In the second part of this series, we look at Virtual Machine and other associated IaaS components and how these translate from AWS to Azure. As with the previous article, the intent here is to provide a high-level overview of the service and relate it to its AWS counterpart so those of you that are coming to Azure from AWS know where to start looking for the services you need and the documentation to help you get started.
A Note on Classic and Resource Manager
Those new to Azure might feel a little confused with references to Classic and Resource Manger VMs (and other resources), so it is worth clearing this up. Classic, or sometimes called ASM (Azure Service Management) is the older style of resource, usually created in the older Azure portal and supporting the cloud service model of deployment. This classic model provided no real way to group resources together, and management was much more difficult — and it also obfuscated a lot of concepts away from the user, making custom configuration harder. The Azure Resource Manager, or ARM stack, introduced the Resource Group as a unit to group resources and broke out resources like load balancers and IP addresses into their own top-level resource. ARM also introduced the JSON-based deployment template for automating the deployment process.
In this and future posts, we are going to focus solely on the ARM stack, as this is a much better way to deploy and manage VMs, and all new services are being deployed on ARM.
Further reading: Resource Manager Deployment Model
Virtual machines form the core of IaaS services in both AWS and Azure (and underlay many PaaS services as well). Like EC2, Azure provides a variety or sizes of VMs to meet your requirements for performance and capacity, along with multiple different Windows and Linux operating systems. VMs in Azure, as with AWS, are billed by the minute based on the size and operating system selected. You will find that VM services in Azure are very similar to AWS in a lot of ways, but with slightly different naming conventions.
When deploying a virtual machine, you will also need a number of other resources to go along with it, in the same way that AWS requires VPCs and Elastic IPs. When creating the VM through the portal, it will guide you through the process of creating these resources you need to be able to start your first VM.
- Virtual network: Similar to a VPC, a virtual network is a container for your VMs that provides a boundary as well as networking resources and connectivity to the outside world.
- Storage account: Similar to EBS, this is a place to store your Azure VM disks. This has been made less complicated with the introduction of managed disks (see below).
- Network card: NICs are now a top level resource with ARM VMs.
- IP address: IPs are assigned to a NIC and can be external or internal, static or dynamic.
We will go into more detail on all of these below, but if this is your first time creating Azure VMs, I recommend using the portal and letting it guide you through creating the required resources.
Further reading: Overview of Windows virtual machines in Azure
As with AWS, Azure offers a large array of VM images to create VMs, including both Windows and Linux. VMs can be created using gallery images for standard operating systems, or if you want more complex custom images, then the Azure Marketplace can provide this.
It is also possible to create custom images yourself, but this process does require the use of PowerShell.
As with AWS, VMs can be created in a variety of different sizes based on your requirements
- A Series: The original general purpose virtual machine, similar to the T2 Series in AWS. These can be deployed on a variety of different physical hardware, throttled to offer consistent performance.
- The Av2 series is an updated A SKU with more modern CPU architectures, similar to the M4 AWS series.
- The A0 VM size is the only Azure VM where hardware is oversubscribed and other users may impact performance. This VM size is only intended for very simple test workloads.
- D Series VMs are intended for workloads that require higher compute power and temporary disk performance. They include SSD-based temporary disks, faster processors, and a higher CPU-to-memory ratio. They are similar to the I2 series in AWS.
- The Dv2 series is an updated D SKU, with newer CPU architecture offering 33% more performance.
- F Series: These are similar to the D series but offer less memory per core and less SSD space, at a lower price point.
- G Series: These are memory-optimized VMs, offering significantly more memory per core, similar to R3/4 series in AWS.
- H Series: These are VMs designed for high-performance computing, with the fastest performing Haswell CPUs, DDR 4 memory, and SSD storage. They also offer low latency RDMA networking. They're similar to the C3/4 series in AWS.
- N Series: VMs offering GPU-based processing. These are available in two variants, NV, offering the NVidia Tesla M60 GPU, and the NC instance, offering Tesla K80 cards. They're similar to the AWS G2 series.
Many of these VMs are also available in an S configuration (e.g. DS, GS series). These machines offer the same hardware as the non-S series, but with the ability to connect to Azure premium storage, which provides SSD based storage for additional data disks, similar to the EBS SSD offering.
Each category of VM has multiple sizes within it, such as A2 and D14. For the A and D series, these numbers are somewhat arbitrary and indicate the increasing size of the VM, from the F series onwards, the number indicates the number of CPU cores.
Further reading: Sizes for Windows virtual machines in Azure
Virtual Machine Extensions
Microsoft and many third parties provide services through virtual machine extensions. These are extensions that can be added to VMs to install software inside the VM once provisioned. These extensions include anti-virus software, monitoring software, backup services, etc.
Further reading: Virtual machine extensions and features for Windows
EBS and Storage Accounts
As with AWS, persistent VM disks (so OS and data) are backed by storage — in this case, Azure Storage. Up until very recently, this differed from AWS in that when you create a VM, you need to also create a storage account and specify this for use with the VM. That's unlike EBS, where you can just specify that you wish to EBS back a volume, and the platform works it all out for you. Similarly, you need to manage the distribution of VMs over storage accounts for higher availability, etc. Storage accounts can be standard (HDD) or premium (SSD).
However, in the last few weeks, Azure released Managed Disks. This is basically the same concept as EBS-backed volumes. You specify the size and how many disks, and the platform takes care of allocating storage accounts and dealing with all the work behind the scenes. I recommend that if you are creating new VMs, you use managed disks.
Further reading: Managed Disks
VPC's and Virtual Networks
Virtual networks, or VNets, are equivalent to the AWS VPC. They provide basic networking functionality as well as forming the boundary with the rest of Azure and the wider Internet. VNets contain subnets, and subnets, in turn, contain VMs. Unlike AWS, Azure VNets have an outbound NAT gateway built in, so all VMs have outbound Internet access by default. There is no cost for a VNet, but obviously, there may be costs for services that go into it (such as VMs).
We'll go into more details on NSGs and associated network functions (such as load balancers) in a post dedicated to this.
Further reading: Virtual Networks
ACL/Security Groups and Network Security Groups
Azure has a single network security item, the Network Security Group or NSG, rather than AWS's ACL and Security groups. An NSG can be applied either to a VM or a subnet and defines inbound and outbound network rules. The NSGs include default rules for communication between subnets and for outbound Internet access, though these can be overridden if required.
Further reading: Control network traffic flow with network security groups
NICS and IP Addressing
NICs are top-level objects in the ARM model, and a VM can have one or more NICs. A NIC will have a private IP, which by default is dynamic but can be made static if required. Additionally, a NIC can be assigned a public IP (essentially the same as an AWS elastic IP), which can again be static or dynamic. The first five public IP's in a region are provided for free, but after that, there is a charge for each IP.
Further reading: IP address types and allocation methods in Azure
In part three of this series, we will delve deeper into VNets and Azure Networking Services.