Abstract
Azure Virtual Machine is one of the core IaaS compute
offering of Azure world. It is very rich in features. I have hardly seen a
customer who is using Azure but not using a single Azure VM. Even if you decide
to be completely serverless, PaaS oriented; you end up using few Azure VMs for
sure in many cases.
Azure documentation has been improving a lot and link
here covers pretty good coverage on Azure VM FAQ - https://docs.microsoft.com/en-us/azure/virtual-machines/windows/faq
However I have seen many questions which are not answered
on official documentation and answer for such questions is available in bits
and pieces. Many times, we have to go through lot of documentation reading to
get answer for a simple question.
This blog post addresses very common question-answer on
Azure VM which are NOT covered in above FAQ.
I assume that you are working on Azure VMs already. This
FAQ is not suitable for people who don’t know Azure yet!
Lets go!
Azure Single VM Architecture
Before we go into the question and answer series it is
worth to show architecture of Single Azure VM.
As you can see above when you create Azure VM; you are
required to create all the services mentioned in above diagram. For the above
diagram I could derive below equation –
In Azure VM; we have compute and storage components
de-coupled from each other. Hence even if we shutdown (de-allocate) azure VM
and start again we get the same VM with same State and data again. Because all
data and state is maintained in storage part.
With this important understanding let us go ahead with
our actual questions and answers.
Do we pay cost when we have VM in de-allocated state?
When you de-allocate Azure VM, you are releasing compute
part. So you are not charged for “Cores and RAM”. However you never release
storage part and hence storage components (managed and unmanaged disks – OS and
Data disks) are always charged irrespective the status of Azure VM.
Which all Azure VM status incur compute cost?
Below is the summary of VM status and Compute charges
applicability –
#
|
Azure VM Status
|
Is Compute charged?
|
1
|
Starting
|
No
|
2
|
Running
|
Yes
|
3
|
Stopping
|
Yes
|
4
|
Stopped
|
Yes
|
5
|
De-allocating
|
No
|
6
|
De-allocated
|
No
|
7
|
Deleted
|
No
|
8
|
Provisioning
succeeded
|
Yes
|
9
|
Failed
|
Yes
|
10
|
Updating
|
Yes
|
What are the other charges apart from storage when VM is in de-allocated state?
Public IP –
If you have Public IP assigned to VM; and it is “Static”
then you are always charged irrespective the status of VM. If your public IP is
“dynamic” and VM is in de-allocated state then you are not charged for public
IP. In interested to know more, refer - https://sanganakauthority.blogspot.com/2017/05/azure-cost-optimization-send-unassigned.html.
Diagnostics -
Also; when you provision VM you have an option of
configuring diagnostics for VM in storage account. These diagnostics settings include
boot and guest OS diagnostics. The data of diagnostics is always stored in
Azure storage account in Table storage. If you have data in this diagnostics
storage account then you will be charged as per storage cost.
Backup -
If you have configured backup for VM in backup vault
then it is also charged.
When I delete VM, does it delete all associated resources shown in above single VM architecture diagram?
No. When you delete VM then only VM instance is deleted.
Rest everything remains as it is.
NIC, NSG, Public IP, Disks, Diagnostics storage all
remains as it is and will not be deleted unless you delete them explicitly. If
you delete resource group which contains all components of VM then everything which
is part of resource group is deleted.
Can I add existing VM in new or existing availability sets?
No. VM can be added to availability sets only when you
create it. If you want to move existing VM to availability sets then you need
to delete the VM, retain OS disk and then re-provision VM from the same OS disk
in availability set.
Can I have azure Basic or Standard load balancer for VMs not in availability sets?
Of course you can. Availability sets and Load balancers
are no way related. Availability sets is for HA configuration of your VM and load
balancers are for distributing the traffic. You can very well have VMs behind
load balancer without availability sets. As a best practice it is recommended
to have 2 or more VMs in availability sets and behind load balancer. [Here I
assume – your application is capable of working in distributed mode.]
When I deploy my web application on 2 or more VMs in availability sets does it mean my application is also Highly Available (HA)?
No. Availability sets is only for protecting your VMs
from hardware failures and updates happening behind the scene on Azure. When
you have availability sets with 2 or more VMs; during update it is guaranteed that
only one VM at a given time will be restarted to support updates coming on Host
machines.
Note – Yours’s VM on Azure
is called as guest machine. This machine is virtual machine and runs on some
physical hardware. This physical hardware in Azure Datacenter is called as Host
machine. Availability sets protect VMs from Host machine hardware failures and
Host machine OS and security update restarts.
Example, if you have application deployed as https://sanganakauthority.blogspot.com/ It
is very much possible that your application is not accessible on your web site
link but you can still take RDP and your VM is shown as running. For
application HA, you have to take care. Not Azure.
So VMs in availability sets means only VMs are HA; not
application.
How can I make my application HA deployed on Azure VMs in availability sets?
Out of scope of this article.
Can I attach 2 NIC to single VM?
Yes. But the NIC should belong to same VNET and can be
of different subnets from the same VNET. You can’t attach NIC of different
VNETs to same VM. Example, when you deploy NVA on Azure then usually have two
subnet based NICs in the same VNET. Refer to below diagram where NVA [firewall appliance]
VMs are having two different NICs from two different subnet in the same VNET.
Can I transfer VM from one VNET to another VNET without downtime in the same or cross subscription?
There is no straightforward way to transfer the VM from
one VNET to another VNET without downtime. You will have to transfer the VM from
VNET to VNET with downtime only. In my opinion the most easy way would be to
use Azure Site Recovery and backup vault. Process would be –
Create backup vault in recovery services -> Backup
Source VM -> Have target VNET ready -> After full backup is ready, De-allocate
the source VM in primary VNET -> Open backup vault -> Restore VM and make
sure that while restoration provide Target VNET details.
This process works nicely when you have source and
target VNET in the same region.
Note – I have not tested this
method cross region. Kindly try out and let me know in comments section. You
will get your name referenced in the main content in my blog and you will be
famous. This is lifetime opportunity. Hurry!!!
Update - 28 Jun 2019 -
So guys we have 2 folks who has answered the question asked above and they deserve the fame. Name of the folks who has answered above unanswered questions is mvark and Mangesh. Answers from both of them can be found out in comments section. Awesome guys and thanks for your contribution.
Update - 28 Jun 2019 -
So guys we have 2 folks who has answered the question asked above and they deserve the fame. Name of the folks who has answered above unanswered questions is mvark and Mangesh. Answers from both of them can be found out in comments section. Awesome guys and thanks for your contribution.
How do you make sure that while VM migration from one Azure VNET to another VNET using backup-restore operation, the traffic flow securely and do not go over internet?
For any communication happening between any Azure
services irrespective of same region or cross region, across entire world; the
traffic never goes over internet. The traffic between Azure services will always
and always flow over Microsoft Azure backbone. Refer official documentation - https://azure.microsoft.com/en-in/blog/how-microsoft-builds-its-fast-and-reliable-global-network/.
How do you make sure that while VM migration from one Azure region to another azure region using backup-restore operation or disaster recovery operation, the traffic flow securely and do not go over internet?
Already answered in above question.
What is the difference between Azure VM and Azure containers?
I am really privileged for being part of awesome technical
community led by MVPs. One of the veteran MVP Vikram Pendse told me this
is really a burning question and he has seen in many events/ conferences people
asking this question. So thought of covering this here. Thanks to him for this
wonderful yet not clearly answered question. Answers as below for difference
between Virtual Machine and Containers at generic level -
#
|
Virtual Machine
|
Containers
|
1
|
It is a virtualization technology
|
This is an Application Delivery
Technology
|
2
|
Created
using Hardware virtualization
|
Created
using OS virtualization
|
3
|
Stateful
|
Stateless
|
4
|
You
would backup a VM
|
Backup
container volume; forget container.
|
5
|
You would patch a VM
|
Container images are updated in the repositories
and new containers are created.
|
6
|
You
can’t run a VM inside a container
|
You
can run a container inside a VM
|
When to use what? – Out of scope of this article.
I want to migrate virtual machine from one region to another azure region. What is the best way?
Well, when you talk about any migration; it is never
easy. Let’s face it. Use Azure Site Recovery to migrate Azure VM from one
region to another - https://docs.microsoft.com/en-us/azure/site-recovery/azure-to-azure-tutorial-migrate.
Can I attach same NSG to multiple virtual machines?
Yes you can. Ideally I have seen this if you have same
rules for your App ties VMs then it makes sense to create a single NSG and
attach to all of your VMs who are responsible for hosting the applications.
Similarly you can combine DB specific NSG for all DB VMs and so on. By the way
NSG is attached to NIC but in general speaking terms we always say, NSG is
attached to VM.
Can we attach same NIC to two different VMs?
No.
Can I attach same public IP to two different NICs or VMs?
No.
If I use Azure Single Instance SLA VM does it mean I get HA?
No. SLA and HA are two different concepts. Refer - https://sanganakauthority.blogspot.com/2017/06/azure-vm-sla-and-high-availability.html
For HA you always need at least 2 instances in availability
sets or availability zones in Azure.
Can Azure load balancer start/ stop Azure VM?
Azure Load balancer is not meant for this work and it
can never do start/stop for Azure VM. The best way would be to use Azure
metrics such as CPU, memory etc. and see if you can leverage it to start or
stop VM.
How to start/ stop multiple Azure VMs on a schedule?
Azure automation is the answer. I had written script to
achieve the same. Refer - https://sanganakauthority.blogspot.com/2017/07/start-stop-multiple-azure-vms-on.html
Can I mount Azure Blob Storage as a drive on Azure VM?
For windows VM you can’t mount Azure blob storage as
drive. For linux VM you can attach/ mount Blob directly using BlobFuse.
Refer - https://docs.microsoft.com/en-us/azure/storage/blobs/storage-how-to-mount-container-linux.
When I open Overview tab of Azure VM I see CPU, Memory etc. metrics graphs. When I open the graph in Metric tab; I see the drop down as Host. Are these host metrics or guest metrics?
The metrics shown on Overview tab of the Azure VM are
guest metrics only. These are the metrics of your VM. These are not Host (underlying
hardware physical box) metrics. Refer to below screenshot. These are your VM
metrics only.
These metrics are captured by Host machine (physical box
on which your VM is running). These are available for you without any configuration
and adding diagnostics in the VM. As these are captured by Host machine you don’t
have control over I, neither you can store it. If you want to capture these
metrics for your VM and store it for future usage then you need to configure the
diagnostics settings in VM and store the information in storage account.
Why the metrics tab shows as Host metrics in Azure VM Metrics blade as shown below; when we click on Overview tab metric graphs?
The host machine (or physical hardware box hosting your
VM) capture the metrics of VM hosted by them and plots on the graphs on
Overview page. As these metrics of guest VM (your VM) are captured by Host machine
hence the drop down shows as Host in the title as shown below –
In what situation we should configure diagnostic on Azure VM?
Below are the few common scenarios for any Azure VM –
- Send
performance metrics of VM to on premises or cloud hosted SIEM solution.
- Capture
performance metrics to scale azure VMs
- Capture
the performance metrics to see how VM is performing under load testing
- Capture
syslogs from Azure VM to see if there is any security incident and so on
For all of the above scenarios you will need to capture
the logs and performance metrics and store it somewhere so that can take appropriate
action against it. When you want to capture and store this information you
should configure Diagnostics on Azure VM. Therefore diagnostics configuration
on Azure VM is optional and incurs azure storage cost when you configure it.
The way we have auto-shutdown button for Azure VM, how can we have auto-start?
Azure VM has auto-shutdown button by which you can configure
the automatic shutdown of Azure VM based on your timezone and preferred time.
The settings looks as follows –
But there is no similar auto-start button for Azure VM. To
automatically start VM we have to use Azure automation. Refer to the blog post
I had earlier written on achieving auto start-stop of multiple VMs - https://sanganakauthority.blogspot.com/2017/07/start-stop-multiple-azure-vms-on.html
What is hyperthreaded VM in Azure?
Hyper-threading is a technology used by Intel micro processors
that allows a single micro processor to act like two separate processors to OS
and application running on it. So 1 core machine can actually do a job of computer
with 2 cores. That means more work to be done by processor during each CPU
clock cycle. Hyper threading enables to leverage more power of underlying
hardware. So same hardware that used to do X amount of work now can do 2X amount
of work; this results in definite cost savings. This is the reason why new
Azure VM series Dv3 and Ev3 are around 28% cheaper than Dv2 series. All v3
series machines are hyper threaded in Azure. There are other series like F, L,
H are also being offered as hyperthreaded with some configuration options; not
all of them. Hyperthreading also helped azure platform to introduce new large
size VMs series ranging into 64 cores and 432GB RAM machines. To check if your
VM is hyperthreaded or no refer to documentation - https://azure.microsoft.com/en-in/pricing/details/virtual-machines/series/
and https://docs.microsoft.com/en-us/azure/virtual-machines/windows/acu.
ASR allows selection of any region for Azure VM DR and replication configuration. What is best practice for region choice for Azure VM DR?
Technically you can select any region when you configure
DR replication for Azure VMs. However from best practices you should always
choose Paired region for DR of Azure VM.
Each Azure region is paired with another region within
same geography. Together they make a region pair. When scheduled maintenance happens,
Azure updates only single region out of the pair region at a given time. For example,
while updating Central India, Azure will not update any VM in South India as
they are paired regions. So we should always make sure that when we configure
DR replication using ASR for any region; always choose paired region. This is
the best practice.
Can we export Azure VMs to CSV?
Refer to below comprehensive guide - https://www.sanganakauthority.com/2020/03/bypassing-on-premises-firewall-to-rdp.html
Can we export Azure VMs to CSV?
Refer to comprehensive guide here -
I want to access my Azure VM but my on premises firewall blocks it. How can I access my Azure VM quickly to get started?
My Azure VM is facing network performance problems. What should I do?
There can be numerous reasons why your Azure VM is facing
network problems. To improve on your network performance you can do any of the
below two things –
- Check if your VM supports “accelerating networking”. If yes, enable it. Refer documentation – https://docs.microsoft.com/en-us/azure/virtual-network/create-vm-accelerated-networking-powershell
- For VMs that don’t support accelerated networking you can use “Receive Side Scaling (RSS)”. Windows VMs may not have RSS enabled by default. You can enable it by powershell. For Linux I guess it is always enabled. Refer - https://docs.microsoft.com/en-us/windows-hardware/drivers/network/ndis-receive-side-scaling2.
Conclusion
Hope this article helped you to get answers you are
looking for. If you have any such questions but not answered; add your comments
and I will try to give answers for them. The topic must be strictly for Azure
VM. I can’t answer your love life queries. Be specific!!
You may be interested in - "Azure Migrate - Frequently asked questions - not easily answered".
Happy questioning!!
Happy questioning!!
A humble request!
Internet is creating a lot of digital garbage. If you feel this a quality blog and someone will definitely get benefitted, don't hesitate to hit share button present below. Your one share will save many precious hours of a developer. Thank you.
Great post
ReplyDeleteThanks Sanganak. One observation - I have configured auto shutdown and start of VMs using automation account triggered from scheduled DevOps CI tool using powershell based webhook. But, I have noticed appreciable cost saving due to shutdown. These VMs had static private ip, no public IP. So, I think compute not charged 100% during shutdown. Is shutdown always deallocate the VM?
ReplyDeleteThanks Sanganak. One observation - I have configured auto shutdown and start of VMs using automation account triggered from scheduled DevOps CI tool using powershell based webhook. But, I have noticed appreciable cost saving due to shutdown. These VMs had static private ip, no public IP. So, I think compute not charged 100% during shutdown. Is shutdown always deallocate the VM?
ReplyDeleteWhen you shutdown from within VM using power options then VM is never de-allocated. When you use PowerShell, CLI, or Azure portal Stop button then only Azure VM goes in De-allocate state.
DeleteCan I transfer VM from one VNET to another VNET without downtime in the same or cross subscription?
ReplyDelete>> Azure Shared Image Gallery allows sharing of managed images across subscriptions, and even between Active Directory (AD) tenants, using RBAC - https://docs.microsoft.com/en-us/azure/virtual-machines/windows/shared-image-galleries
Thanks you mvark. Your name has been referenced in main content. Thanks for your contribution.
DeleteThanks Kunal for this amazing info.
ReplyDeleteTo answer to your query for Migrating the VM from One region to another, we can copy the disk(OS + DATA) from Source region to target region Using the MS provided tool e.g. "AzCopy" and create the VM attaching disk through Powershell script.
As mentioned above is one of the approach.
Thanks you Mangesh. Your name has been referenced in main content. Thanks for your contribution.
DeleteExcellent post. Thank you so much.
ReplyDeleteThis is a good post. Keep posting.
ReplyDeleteExcellent post...Much appreciated and keep sharing
ReplyDeleteThanks Sir. Great content.
ReplyDelete