A Closer Look at the Azure Cloud Portfolio – 2. From VMs to Web Servers

In this post, you’ll read about creating virtual machines (VMs) and deploying your web servers from Azure. Read more here. Courtesy of Mario Ferraro.

Prerequisites: An active Azure subscription.

Microsoft Azure Sign In

Before taking this guide, if you don’t have an Azure subscription yet, please create an Azure Free Trial beforehand.

Step 1: Create a Resource Group

Find resource group service
Create a resource
Resource group create button

Step 2: Create a Virtual Network and a subnet

Virtual network

Virtual machine should be in the same region as the virtual network.

Key steps:

  • assign IP addresses
  • Security
  • Tags
  • Review + create

There are 251 reserved IP addresses.

Click on our virtual network as a part of RG.

Goto subnets.

Step 3: Protect a subnet using a Network Security Group

We are going to create a network security group (NSG) around subnets

This would allow or don’t allow the inbound traffic to/from different Azure resources and also to the Internet

Let’s go back to our RG.

Network security group

Azure created inbound/outbound rules for us.

Nothing can enter the network by default.

Let’s assign these rules to our subnets.

Nextcloud security diagram

Step 4: Deploy Bastion to connect to a VM

Create a subnet first

Nextcloud subnet
Azure bastion subnet diagram
  • Azure Bastion is a new fully platform-managed PaaS service you provision inside your virtual network. It provides secure and seamless RDP/SSH connectivity to your VMs directly in the Azure portal over SSL. When you connect via Azure Bastion, your virtual machines do not need a public IP address.
  • The Microsoft Remote Desktop Protocol (RDP) provides remote display and input capabilities over network connections for Windows-based applications running on a server.” (MSDN) Essentially, RDP allows users to control their remote Windows machine as if they were working on it locally (well, almost).
  • SSL Stands for secure sockets layer. Protocol for web browsers and servers that allows for the authentication, encryption and decryption of data sent over the Internet.
Azure Bastion

The Bastion instance is created to connect to our VM using SSH

The Bastion instance is created to connect to our VM using SSH

Step 5: Create an Ubuntu Server VM

Let’s create an Ubuntu Server VM

Ubuntu Server VM

Long-term support (LTS) is a product lifecycle management policy in which a stable release of computer software is maintained for a longer period of time than the standard edition.

Basics: Size = 1 vcpu, 1 Gb memory

Authentication: SSH public key

SSD Disk 30 Gb default

Deployed VM diagram

Connection is via virtual network interface controller (green) created by Azure

network interface controller (NIC, also known as a network interface card,[3] network adapterLAN adapter or physical network interface,[4] and by similar terms) is a computer hardware component that connects a computer to a computer network.[5]

Let’s click on our VM.

Step 6: Install Nextcloud by connecting via SSH using Bastion

We need to connect to our VM and install a server

Let’s go back to our RG.

Let’s connect to VM

Connect to VM via Bastion

Perform basic cloud installation:

  • Create a user account with sample user name admin and password.
  • Create self-signed certificate

Step 7: Publish an IP

Let’s access our VM instance on the web.

We need to add public IP address.

Add a public IP address

Let’s go back to our VM.

Add inbound security rule.

Step 8: Create a DNS Label

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.

Let’s go back to our Azure portal.

Our public IP is connected to our VM interface controller.

We have both public IP address and the DNS name.

Final diagram

NextCloud is now up and running

Azure nextcloud Hub

VM and Bastion instances should be stopped (deleted from RG) or you will be charged.


  • In this post, we have created a Virtual Machine (VM) in Azure to deploy a web server, specifically a Nextcloud server.
  • We have explored how the basic architecture of Azure works, by creating a VM, connecting it to a subnet, protected by inbound and outbound rules thanks to Network Security Groups, in a Virtual Network.
  • We have also learned how to use Bastion to connect to the machine via SSH, without exposing an external port to the Internet, and then installing a simple Nextcloud server and make the VM available to you by opening a public IP and a DNS label.

Explore More


Make a one-time donation

Make a monthly donation

Make a yearly donation

Choose an amount


Or enter a custom amount


Your contribution is appreciated.

Your contribution is appreciated.

Your contribution is appreciated.

DonateDonate monthlyDonate yearly

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: