Skip to main content
Microsoft Azure
CHAPTER 04

Azure Virtual Machines

Updated: May 15, 2026
25 min read

# CHAPTER 4

Azure Virtual Machines

1. Introduction

While serverless technologies and containers are the future of the cloud, the foundational building block of all cloud infrastructure remains the Virtual Machine (VM). In Azure, VMs provide Infrastructure as a Service (IaaS). They allow you to rent a slice of Microsoft's physical hardware, install any Operating System you want, and have absolute, root-level control over the server. In this chapter, we will provision a Linux server, configure its network security group, and transform it into a live web server accessible to the public internet.

2. Learning Objectives

By the end of this chapter, you will be able to:
  • Define Azure Virtual Machines as an IaaS offering.
  • Understand the concept of VM Series/Sizes (B, D, E series).
  • Provision a Virtual Machine in a specific Region.
  • Configure Network Security Groups (NSGs) to allow HTTP traffic.
  • SSH into a VM directly from the browser using Bastion or Cloud Shell.
  • Install a web server to host a public page.

3. Beginner-Friendly Explanation

Imagine renting an empty apartment (The Virtual Machine).
  • VM Size: You decide how big the apartment is. Do you need a tiny studio (B1s) or a massive 10-bedroom penthouse (E64s)?
  • Image (OS): The furniture. Do you want it pre-furnished with modern furniture (Ubuntu Linux) or corporate furniture (Windows Server 2022)?
  • Network Security Group (NSG): The building security guard. By default, the guard doesn't let anyone into your apartment. If you want to throw a party, you have to explicitly give the guard a rule: "Allow people entering via the HTTP door (Port 80)."

4. VM Series and Sizes

Azure offers different hardware optimized for different tasks:
  • B-Series (Burstable): Very cheap. Good for small web servers that are usually quiet but sometimes experience a burst of traffic.
  • D-Series (General Purpose): Best balance of CPU and RAM. The standard choice for enterprise applications and databases.
  • E-Series (Memory Optimized): Massive RAM. Used for heavy, in-memory databases like SAP HANA.
  • N-Series (GPU): Equipped with NVIDIA graphics cards. Used for machine learning, AI training, or video rendering.

5. Images and Disks

Every VM needs a hard drive. Azure provides dozens of pre-configured "Images" (Ubuntu, RedHat, Windows 11). When you click "Create," Azure instantly clones that image onto a Managed Disk so the server boots in seconds.
  • Premium SSD: Fast, expensive. Use for production databases.
  • Standard HDD: Slow, cheap. Use for backups or low-priority testing.

6. Public IPs and NSGs

By default, Azure VMs are protected. Even if you assign a Public IP Address to your VM, nobody on the internet can reach it until you open holes in the firewall. In Azure, this firewall is called a Network Security Group (NSG). You must configure an "Inbound Security Rule" to open specific ports (like 22 for SSH, 80 for HTTP, or 443 for HTTPS).

7. Mini Project: Launch a Web Server

Let's build a server and put it on the internet.

Step-by-Step Tutorial:

  1. 1. In the Azure Portal, search for Virtual Machines.
  1. 2. Click + Create > Azure virtual machine.
  1. 3. Resource group: Create a new one named rg-web-demo.
  1. 4. Virtual machine name: my-first-webserver.
  1. 5. Region: Choose a region close to you (e.g., East US).
  1. 6. Image: Select Ubuntu Server 22.04 LTS.
  1. 7. Size: Select StandardB1s (This is free tier eligible!).
  1. 8. Authentication type: Choose Password (for simplicity, though SSH public keys are safer in production). Enter a username and complex password.
  1. 9. Public inbound ports: Choose Allow selected ports.
  1. 10. Select inbound ports: Check HTTP (80) AND SSH (22). *CRITICAL STEP. If you forget HTTP, your website will be invisible.*
  1. 11. Click Review + create, then click Create. Wait 2 minutes for deployment.
  1. 12. Once deployed, click Go to resource. Copy the Public IP address.
  1. 13. Open the Azure Cloud Shell > at the top of the portal.
  1. 14. SSH into your server: ssh yourusername@YOURPUBLICIP. Enter your password.
  1. 15. In the terminal, install an NGINX web server:

bash
12 
sudo apt-get update
sudo apt-get install nginx -y
  1. 16. Open a new browser tab and paste your Public IP address. You will see the "Welcome to nginx!" default page. You have built a public cloud server!

8. Real-World Scenarios

A video game company is launching a new multiplayer game. They know launch day will be insane, but traffic will drop off a month later. Instead of buying physical servers, they use Azure to launch 500 Compute-optimized VMs globally. To save massive amounts of money, they use Azure Spot Virtual Machines—excess Azure capacity that is up to 90% cheaper, with the caveat that Microsoft can randomly shut them down if they need the capacity back. Because the game architecture is fault-tolerant, if one VM is terminated, players seamlessly reconnect to another.

9. Best Practices

  • Custom Data (Cloud-init): In the Mini Project, we manually typed apt-get install via SSH. Professionals never do this. In the VM creation menu, under "Advanced", you can paste a script into the "Custom data" field. The moment the VM boots, Azure runs the script automatically, instantly transforming an empty Linux box into a fully configured web server without human intervention.

10. Cost Optimization Tips

  • Azure Reserved Instances: If you know your company will need a server running 24/7 for the next 3 years, you can sign a "Reservation" contract with Microsoft. They will slash the hourly price of that VM by up to 72%!

11. CLI Examples

To create a VM using the Azure CLI:
bash
123456 
az vm create \
  --resource-group rg-web-demo \
  --name cli-webserver \
  --image Ubuntu2204 \
  --admin-username azureuser \
  --generate-ssh-keys

12. Exercises

  1. 1. What is the functional difference between an Azure B-Series VM and an E-Series VM?
  1. 2. Why is an Azure VM inaccessible from the internet even if it has a Public IP address assigned to it?

13. FAQs

Q: Do I need a complicated tool like Putty to access my server? A: No! You can use the built-in Cloud Shell directly in the Azure Portal browser. For enterprise security, companies use Azure Bastion, which lets you securely RDP or SSH into private VMs directly through the browser without exposing port 22 or 3389 to the public internet.

14. Interview Questions

  • Q: Describe the architectural and financial differences between standard Pay-As-You-Go VMs, Reserved Instances, and Spot VMs. Give an example of a workload suited for a Spot VM.
  • Q: A junior developer launched an Azure VM and installed Nginx. They can access the default webpage via curl localhost from inside the SSH terminal, but the public IP returns a "Connection Timed Out" error in the browser. Detail your troubleshooting steps involving Network Security Groups (NSGs).

15. Summary

In Chapter 4, we provisioned our first raw infrastructure. We navigated the Virtual Machine service, selecting optimal Series and Disks for our workload. We addressed network security by actively configuring Network Security Groups (NSGs) to permit HTTP ingress. Finally, we utilized SSH to install an Nginx web server, transforming an empty slice of Microsoft's hardware into a publicly accessible asset on the internet.

16. Next Chapter Recommendation

Virtual Machines are great for running code, but they are a terrible, expensive place to store millions of user photos or videos. For massive data storage, we need a specialized service. Proceed to Chapter 5: Azure Storage Services.

Finish this Chapter

Save your progress on your learning path and prepare for coding interview challenges.

Previous Chapter Azure Identity and Access Management
Next Chapter Azure Storage Services

Discussion

Join the discussion

Log in or create a free account to participate.

Sort: ·

Explore More

📖 Related Tutorials 5

Related Quizzes 6