The objective of this section is to walk you through the process of deploying a VM in Azure, using PowerShell. Topics covered in this section include the provisioning of a resource group and the deployment of a VM.

Since the deployment of a VM in Azure, using PowerShell, requires quite a few switches to be specified, each switch will also be explained in detail.

Before deploying a VM in Azure with PowerShell, you need to first create a resource group into which the VM will be deployed. An Azure resource group, by the way, is a logical container into which Azure resources are deployed and from where they are managed. Deploying a resource group is rather easy; it is completed with just a single PowerShell command.

To provision a group, you just need to run the New-AzureRMResourceGroup command. When running the command, you need to specify a name for the resource group and a location for it:

New-AzureRmResourceGroup -ResourceGroupName "VMLab" -Location "EastUS"

In the preceding example, I'm specifying the ResourceGroupName and Location switches. The preceding command creates a resource group called VMLab and it creates it in the EastUS location:

Running the New-AzureRMResourceGroup command takes just a moment or two and, once the command completes, you can visit the Azure dashboard to confirm that the resource group has been created. Instead, you can run the Get-AzureRmResourceGroup PowerShell command without any switches, to ensure that the new resource group is listed.

To confirm that your new VMLab resource group has been created, run the following command:

Get-AzureRmResourceGroup

Upon running the preceding command, you should see a resource group called VMLab listed. Before continuing with the next exercises (if you are following along), be sure that you’ve created a resource group, called VMLab.

When creating a VM, several options are available to you—including OS image, network configuration, and administrative credentials. However, a VM can also be created with default settings, using a minimal configuration.

The process of provisioning a VM consists of two different PowerShell commands. The first command, called Get-Credential, allows you to specify local administrator credentials for the VM. Once those credentials have been established, you can run the New-AzureRmVm command to configure and deploy a VM.

To create a local admin account and password for the VM being deployed, run the following command:

$cred = Get-Credential

This command results in a prompt, to which you can respond, by supplying a local admin account login and associated password. The login information provided in the prompt is then used by the VM deployment process to provision a local admin for the VM when it is deployed:

Running the $cred = Get-Credential command stores the local admin credentials that you provide in the $cred variable. After creating the local admin credentials, you can run the New-AzureRmVm command to provision the VM.

The $cred variable is referenced during the provisioning process, so that when the VM is provisioned, the local admin info that was provided is used.

To provision a new VM, run the entire following command in a PowerShell session:

New-AzureRmVm -ResourceGroupName "VMLab" `
 -Name "myVM" `
 -Location "EastUS" `
 -VirtualNetworkName "myVnet" `
 -SubnetName "mySubnet" `
 -SecurityGroupName "myNSG" `
 -PublicIpAddressName "myPublicIP" `
 -Credential $cred

The preceding command is a single-line command. Although the command itself is broken up into multiple lines, this command is one long command when written out.

To break the command up into multiple lines so that I can better explain it, I used the tick symbol ( ` ) to let PowerShell know it's one long command, despite being supplied over multiple lines.

If you prefer the copy/paste approach, visit mybook.thomasmitchell.net for an online version of all the commands in this book:

The tick symbol tells PowerShell that even though I'm supplying a multi-line command, it should be interpreted as a single-line command instead.

With that said, let's go through the command, line by line.

As you can see from the preceding command (which takes about 10-15 minutes to run), New-AzurermVM requires some basic information to provision a VM.

The ResourceGroupName switch tells the command which resource group the VM should be deployed to. In this case, the VM is going to be deployed into the VMLab resource group that was provisioned earlier (if you are following along with these instructions). The Name switch specifies the name of the VM being deployed. In this example, the VM is going to be called myVM.

The new VM is deployed into the EastUS region by specifying the Location switch.

Since the VM needs to go onto a network and subnet, this command includes the VirtualNetworkName switch and SubnetName switch. In the preceding example, the VM is being deployed to a virtual network called myVNet and a subnet called mySubnet. Because we haven't created a virtual network yet, nor a subnet, the New-AzureRmVM command is going to create them automatically, using default IP range values. Had we previously provisioned a virtual network and virtual subnet, we could specify their names instead, and the VM would be deployed to them.

To protect the VM, a network security group needs to be deployed. To provision and associate a network security group with the new VM, the SecurityGroupName switch is used. In the preceding example, the network security group is called myNSG. As was the case with the virtual network and virtual subnet, had we pre-provisioned another security group, we could have specified that group with the SecurityGroupName switch.

To be able to RDP to the new VM over the internet from a workstation, we need to give the VM a public IP address. This is done with the PublicIPAddressName switch. In this example, the public IP address resource is called myPublicIP.

With that PSA out of the way, we must tell the New-AzureRmVm command what local admin credentials to provision for this VM. To do this, I'm specifying the Credential switch and referencing the $cred variable with it.

With all this information provided, running the New-AzureRmVm command will deploy a default Windows 2016 Server into the EastUS region, onto a new subnet called mySubnet, which is part of a virtual network called myVnet. The VM will be protected by a default set of rules contained in a network security group called MyNSG.

The VM deployed with the preceding command is called myVM and it will be deployed into a resource group called VMLab. It will assign a dynamic public IP address that is accessible from the internet and the local admin account, which will match what was configured when we ran the Get-Credential command:

The VM deployment process can take several minutes to complete, but when it does, you will have a fully functioning virtual machine deployed.

Once the deployment is complete, you can confirm in the Azure dashboard that the VM is up and running. You can also run the following command instead:

Get-AzureRmVm -resourcegroup VMLab -name MyVM -status

The output of the preceding command will show the status of your newly deployed VM.

Since the intention of this book is to explain how to deploy and manage VMs using PowerShell, it makes sense to explain how to RDP to a VM from PowerShell.

Once a VM is deployed, you can create a remote desktop connection with the VM right from a PowerShell session. To do so, you need to run two commands.

First, you need to track down the public IP address of the VM by running the Get-AzureRmPublicIpAddress command. This command will display the public IP address of the VM. You can then use that IP to connect to the VM.

To obtain the IP address of the MyVM VM deployed in the preceding example, run the following command:

Get-AzureRmPublicIpAddress `
 -Name myPublicIP `
 -ResourceGroupName VMLab | Select IPAddress

The Get-AzureRmPublicIpAddress command displays the public IP address for the VM. All you have to do is tell the command which public IP resource you want to query and then pipe that data to a Select statement:

The output is the public IP address of the VM.

To connect to the VM via RDP, you can run the mstsc.exe command right from the PowerShell session and replace publicIpAddress with the IP address of the VM:

mstsc.exe /v:publicIpAddress

In the Windows Security window, supply the local username and password that you created for the VM and then click OK:

The RDP client session will launch and then you can log into the newly provisioned VM. Logging into the new virtual machine from this point forward is no different from any other RDP session.