This guide describes how to run a virtual server appropriate for the Media Engineering Architecture & Deployment course on the Microsoft Azure cloud platform.
- Legend
- ❗ Apply to Azure for Students
- ❗ Get your public SSH key
- ❗ Launch a virtual server
- ❓ (Optionally) get your machine's public SSH key
- ❗ Configure your virtual server
- ❗ Finish
- 🏁 What have I done?
- 💥 Troubleshooting
Parts of this guide are annotated with the following icons:
- ❗ A task you MUST perform to complete the exercise.
- ❓ An optional step that you may perform to make sure that everything is working correctly.
⚠️ Critically important information about the exercise.- 💎 Tips on the exercise, reminders about previous exercises, or explanations about how this exercise differs from the previous one.
- 👾 More advanced tips on how to save some time. Challenges.
- 📚 Additional information about the exercise or the commands and tools used.
- 🏁 The end of the exercise.
- 🏛️ The architecture of what you deployed during the exercise.
- 💥 Troubleshooting tips: how to fix common problems you might encounter.
Apply to Azure for Students
with your @hes-so.ch email address, which will provide you with free
Azure resources as a student.
You can display your public SSH key in your terminal with the following command:
$> cat ~/.ssh/id_e25519.pub💎 If you have an older SSH client, you may want to try displaying the contents of
~/.ssh/id_rsa.pubinstead.
You should copy the output of this command. You will need it later.
Once you have your Azure account, you can launch the virtual server you will be using for the rest of the course.
-
Access the Azure portal and go to the Virtual machines section:
-
Create a new virtual machine, i.e. a new virtual server in the Microsoft Azure infrastructure:
-
In the Basics settings, configure the virtual machine details (the machine's name, region, image and size):
MAKE SURE TO SELECT THE Ubuntu 24.04IMAGE AND THEB1sSIZE. If you select a VM size that is too expensive, YOU WILL RUN OUT OF FREE CREDITS BEFORE THE END OF THE COURSE We will then have to provide (and pay 💰) a new VM for you and you will have to reinstall your VM from scratch (including all deployment exercises you may already have completed).If the correct size is not selected, you can select it from the complete list of VM sizes:
💎 Any region will do. Closer to where you are (or where your customers are) will reduce latency, and the North/West European regions are among the cheapest.
Under the Administrator account settings, choose a username. For example, if your name is "John Doe", you might choose
jdeas a short, easy-to-type username.⚠️ Your Unix username MUST NOT contain spaces, accented characters (e.g.é), hyphens (-) or dots (.). If you use the same name later in the course as a subdomain, it MUST NOT contain any underscores (_). We suggest you choose a name that starts with a letter (a-z) and contains only alphanumeric characters (a-z and 0-9).💎 Choose a username that is simple to type because you will need to type it often. If necessary, you can change it later.
Select SSH public key authentication, set the source to Use existing public key, and paste your public SSH key (the one you copied earlier) in the text area.
Under inbound port rules, make sure the SSH (22) port is allowed:
📚 You may ignore the security warning. It indicates that it's good practice to limit the IP addresses authorized to access your virtual server. For the purposes of this course, it's simpler to allow anyone to connect from any source IP address.
-
In the Disks settings, select a cheaper disk than the default. We won't need that much I/O performance:
-
In the Networking settings, select the Advanced security group option, and create a new security group:
Add two inbound rules, one for HTTP and one for HTTPS:
Add two other inbound rules, one for port 3000 and one for port 3001:
The final security group settings should look something like this:
📚 What you are doing here is configuring the Azure firewall to allow incoming traffic to your virtual server on specific ports. If you do not do this, it will not be reachable from outside the Azure network. For example, for a web application running on your virtual server to be reachable, ports 80 (HTTP) and 443 (HTTPS) must accept incoming requests. Port 22 is for SSH connections. Ports 3000 and 3001 will be used in various exercises.
-
Use the default Management, Monitoring, Advanced and Tags settings.
-
Review your estimated monthly cost (this may not be the exact price but it should be similar):
Your estimated monthly cost MUST BE UNDER $20/month. If it is higher, you have probably selected the wrong region, or a VM size that is not the recommended one and that is too expensive for the credits you have at your disposal for this course. Create your virtual machine.
-
Once your deployment is complete, go to the virtual machine source:
-
Find your machine's public IP address in the virtual machine's information:
-
When you connect to your virtual machine over SSH for the first time, you will get the usual warning that its authenticity cannot be verified:
The authenticity of host '20.71.227.143 (20.71.227.143)' can't be established.
ECDSA key fingerprint is SHA256:0TORCgUgzrPGeDHzV5fGAarkpGpc5Nbkhb7q2dbG0OA.
Are you sure you want to continue connecting (yes/no/[fingerprint])?
To protect yourself from man-in-the-middle attacks, you can obtain the SSH host key fingerprints from your virtual machine before attempting to connect. That way, you will be able to see if the key fingerprint in the warning matches one of your virtual machine's keys.
To do this, you need to install the Azure CLI. Once you have it installed and have logged in, you can run the following command (adapt the resource group and name options to your configuration if necessary):
$> az vm run-command invoke \
--resource-group ArchiDep_group \
--name ArchiDep \
--command-id RunShellScript \
--scripts "find /etc/ssh -name '*.pub' -exec ssh-keygen -l -f {} \;"After a while, it should print the response:
{
"value": [
{
"code": "ProvisioningState/succeeded",
"displayStatus": "Provisioning succeeded",
"level": "Info",
"message": "Enable succeeded: \n[stdout]\n256 SHA256:IKNmtqj1OKCP4gyErlaQkBbn26gB0ofV3fLkw14yokg root@ArchiDep (ED25519)\n1024 SHA256:mUJQmHnMkGeqbxrRjRrBCJYzxyFYIlwKx/R54eLi4ds root@ArchiDep (DSA)\n3072 SHA256:RGxd9jZfWrUUynsVNGmngD78AaZGcQNT4iHjwX6cK2c root@ArchiDep (RSA)\n256 SHA256:0TORCgUgzrPGeDHzV5fGAarkpGpc5Nbkhb7q2dbG0OA root@ArchiDep (ECDSA)\n\n[stderr]\n",
"time": null
}
]
}
Your machine's public key fingerprints are in the message property, separated
by encoded new lines (\n).
📚 You can skip this step if you consider the risk and impact of an attack low enough.
Understand that if you simply answer "yes" when the SSH client warns you, you are exposing yourself to a potential man-in-the-middle attack. In all likelihood, no one is trying to hack your Azure virtual machine for this course, but the possibility exists.
Since you are using public key authentication and not password authentication, your credentials should not be compromised (you will not send a password and your private key will not leave your computer). However, anything you do on that server could potentially be read and modified by an attacker if he manages to intercept the initial connection.
You will now connect to your Azure virtual machine and configure some things for purposes of the course.
Assuming the virtual machine's public IP address is W.X.Y.Z (replace with the
IP address you copied from your virtual machine's information), and the
administrator account you created is jde, you can connect with this command:
$> ssh [email protected]📚 You should be able to connect without a password. This works because you gave your public SSH key to Azure when creating your virtual server. It was automatically put in your user's
~/.ssh/authorized_keysfile when the server was launched, which allows you to authenticate using your private SSH key.
Once you are connected, run the following command to give the teacher access to
your virtual machine (be sure to copy the whole line and to replace jde with
your username):
$> echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYObb+SKAKmRiIME+bxHLRL7w8Wl2Wdjm4pr7WvaXqS archidep" | sudo tee --append /home/jde/.ssh/authorized_keys📚 This adds the teacher's public SSH key to your user's
~/.ssh/authorized_keys, allowing the teacher to also authenticate to your virtual server with his private SSH key to help debug issues.
Choose a hostname for your virtual machine, a subdomain of archidep.ch. For
example: jde.archidep.ch or my-precious.archidep.ch. Make sure not to pick
the same name as someone else in the class. Again, you might want to keep it
short because you will have to type it often during the course.
⚠️ You should not use underscores (_) in a hostname, use hyphens (-) instead.
$> sudo hostname jde.archidep.chAlso save your new hostname to the /etc/hostname file so that it will persist
when you reboot the server:
$> echo "jde.archidep.ch" | sudo tee /etc/hostname📚 The hostname is the name of your virtual server. It can be any URL. It often identifies a machine in an organization with the format
<machine-name>.<organization>.<tld>(e.g.unix-box.google.com).For the purposes of this course, we will be using the
archidep.chdomain, so it makes sense to use a subdomain corresponding to yourself (jde.archidep.ch) as the hostname.
$> sudo rebootOnce the server has restarted (it might take a couple of minutes), check that you can still connect and that your hostname is correct:
$> ssh [email protected]
Welcome to Ubuntu 24.04 LTS
...
$> hostname
jde.archidep.chFollow this guide to add more swap space to your server. This will help prevent memory issues during the various deployment exercises.
Send your virtual server's public IP address and the username of your administrator account to both teachers.
💎 If you connect to your server using
ssh [email protected], thenjdeis your username andW.X.Y.Zis your public IP address.
You have used a popular Infrastructure-as-a-Service (IaaS) cloud service (Microsoft Azure) to set up a virtual machine for your own use. You are renting this virtual machine for a monthly fee (using your free education credits).
You have used what you have learned about the command line and SSH to connect to this virtual machine and perform some basic setup steps in preparation for future deployment exercises.
Here's a few tips about some problems you may encounter during this exercise.
Azure requires that SSH keys of type RSA have at least 2048 bits. If your existing key is not accepted by Azure when pasting it in the administrator account settings of your virtual server later, you may need to generate a new one with enough bits:
ssh-keygen -m PEM -t rsa -b 4096