In this lab we will practice creating a Linux virtual machine in Azure

Azure is cloud offering by Microsoft.

Azure offers a large collection of services including

• infrastructure as a service (IaaS)
• platform as a service (PaaS)
• managed database service capabilities

Azure, like other cloud platforms, relies on virtualization.

Most computer hardware can be emulated in software, because most computer hardware is simply a set of instructions encoded in silicon.

Using a virtualization layer that maps software instructions to hardware instructions, virtualized hardware can execute in software as if it were the actual hardware itself.

The cloud is a set of physical servers in datacenter that execute virtualized hardware on behalf of customers.

You have two option to complete this lab

1. Use your own azure subscription, you can sign up for trial here

2. Use Microsoft Learn sandbox. Check more details here

Login to Microsoft Account Signup if you did not have Microsoft Account.

Click here to activate SandBox

Sign into you Microsoft Account

}} It might ask you to verify you are not a robot but solving a puzzle.

}} Click on review permissions

}} Read permissions and click Accept

}} If you already did signin into you Microsoft Account you will get below message.

Click on activate sanbox.

}} After processing it will show below message.

}} You are all set go to next step.

Open a new tab in browser and open https://portal.azure.com

Sign in with Microsoft account you used in previous step.

If you get below message click on X to close it

Else go to next step

}}

Select Create a resource from the Azure portal’s Azure services section. The pane to create a resource appears.

}} Click create under Ubuntu 20 LTS

}}

Secure Shell (SSH) is an encrypted connection protocol that allows secure sign-ins over unsecured connections. SSH allows you to connect to a terminal shell from a remote location using a network connection.

There are two approaches we can use to authenticate an SSH connection: username and password, or an SSH key pair.

Although SSH provides an encrypted connection, using passwords with SSH connections leaves the VM vulnerable to brute-force attacks of passwords.

A more secure and preferred method of connecting to a Linux VM with SSH is a public-private key pair, also known as SSH keys.

With an SSH key pair, you can sign in to Linux-based Azure virtual machines without a password.

This is a more secure approach if you only plan to sign in to the VM from a few computers.

If you need to be able to access the Linux VM from a variety of locations, a username and password combination might be a better approach.

There are two parts to an SSH key pair: a public key and a private key.

The public key is placed on your Linux VM or any other service that you wish to use with public-key cryptography.

This can be shared with anyone.

The private key is what you present to verify your identity to your Linux VM when you make an SSH connection.

Consider this confidential information and protect this like you would a password or any other private data.

You can use the same single public-private key pair to access multiple Azure VMs and services.

Create the SSH key pair

On Linux 10, Linux, and macOS, you can use the built-in ssh-keygen command to generate the SSH public and private key files.

Linux 10 includes an SSH client with the Fall Creators Update. Earlier versions of Linux require additional software to use SSH; check the documentation for full details.

Alternatively, you can install the Linux subsystem for Linux and get the same functionality.

We will use Azure Cloud Shell, which stores the generated keys in Azure in your private storage account.

You can also type these commands directly into your local shell if you prefer. You will need to adjust the instructions throughout this module to reflect a local session if you take this approach.

Here is the minimum command necessary to generate the key pair for an Azure VM. This creates an SSH protocol 2 (SSH-2) RSA public-private key pair.

The minimum length is 2048, but for the sake of this learning module we will use 4096.

This step should be done on you local linux machine, we are using cloud shell for this lab.

Click here to activate cloud shell

Click on Cloud Shell link in top right of portal.azure.com as shown below

}} Cloud shell terminal will appear in bottom of webpage.

}}

Enter below command to generate ssh keys

ssh-keygen -m PEM -t rsa -b 4096

Press enter for below questions, make sure to choose a passphrase for production in future.

Enter file in which to save the key (/home/<userid>/.ssh/id_rsa):
Created directory '/home/<user id/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

Requesting a Cloud Shell.Succeeded.
Connecting terminal...

Welcome to Azure Cloud Shell

Type "az" to use Azure CLI
Type "help" to learn about Cloud Shell

<userid>@Azure:~$ ssh-keygen -m PEM -t rsa -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/home/<userid>/.ssh/id_rsa):
Created directory '/home/<userid>/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/<userid>/.ssh/id_rsa.
Your public key has been saved in /home/<userid>/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:wwGSPnCHRcI4hWwZa7PvnPH08hGfC3+hIU/90aANl0s <userid>@cc-2620806e-5d5b77869b-trvtf
The key's randomart image is:
+---[RSA 4096]----+
| ..B+=+          |
|  O.=o..         |
| .+= .  .      . |
| . oo  . .  . E  |
|  .  .  S  . * + |
|   .    .+o.+ + .|
|    o . o+oo o . |
|   o =.. +o.. .  |
|    + .oo o.     |
+----[SHA256]-----+
aashish_kapoor11@Azure:~$ cat .ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5efSx1YXqEWTRSK6SMUbySeeRVNfBkoBJgi4gu3Q+3UTdsKS4RvBHMiPWRoGS1DlannHg4npCuBQYXfAAR3IyytPGXr1PjnoJlouOOGQ04lp56j+PlMLGxST/B4gjw4h+6GR6mkyf7H4eQDip/uQm6DltIugEVsunC97GEoYqxZ6XJiqZ9MNXPf8AssdB+YomzLAVyxRtINALVrLeohdaQoJys9JtCR3TIQkuckDVzfCdCdf2CYcGLc3Gfl4NFvBIMgr9w1x6LuCWQ8T1H+g0pSc4zX4S9sn3dpIvY4PEk/WikFH+mEsxJi+RDYhFnI/IzdwZAzRS6cl88Sl96ZMPYCGoGBhw3GaIoMdkniu+DBGSV+ZR8VTbuBgii1ivcIdRYrrPJJv2ZhmK2NgA0OmNjQ== <userid>@cc-2620806e-5d5b77869b-trvtf
<userid>@Azure:~$

Once command completed successfully enter below command to get ssh public key.

cat .ssh/id_rsa.pub

Lease cloud shell open we will need it to connect to VM

Azure presents a wizard as a series of tabs to walk you through all the configuration details for creating the VM.

The first tab is Basics.

You can select Next or Previous to move from one tab to another, or you can select any tab in the horizontal menu to move to a customizable configuration section.

}}

On the Basics tab, enter the following values for each setting.

Project details

Subscription

Concierge Subscription(the subscription that should be billed for VM hours).

Resource Group

Select learn-def83162-7369-4f06-b83a-a0581a93ad8a.

Instance details

Virtual machine name

Enter a name for your VM, such as azure102-1.

Region

Select a region close to you from the global regions listed in the following table.

Select a region from the following list when you create resources:

• West US 2
• South Central US
• Central US
• East US
• West Europe
• Southeast Asia
• Japan East
• Brazil South
• Australia Southeast
• Central India

Availability options

Accept default No infrastructure redundancy required.

This option is used to ensure the VM is highly available by grouping multiple VMs together to deal with planned or unplanned maintenance events or outages.

Image Select

Ubuntu Server 20.04 LTS from the dropdown list.

Azure Spot instance

Accept default (unchecked).

Size

The Size field is not directly editable.

Select Standard D2s v3. This option gives you two vCPUs with 8 GB of RAM.

Optionally, select the field to view recommended or recently chosen sizes; select See all sizes to explore filters for sizes based on vCPUs, RAM, Data disks, operations per second, and cost.

Administrator account

Authentication type select SSH public key

Username

Enter a username you will use while generating ssh keys.

SSH public key source select Use existing public key

Enter public key from previous step

Inbound port rules

Public inbound ports

Select Allow selected ports.

We want to be able to access the desktop for this Linux VM using SSH. (This is for lab only)

Select inbound ports

Select SSH (22) from the dropdown list.

The free sandbox allows you to create resources in a subset of the Azure global regions.

}}

On the Disks tab, enter or select the following values for each setting.

}} Disk options

OS disk type

Accept the default Premium SSD (locally redundant storage).

Encryption type

Accept the default (Default) Encryption at-rest with a platform-managed key.

Enable Ultra Disk compatibility

Accept default (unchecked)

Data disks

Select Create and attach a new disk link.

}} The Create a new disk pane appears.

Accept all the default values for the following settings:

Name; Source type; Size; Encryption type; and Enable shared disk.

This is where you could use a snapshot, or Storage Blob, to create a VHD.

Select OK to save the settings, and close the pane.

}} On the Create a virtual machine pane Disks tab, under Data disks, there should now be a new row showing the newly configured disk.

}}

Select Next : Networking.

In a production system, where other components are already in use, it would be important to use an existing virtual network so that the VM can communicate with the other cloud services in the production solution.

If no virtual network has defined in this location, create it here and configure the:

Subnet:

First subnet to subdivide the address space - it must fit within the defined address space.

After the VNet is created, you can add more subnets.

Public IP:

Overall IPV4 space available to this network.

}} On the Networking tab, let’s change some of the settings.

Under the input field for Virtual network, select Create new. The Create virtual network pane appears.

On the Create virtual network pane, enter the following values for each setting.

Address space

Address range

Select the checkbox in the row below the heading, and enter 172.16.0.0/16 to give the address space a full range of addresses.

If another address range row exists, select it to delete it.

Subnets

Subnet name Select the checkbox in the row below the heading, and enter default in the first input field.

If another row exists, select it to delete it.

Address range In the empty input field, enter 172.16.1.0/24 to give the subnet 256 IP addresses of space.

}} Select OK to save your settings and return to the Create a virtual machine pane.

}} On the Create a virtual machine pane, the rest of the tabs have reasonable defaults and there’s no need to change any of them.

You can explore the other tabs if you like. Each field has an (i) icon next to it which, if selected, will show a detailed definition of that configuration setting. Reviewing field descriptions is a great way to learn about the settings you can use to configure the VM.

Select Review + create. The system will validate your options and display details about the VM being created.

}}

Select Create to deploy the VM. The Azure dashboard will show the name VM that’s being deployed and details about your deployment. Deployment may take several minutes.

}} After deployment completes, select Go to resource. Your virtual machine pane appears.

}} Now, let’s look at what we can do with this VM.

Use IP from VM resource panel to connect to VM via SSH from cloud shell

ssh azureuser@<VM IP>

You will get below prompt type ‘yes’ and press enter

The authenticity of host '<VM IP> (<VM IP>)' can't be established.
ECDSA key fingerprint is SHA256:8cTqhvNcXxUFo2EWnL/v9xlC9WDnvhqFsaw2GX+NdA8.
Are you sure you want to continue connecting (yes/no)?

Once connection is successful you will see below and prompt on server.

Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.11.0-1023-azure x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  System information as of Mon Jan 10 00:05:59 UTC 2022

  System load:  0.0               Processes:             126
  Usage of /:   4.7% of 28.90GB   Users logged in:       0
  Memory usage: 3%                IPv4 address for eth0: 10.0.0.4
  Swap usage:   0%


1 update can be applied immediately.
To see these additional updates run: apt list --upgradable



The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo <command>".
See "man sudo_root" for details.

azureuser@azure102-1:~$

You are connected to your server and can install your application now.

You can connect to this server remotely as well by using keys generated locally or copying private key from cloud shell.

cat .ssh/id_rsa

copy the output of above command and save it in a file

ssh -i <location of key file> azureuser@<VM IP>

In this module, you learned how to create a Linux VM using the Azure portal.

You then connected to the public IP address of the VM and managed it with an SSH connection.

You learned that while SSH allows us to interact with the operating system and software of the virtual machine, the portal will enable us to configure the virtual hardware and connectivity.

We also could have used PowerShell or the Azure CLI if a command-line or scriptable environment were preferred.

Clean up

The sandbox automatically cleans up your resources when you’re finished with this module.

When you’re working in your own subscription, it’s a good idea at the end of a project to identify whether you still need the resources you created. Resources left running can cost you money.

You can delete resources individually or delete the resource group to delete the entire set of resources.