How do I create a VM in Azure?
Follow this guide to set up a Virtual Machine in Azure.
1. Choose Virtual Machines in the left-hand blade of the Azure portal.
4. Under Instance details, type <netID>-TestVM for the Virtual machine name and choose North Central US for your Location. For Image, select Windows Server 2016 Datacenter. Leave the other defaults.
6. Under Inbound port rules, choose Allow selected ports and select RDP.
NOTE: In production, you might find Tags useful here as well. For example, you could tag all your VMs that are running SQL across all resource groups to see how much you might be spending on SQL in azure.
NOTE: This will take a few minutes to complete. Not only is your VM being created, but a number of other resources are possibly being created as well. For example, a public IP for your machine as well as other network related resources.
Connect to the virtual machine
Create a remote desktop connection to the virtual machine. These directions tell you how to connect to your VM from a Windows computer. On a Mac, you need an RDP client.
- Click the Connect button on the virtual machine properties page.
- In the Connect to virtual machine page, keep the default options to connect by DNS name over port 3389 and click Download RDP file.
- Open the downloaded RDP file and click Connect when prompted.
- In the Windows Security window, select More choices and then Use a different account. Type the username as localhost\username, enter password you created for the virtual machine, and then click OK. In our example, this would be localhost\azureadminuser and azureadminuserpassword1!
- You may receive a certificate warning during the sign-in process. Click Yes or Continue to create the connection.
- Once Connected, right-click on the desktop and create a blank text file called TextFile.txt
- If the connection fails, make sure it’s using the public IP address and try again.
Network Security Groups
The above example automatically created network security group (NSG) rules to allow remote desktop access from all networks. In practice, you’re likely going to want to restrict access to certain IP ranges. It helps to think of NSG rules as an additional layer of Windows Firewall rules.
To edit the NSG rules for your VM:
- Locate the VM you’ve previously created and click on it.
- Along the left-hand side, click on “Networking” under settings.
- Click on the name of the NSG in the right-hand side.
- Click on “inbound security rules”
NOTE: Prior to this step, you would likely want to click on the three dots next to the security rule that allows RDP access from all IP address ranges and choose to delete it.
- Click on “+ Add”
- Fill out the fields as appropriate, and click on “Add”.
NOTE: Be sure to enter 3389 as the port number to allow Remote Desktop access or the appropriate port for whatever you’re looking to create a rule for and ensure that the priority entered is lower than any existing RDP rules. Azure works from the lowest priority to the highest and stops once an appropriate rule is reached. The Source IP address or CIDR range entered should be the IP address/Range of the machine you’re attempting to access Azure from. Please avoid entering the entire UIC wireless range. Instead, connect to VPN and connect from there. At the moment, however, you will not be able to connect from UIC WIFI to an azure Private IP address.
Automatically shutdown your VMs
VMs that have resources allocated, whether in use or not, will likely incur at least some charges. Particularly when in testing, you may want to schedule your VMs to automatically shutdown to help avoid some unnecessary costs.
- On the VM you want to configure automatic shutdown, click on the VM.
- Under “operations”, in the same blade where overview, settings, etc. are shown, click on “Auto-Shutdown”.
- Select a time and click on Save.
Additional Required Settings
- Ensure that OS, Data, and unattached disks are encrypted.
- Follow the documentation found here: https://docs.microsoft.com/en-us/azure/security/fundamentals/azure-disk-encryption-vms-vmss
- Ensure that the latest OS Patches for all Virtual Machines are applied.
- Ensure that RDP access is restricted from the internet
- For each VM open the networking blade.
- Verify that the inbound port rules does not have a rule for RDP such as:
port = 3389
Protocol = TCP
Source = Any Or Internet
- Ensure that SSH access is restricted from the internet.
- Verify that the INBOUND PORT RULES does not have a rule for SSH such as:
O port = 22
protocol = TCP
Source = Any OR Internet