How to Deploy and Update Azure Scale Sets with PowerShell

Microsoft Azure provides a fully-managed platform for deploying, monitoring and maintaining scale sets.

The “update-azvmss” command is a PowerShell cmdlet that allows users to deploy and update Azure Scale Sets. The cmdlet can be found in the “Azure Automation DSC Resource Kit”.

Scale sets for Azure virtual machines are a useful high-availability tool to have. Creating new scale sets using Azure PowerShell to automate chores is a wonderful value add.

Deploying an Azure VM Scale Set is a terrific approach to obtain autoscaling and high-availability right now. Many built-in capabilities of Azure VM Scale Sets include automated scaling to match demand, deployment across availability zones, and more.

You have a few alternatives for deploying an Azure Virtual Machine Scale Set, including utilizing the Azure interface, the AZ CLI, or PowerShell. Let’s look at how to construct a scale set and customize it using Azure PowerShell in this tutorial.

Josh Duffney, one of my friends, wrote the majority of the code for this post while studying for the AZ-103 certification. Because I found the code to be so helpful, I decided to develop a tutorial around it. Follow Josh’s adventures on his blog.

Overview of the tutorial

You’ll learn how to utilize PowerShell to accomplish several common activities regarding Azure VM Scale Sets in this article/tutorial.

• Creating an Azure Virtual Machine Scale Set
• Putting together a network security group (NSG)
• Adding an NSG to the subnet of a Scale Set
• Installing IIS and an example application on a large scale
• Adding more virtual machines to the scale set
• All scale set instances will be able to receive incoming RDP.
• Taking the scales apart

By breaking down tasks in this manner, you will have a comprehensive understanding of what it takes to maintain an Azure VM Scale Set over its entire lifespan.

Prerequisites

Before you begin, you need have a few requirements in place to follow along with this lesson. Before performing the steps in this guide, be sure you have satisfied all of these criteria.

• A subscription to Azure. Azure is available for free if you don’t already have one.
• You have already signed in to Azure Cloud Shell. All examples you’ll see will be executed within the Azure Cloud Shell to avoid needing to install any dependencies.
• Assuming global administrator access to Azure. Obviously, laziness has a major influence here. You don’t have to be a global administrator to understand what I’m talking about.

If you don’t have any Azure credits, continuing this course will cost you money. They should, however, be modest. Remember to tidy up after yourself!

Creating an Azure Virtual Machine Scale Set Options

The first step is to use the New-AzVmss cmdlet to create an Azure VM scale set. A scale set comprises of many sorts of resources such as An electronic network, load balancer, public IP address, and the VM instances itself to handle high availability and redundancy. All of this is handled by the New-AzVMss cmdlet.

When using the New-AzVmss cmdlet to create a VM scale set, you have two alternatives. You may use the easy parameter set to rapidly generate a pre-configured scale set and assume most of the setup for you, or you can specify each configuration option individually.

Creating an Azure Virtual Machine Scale Set with PowerShell

You’ll be focused on supplying each resource individually in this article, however you may establish a basic scale set with just two parameters: Credential and VMScaleSetName. The Credential argument is a PSCredential object for each VM instance’s local administrator account.

Below is an example of how to use PowerShell to construct everything needed for a scale set.

$vmssName = ‘vmssScaleSet-simple’ $vmPassword = ConvertTo-SecureString ‘<somepassword>’ -AsPlainText -Force $vmCred = New-Object System.Management.Automation.PSCredential(‘<somelocaladminaccountname>’, $vmPassword) ## Create a VMSS using the default settings New-AzVmss -Credential $vmCred -VMScaleSetName $vmssName

Once you’ve begun, you’ll see a progress indication like the one below.

Progress indicator for creating Azure resources

When finished, the simple path will provide you:

• A Working Group
• An electronic network
• Load balancing
• A public IP address
• Two Windows instances in a VMSS

The Azure portal below shows what the vmssScaleSet-simple resource group looks like.

simple resource group resources vmScaleSet

Creating an Azure Virtual Machine Scale Set: The Better Way

This lesson is not for the faint of heart. You must understand how this works! The rest of this article is based on a scale set in which you specify each resource for the scale set yourself.

The simple parameter set covered above covers creating everything including A Working Group but going it on your own does not. If specifying each resource to support the scale set with the New-AzVmss cmdlet, you’ll have to create the resource group yourself. No biggie.

To create A Working Group with Azure PowerShell, use the New-AzResourceGroup cmdlet providing the name of the resource group and the region/location.

The below example is creating A Working Group called vmssPractice in the eastus region.

PS Azure:> New-AzResourceGroup -Name vmssPractice -Location eastus ResourceGroupName : vmssPractice Location : eastus ProvisioningState : Succeeded Tags : ResourceId : /subscriptions/1427e7fb-a488-4ec5-be44-30ac10ca2e95/resourceGroups/vmssPractice

After the resource has been generated, use the New-AzVmss cmdlet once again. However, this time, create your own resource names. To do so, you’ll find choices to name each resource that makes up the scale set, such as the subnet, load balancer, and so on, down below.

Policy Upgrades

You’ll see that the UpgradePolicyMode argument is used below. This will be vital later in this course when you adjust the scale set. When the scale set model is changed, an upgrade policy controls how VMs are brought up to date.

A scale set model is how Azure represents a scale set. It’s a blueprint for how a scale set should seem. Within each scale set, there is a scale set instance that reflects the current runtime state of the scale set.

There are three upgrade policy modes:

• Automatic — VMs may be restarted in any sequence, including putting all VMs down at the same time.
• Rolling — With an adjustable stop time between batches, the scale set sends changes to instances in batches.
• When an upgrade is started manually, no changes are made to existing VMs.

Because this is a demonstration, the UpgradePolicyMode is set to Automatic to guarantee that the VM instances are updated automatically when you do so later.

$vmPassword = ConvertTo-SecureString ‘<somepassword>’ -AsPlainText -Force $vmCred = New-Object System.Management.Automation.PSCredential(‘<somelocaladminusername>’, $vmPassword) $params = @{ ResourceGroupName = ‘vmssPractice’ Location = ‘eastus’ VmScaleSetName = ‘vmssScaleSet’ SubnetName = ‘vmssSubnet’ PublicIpAddressName = ‘vmssPublicIpAddress’ LoadBalancerName = ‘vmssLoadBalancer’ UpgradePolicyMode = ‘Automatic’ Credential = $vmCred } New-AzVmss @params

Even if the upgrade policy is set to Automatic, the scale set will not be changed automatically when the model is. When an update is applied, this simply describes how the VMs are restarted. For additional details, see this blog post.

It will just take a few minutes to construct the scale set and accompanying materials.

Creating a Network

It’s time to undertake some routine maintenance now that the scale set and all relevant resources have been generated. The scale set is currently available to the Internet in its current state. You must secure the area. To do so, you must first establish a network security group (NSG).

Network Security Group Configuration (NSG)

To make an NSG for the scale set, do the following:

1. Get-AzVmss returns the scale set model.
2. Make a configuration object that represents the rules you want to change.
3. Using the newly generated rule, construct the NSG.

To discover the newly constructed scale set model, use the Get-AzVmss cmdlet, as illustrated below.

Get-AzVmss -ResourceGroupName $vmss vmssPractice vmssScaleSet -VMScaleSetName

The Get-AzVmss cmdlet does not perform a scale set query. Instead, it inquires about the model of the scale set. The InstanceView option may be used to get a real-time view of the scale set.

Network Security Rule Creation

You must then establish a network security rule. A network security rule is a collection of firewall rules that will be implemented to the NSG in the future. Consider a security rule to be comparable to a Windows Firewall rule.

Use the New-AzNetworkSecurityRuleConfig cmdlet to establish a network security rule. You must enable HTTP traffic to the load balancer since you will be deploying an IIS web service to this scale set. An example of how to achieve this may be seen below.

The example below shows how to create a rule named allowHTTP that grants access to the load balancer to all TCP traffic arriving on port 80. The output is stored in the $nsgRule variable, which will be used by the following command.

Name = ‘allowHTTP’ Protocol = ‘Tcp’ $nsgRuleParams = @ ‘Inbound’ is the direction. 200th priority DestinationAddressPrefix = ‘*’ DestinationPortRange = 80 Access = ‘Allow’ SourceAddressPrefix = ‘*’ SourcePortRange = ‘*’ @nsgRuleParams $nsgRule = New-AzNetworkSecurityRuleConfig

Network Security Group Formation

After you’ve written the rule, use the New-AzNetworkSecurityGroup cmdlet to create the NSG and apply the rule, as shown below.

@ ResourceGroupName = ‘vmssPractice’ $nsgParams = Name = ‘vmssNSG’ Location = ‘eastus’ $nsgRule = SecurityRules @nsgParams $nsg = New-AzNetworkSecurityGroup

The NSG is assigned to the Subnet.

When the scale set was created, An electronic network was created with it. Since the NSG is created, it’s now time to assign that NSG to the subnet within the virtual network. To do so requires three steps:

1. Obtaining the previously built virtual network
2. Adding the NSG to the subnet setup of the virtual network
3. Making the necessary changes to the virtual network

To begin, use Get-AzVirtualNetwork to locate the virtual network.

Get-AzVirtualNetwork -ResourceGroupName vmssPractice -Name vmssScaleSet $vnet = Get-AzVirtualNetwork -ResourceGroupName vmss

Next, create a subnet configuration object that “attaches” the NSG to the subnet using the Set-AzVirtualNetworkSubnetConfig cmdlet. Since An electronic network can have more than one subnet, below you’re ensuring only the first one is selected.

$vnet = $subnet .Subnets[0] @subnetConfigParams = $subnetConfigParams Name = ‘vmssSubnet’ VirtualNetwork = $vnet NetworkSecurityGroup = $nsg AddressPrefix = $subnet.AddressPrefix @subnetConfigParams $subnetConfig = Set-AzVirtualNetworkSubnetConfig

Finally, use the Set-AzVirtualNetwork cmdlet to apply the new subnet change to the virtual network.

$vnet -VirtualNetwork Set-AzVirtualNetwork

The Scale Set Model is being updated.

The scale set model is unaware of the NSG that has been added to the vNet at this time. You must now make the necessary changes. Use the Update-AzVmss cmdlet to do so. VirtualMachineScaleSet is an argument in this cmdlet that provides a scale set model with the updated information.

You can now make the VM instances aware of the newly added NSG by supplying the resource group name, the scale set name, and the revised scale set model, as shown below.

Get-AzVmss -ResourceGroupName $vmss vmssPractice vmssScaleSet -VMScaleSetName vmssPractice -Name vmssScaleSet -VirtualMachineScaleSet $vmssUpdate-AzVmss -ResourceGroupName vmssPractice -VirtualMachineScaleSet $vm

Deploying a Demonstration App

Creating an Azure Virtual Machine Scale Set is only an end to a means. In a production environment, you’ll use a scale set to run workloads like a web service. Let’s now install IIS to our scale set and create a simple default web page.

A basic, example PowerShell script may be found here in a Microsoft GitHub repository. The automate-iis.ps1 PowerShell script comprises just two lines to install IIS and generate a default homepage, as seen below.

-Path “C:inetpubwwwrootDefault.htm” -Value “Hello World from host $($env:computername)!” Add-WindowsFeature Web-Server Set-Content -Path “C:inetpubwwwrootDefault.htm” -Value

Configured up an Azure Custom Script Extension for the VM scale set to run this script. The Add-AzVmssExtension cmdlet does this by downloading and running the automate-iis.ps1 PowerShell script from GitHub.

Below is an example of how to do this.

$publicSettings = @{ “fileUris” = (,”https://raw.githubusercontent.com/Azure-Samples/compute-automation-configurations/master/automate-iis.ps1″); “commandToExecute” = “powershell -ExecutionPolicy Unrestricted -File automate-iis.ps1” } Get-AzVmss -ResourceGroupName $vmss vmssPractice vmssScaleSet -VMScaleSetName $extParams = @{ VirtualMachineScaleSet = $vmss Name = ‘CustomScript’ Publisher = ‘Microsoft.Compute’ Type = ‘CustomScriptExtension’ TypeHandlerVersion = 1.8 Setting = $publicSettings } Add-AzVmssExtension @extParams

Refresh the scale set to update all VM instances in the scale set.

vmssPractice -Name vmssScaleSet -VirtualMachineScaleSet $vmssUpdate-AzVmss -ResourceGroupName vmssPractice -VirtualMachineScaleSet $vm

You can now see the scale set being changed in the Azure Portal, as seen in the picture below.

The Azure portal’s scale set is being updated.

When the upgrade is finished, all of the VM instances should have IIS installed and a default homepage set up.

Application Deployment Verification

To make sure the update was successful, look up your scale set’s public DNS name, as shown below.

(Get-AzPublicIpAddress vmssPublicIpAddress -Name vmssPublicIpAddress) DnsSettings.Fqdn

Now navigate to http://<FQDN> in your browser. If all went well, you should see the webpage below.

Message on a webpage

Set the Virtual Machine Set to Scale

Let’s imagine your fantastic online application is experiencing high traffic and you need to expand the scale set. Only one attribute on the scale set object retrieved previously has to be updated.

Setting the SKU capacity to the number of instances required and submitting the update to the scale set will quickly raise the scale set’s instance count.

$vmss.sku.capacity = 3 vmssPractice -Name vmssScaleSet -VirtualMachineScaleSet $vmssUpdate-AzVmss -ResourceGroupName vmssPractice -VirtualMachineScaleSet $vm

This creates a new virtual machine and adds it to the scale set. This might take a few minutes. Wait patiently!

Taking it apart

Let’s dismantle the work you’ve done because this was just a tutorial. You just need to delete the resource group now that the scale set and everything that comes with it are all in one. This will clear out all of the materials in this post.

vmssPractice Remove-AzResourceGroup -ResourceGroupName

Additional Reading

The “azure vm scale set powershell” is a PowerShell script that allows users to deploy and update Azure Scale Sets. The script can be run on any Windows system with PowerShell installed.

Related Tags

• azure scale set extensions
• new-azvmss
• azure virtual machine scale set reimage
• you deploy the virtual machines to a scale set
• azure devops deploy to vmss