SECURING YOUR AZURE VIRTUAL NETWORK WITH A NG FIREWALL
PART 2- PROVISIONING AN AZURE WINDOWS VM
Once a basic Azure network infrastructure (VNET) has been established, Virtual Machines can easily be deployed using the Azure Market place. These can be deployed within segmented VNET subnets to provide proper network segmentation, much like VLAN’s in an on-prem environment.
When using Azure as a DR play or extension of your existing on-prem server infrastructure (Cloud Hybridization), Domain Controllers and DNS servers should be your first set of VM’s. These can be deployed in an availability set so that each VM resides in separate fault and upgrade domains. This means that if a rack failure or maintenance were to occur, at least one of your VM’s will remain online.
Sizing of the VM is also important, but if you happen to under or oversize during the initial deployment, it’s usually a quick process to resize. This flexibility allows you to scale as needed, and there are also automated processes that can be implemented to power off and on VM’s at designated times to manage operating costs. VM’s can also be purchased in 1 or 3-year terms which can provide significant cost savings.