Does your Azure IaaS Infrastructure Need an Update ?

In this article I will go through some of the scenarios and limitaions organisations face who started their Azure Infrastructure as a Service ( IaaS) journey in the early stages of its release (Early – Mid 2013).    I will also note a high level update process and also some of the limitations in the current Azure IaaS platform.

This article does not go into exact steps but covers a higher level executive view of the scenarios and processes discussed.   The focus is mainly around networks as many of the limitations are applied at this level if using the older type (Affinity Group).


Azure IaaS Versions

First a quick note on the versions of the Azure IaaS platform.  There are only really v1 and v2 IaaS deployment options.  v1 is called Classic or Service Manager and v2 is Azure Resource Manager or ARM.  So resources can either be Classic or ARM based.   However with networks in v1 there are Affinity Group Based Networks (not good) and Regional Networks (much better).  In V2 we nowhave ARM based Networks.  Many real world limitations for most people are caused by the use of Affinity Group Type virtual networks.


Azure Affinity Group Networks

Since IaaS properly launched in April 2013 Affinity Groups were all the rage and we were asked to make sure our resources were tied to “Affinity Groups”.  This ensured that the resources are located in the same parts of the data centre essentially, and connected via fast links.   So this was for local performance and we were required to create an “Affinity Group” and assign our resources (such as networks, VMs and Storage accounts) to them.

How do I know if my network is an Affinity Group Network ?

First check in the Azure Portal under Settings, Affinity Groups you should see one or more Affinity Groups here.


Then check the Network settings.



Azure Regional Networks

In around mid 2014 Microsoft announced Regional virtual networks.  These are the same Vnets but they are not tied to affinity groups as this is no longer required as the platform can now offer better performance throughout the datacentres.  You can no longer create affinity group networks.  Good !

Regional networks also offer MANY improvements over Affinity Group Networks which are highlighted here.

  • Static IP Addresses
  • Static (Reserved) Public IP Addresses
  • Internal Load Balancing
  • Instance Level IP Addresses (Assign a non-static public IP address directly to a VM)
  • Support for larger VM sizes such as A8 and A9

How Do I Know if I Have a Regional Network ?

In the old Azure Portal you will see an Azure region in there as opposed to an Affinity Group name.


How can I update my Affinity Group Network to a Regional Network ?

The way to do this is to ideally script out the original network and build a new regional network as there is no direct “upgrade” method unfortunately.   An example is shown here :-

  • Extract the VNET configuraton from Azure.
  • Shutdown VMs and backup VHD files or perform consistent VM backups.
  • Delete VM objects but specify you want to keep the disks !
  • Build the new network.
  • Recreate the VMs using the same VHD files / disks.

The Latest Generation Azure Resource Manager (ARM) Based Networks

The latest v2 of Azure IaaS provides us with ARM based networks these are different from classic networks as they run on the latest Azure platform.  The latest IaaS platform allows us to use things like Role Based Access Control (RBAC) whereas previously if anyone wanted to work in the Azure environment (Subscription) they would need to be coadmins.  This meant they can do pretty much anything in the subscription, which is not ideal.   And so organisations had to create multiple subscriptions just to manage security boundaries.  Now RBAC is granted generally to containers of resources called Resource Groups.  All objects in the latest version of Azure IaaS must be part of one and only one Resource Group.  If anyone is considering setting up a new Azure IaaS environment then ARM should be the place to start and not use the classic / legacy platform as this will be phased out in time.

Some limitations and notes about using ARM based networks in Azure.

  • ARM Networks can only be created in the new portal and PowerShell.
  • ARM Resources can not see Classic Resources. e.g. a Classic (v1) VM can not join an ARM network and a V2 VM can not see a classic VNET.
  • There is a very limited GUI in the new Portal at the moment.
  • Creating a gateway or VPN must be done in PowerShell.
  • To see the status of Gateways and VPNs one must also use PowerShell.
  • There is currently no option to assign a static internet IP Address to a VM.
  • A static internet IP Address can be assigned to a load balancer for inbound internet traffic.
  • The old world had a reserved IP address assigned to a cloud service.
  • Cloud Services are only available in classic deployments.
  • VMs must be assigned a NIC and do not have one by default.
  • An availability set must be specified during VM creation as it is not possible to assign a VM to an availability set after creation !
  • You can not move VMs, Networks or Storage accounts from one resource group to another.  You can move classic VMs and Storage accounts using PowerShell but not ARM objects yet.

I expect these issues and limitations will be resolved in the near future hopefully and I will mark them as so once they have been and when I notice them.

However if the list above does not pose an issue for your short and medium term requirements then I would suggest you opt for an ARM based deployment of your network, storage and virtual machines in Azure.


How Do I Know If My Azure IaaS Environment Needs Updating ?

  • If you are using classic resources in Azure then you may want to consider an update to take advantage of Role Based Access and better platform performance.
  • If you are using Classic deployment/s with an Affinity Group Network then it would be a good time to upgrade to take advantage of the above ARM benefits as well as internal load balancing, static internal and internet IP Addressing, larger VM sizes and more.


Do You Have An Affinity Group Network ?

It would be great to share your scenario here and let us know what issues (if any) you are facing with your older deployments. Any that I have not mentioned ?  Perhaps it is working perfectly fine for your needs which would also be good to know.

Thank you as always for visiting !


About Mitesh Chauhan
Mitesh Chauhan, Azure Cloud Solutions Architect. This is my blog where I share articles and thoughts on IT Infrastructure and architecture. The topics I am most passionate about are Implementation and architecture of rock solid Cloud Infrastructure based around SQL Server and Windows Server mainly using Microsoft Azure. MCTS - Azure Architecture MCTS - Azure Implementation MCSE Server Infrastructure (Windows Server 2012) , MCITP SQL Server 2008, Togaf Certified, Prince 2 Practitioner.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: