DEV Community

Cover image for Hands-On Azure: Deploying VMs, SQL, and Web Apps with BYOS
Oluwanifesimi
Oluwanifesimi

Posted on

Hands-On Azure: Deploying VMs, SQL, and Web Apps with BYOS

What Is an Azure Virtual Machine?
An Azure VM is a scalable, on-demand computing resource that behaves like a physical computer but runs in the cloud. It allows you to run operating systems (Windows, Linux, etc.), install software, and host applications without managing physical hardware

Key Features

  • Full Control: You get administrative access to the OS and can configure it as needed.
  • Flexible OS Choices: Choose from pre-configured images like Windows Server, Ubuntu, Red Hat, or upload your own custom image.
  • Scalability: Easily scale up or down based on demand using auto-scaling features.
  • Availability Zones: Deploy across multiple zones for high availability and disaster recovery.
  • Security: Use Network Security Groups (NSGs), firewalls, and encryption to protect your VM'

Use Cases

  • Development & Testing: Quickly spin up environments tailored to your app’s needs.
  • Web Hosting: Host websites or APIs with full control over the server stack.
  • Data Processing: Run compute-heavy tasks like simulations, analytics, or machine learning.
  • Legacy App Support: Run older applications that require specific OS versions or configurations.

What Is BYOS?
BYOS means you’re bringing your own cloud account (like an Azure subscription) to a platform that supports external provisioning. Instead of the platform managing and billing resources under its own cloud account, you retain control, visibility, and billing through your own subscription.

Why Use BYOS?

  • Cost Control: You pay Microsoft (or your cloud provider) directly, often benefiting from negotiated rates or enterprise agreements.
  • Security Ownership: You manage access, policies, and compliance within your own cloud environment.
  • Resource Visibility: All resources (VMs, storage, networking) show up in your Azure portal, giving you full transparency.
  • Support Flexibility: You use your own support contract with Microsoft, which may offer better SLAs or escalation paths.

App Log Examiners security group is all about establishing a dedicated team within your Microsoft Entra ID (formerly Azure Active Directory) that has access to application logs and diagnostics—typically for monitoring, troubleshooting, or auditing purposes.

What Is the "App Log Examiners" Group?
This is a security group designed to:

  • Grant specific users access to log data from applications and services.
  • Control who can view, analyze, or query logs—especially in environments using Azure Monitor, Log Analytics, or Application Insights.
  • Support role-based access control (RBAC) by assigning this group to resources like virtual machines, storage accounts, or monitoring tools.

Aim Objective

  • Prepare your bring-your-own-subscription (BYOS)
  • Create App Log Examiners security group
  • Deploy and configure WS-VM1
  • Deploy and configure LX-VM2
  • Deploy a web app with an SQL Database
  • Deploy a Linux web app

Step1:Prepare your bring-your-own-subscription (BYOS)

  • Login to your Azure Portal login
  • In the Azure Portal Search Bar, enter Resource Groups and select Resource groups from the list of results. search
  • On the Resource Groups page, select Create. RG
  • On the Create a Resource Group page, select your subscription and enter the name rg-alpha. Set the region to East US, choose Review + Create, and then choose Create. RG ALPHA CREATE

Creating the App Log Examiners security group means you’re making a dedicated Azure AD security group where you can add users who are responsible for examining application logs, and then you’ll assign log-related permissions to that group.

Step 2: Create App Log Examiners security group

  • In the Azure Portal Search Bar, enter Azure Active Directory (or Entra ID) from the list of results search entra.
  • On the Default Directory page, select Groups. directory
  • On the Groups page, choose New Group. new group
  • On the New Group page, provide the values in the following table and choose Create.
Property Value
Group Type Security
Group Name App Log Examiners
Description App Log Examiners

group

Step 3: Deploy and configure WS-VM1
deploy and configure a Windows Server virtual machine.

  • In the Azure Portal Search Bar, enter Virtual Machines and select Virtual Machines from the list of results vm
  • On the Virtual Machines page, choose Create and select Azure Virtual Machine. create page
  • On the Basics page of the Create A Virtual Machine wizard, select the following settings and then choose Review + Create.
Property Value
Subscription Your subscription
Resource Group rg-alpha
VM Name WS-VM1
Region East US
Availability No infrastructure redundancy required
Security Type Standard
Image Windows Server 2022 Datacenter: Azure Edition – x64 Gen2
Architecture x64
Size Standard_D4s_v3 – 4 vCPUs, 16 GiB memory
Admin Username prime
Password [Select a unique secure password] (example: P@ssw0rdP@ssw0rd)
Inbound Ports RDP (3389)
  • Review the settings and select Create.
  • Wait for the deployment to complete. Once deployment completes choose Go to resource. go to resources
  • On the WS-VM1 properties page, choose Networking.
  • On the Networking page, select the RDP rule. RDP
  • On the RDP rule space, change the Source to My IP address and choose Save. RDP 1 This restricts incoming RDP connections to the IP address you’re currently using.
  • On the Networking page, choose Add inbound port rule. INBOUND RULE
  • On the Add inbound security rule page, configure the following settings and choose Add.
Property Value
Source Any
Source Port Ranges *
Destination Any
Service HTTP
Action Allow
Priority 310
Name AllowAnyHTTPInbound

Inbound rule

  • On the WS-VM1 page, choose Connect. connect
  • Under Native RDP, choose Select.
  • On the Native RDP page, choose Download RDP file and then open the file. Opening the RDP file opens the Remote Desktop Connection dialog box. RDP
  • On the Windows Security dialog box, choose More Choices and then choose Use a different account.
  • Enter the username as .\prime and the password as the secure password you chose in Step 3, and choose OK. USER/PASSWORD RDP
  • When signed into the Windows Server virtual machine, right-click on the Start hint and then choose Windows PowerShell (Admin). Admin
  • At the elevated command prompt, type the following command and press Enter. Install-WindowsFeature Web-Server -IncludeAllSubFeature -IncludeManagementTools
  • When the installation completes run the following command to change to the web server root directory. cd c:\inetpub\wwwroot\
  • Run the following command. Wget https://raw.githubusercontent.com/Azure-Samples/html-docs-hello-world/master/index.html -OutFile index.html command

Step 4: Deploy and configure LX-VM2
Deploying and configure a Linux virtual machine.

  • In the Azure Portal Search Bar, enter Virtual Machines and select Virtual Machines from the list of results. Virtual Machines
  • On the Virtual Machines page, choose Create and select Azure Virtual Machine. CREATE D
  • On the Basics page of the Create A Virtual Machine wizard, select the following settings and then choose Review + Create
Property Value
Subscription Your subscription
Resource Group rg-alpha
Virtual Machine Name Linux-VM2
Region East US
Availability Options No infrastructure redundancy required
Security Type Standard
Image Ubuntu Server 20.04 LTS – x64 Gen2
VM Architecture x64
Size Standard_D2s_v3 – 2 vCPUs, 8 GiB memory
Authentication Type Password
Username Prime
Password [Select a unique secure password] (example: P@ssw0rdP@ssw0rd)
Public Inbound Ports None

linux
linux 2

  • Review the information and choose Create. deploy
  • After the VM deploys, open the VM properties page and choose Extensions + Applications under Settings. extension
  • Choose Add and select the Network Watcher Agent for Linux. Choose Next and then choose Review and Create. Choose Create. watcher create
  • Configure the AzureNetworkWatcherExtension and the OmsAgentForLinux extension so that they automatically upgrade

Step 5:Deploy a web app with an SQL Database

  • Ensure that you’re signed into the Azure Portal.
  • In your browser, open a new browser tab and navigate to https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.web/web-app-sql-database
  • On the GitHub page, choose Deploy to Azure. Github
  • A new tab opens. If necessary, re-sign into Azure with the account that has Global Administrator privileges.
  • On the Basics page, select Edit template. edit template
  • In the template editor, delete the contents of lines 158 to 174 inclusive and delete the “,” on line 157. Choose Save. 158-174
  • On the Basics page, provide the following information and choose Next.
Property Value
Subscription Your subscription
Resource Group rg-alpha
Region East US
SKU Name F1
SKU Capacity 1
SQL Administrator Login prime
SQL Administrator Password [Select a unique secure password] (example: P@ssw0rdP@ssw0rd)

linux edit

  • Review the information presented and select Create.
  • After the deployment completes, choose Go to resource group.

Step 6: Deploy a Linux web app

Property Value
Subscription Your subscription
Resource Group rg-alpha
Region East US
Web App Name AzureLinuxAppWXYZ (replace WXYZ with random numbers, e.g., AzureLinuxApp1234)
SKU S1
Linux Fx Version PHP
  • Review the information and choose Create.

Conclusion
This project gave me the chance to put several Azure services together into a single working solution. I started with security by creating the App Log Examiners group, then moved on to deploying both Windows and Linux virtual machines. After that, I configured NSG rules to allow HTTP traffic and added monitoring extensions so the VMs could be tracked properly. I also created an Azure SQL database with an administrator login and finished by deploying a Linux-based Web App running PHP.

By the end of the project, I had built a small but complete environment that covered compute, networking, security, database, and application hosting. It felt very close to what a real Cloud or DevOps engineer would set up in practice, and it gave me good hands-on experience with how these services connect and work together.

Top comments (0)