Table of Contents
Introduction
Azure is Microsoft’s cloud platform, and it has first class support for Linux. In fact, most workloads deployed on Azure today run on Linux virtual machines or containers. This chapter focuses on what is specific to using Linux on Azure, not on general cloud concepts or on Linux administration itself.
You will learn how Azure represents Linux resources, how Linux virtual machines are created and accessed, and what tools Azure provides to manage and monitor Linux systems. You will also see how storage, identities, and networking interact with your Linux instances.
Azure concepts that matter for Linux
From a Linux perspective, several Azure building blocks appear repeatedly.
A Linux virtual machine is a guest operating system that runs on Azure’s hypervisor. You choose a Linux image, a size, and attach disks and network interfaces. The image is usually provided through the Azure Marketplace or your own custom image.
A resource group is a logical container that holds related resources such as your Linux VM, its disks, network interfaces, public IP addresses, and network security groups. You typically create a resource group per application or environment, then place all Linux resources for that environment inside it.
A virtual network, often abbreviated as VNet, provides private IP addressing and isolation for your Linux systems. Each Linux VM connects to at least one subnet inside a VNet. This is where you define IP ranges and core network layout.
Storage in Azure is split between managed disks that act as block devices for your Linux VM and object storage accounts that can be used by Linux applications for blobs, files, or queues. For the operating system you always use a managed disk. Additional managed disks or network file shares can be attached as data storage.
Identity and access management is controlled via Azure Active Directory, which provides users, groups, service principals, and managed identities. These identities grant access to Azure resources that your Linux VM might need, such as secrets or storage.
Ways to deploy Linux on Azure
There are several common patterns to get Linux running on Azure. They all create Linux systems but differ in control and responsibilities.
The most direct method is a Linux virtual machine. You choose a base image, such as Ubuntu, Debian, CentOS Stream, AlmaLinux, or others, then let Azure create a VM in a chosen region, VNet, and resource group. You receive full root access and manage the system yourself.
Azure Virtual Machine Scale Sets allow you to manage a group of identical Linux VMs as a single resource. This is useful when you want automatic scaling based on load while keeping each instance a regular Linux server with SSH access.
For container based workloads, Azure Kubernetes Service runs a cluster of Linux nodes managed by Azure. Here, you manage containers and pods, while Azure provisions and updates the underlying Linux nodes according to your configuration. This focuses more on Kubernetes than on individual Linux server management.
Platform services such as Azure App Service for Linux or Azure Container Instances run Linux based environments without exposing the full VM. You still rely on a Linux runtime, but the operating system is hidden and managed by Azure.
In this chapter we focus mainly on Linux VMs and briefly consider how some of the same concepts show up in these higher level services.
Creating a Linux virtual machine
You can create Linux VMs on Azure using three main tools: the Azure Portal, the Azure CLI, and Azure Resource Manager templates. The portal is graphical and friendly for beginners, while the CLI and templates are more suitable for automation.
Using the portal, you sign in, choose “Virtual machines,” then select “Create.” You pick a subscription and resource group, a region, and then select an image from the marketplace. For a beginner friendly example you can select Ubuntu LTS. You then choose a size, usually defined in families that indicate CPU, memory, and IO characteristics. For test systems a small general purpose size is often enough.
Authentication is a critical step when creating Linux VMs on Azure. You can choose between SSH key based login or password based login. Azure strongly encourages SSH keys. When you choose SSH, you can either paste an existing public key into the form or let Azure create a key pair and store it in Azure. This key is then used to configure the default user account on the Linux VM.
Networking requires you to specify a virtual network and subnet, or let the portal create one for you. You can optionally assign a public IP address, which is necessary for direct SSH access from the internet. A network security group defines which inbound ports are allowed. For Linux administration, port 22 for SSH is typically opened, often restricted to specific source IP addresses.
When you submit the form, Azure provisions the VM, allocates the disks, attaches it to the network, and configures SSH. After a short time, the VM is ready and you can connect from your local system.
Connecting to Linux VMs over SSH
Access to Linux on Azure is almost always through SSH. The public IP address of the VM, or a DNS name mapped to it, is used as the target. The port is typically 22 unless you have configured a custom port and security rules.
On your local Linux or macOS system, or from Windows with an SSH client, you connect with a command such as:
ssh azureuser@203.0.113.10
Here azureuser is the username you defined during VM creation. The authentication will use your private key if it matches the public key stored on the VM. If you used a password during creation, you enter it when prompted.
If your VM has no public IP or SSH is not open to the internet, you can still connect using a bastion host or Azure Bastion. Azure Bastion allows you to open an SSH session to your Linux VM directly from the browser without exposing SSH over the internet. This can be useful for secure administration.
Once connected, you work on the Linux VM as on any normal server. You update packages, install software, configure services, and manage logs. From Azure’s point of view you are interacting with a guest that runs inside a controlled environment.
Using Azure CLI from Linux
The Azure Command Line Interface, or Azure CLI, is a tool that lets you manage Azure resources from a shell. You can install it on your local machine or inside the Linux VM itself. It is available as the az command and integrates well with normal shell scripting.
After installation, you authenticate with:
az loginOn a local machine this opens a browser window and asks you to sign in with your Azure account. On a headless Linux server you can use device login, which displays a code you enter in a browser on another system.
Once logged in, you can create and control Linux resources. To create a resource group you might write:
az group create --name my-rg --location westeuropeTo create a Linux VM with a single command:
az vm create \
--resource-group my-rg \
--name my-linux-vm \
--image UbuntuLTS \
--admin-username azureuser \
--generate-ssh-keysAzure CLI makes automation easier and is often used in scripts and CI pipelines that deploy and configure Linux infrastructure.
To manage Linux on Azure at scale, prefer Azure CLI or templates rather than manual portal clicks, and always use SSH key based authentication instead of passwords.
Linux images and Azure specific agents
The Azure Marketplace provides a large collection of ready to use Linux images. These images are built either by Microsoft in partnership with distributions such as Canonical, Red Hat, and SUSE, or by third parties. They are prepared to work correctly on Azure’s hypervisor and include required integration tools.
An important component is the Azure Linux Agent, often installed as waagent. This agent handles tasks such as provisioning the VM on first boot, configuring SSH keys, and communicating with Azure for features like dynamic networking and diagnostic data. Although you usually do not interact with it directly, it is expected to be present and running in supported images.
You can also bring your own Linux image. This involves creating a generalized image in a supported format, uploading it to Azure, then turning it into a custom image. In that case you must ensure the Azure Linux Agent is installed and configured correctly for provisioning to succeed.
Image selection also influences the default package manager and software layout you will see inside the VM. Ubuntu uses apt, Red Hat based images use dnf or yum, and SUSE uses zypper. The general Azure integration, however, follows a similar pattern across distributions.
Storage for Linux VMs
Each Linux virtual machine on Azure has at least one disk, the operating system disk. This is a managed disk that the hypervisor exposes as a virtual block device. Inside the Linux guest, it appears as a standard disk, for example /dev/sda or /dev/sda1 for partitions.
You can attach additional managed disks as data disks. Once attached, they appear inside the Linux system as new devices, such as /dev/sdc. You partition, format, and mount them using normal Linux tools. Azure’s responsibility is to provide durable, replicated storage at the block level.
Alternatively, some workloads use Azure Files to mount a network file share over SMB or NFS, or Azure NetApp Files for more advanced file services. In those cases, the Linux VM does not see an extra block device but mounts a remote file system over the network.
For performance sensitive applications such as databases, you can choose disk types that offer higher throughput and input output operations per second. Combining multiple managed disks inside the Linux guest with software RAID can further increase performance, while Azure handles redundancy under the hood.
Networking and security groups for Linux
Every Linux VM on Azure attaches to a network interface that resides in a subnet of a virtual network. The VM receives a private IP address inside that subnet. Optionally, it can also have a public IP address that maps to that private IP for inbound and outbound traffic.
Traffic to and from a Linux VM is filtered by network security groups. These are Azure level firewall rules that define which ports and protocols are allowed. For a typical Linux server, you might allow inbound port 22 for SSH, port 80 for HTTP, and port 443 for HTTPS, while denying others.
Inside the Linux system, you can still use local firewall tools such as iptables, nftables, ufw, or firewalld. The Azure network security group operates before packets reach the VM, while the Linux firewall operates inside the guest. For many basic setups you configure coarse controls in the security group and finer application level control in the Linux firewall only when needed.
Due to the virtualized environment, some network characteristics such as MAC addresses and routing are controlled by Azure. From the Linux point of view this appears as a standard virtual network interface, and you can inspect it with ip addr and ip route as usual.
Identity and secrets for Linux workloads
Linux applications running on Azure often need access to other Azure resources, such as storage accounts, key vaults, or databases. Instead of embedding credentials directly, you can use Azure identities that the Linux VM or container can assume automatically.
A managed identity is an identity that Azure creates and attaches to a specific resource, such as a Linux VM or an Azure Kubernetes node. Inside the Linux VM, the Azure Instance Metadata Service exposes a secure endpoint from which an application can obtain access tokens for that identity. These tokens can then be used to call Azure APIs.
The URL for the metadata service is reachable only from within the VM and provides information about the instance as well as tokens for identities. This design avoids storing passwords or keys inside the Linux file system, reducing the risk of accidental exposure.
For secrets such as database passwords or API keys, Azure Key Vault can store them securely. Your Linux app retrieves them at runtime using its identity. This allows rotation and centralized management without changing the application code that runs on the Linux server.
Monitoring and diagnostics for Linux on Azure
Operational visibility for Linux on Azure relies on both standard Linux tools and Azure specific monitoring services. Inside the VM you can use top, journalctl, and distribution specific logs. Outside the VM, Azure can collect metrics and logs centrally.
Azure Monitor gathers metrics like CPU usage, disk IO, and network traffic for Linux VMs. You can configure alerts that trigger when metrics cross a threshold, for instance when CPU usage stays above a certain percentage for a set period.
To collect logs from Linux, you can install the Azure Monitor agent or its successor agents depending on the current recommendations. These agents send system and application logs to a central workspace. From there, you can query them, visualize trends, and set alerts.
Diagnostics can also include boot diagnostics, which capture a screenshot or serial console output from the Linux VM during startup. This can help when the system fails to boot normally. You view these diagnostics through the Azure Portal or via the CLI.
Automation and images for repeatable Linux deployments
Once you have a Linux VM configured as desired, you often want to reproduce it consistently. Azure offers several ways to achieve this.
Azure Resource Manager templates and newer tools such as Bicep or Terraform describe your Linux infrastructure as code. You define resource groups, VMs, disks, networks, and security groups in configuration files that can be version controlled. Applying these configurations creates or updates Linux resources in a predictable way.
For the Linux software configuration inside the VM, Azure supports extensions that run scripts at deployment time. A common example is the Custom Script extension, which executes a shell script on the VM after creation. This can install packages, configure services, or register the node with a configuration management system.
For more advanced scenarios, you can build a custom Linux image that already includes base configuration and software. Azure Image Builder can automate this process. Deploying from such an image ensures that new Linux VMs start from a known baseline while still allowing per instance customization.
For consistent Linux environments on Azure, use infrastructure as code for resources, configuration scripts or tools inside the VM, and custom images for shared baselines.
Summary
Linux is a first class citizen on Azure. It runs as virtual machines, as containers on managed platforms, and inside many of Azure’s own services. As a Linux user, you interact with a familiar operating system that sits on top of Azure’s compute, storage, networking, identity, and monitoring layers.
By understanding how Azure represents Linux VMs, how SSH access and images are handled, how disks and networks map into the guest, and how to automate and monitor your systems, you can confidently deploy and operate Linux workloads in Microsoft’s cloud.