Deploy a VM from the Azure Marketplace

Azure Marketplace

When we create a new virtual machine within the Azure environment, we can use the Azure Marketplace. Services and software are available in the Azure Marketplace, which you can deploy within an environment. For virtual machines, Windows operating systems, Open source variants and also 3rd party appliances are available.

Create my first Windows virtual machine

From the Azure portal, we can view the Azure Marketplace.

The Azure Marketplace from the Azure portal

Search within the Azure Marketplace
For example, search for “Windows”

In this example, I’m going to create my first Windows virtual machine. What do I need to know/have?

  1. A valid Azure subscription (PayG, NCE/CSP, EA, etc…)
  2. What operating system do you need?
Deploy a VM from the Azure Marketplace

Overview of all the different image types of Windows Server in the Azure Marketplace.

Suppose we are going to build a new server based on Windows Server 2022, then we can easily select the right variant in the Azure Marketplace. But what are the differences? Small disk, Azure Edition Hotpatch, Core edition…how do I make the right choice?

A quantity of storage is linked per variant. By default, a virtual machine gets 127 GiB of OS disk. In a number of cases that is too much, for example when you choose the Core edition of Windows. A small(er) OS disk is sufficient. You then choose the option [smalldisk].

The different variants in the Azure Marketplace can also be seen with, for example, Powershell.

Login-AzAccount
Select-AzSubscription -Subscription “###############”

#———————————————
#Set Azure Location
$Location = “West Europe”
$PublisherName = “MicrosoftWindowsServer”

Get-AzVMImageOffer -Location $Location -PublisherName $PublisherName

Connect to the Azure subscription. Then specify the region in which you want to build the virtual machine, for example, Western Europe.

Now the OfferName and PublisherName values are important. All Marketplace images have an Offer, Publisher, SKU, and version. First we will make an overview of all Offers within the Publisher MicrosoftWindowsServer.

Overview of all Offers of publisher WindowsServer.

Here we choose the Offer WindowsServer and make an overview of all SKUs within this Offer.

#———————————————
#Set Azure Location
$Location = “West Europe”
$PublisherName = “MicrosoftWindowsServer”
$OfferName = “WindowsServer”

Get-AzVMImageSku -Location $Location -PublisherName $PublisherName -Offer $OfferName | Select Skus

Overview of all image SKUs of offer MicrosoftWindowsServer

Here we choose 2022-datacenter-azure-edition-hotpatch. As a final step, we can make an overview of all versions within this SKU.

can make an overview of all versions within this SKU.Deploy a VM from the Azure Marketplace
If you want to deploy the latest version available, then use the variable latest instead of the version number.

All image details at a glance.
Before we can rollout an image from the Azure Marketplace, the Terms must first be accepted.

Get-AzMarketplaceterms -Publisher $PublisherName -Product $OfferName -Name $skuName

The Terms have not yet been accepted for the image in question.

Set-AzMarketplaceTerms -Publisher $PublisherName -Product $OfferName -Name $skuName -Accept

The Terms have been accepted and the image can be rolled out.

The Terraform code for deploying the appropriate image in Azure.

Because we use the Azure Hotpatching image, the patch mode must be indicated in the code.

Since we’re going to use Azure Hot Patching, we need to add another line to the Terraform code (line 64).

The first virtual machine with associated resources was successfully deployed.

The various resources rolled out with Infrastructure as Code.

The new server is running in Azure.

OS disk of server mss-azhp-22-01.

Now let’s rollout the same virtual machine, but with a different image SKU. Namely 2022-datacenter-azure-edition-hotpatch-smalldisk. The virtual machine is named mss-azhp-22-02.

Changed the SKU image to smalldisk.

Overview of the Plan, Offer, and Publisher per server in Azure.

The difference in OS disk size can be clearly seen here.

  • 2022-datacenter-azure-edition-hotpatch – 127 GiB
  • 2022-datacenter-azure-edition-hotpatch-smalldisk – 30 GiB

The number of IOPS (Read/Write operations) is also different

  • 2022-datacenter-azure-edition-hotpatch – 500 IOPS
  • 2022-datacenter-azure-edition-hotpatch-smalldisk – 120 IOPS

The throughput on the OS disk is different

  • 2022-datacenter-azure-edition-hotpatch – 100 MBps
  • 2022-datacenter-azure-edition-hotpatch-smalldisk – 25 MBps

The cost on the OS disk is different

  • 2022-datacenter-azure-edition-hotpatch – P10 (128 GiB)
  • 2022-datacenter-azure-edition-hotpatch-smalldisk – P4 (32 GiB)
  • The burst IOPS and throughput are the same!

Wrap up

Deploying a virtual machine in Azure can be done in multiple ways. Ofcourse via the Azure portal, where you can select most of the configuration yourselves. The fastest and most flexible way is through Infrastructure as Code (in this example, Terraform), but it can also be Bicep, Azure Resource Manager, or Powershell. You then have more influence on naming convention of the Azure resources and you can quickly and consistently rollout your virtual machines.

The choice of image SKU is of great importance when designing the workload and associated virtual machines. Determine a number of crucial variables in advance, such as:

  • what OS am i going to use
  • which version
  • with graphical user interface (GUI) or not (Core edition)
  • required IOPS
  • required storage capacity
  • disk throughput
  • what are the monthly costs of the Azure resources

If all variables are clear, then rolling out the necessary virtual machines is the last step. Spending a bit of time in preparation is therefore very important. Thansk for supporting my blog and feel free to reach out to me on my socials!

How to: Deploy Microsoft LAPS and Windows LAPS

We’ve all heard of Microsoft LAPS. This stands for Local Administrator Password Solution and is already available from Windows Server 2008 R2. With Microsoft LAPS it is possible to periodically and fully automatically change the password of the local administrator account.

Microsoft recently launched Windows LAPS, as a successor to Microsoft LAPS. A number of new functionalities have been added and it is now also part of the Windows Server operating system (from Server 2019 April Update) and Windows 10 and 11.

Continue reading “How to: Deploy Microsoft LAPS and Windows LAPS”

Reduce costs with Azure Spot virtual machines

What is Azure Spot VM?

Azure Spot VM is an Azure feature that allows you to take advantage of the unused capacity of the underlaying platform. If an host has some capacity compute left, these ‘spots’ will be filled with you Spot enabled virtual machines. When enabling this feature, you receive a discount up to 90 percent of the normal pricing in some cases.

Only pricing and eviction are the differences between Spot enabled virtual machines and the regular virtual machines. The compute, networking, storage, etc are exactly the same. The virtual machine can be attached to a virtual network or a load balancing solution, such as a internal/external load balancer. Also, the management capabilities are exactly the same and are done though the Azure Portal or with Infrastructure as Code (IaC) like Bicep, ARM, Powershell or Terraform.

Continue reading “Reduce costs with Azure Spot virtual machines”

Part 2 – Azure Privileged Identity Management (PIM) for Groups

In my previous post I explained what PIM for Groups is, what it takes to get started with PIM for Groups and how the configuration works. In this post, we are going to look at the different settings that are possible for activating PIM for Groups.

Sign in to the Azure portal and navigate to Azure Active Directory and select Groups. Find the right group, in this example the previously created group ‘PIM-for-Groups-example-group’. Select Privileged Access (Preview), then Settings.

Continue reading “Part 2 – Azure Privileged Identity Management (PIM) for Groups”

Part 1 – Azure Privileged Identity Management (PIM) for Groups

What is PIM for Groups?

PIM for Groups is part of the Azure Active Directory Privileged Identity Management. With PIM for Groups users can activate membership or ownership of an Azure AD security group or Microsoft 365 group. These groups can be used to assign access to for example Azure AD roles or Azure roles.

When using Azure PIM with PIM for Groups, you’re following the Microsoft best practices of ‘least privileged’ strategy.

Continue reading “Part 1 – Azure Privileged Identity Management (PIM) for Groups”

Install and configure ADDS on Windows Server 2022 Core in Azure (Part 1)

Today, I’m going to show you how to install and configure Active Directory Domain Services on Windows Server 2022 Core edition on Azure.

I’ve used some ARM templates to deploy my two domain controllers in Azure, based on Windows Server 2022 Core edition. These servers are in a separate subnet within my Azure environment. In this example, Í’ve two domain controllers, mss-dc-core001 and mss-dc-core002.

Continue reading “Install and configure ADDS on Windows Server 2022 Core in Azure (Part 1)”

Free eBook – How to Get the Most Out of Windows Admin Center – Second Edition

If you have experience with the Windows Admin Center, you might already have deduced it is a powerhouse of functionality making light of important server management tasks. If you’re just adding it to your system administrator toolbox, welcome to the wonder of Windows Admin Center!

With so much functionality, figuring out where to focus is key. Whether you’re just setting out with Windows Admin Center or wanting to realize its full potential, start with Altaro’s free 160+ page second edition eBook, How To Get The Most Of The Windows Admin Center.

clip_image002

Written by Microsoft Cloud & Datacenter Management MVP Eric Siron, it covers the latest developments like the Control Azure Stack HCI, use of WinRM over HTTPs and integration with Azure Monitor, amongst others. It’s a comprehensive guide on everything from installation methods and security considerations to integrating Windows Admin Center into an existing environment. There is even a brief history lesson along with a comparison to alternatives so you should get a solid overview of Windows Admin Center, why chose it and how to work with it.

An all-new server management experience when it was introduced, Windows Admin Center modernized administrative activities with a centralized HTML 5 web application. Just add servers, clusters, desktops, and Azure virtual machines into a personalized, persistent interface, and manage their roles, features, software, registry, PKI certificates, and more. And with Microsoft’s latest investment into the Windows Admin Center and new functionality, there is now even more server management power to work with.

Learn to simplify and optimize your server management tasks – Download your free eBook now!

Remove DVD drive on Azure virtual machine

When you deploy a new virtual machine, for example Windows Server 2016/2019 or 2022, you’ll get the C: drive with the operating system, the D: drive for the TEMP storage (most of the VM types) and a DVD drive.

The DVD drive is not needed in some situations, for example on domain controllers. This type of servers you want to harden the security as much as possible. So, for domain controllers we’re deploying in our customer environments, we want to disable the DVD drive.

We run the following command when deploying new domain controllers in Azure.

## Disable DVD drive
Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\cdrom -Name Start -Value 4 -Type DWord

After this step, reboot the server and your DVD drive is gone!

2021-09-23_16h37_49

2021-09-23_16h38_20

2021-09-23_16h51_07