Create and Manage Windows VMs with the Azure PowerShell module

Azure virtual machines provide a fully configurable and flexible computing environment. This tutorial covers basic Azure virtual machine deployment items such as selecting a VM size, selecting a VM image, and deploying a VM. You learn how to:

  • Create and connect to a VM
  • Select and use VM images
  • View and use specific VM sizes
  • Resize a VM
  • View and understand VM state

This tutorial requires the Azure PowerShell module version 3.6 or later. Run Get-Module -ListAvailable AzureRM to find the version. If you need to upgrade, see Install Azure PowerShell module.

Create resource group

Create a resource group with the New-AzureRmResourceGroup command.

An Azure resource group is a logical container into which Azure resources are deployed and managed. A resource group must be created before a virtual machine. In this example, a resource group named myResourceGroupVM is created in the EastUS region.

New-AzureRmResourceGroup -ResourceGroupName myResourceGroupVM -Location EastUS

The resource group is specified when creating or modifying a VM, which can be seen throughout this tutorial.

Create virtual machine

A virtual machine must be connected to a virtual network. You communicate with the virtual machine using a public IP address through a network interface card.

Create virtual network

Create a subnet with New-AzureRmVirtualNetworkSubnetConfig:

$subnetConfig = New-AzureRmVirtualNetworkSubnetConfig `
    -Name mySubnet `
    -AddressPrefix 192.168.1.0/24

Create a virtual network with New-AzureRmVirtualNetwork:

$vnet = New-AzureRmVirtualNetwork `
  -ResourceGroupName myResourceGroupVM `
  -Location EastUS `
  -Name myVnet `
  -AddressPrefix 192.168.0.0/16 ` 
  -Subnet $subnetConfig

Create public IP address

Create a public IP address with New-AzureRmPublicIpAddress:

$pip = New-AzureRmPublicIpAddress ` 
  -ResourceGroupName myResourceGroupVM `
  -Location EastUS ` 
  -AllocationMethod Static `
  -Name myPublicIPAddress

Create network interface card

Create a network interface card with New-AzureRmNetworkInterface:

$nic = New-AzureRmNetworkInterface `
  -ResourceGroupName myResourceGroupVM  `
  -Location EastUS `
  -Name myNic `
  -SubnetId $vnet.Subnets[0].Id `
  -PublicIpAddressId $pip.Id

Create network security group

An Azure network security group (NSG) controls inbound and outbound traffic for one or many virtual machines. Network security group rules allow or deny network traffic on a specific port or port range. These rules can also include a source address prefix so that only traffic originating at a predefined source can communicate with a virtual machine. To access the IIS webserver that you are installing, you must add an inbound NSG rule.

To create an inbound NSG rule, use Add-AzureRmNetworkSecurityRuleConfig. The following example creates an NSG rule named myNSGRule that opens port 3389 for the virtual machine:

$nsgRule = New-AzureRmNetworkSecurityRuleConfig `
  -Name myNSGRule `
  -Protocol Tcp `
  -Direction Inbound `
  -Priority 1000 `
  -SourceAddressPrefix * `
  -SourcePortRange * `
  -DestinationAddressPrefix * `
  -DestinationPortRange 3389 `
  -Access Allow

Create the NSG using myNSGRule with New-AzureRmNetworkSecurityGroup:

$nsg = New-AzureRmNetworkSecurityGroup `
    -ResourceGroupName myResourceGroupVM `
    -Location EastUS `
    -Name myNetworkSecurityGroup `
    -SecurityRules $nsgRule

Add the NSG to the subnet in the virtual network with Set-AzureRmVirtualNetworkSubnetConfig:

Set-AzureRmVirtualNetworkSubnetConfig `
    -Name mySubnet `
    -VirtualNetwork $vnet `
    -NetworkSecurityGroup $nsg `
    -AddressPrefix 192.168.1.0/24

Update the virtual network with Set-AzureRmVirtualNetwork:

Set-AzureRmVirtualNetwork -VirtualNetwork $vnet

Create virtual machine

When creating a virtual machine, several options are available such as operating system image, disk sizing, and administrative credentials. In this example, a virtual machine is created with a name of myVM running the latest version of Windows Server 2016 Datacenter.

Set the username and password needed for the administrator account on the virtual machine with Get-Credential:

$cred = Get-Credential

Create the initial configuration for the virtual machine with New-AzureRmVMConfig:

$vm = New-AzureRmVMConfig -VMName myVM -VMSize Standard_D1

Add the operating system information to the virtual machine configuration with Set-AzureRmVMOperatingSystem:

$vm = Set-AzureRmVMOperatingSystem `
    -VM $vm `
    -Windows `
    -ComputerName myVM `
    -Credential $cred `
    -ProvisionVMAgent -EnableAutoUpdate

Add the image information to the virtual machine configuration with Set-AzureRmVMSourceImage:

$vm = Set-AzureRmVMSourceImage `
    -VM $vm `
    -PublisherName MicrosoftWindowsServer `
    -Offer WindowsServer `
    -Skus 2016-Datacenter `
    -Version latest

Add the operating system disk settings to the virtual machine configuration with Set-AzureRmVMOSDisk:

$vm = Set-AzureRmVMOSDisk `
    -VM $vm `
    -Name myOsDisk `
    -DiskSizeInGB 128 `
    -CreateOption FromImage `
    -Caching ReadWrite

Add the network interface card that you previously created to the virtual machine configuration with Add-AzureRmVMNetworkInterface:

$vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic.Id

Create the virtual machine with New-AzureRmVM.

New-AzureRmVM -ResourceGroupName myResourceGroupVM -Location EastUS -VM $vm

Connect to VM

After the deployment has completed, create a remote desktop connection with the virtual machine.

Run the following commands to return the public IP address of the virtual machine. Take note of this IP Address so you can connect to it with your browser to test web connectivity in a future step.

Get-AzureRmPublicIpAddress -ResourceGroupName myResourceGroupVM  | Select IpAddress

Use the following command to create a remote desktop session with the virtual machine. Replace the IP address with the publicIPAddress of your virtual machine. When prompted, enter the credentials used when creating the virtual machine.

mstsc /v:<publicIpAddress>

Understand VM images

The Azure marketplace includes many virtual machine images that can be used to create a new virtual machine. In the previous steps, a virtual machine was created using the Windows Server 2016-Datacenter image. In this step, the PowerShell module is used to search the marketplace for other Windows images, which can also as a base for new VMs. This process consists of finding the publisher, offer, and the image name (Sku).

Use the Get-AzureRmVMImagePublisher command to return a list of image publishers.

Get-AzureRmVMImagePublisher -Location "EastUS"

Use the Get-AzureRmVMImageOffer to return a list of image offers. With this command, the returned list is filtered on the specified publisher.

Get-AzureRmVMImageOffer -Location "EastUS" -PublisherName "MicrosoftWindowsServer"
Offer             PublisherName          Location
-----             -------------          -------- 
Windows-HUB       MicrosoftWindowsServer EastUS 
WindowsServer     MicrosoftWindowsServer EastUS   
WindowsServer-HUB MicrosoftWindowsServer EastUS   

The Get-AzureRmVMImageSku command will then filter on the publisher and offer name to return a list of image names.

Get-AzureRmVMImageSku -Location "EastUS" -PublisherName "MicrosoftWindowsServer" -Offer "WindowsServer"
Skus                            Offer         PublisherName          Location
----                            -----         -------------          --------
2008-R2-SP1                     WindowsServer MicrosoftWindowsServer EastUS  
2008-R2-SP1-BYOL                WindowsServer MicrosoftWindowsServer EastUS  
2012-Datacenter                 WindowsServer MicrosoftWindowsServer EastUS  
2012-Datacenter-BYOL            WindowsServer MicrosoftWindowsServer EastUS  
2012-R2-Datacenter              WindowsServer MicrosoftWindowsServer EastUS  
2012-R2-Datacenter-BYOL         WindowsServer MicrosoftWindowsServer EastUS  
2016-Datacenter                 WindowsServer MicrosoftWindowsServer EastUS  
2016-Datacenter-Server-Core     WindowsServer MicrosoftWindowsServer EastUS  
2016-Datacenter-with-Containers WindowsServer MicrosoftWindowsServer EastUS  
2016-Nano-Server                WindowsServer MicrosoftWindowsServer EastUS

This information can be used to deploy a VM with a specific image. This example sets the image name on the VM object. Refer to the previous examples in this tutorial for complete deployment steps.

$vm = Set-AzureRmVMSourceImage `
    -VM $vm `
    -PublisherName MicrosoftWindowsServer `
    -Offer WindowsServer `
    -Skus 2016-Datacenter-with-Containers `
    -Version latest

Understand VM sizes

A virtual machine size determines the amount of compute resources such as CPU, GPU, and memory that are made available to the virtual machine. Virtual machines need to be created with a size appropriate for the expect work load. If workload increases, an existing virtual machine can be resized.

VM Sizes

The following table categorizes sizes into use cases.

Type Sizes Description
General purpose DSv2, Dv2, DS, D, Av2, A0-7 Balanced CPU-to-memory. Ideal for dev / test and small to medium applications and data solutions.
Compute optimized Fs, F High CPU-to-memory. Good for medium traffic applications, network appliances, and batch processes.
Memory optimized GS, G, DSv2, DS, Dv2, D High memory-to-core. Great for relational databases, medium to large caches, and in-memory analytics.
Storage optimized Ls High disk throughput and IO. Ideal for Big Data, SQL, and NoSQL databases.
GPU NV, NC Specialized VMs targeted for heavy graphic rendering and video editing.
High performance H, A8-11 Our most powerful CPU VMs with optional high-throughput network interfaces (RDMA).

Find available VM sizes

To see a list of VM sizes available in a particular region, use the Get-AzureRmVMSize command.

Get-AzureRmVMSize -Location EastUS

Resize a VM

After a VM has been deployed, it can be resized to increase or decrease resource allocation.

Before resizing a VM, check if the desired size is available on the current VM cluster. The Get-AzureRmVMSize command returns a list of sizes.

Get-AzureRmVMSize -ResourceGroupName myResourceGroupVM -VMName myVM 

If the desired size is available, the VM can be resized from a powered-on state, however it is rebooted during the operation.

$vm = Get-AzureRmVM -ResourceGroupName myResourceGroupVM  -VMName myVM 
$vm.HardwareProfile.VmSize = "Standard_D4"
Update-AzureRmVM -VM $vm -ResourceGroupName myResourceGroupVM 

If the desired size is not on the current cluster, the VM needs to be deallocated before the resize operation can occur. Note, when the VM is powered back on, any data on the temp disk are removed, and the public IP address change unless a static IP address is being used.

Stop-AzureRmVM -ResourceGroupName myResourceGroupVM -Name "myVM" -Force
$vm = Get-AzureRmVM -ResourceGroupName myResourceGroupVM  -VMName myVM
$vm.HardwareProfile.VmSize = "Standard_F4s"
Update-AzureRmVM -VM $vm -ResourceGroupName myResourceGroupVM 
Start-AzureRmVM -ResourceGroupName myResourceGroupVM  -Name $vm.name

VM power states

An Azure VM can have one of many power states. This state represents the current state of the VM from the standpoint of the hypervisor.

Power states

Power State Description
Starting Indicates the virtual machine is being started.
Running Indicates that the virtual machine is running.
Stopping Indicates that the virtual machine is being stopped.
Stopped Indicates that the virtual machine is stopped. Note that virtual machines in the stopped state still incur compute charges.
Deallocating Indicates that the virtual machine is being deallocated.
Deallocated Indicates that the virtual machine is completely removed from the hypervisor but still available in the control plane. Virtual machines in the Deallocated state do not incur compute charges.
- Indicates that the power state of the virtual machine is unknown.

Find power state

To retrieve the state of a particular VM, use the Get-AzureRmVM command. Be sure to specify a valid name for a virtual machine and resource group.

Get-AzureRmVM `
    -ResourceGroupName myResourceGroup `
    -Name myVM `
    -Status | Select @{n="Status"; e={$_.Statuses[1].Code}}

Output:

Status
------
PowerState/running

Management tasks

During the lifecycle of a virtual machine, you may want to run management tasks such as starting, stopping, or deleting a virtual machine. Additionally, you may want to create scripts to automate repetitive or complex tasks. Using Azure PowerShell, many common management tasks can be run from the command line or in scripts.

Stop virtual machine

Stop and deallocate a virtual machine with Stop-AzureRmVM:

Stop-AzureRmVM -ResourceGroupName myResourceGroupVM -Name "myVM" -Force

If you want to keep the virtual machine in a provisioned state, use the -StayProvisioned parameter.

Start virtual machine

Start-AzureRmVM -ResourceGroupName myResourceGroupVM -Name myVM

Delete resource group

Deleting a resource group also deletes all resources contained within.

Remove-AzureRmResourceGroup -Name myResourceGroupVM -Force

Next steps

In this tutorial, you learned about basic VM creation and management such as how to:

  • Create and connect to a VM
  • Select and use VM images
  • View and use specific VM sizes
  • Resize a VM
  • View and understand VM state

Advance to the next tutorial to learn about VM disks.