Virtualization in the cloud

- [Instructor] Many CIS admins have created virtual machines on their own local computers or even on premises servers but they need to also understand how to make a virtual machine in Microsoft Azure. I'm in the Azure portal and from here, I'm going to click on virtual machines. If you don't see it here, you can click on all services or do a search for virtual machines and that option will come up. As you can see here, I don't have any virtual machines yet so I'll click on create virtual machine, here I have my Azure subscriptions. So if you don't have one yet, just go ahead and create one, and then come back. Then we have the option for the resource group, the resource group is where we can group together all our different resources, makes it a little bit easier to organize. I'm going to choose my team group resource group and now I've got to give my resource a name. Next, we have to choose a region. I'll hit the dropdown, make sure you choose whatever's closest to you or makes the most sense and we'll go next to availability options. If you want to have redundancy this is a good time to hit the dropdown and choose that, we have no infrastructure redundancy, we have availability zone, and virtual machine scale set along with availability set. The availability zone will allow you to separate your resources, but all within the same region, then we have the scale set which distributes those virtual machines across zones and fault domains. And finally, we have the automatically distribute as well. I'm going to choose just for cost purposes because this is a demo to leave this as no infrastructure redundancy required and then we have the option for security. We have standard, which just gives you a basic firewall and allows you to open some basic ports or you could go with something that's higher end which allows you to set up a more detailed type of firewall as well as more advanced attack protection. Now we need to pick a server, I don't want to use a Ubuntu, I want to try Windows Server. So I'll scroll down to where it says Windows Server, 2022. We see the sizes now defaulting to two virtual CPUs and eight gigabytes of memory. I'm going to hit the dropdown so you can see the different costs here. So we see one VCPU, four, et cetera, you can see the difference in prices. I'll stick with the default. You could also click on see all sizes and see more options as well. Now we need a username, you can't use the username administrator, you have to use something unique. And then our password, now, the password does need to be pretty complex. It's got to be at least 12 characters long, have upper and lower case and at least one special character. And after confirming my password, I'll scroll down. Now we have the option for public inbound ports and by default, it's allowing 3389 for remote desktop. You could also just choose none as you see here and then that goes away. Now, if I hit the drop down we can see other options as well. We can choose SSH, HTTPS as well as HTTP. I'm going to go with remote desktop at 3389 and we can see it's going to allow all IP addresses across your virtual machine. That means anybody from the outside can attempt to try to log in. Now it's not the most secure way to do it but for demo purposes, it should be fine. And if you already own an Azure license you can go ahead and check that, I do not, so I'll go ahead and click on networking. Here we have the premium SSD with locally redundant storage is checked by default. You can go with standard to save yourself some money as well. If you want to add some encryption you can choose that, it doesn't encrypt the entire drive, actually take a look at this information. It's going to allow you to encrypt ABC cache, temp disk, and other things like that. You can still use BitLocker of course and do full disk encryption if you'd like after installation. Then we have the encryption type, if I hit the dropdown there, we see encryption at rest with a platform managed key, et cetera with these other options. Double encryption will be even more secure but it will make the server run a little bit more slowly unless you add more resources. You can also add an additional disk if you'd like, say for an E or an F, or G drive and that will allow you to have more than just the C drive if you need it. Oh, I'm going to move on. Here are the default virtual networks and subnets, and I'm just going to go ahead with those. It's going to be on the 10.0.0.0 subnet and it's going to randomly pick a public IP that's available from Microsoft. Here's where we can go in and set up under NIC network security group by clicking on advanced and you can set up who can actually access this from the outside instead of just allowing it from everyone. I'm just going to go back to basic and continue with what we have. Here are boot diagnostics in case you run into any problems and by default it does come with some basic boot diagnostics, you could also disable that if you'd like and we have guest diagnostics as well, system assigned managed identity, and that will switch you over to role based access control, which is a little different than just simple username and password. So the roles are assigned in a similar way as exchange online, if you've used that before and you can go in and make changes as to what people can do when they log in. If you want to register the server with Azure you can check this box and then you'll go ahead and log in with an Azure user and password that has the appropriate role for that. And then after that you have auto shut down, enable auto shut down will make it so you can specify a specific time of day where it will shut down and that will keep you from spending money that you don't need to. Scroll down, we have the option for site recovery, if we check that box we can see the different regions that we can use and subscriptions in order to recover this site in case we need to. Patch orchestration options is all about Windows update and it will allow you to set automatic updates if you'd like, or it can go in and change to things like manual updates. Tags are there to help you set up special billing, so that way, if certain customers need to be billed for certain types of resources like virtual machines then you can choose that here. And now we'll choose review and create, if you'd like to change anything, you can do that now otherwise you can just go ahead and create the virtual machine. Creation can take anywhere from a few minutes to a little bit longer, it just depends on how busy things are at the time. Now we see deployment is in progress and take a look at the deployment details. You can see all the resources that are being created, you're not just creating a single virtual machine, you're also creating network resources, storage resources and things like that. And we see deployment was successful, so I'm going to click on go to resource and it's going to give us our public IP that we can use to log in and here it is, so I'll just click copy to clipboard and I'll open up remote desktop and we'll connect. I've pasted in my IP address and I'm going to click connect, and I'll type in my username and password, and I'm now connecting to my new remote desktop virtual machine, Windows Server virtual machines can be created with or without redundancy, encryption, and a whole host of other options to make the server work for you.