, Storage Account,
  2. Click the Logic App Designer can be used to create a workflow such as:

    Custom connectors can be written in ___.


Static App services

VIDEO: Static Web Apps are fast because HTML is already rendered and sitting close to users in a CDN.

Static web app sample URL:


  1. Generate the static HTML.

  2. On the Azure portal menu or from the Home page, select All resources.
  3. Search for “Static Web App”.


  4. Edit workflow in file created:


  5. GitHub Action runs

Azure Functions

Azure Functions is a hosting service that puts code onto a VM and executes it.

Function apps have a simplified programming model – do just one thing well so scaling can be precise and dynamic.

Function apps are event driven, triggered by data operations, timers, and webhooks.

LIMIT: 5-minute function runtime, 10 minute max.

Advantages of Serverless:

  • No infrastructure management (OS, VNnet, storage)
  • Integrated Security (AAD/Entra, Facebook)
  • Dynamic scalability without hassle (based on workload)
  • Faster time to market
  • More efficient use of resources

PRICING: FREE are 1 million executions (400,000 GB/s)

Sample use cases implemented in PowerShell to cover end-to-end (build, debug, deploy, monitoring) are covered by @Matt Allford in Azure Functions for DevOps Engineers Cloudskills videos:

  • When VM is deleted, remove from monitoring system
  • When resource group is created, look up cost center for region and add tag with number.
  • Add AD groups to new SQL servers

  • When CPU spikes > 90%, send teams event
  • When storage acccount latency > 50%, open GitHub issue
  • When certificates are about to expire, send email

  • Send Slack message
  • Send SMS message (via Twilio)

I hava a script that sets up a Function (below). However, several components are not available in the CLI and need manual actions in Azure portal to fill in the gaps. It’s explained in chapter 21 of EBOOK: Learn Azure in a Month of 21 Lunches (2020 Manning) by Iain Foulds (@fouldsy).

Durable functions

  1. G+/ Function apps are run as “Azure App Services”, but Pricing Tier “Dynamic” (pay only for transactions, not servers sittingh around) and App Type “Function App”.
  2. Subscription
  3. Resource Group

  4. A Function App Name with unique/random name within global $FUNCTION_NAME.azurewebsites.net
  5. Publish as Code / Docker Container
  6. Runtime stack: .NET Core C#, Node.js (JavaScript), Python, Java, PowerShell Core, Typescript, F#
  7. Version of language: 6 for PowerShell Core.
  8. Region:

  9. Hosting: A Storage account with a unique/random name.
  10. Hosting: Operating System: Linux/Windows (PowerShell only on Windows)
  11. Hosting: Plan

    Runtime Scaling by a Scale Controller seeing monitoring to create instances of 1GB memory in 1 CPU.

    Consumption function app scales to LIMIT: max of 200 instances. The problem with it is cold starts. If a function is not in memory, users would wait.

    Functions Elastic Premium Plan

    • Pre-warmed instances reserved pay
    • Premium instance sizes up to 100 instances
    • 30-minute function default runtime, 60-minute guarantee
    • Faster scaling than once/sec for HTTP and every 30 secs for non-HTTP.

    App Service Plan

    • Use dedicated VMs used in other App Service apps
    • Can provide custom image to run function
    • AutoScale VM instances
    • Run for unlimited amount of time

    Dedicated plan

  12. Monitoring: Enable App Insights, Region


    • App service plan
    • App service
    • Application insights
    • Storage account

  13. Tags

  14. Azure Functions templates at https://github.com/Azure/azure-functions-templates


    • HTTP
    • Timer trigger (alarm clock)
    • Azure Blob Storage trigger
    • etc.



    host.json reference for Azure Functions 2.x and later

    profile.ps1 is a PowerShell profile executed on every cold start

    requirements.psd1 is a manifest listing dependencies

    Deploy an app in the Portal: Deployment Center or Visual Studio client. LAB 100

    Get Publish Profile (XML file), Import Profile 108

  15. Integration

  16. Create a Service Bus namespace.
  17. Create a Service Bus.

  18. Run & Debug
  19. Monitoring trends and alerts


Create and deploy Azure Functions apps:

  • https://docs.microsoft.com/en-us/azure/azure-functions/functions-overview
  • https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-your-first-function-visual-studio
  • https://docs.microsoft.com/en-us/azure/azure-functions/functions-create-first-function-resourcemanager?tabs=visual-studio-code%2Cazure-cli

Implement input and output bindings for a function Implement function triggers by using data operations, timers, and webhooks

  • https://docs.microsoft.com/en-us/azure/azure-functions/functions-triggers-bindings?tabs=csharp
  • https://docs.microsoft.com/en-us/azure/azure-functions/add-bindings-existing-function?tabs=csharp
  • https://docs.microsoft.com/en-us/azure/azure-functions/functions-bindings-return-value?tabs=csharp
  • https://docs.microsoft.com/en-us/learn/modules/execute-azure-function-with-triggers/Implement

Azure Durable Functions:

  • https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-overview?tabs=csharp
  • https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-create-first-csharp?pivots=code-editor-vscode
  • https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-sequence?tabs=csharp
  • https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-cloud-backup?tabs=csharp
  • https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-monitor?tabs=csharp
  • https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-http-api#get-all-instances-status
  • https://docs.microsoft.com/en-us/azure/azure-functions/durable/durable-functions-external-events?tabs=csharp

Implement custom handlers:

  • https://docs.microsoft.com/en-us/azure/azure-functions/functions-custom-handlers

Create Virtual Machines in Portal GUI


  1. In portal, go to VM or Virtual Machines in Home menu or Recents or Search.

  2. Click “+ Create”. Select “Virtual Machine”, not “Start with a preset configuration”.
  3. All Services -> Virtual Machines. Commands:

    Basics | Disks | Networking | Management | Advanced | Tags | Review + create

  4. Project details: Subscription:
  5. Resource Group.

  6. Virtual machine name: Previously, Azure VM names had to be globally unique because they were were put in public domain cloudapp.net, but Microsoft has since added magic to get around that.

    VM Name conventions:

    • Limit 15 chars on Windows VMs
    • Limit 64 chars on Linux VMs
    • Role: sql, web, msg
    • Instance: 01, 02, etc.

  7. Region: PROTIP: “(US) East US 2” is where new features first appear. So for production, that’s not a good choice. “(US) West” is generally the lowest cost region globally.

    Availability Options

  8. Availability options:

    PROTIP: For development, leave default as “No infrastructure redundancy required”. But for production, select an “Availability zone” for High Availability (HA)

    Availability Option Description Disaster SLA
    Availability Zone distribute VMs across 1 to 3 zones within the same region which support it 1 or 2 data center zones 99.99%
    Availability Set Deploys separate VMs running constantly across several Fault Domains within a single Availability Zone individual rack 99.95%
    VM Scale Set rule-based scaling load-balanced VM instances up/down within a single Zone of fault and update domains individual VM 99.95%

    “Scale Set” can be selected on regions which have only one Zone.

    Select “Availability zone” to redundantly store data in several zones of Microsoft’s choosing. Microsoft will handle recognition of disaster and recovery for them.

    So this is the simplest approach. But consider the Pricing.

    QUESTION: How do admins know when a failover has occurred?

  9. If “Availability Zone” was selected, specify the number of zones.

    LIMIT: Most regions have a maximum of 3 zones (fault domains)

  10. Select “Availability set” for a region which does not have Availability Zones (such as Australia, AFAIK).

  11. VIDEO: If you selected “Availability Set”, you may define a new Name such as: VIDEO: REMEMBER:

    3fault_20update or 3racks_20shelves

    • Fault domains (FD) = separate racks
    • Update domains (UD) = individual shelves on each rack


    VIDEO: This is so each server can be taken offline for OS patching without impacting availability.

  12. Azure spot instance: As “No” is the default, click Yes to save money, if your app is designed for it (saves intermediate results which another server instance can retrieve and continue).

  13. Size:

    VM Size & Server Types

    PRICING of each VM type:

    A for Basic stdArd General Purpose VMs

    B for Burstable that stores credits used during low usage, but burst when needed. The number B1 is 100%, B2 to 200%, B10 to 1000% of base. Used for dev and testing.

    D for General Purpose apps, with DS instances for premium storage.

    DC for Data Center enterprise apps using Premium storage.

    E for mEmory optimized - high Memory-to-CPU ratio, with ES instances for premium storage.

    F for “Freakin” CPU Optimized - high Core-to-Memory ratio, with FS instances for premium storage.

    G for Godzilla - Very large instances: ideal for large databases and big data use cases.

    H for High performance computing aimed at very high-end computational needs such as modular modeling and other scientific applications.

    L for “Load” Storage Optimized instances which offer higher disk throughput and IO.

    M for Large Memory - allows up to 3.5 TB of RAM per instance.

    N for GPU eNabled

    r suffix for remote direct memory (RDMA)


  14. Administrator account: Authentication type: SSH or Password

    If SSH public key is chosen: The username and SSH public key source appear.

    If Password is chosen: Password and Confirm Password fields appear.

  15. Administrator account: Username:

    PROTIP: These Admin user names cannot be used:

    • 123
    • a, adm, admin, admin1, admin2, administrator,
    • actuser, aspnet
    • backup, console, david, john
    • i, guest, owner, root, server, sql, support, sys
    • test, test1, test2, test3,
    • user, user1, user2, user3, user4, user5

  16. Administrator account: Key pair name:

  17. Inbound port rules: Select “None”

    We’ll be using JIT, so don’t select inbound ports: RDP (3389) for Windows / SSH (22) for Linux.

  18. RDP into VM. Windows landing screen:


  19. If Yes, Eviction type: “Capacity only” for whatever the pay-as-you-go rate is. “Price or capacity” to set a Max. price manually.

  20. VM generation: Gen2 VMs features UEFI-based boot architecture, increased memory and OS disk size limits, Intel Software Guard Extensions (SGX), and virtual persistent memory (vPMEM).

    CAUTION: As of this writing, Gen2 does not support Azure Disk Encryption!

  21. Next: Disk:
  22. Next: Networking
  23. Next: Management
  24. Next: Advanced
  25. Next: Tags
  26. Next: Review + Create

Deploy a website in a VM

VIDEO: Coursera: Azure: Create a Virtual Machine and Deploy a Website has these steps:

  1. Create a Resource Group
  2. Create a Virtual Network and a subnet
  3. Protect a subnet using a Network Security Group
  4. Deploy Bastion to connect to a Virtual Machine
  5. Create an Ubuntu Server Virtual Machine
  6. Install Nextcloud by connecting via SSH using Bastion
  7. Publish an IP
  8. Create a DNS label

Provision virtual machines (VMs):

  • https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/create-sql-vm-portal
  • https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/create-sql-vm-powershell

VIDEO: Microsoft Azure Developer: Implement IaaS Solutions

Create Windows VM in Bash

az vm create --resource-Group ps-course-rg --name windows-1 \
--image win2016datacenter --admin-username azureuser

Create Linux VM in Bash

# environment variables:
RESPONSE=$( az vm create -n "$AZ_VM_NAME" -g "$AZ_GROUP" \
   --image UbuntuLTS --generate-ssh-keys \
   --admin-user "$AZ_ADMIN_USER" )
 # Obtain $publicIpAddress from RESPONSE:
publicIpAddress=$(jq -r '.publicIpAddress' <<< "$RESPONSE")
echo "publicIpAddress=$publicIpAddress"
ssh "$AZ_ADMIN_USER:$publicIpAddress"
   # do whatever...

Create VM using PowerShell ps1 file


New-AzSubscriptionDeployment -Name az30310subaDeployment `
   -Location $location -rgName 'az30310a-labRG' `
   -rgLocation $location  `
   -TemplateFile $HOME/azuredeploy30310suba.json
New-AzVm -ResourceGroupName ‘ps-course-rg’ `
   -Name ‘windows-1’ `
   -Location ‘NorthCentralUS’ `
   -VirtualNetworkName ‘main-vnet’ `
   -SubnetName ‘backend’ `
   -SecurityGroupName ‘myNetworkSecurityGroup’ `
   -PublicIpAddressName ‘myPublicIpAddress’ `
   -OpenPorts 80,3389

Virtual Machine menu

The Virtual Machine blade has these menu items:

  • Overview
  • Activity Log
  • Access control (IAM)
  • Tags
  • Diagnose and solve problems

  • Networking
  • Connect
  • Disks
  • Size

  • Security
  • Advisor recommendations
  • Extensions
  • Properties

  • Disaster recovery
  • Configuration management

  • Resource health
  • Boot diagnostics
  • Performance diagnostics
  • Reset password
  • Redeploy
  • New support request

VM Scaling


Vertical Scaling up: Since initially one doesn’t know what kind of VM will suffice, start with a basic or intermediate one (not a very powerful one). General purpose Type VMs (50-210 ACUs) suffice in most cases. Link.

Horizontal scaling out: If your application was designed to do it, scaling out to an App service plan. You can autoscale and set up autoscaling rules or go the manual route. Link

VM HA SLA (Service Level Agreement)

Instances Avail. Zones SLA Hrs/Yr
1 (SSD) 1 99.90%+ 8:45:56
2+ 1 99.95%+ 4:22:58
2+ 2+ 99.99%+ 0:52:35

Scale Sets

VIDEO: az-scale-sets-782x504

Azure VM Scale Sets enable creation and management of a grouping of load balanced VMs to provide High Availability (HA) to applications. Scale Sets can be centrally managed, configured, and updated. The number of VM instances can automatically increase or decrease in response to demand or a defined schedule.

VM scale sets with standard Load Balancers and standard PIP cannot be moved.

VMs integrated with Key Vault for disk encryption cannot be moved.

  1. G+/ <a target=”_blank” href=”https://portal.azure.com/#create/microsoft.vmss”“>Create a virtual machine scale set” at https://portal.azure.com/#create/microsoft.vmss</a>

    There is a lot to configure: Basics, Disks, Networking, Scaling, Management, Health, Advanced, Tags, Review+Create


  3. Size matters for billing (money consumption).

  4. Define Scale Up rules and sizes.

  5. Define Scale Out rules and instances.


  6. Instance limits

  7. Metric Criteria for scaling

    DEFINITION: “Flapping” is too frequent scale in and then out again. Cooldown minutes limits that.


    Operators for Scale rule:

    • Increase count by
    • Increase percent by
    • Increase count to

    • Decrease count by
    • Decrease percent to
    • Decrease count to

Just-in-time VM Console access

To improve security, enable just-in-time VM access.

A just-in-time access enables you to lock down inbound traffic to your VM by allowing access for only a limited time. The just-in-time feature is available as part of the Azure Security Center standard tier.Learn more about just-in-time access

  1. Within a VM, click Configuration blade.

    Upgrade your Security Center subscription to enable a just-in-time access

  2. If you have on-prem license, click Yes to “Would you like to use an existing Windows Server license?” to save up to 49% with a license you already own using Azure Hybrid Benefit.

  3. Specify a Proximity placement group

    Proximity placement group can only be updated when the virtual machine is deallocated.

  4. Specify the Host Group

    Azure Dedicated Hosts allow you to provision and manage a physical server within our data centers that are dedicated to your Azure subscription. A dedicated host gives you assurance that only VMs from your subscription are on the host, flexibility to choose VMs from your subscription that will be provisioned on the host, and the control of platform maintenance at the level of the host.

    • https://docs.microsoft.com/en-us/azure/virtual-machines/dedicated-hosts
    • https://docs.microsoft.com/en-us/azure/virtual-machines/dedicated-hosts-portal
    • https://docs.microsoft.com/en-us/cli/azure/vm/host/group?view=azure-cli-latest

    Host can only be updated when the virtual machine is deallocated.

    There is a limit on vCPUs for dedicated hosts per region.


  1. Connect
  2. Use Bastion


redeploy shuts down the VM, moves it to a new node, and powers up again.

Data on temporary drive will be lost, but it’s a choice if you cannot connect via RDP or SSH or have difficulty trobleshooting app access on Azure VM.

Azure CLI:

az vm redeploy --resource-Group ps-course-rg --name linux-1

PowerShell commands:

Set-AzVM -Redeploy -ResourceGroupName ‘ps-course-rg’ -Name “linux-1“

Connect as above

Moving VM using PowerShell

Move-AzResource -DestinationResourceGroupName ‘ps-course-rg’ `
-ResourceId myResourceId,myResourceId,myResourceId
Move-AzResource -DestinationSubscriptionId “8bc4fbf0-blah-blah-blah-226b44e5db84" `
-DestinationResourceGroupName ‘ps-course-rg’ `
-ResourceId myResourceId,myResourceId,myResourceId

Create VM using IaC ARM JSON Templates


  1. Search: Virtual Machines
  2. Fill out
  3. Instead of clicking “Create”, click “Download a template for automation”. Or menu item “Export template” under Settings.
  4. For reuse, click “Add to library”.

    Like AWS Cloud Formation, ARM templates defines the infra and config of an Azure solution. Being in JSON text format, they can be versioned and repeatedly deployed.

    Among empty elements below, contentVersion is user defined. “{ }” strings and “[ ]”

  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "v1.2.3.0",
  "apiProfile": "",
  "parameters": {  },
  "variables": {  },
  "functions": [  ],
  "resources": [  ],
  "outputs": {  }

Parameters refer to values defined in a file separate from the template file.

Variables combine parameter values and static text.

Resources are what are deployed.

dependsOn items are resolved first.

Create VM using CLI sh file

  1. Define variables to use:

  2. Retrieve secrets from ~/.env file:

  3. Log into Azure:

    az login
    az account set --subscription "$mySubscription"
  4. See what is defined:

    az group list --output table
  5. Create Windows VM:

    az group create --name "$myRG" --location "$myLocation"
    az vm create --resource-group "$myRG" --name "$myVMName" \
    --image "$myWinOSImage" \
    --admin-username "$adminUsername" \
    --admin-password "$adminPassword"
    ## use default --size machine
    az vm open-port --resource-group "$myRG" --name "$myVMName" \
    --port "3389"
    az vm list-ip-addresses --resource-group "$myRG" --name "$myVMName" 
  6. Create Linux VM:

    az vm create --resource-group "$myRG" --name "$myVMName" \
    --image "$myLinuxImage" \
    --authentication-type "ssh" \
    --admin-username "$adminUsername" \
    --ssh-key-value "~/.ssh/id_rsa.pub"
    ## use default --size machine
    az vm open-port --resource-group "$myRG" --name "$myVMName" \
    --port "22"
  7. Login machine created:

    ssh "$$adminUsername@"
  8. Clean up:

    # If -delete specified among CLI parameters:
    az group delete --name "$myRG"

More options at: https://docs.microsoft.com/en-us/cli/azure/vm#az_vm_create

VM maintainance using CLI


echo ">>> Stop Linux VM using CLI:"
az vm stop -n "$AZ_VM_NAME" -g "$AZ_GROUP" 
echo "Start Linux VM using CLI:"
az vm start -n "$AZ_VM_NAME" -g "$AZ_GROUP" 
echo ">>> Get info"
az vm show -n "$AZ_VM_NAME" -g "$AZ_GROUP" \
   --query hardwareProfile.vmSize
echo "Delete resource group:"
az group delete -g "$AZ_GROUP" --no-wait -y

Create VM using Docker

Book: Microservices with Docker on Microsoft Azure (includes Content Update Program), by Boris Scholl, Trent Swanson, and Daniel Fernandez https://www.oreilly.com/library/view/microservices-with-docker/9780134218229/

  1. Define Dockerfile:

    FROM mcr.microsoft.com/dotnet/core/aspnet:3.1
    RUN mkdir /app
    WORKDIR /app
    COPY ./webapp/bin/Release/netcoreapp3.1/publish ./
    COPY ./config.sh ./
    RUN bash config.sh
    EXPOSE 80
    ENTRYPOINT ["dotnet","webapp.dll"]
  2. Build Docker image from Dockerfile:

    docker build -t webimage:v1 .
  3. Run Docker image:

    docker run --project ./webapp 
  4. Test:

    curl http://localhost:5000
  5. Publish into Container:

    dotnet publish -c Release ./webapp

VM Disks

VM Types:

  • O/S only
  • Biztalk
  • SQL


  • Basic
  • Low Priority
  • Standard

ACI (Azure Container Instances)


Azure Container Instances (ACIs) provide a fast and simple way to run individual (isolated) containers in a VM running (Windows or Linux) images, without having to manage machines and without having to adopt a higher-level service. ACI is useful for build jobs of single simple applications, task automation.

  1. Create a single (machine), akin to one K8s pod based on a predefined image in the Azure Registry Service (ARS):

    az container create --name mycontainer --resource_group learn-deploy-aci-rg \
      --image mirosoft/aci-helloworld --ports 80 --location eastus \
      --dns-name-label $DNS_NAME_LABEL

    Containers startup faster than virtual machines (VMs) – in seconds.

    ACI instances are billed by the second, so you can fine-tune your spending based on actual need.

    PROTIP: Azure Container Instances supports scheduling of multi-container groups sharing a host machine, local network, storage, and lifecycle. So a main application container can be combined with other supporting role containers, such as monitoring and logging sidecars.

  2. In a browser, the public URL is, assuming $RANDOM is resolved to 1234 and location eastus:


    The “ci” is for container instance.

    Container instances can specify a custom DNS name label so your application is reachable at


PROTIP: Use the AKS virtual node to provision pods inside ACI that start in seconds. This enables AKS to run with just enough capacity for your average workload. As you run out of capacity in your AKS cluster, scale out additional pods in ACI without any additional servers to manage.

Azure Container Registry (ACR)



  1. Create a registry using the Azure CLI:

    az acr create --name $MY_REGISTRY --sku standard --admin-enabled true \
    --resource-group mygroup 
  2. Instead of building an image yourself and pushing it to Container Registry, use the CLI to upload the Docker file and other files that make up your image.

    az acr build --file Dockerfile --image myimage . 

    Note the dot at the end to specify all files in the folder.

  3. Register container in Azure Container Registry

    Container images are pulled from the Azure Container Registry

    “AKS virtual node”, a Virtual Kubelet implementation, provisions pods inside ACI from AKS when traffic comes in spikes.

    AKS and ACI containers write to shared data store.

AKS (Azure Kubernetes Service)


Azure Kubernetes

See my wilsonmar.github.io/kubernetes

  1. Make use of a sample multi-user app (simply to click either Dog or Cat):*

    git clone https://github.com/Azure-Samples/azure-voting-app-redis.git
    cd azure-voting-app-redis
  2. Configure a service principal to pull images from ACR. For more information, see ACR authentication with service principals or Authenticate from Kubernetes with a pull secret. Alternatively, you can use a managed identity instead of a service principal for easier management.*

  3. Grant the right to pull images from the Azure Container Registry (ACR) instance. See https://docs.microsoft.com/en-us/azure/aks/cluster-container-registry-integration

  4. Create AKS cluster using CLI:

    az aks create --name $MY_AKS_CLUSTER \
     --attach-acr $AZ_REGISTRY_IMAGE_NAME \
     --node-count 2 \
     --generate-ssh-keys \
     --resource-group $MY_RG
  5. Connect to cluster using kubectl

    az aks get-credentials --name $MY_AKS_CLUSTER \
     --resource-group $MY_RG
  6. Verify the connection to your cluster:

    kubectl get nodes
    NAME                                STATUS   ROLES   AGE     VERSION
    aks-nodepool1-37463671-vmss000000   Ready    agent   2m37s   v1.18.10
    aks-nodepool1-37463671-vmss000001   Ready    agent   2m28s   v1.18.10
  7. Deploy app*

    az acr list --query "[].{acrLoginServer:loginServer}" \
     --output table \
     --resource-group $MY_RG 

https://azure.microsoft.com/en-us/resources/kubernetes-ebook-collection/ [registration requested]


  • https://docs.microsoft.com/en-us/azure/aks/tutorial-kubernetes-scale

VM Size change

VM size change

  • General purpose
  • GPU
  • High performance compute (batch processing)
  • Compute optimized
  • Memory optimized
  • Storage optimized (databases)

  1. Make sure your region supports the VM family product code you want:

    (Azure Products available by region) https://azure.microsoft.com/en-us/global-infrastructure/services

  2. See https://docs.microsoft.com/azure/azure-resource-manager/resource-group-move-resources

    VIDEO Redeploy VMs

    $vmName = "WinSrv19-1"
    $rscGroup = "testgroup"
    Set-AzVM -Redeploy -Name $vmName -ResourceGroupName $rscGroup

    Response: OperationId

Availability ScaleSets

VIDEO VIDEO: HA = Resiliency (not Durability)

What are Availability Zones in Azure?

Unique within Resource Group:

  • WebAvailSet in 2 zones
  • MidAvailSet in 2 zones
  • DataAvailSet in 2 zones


	 -Sku "Aligned"

CLI: az vm availability-set create

VM Sizing for a Location


$location = “centralus” Get-AzVMSize -Location $location

Name                   NumberOfCores MemoryInMB MaxDataDiskCount OSDiskSizeInMB ResourceDiskSizeInMB
----                   ------------- ---------- ---------------- -------------- --------------------
Standard_A0                        1        768                1        1047552                20480
Standard_A1                        1       1792                2        1047552                71680
$regName = "TestGroup"
$vmName = "something1"
$size = "Standard_A0"
$vm = Get-AzVM -ResourceGroupName $rgName `
   -VMName $vmName
$vmHardwareProfile.VmSize = $size

Update-AzVM -VM $vm -ResourceGroupName $rgName

CLI: az vm resize

VHD images

DEFINITION: VHD (Virtual Hard Disk) is a disk image file format for storing the complete contents of a hard drive. The disk image, sometimes called a virtual machine, replicates an existing hard drive and includes all data and structural elements. It can be stored anywhere the physical host can access.

To deploy a VHD image: VIDEO

  • https://docs.microsoft.com/en-us/learn/modules/deploy-vms-from-vhd-templates/
  • https://discover.opscompass.com/blog/deploy-an-azure-vm-from-a-custom-image-using-arm-templates
  1. Get a generalized VHD image from Marketplace:


    VIDEO: To automate VM scaleset using image: extensionProfile fileUris source install packages from raw.githubusercontent.com/Azure-samples/compute-automation-conf which installs “bash automate_nginx.sh”

    VIDEO: Azure Quickstart templates contribute by a community. Among the Most Popular:
    Deploy a simple Windows VM by Brian Moore (who has worked on ARM templates from inception)

  2. Specialized for your needs:

  3. To prepare a Windows Server image for generalization: \windows\system32\sysprep\sysprep.exe
  4. To prepare a Linux Server image for generalization: waagent.

    See https://docs.microsoft.com/en-us/learn/modules/deploy-vms-from-vhd-templates/3-generalize-server-create-image

    Hands-on: https://docs.microsoft.com/en-us/learn/modules/deploy-vms-from-vhd-templates/4-exercise-create-image-provision-vm?pivots=windows-cloud

    HANDS-ON: https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/quickstart-create-templates-use-the-portal

Find your own Templates

  1. Home -> All Services: search -> Templates

Example “Hello, world” Spring Boot application that runs on Azure Functions

Azure Batch processing

Azure Batch Service uses a pool of compute resources (VMS) to carry out batch processes in parallel.



Web Jobs

Azure Web Jobs runs Azure Functions as background jobs.

Event Grid

Overview DOCS:

To Create a custom Event Grid topic

In the Azure portal’s navigation pane, select Create a resource.

On the New blade, find the Search the Marketplace text box.

In the search box, enter <strong>Event Grid Topic</strong>, and then select Enter.

On the Everything search results blade, select the Event Grid Topic result.

On the Event Grid Topic blade, select Create.

On the Create Topic blade, perform the following actions:

    In the Name text box, enter hrtopic[yourname].

    In the Resource group section, select Create new, enter PubSubEvents, and then select OK.

    From the Location drop-down list, select the (US) East US region.

    From the Event Schema drop-down list, select Event Grid Schema, and then select Create.

Redis Cache

  • https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/cache-configure
  • https://docs.microsoft.com/en-us/azure/azure-cache-for-redis/cache-configure#memory-policies



More about Azure

This is one of a series about Azure cloud: