WordPress on Azure – Part2: Creating and using your Azure subscription

This is the second article in my short series about creating your own WordPress blog, hosted on Azure. In the first article here we looked at the base requirements to get started and summarised what we will be doing. Today we look at choosing and creating an Azure subscription and some basics around using Azure subscriptions.

To host anything on Azure we need a subscription. Your Azure subscription determines how much you pay for services and also in some cases which services you have or don’t have available. Windows 10 for example is not allowed to be used for production purposes on Azure due to licensing (yet … watch this space, W10 on Azure coming soon!). Another example is the size or number of VM’s or other services you are allowed to run on Azure. Your subscription type and level of credit allowed impacts this. Lucky for us we don’t need much to run WordPress, neither in terms of size nor in terms of quantity and as such it should end up being pretty cheap.

There are a few options for starting you first Azure subscription:

  • If you are an IT Professional, you may have an MSDN account or Visual Studio subscription. This often gives you free credit toward monthly Azure hosting costs. You could get this either as a benefit of being a Microsoft partner or you could simply get a monthly or yearly paid subscription.
    • If you are a Microsoft partner you probably need to walk past the guy that does your Microsoft licensing and subscriptions. He should have access to the Microsoft Partner Network, which provides you with one or more “Visual Studio with MSDN” subscriptions that could be allocated to employees. The number depends on your partner status and your qualifying competencies. If you get certified your employer actually gets more benefits and you end up getting a better DEV/TEST subscription … so it’s in your own hands 🙂 More details here: https://visualstudio.microsoft.com/subscriptions/support/microsoft-partner-network-mpn-visual-studio-subscriptions/
    • You could also just outright purchase a monthly or yearly Visual Studio subscription, either for an individual or using the Action Pack to get you started. If you don’t have any, or enough, partner benefits this may be a good option. A yearly subscription is better as it is cheap and provides more benefits. In this case we need Azure credit, which is NOT included with the monthly subscriptions 🙁 More here: https://visualstudio.microsoft.com/subscriptions/ and here: https://partner.microsoft.com/en-us/membership/action-pack
  • Your company may already be using Azure and may already have one or more subscriptions. There are various options such as Enterprise Agreement, Cloud Solution Provider (“CSP”) and “Direct” (i.e. using a Credit Card). Some of these plans provide you with reduced cost ‘Enterprise DEV/TEST’ but note that this is only allowed if you are really using it for DEV/TEST … not for running your live blog! This is your blog and using company resources for it is probably not allowed. If you have your own business and want to seriously start using Azure, find a CSP provider (like www.hso.com) or get started with a Direct subscription. If your blog is commercial in nature and aimed toward supporting your business then great, go for it. If it is personal or only experimental, you may be better off using a trial subscription for experimentation and using other, cheaper services for hosting your site, such as getting a blog directly on WordPress, starting at 4,00 euros per month.
    • My aim is to use things like this blog to get hands-on experience with Azure which is why I’m using Azure for hosting WordPress. If this is your aim too, read on, if you simply want a WordPress blog as cheap as possible and don’t have any “free” benefits like MSDN, stop reading here and reconsider … there are other, much cheaper options!  
  • If you are a student you may qualify to make use of Azure for Students (or “DreamSpark” I believe). For this you need either your school email address (or a school recognised by the program … I may get around to figuring out how this works another day) or an Activation Code, given to you by your school. If you do use DreamSpark, some third-party paid services such as registering your own custom domain via Azure (which uses GoDaddy) may not be possible without first adding a credit card. More here: https://azure.microsoft.com/en-us/pricing/member-offers/student-starter/ and here: https://blogs.msdn.microsoft.com/cdndevs/2015/12/21/tutorial-1-how-to-create-your-free-student-dreamspark-azure-account/

 

Whichever option you choose, go ahead and create your subscription to get your account up and running. I am not going to spend time here trying to provide detailed instructions for each option as the various services guide you through very self-explanatory steps during subscription creation.

At the very least you need to:

  • Create a Microsoft (“Live”) Account. This is a PERSONAL account used to access any Microsoft hosted products and services, both for learning/experimentation and for recreation (like Xbox, Hotmail, Office 365 Home etc.). You typically create one using your existing personal email address (I use my GMAIL account) and use that for any personal and learning cloud resources access. If you are using MSDN, you probably want to set everything up using your personal account, not your work email, as a lot of the services you will be using belong to you personally and not your employer. If you ever get certified you also want to link that to you personally and not your employer email so you will probably end up always needing a personal Microsoft account. PS: If you use Xbox and log in using your personal email you probably have one already 🙂
  • Use your Microsoft Account during the sign-up process. The process will be different for each subscription type. Once done you should end up with a usable Azure subscription.
  • Make sure you enable MfA (“Multi-factor Authentication” or also referred to as “Two step verification”) on your account. MfA is used to ensure that even if your password is compromised in some way, it is still not possible to steal you account or identity. This is typically done by sending you a notification in the Microsoft Authentication App (see your mobile phone’s app store), an SMS or a Phone Call. This significantly improves your account’s security and is free for all Microsoft Accounts so I strongly urge you to use it.
    • To enable MfA for a Microsoft/Live account, browse to https://account.live.com/proofs/Manage/additional and follow the instructions. The best option is to use the app for verification but you could also use another option if this does not work for you.
    • Once set up, when you log into any service connected to you Microsoft account, such as Azure in this case, you will get an MfA prompt like this:
    • Note that not all services support MfA. For some older services you may need to use “App Passwords” (also set up in the same portal used above for MfA). When using these make sure you NEVER WRITE IT DOWN. Just generate it, type it directly into the app needing access and forget it. If you ever need it again it’s a simple matter of just generating a new App Password (and deleting the old one) from the portal. Once you have set up MfA you will probably receive an email like the one below, which will help you set up App Passwords for any services that do not (yet- many of them have been updated with MfA support lately) support Modern Authentication needed for MfA to work:
    • The link above takes you to a page with some advice for setting things up: https://account.live.com/APHelp
    • Further note that the default configuration is to actually REPLACE the login password with an MfA verification. This makes your account more secure as there is no password to remember, write down and potentially re-use on other sites which could lead to back-doors. If enabling MfA I advise using a strong password and saving that securely in something like KeyPass. You no longer need to type it in every time you log in so it may as well be a complex and thereby more secure password. More on MfA and protecting your identity in the cloud in a future post…

 

Once you have a subscription you want to get started with Azure. I have tried to give some basic background and getting started advice below to those new to Azure.

Getting started with Azure:

  • The easiest way to access Azure is https://portal.azure.com. If you already make use of any Microsoft or Cloud services using a different account you probably want to use an “in private” browsing session to avoid automatically getting logged in with the wrong account. Very frustrating! Crome works great, but so does Edge or IE.
    • Once logged in you get to a dashboard. The green ‘+’ sign on the left is to create new resources. You can also search for existing services or find new services to deploy from the marketplace using the search box at the top. Things you use often can be pinned to the dashboard. For most services you will be asked whether you want it pinned to the dashboard after initial creation.
  • Azure provides you two options to accomplish most tasks:
    • IaaS, or “Infrastructure as a Service”.
      • IaaS typically provides things like networking, storage and virtual machines (servers). We wont be using those as they require us to do a lot of the hard work ourselves; like configuring a web server and database server installing and configuring the application and keeping that all secure and up to date. Too much work, so lets look at the alternative:
    • PaaS, or “Platform as a Service”.
      • Unlike IaaS where you need to spin up your own virtual server, virtual network and take care of choosing and managing things like disks attached to the VM’s, PaaS provides only the various platform services we need, with the underlying server used taken care of by Microsoft. This includes things like a Web Site  (and you get only the web site, not the server itself, which is Microsoft’s responsibility) or a database (again, only the database itself, with the server it runs on taken care of by Microsoft).
      • We will be using PaaS services for hosting our WordPress site, namely Azure App Service and Azure MySQL (as a Service) … but more on that later.
    • In a perfect world you would not be using Azure to host your WordPress blog but rather make use of SaaS (“Software as a Service”), which means everything is done for you, including hosting and configuring the WordPress infrastructure and you only worry about the contents of the blog, not the underlying platform or infrastructure.
      • If at all possible, choose SaaS, or if you need a bit more control and flexibility, choose PaaS and if you really need more traditional actual servers and want to do something SaaS or PaaS cannot give you, only then choose IaaS. Office 365 could be considered SaaS, you don’t run the server and neither do you run the web sites or database, you only work inside the actual applications.
      • However the goal here is not to only host WordPress but also make use of some Azure technology, so for now we’re hosting using Azure PaaS services. At a later time, when we have learned enough about the Azure PaaS services we will be using to host WordPress, it would probably make sense to migrate the site to a SaaS services, such as WordPress itself (wordpress.com). Except of course if we stumble upon any ‘custom’requirements an ‘out of the box’ SaaS solution cannot give us.
  • Most things we create in Azure are grouped together in Resource Groups. Think of it as a way to group all components for the same solution or application together in little ‘boxes’. This simplifies management, setting permissions and cost management. In my case I created a new resource group, “BLOG” where all components of my blog site will be placed in. When you create a resource group you can choose where you want it hosted. Choose the locaiton closes to you, in my case that would be “Western Europe”:
    • Once created it will show up in your list of resource groups as shown below. You probably want to pin it to your dashboard for easy use by right-clicking it:
  • You would definately want to check your bill from time to time to see what things are costing you and to make sure your “free” credit is enough. Do this by clicking on your username in the top-right corner and selecting “View my bill”.
    • You mostly get an automatic popup updating you with the amount of credit used and remaining in your subscription every time you log in.
  • One last note regarding cost is that most services in Azure are billed per hour, or per transaction. This means you often don’t pay for things while they are shut down. Of course there are some base costs, such as storage, which you still need even if not making actively use of it, but for the biggest part you only pay for the actual compute “load” you place on the azure platform. In our case we probably want our blog to be available 24×7, but while we are still developing we could potentially save a few $ by shutting it down while not in use. Shutting down services you are not actively using is a good habit to develop anyway as you don’t want servers churning away burning oil for no reason whatsoever!
    • We have not created anything other than a resource group, which is effectively an empty container so far so there is nothing to start or stop at this stage. However once you have more set up in Azure you can stop things while not in use by using the stop butting on each service, as is shown below. For many services, for example virtual machines, you often have the option to set up a schedule, for example to start your development VM every morning at 8am and shut it down automatically at 5pm.

 

That’s it for today. We’re all set with our Azure subscription, we have a Resource Group waiting to be filled with our WordPress environment, our account is secure and we know where to find billing information.

In the next post we will look at the actual deployment and base configuration of WordPress.

Follow the links below to read each of the articles in this 6 part series:

 

Leave a Reply

Your email address will not be published. Required fields are marked *