Launch Ubuntu images on Azure
=============================
This documentation is based on the `official Azure documentation`_
for creating Linux virtual machines with the Azure CLI.
Prerequisites
-------------
- A Microsoft Azure account
- `Azure Command-Line Interface`_
- The URN for an Ubuntu image to be launched (see :doc:`find-ubuntu-images`)
Launch an Ubuntu image
----------------------
To launch an Ubuntu image, you'll need to create a resource group and a virtual machine using the selected image.
Create a resource group
~~~~~~~~~~~~~~~~~~~~~~~
Define variables to set the resource group name and location for deployment:
.. code::
RESOURCE_GROUP_NAME="ubuntu-vm-rg"
LOCATION="eastus"
Create a resource group using the `group create`_ command:
.. code::
az group create \
-n $RESOURCE_GROUP_NAME \
-l $LOCATION
Create a Virtual Machine
~~~~~~~~~~~~~~~~~~~~~~~~
Create a virtual machine using the `vm create`_ command.
Depending on the type of Ubuntu image selected, additional arguments may be required to correctly launch
the image. However, most Ubuntu images can be launched with the default arguments:
.. code::
az vm create \
--name $VIRTUAL_MACHINE_NAME \
--resource-group $RESOURCE_GROUP_NAME \
--image $UBUNTU_IMAGE_URN \
--generate-ssh-keys
If you want to launch images with security features enabled, refer to the following sections.
With Trusted Launch
+++++++++++++++++++
All Ubuntu images from Ubuntu 20.04 LTS (Focal Fossa) forward support Trusted Launch on Hyper-V Gen2 SKUs. Example
definitions of Ubuntu image URNs for Hyper-V Gen2 include:
.. code::
UBUNTU_IMAGE_URN="Canonical:ubuntu-24_04-lts:server:latest"
# or
UBUNTU_IMAGE_URN="Canonical:0001-com-ubuntu-server-jammy:22_04-lts-gen2:latest"
Define the variables to set the security type:
.. code::
SECURITY_TYPE=TrustedLaunch
Create the virtual machine:
.. code::
az vm create \
--name $VIRTUAL_MACHINE_NAME \
--resource-group $RESOURCE_GROUP_NAME \
--image $UBUNTU_IMAGE_URN \
--security-type $SECURITY_TYPE \
--generate-ssh-keys
With Confidential VM
++++++++++++++++++++
Select one of the two URNs for Ubuntu images which support CVM on Azure:
.. code::
UBUNTU_IMAGE_URN="Canonical:ubuntu-24_04-lts:cvm:latest"
# or
UBUNTU_IMAGE_URN="Canonical:0001-com-ubuntu-confidential-vm-jammy:22_04-lts-cvm:latest"
Define variables to set the security type and encryption type:
.. code::
SECURITY_TYPE=ConfidentialVm
OS_ENCRYPTION_TYPE=DiskWithVMGuestState
Select a virtual machine size which `supports CVM on Azure`_.
Note that not all regions will contain the selected virtual machine size, and you may need to specify the region if
your default region does not have the selected size:
.. code::
VM_SIZE=Standard_DC2as_v5
# Standard_DC2as_v5 is available in eastus
LOCATION=eastus
Create the virtual machine:
.. code::
az vm create \
--name $VIRTUAL_MACHINE_NAME \
--resource-group $RESOURCE_GROUP_NAME \
--image $UBUNTU_IMAGE_URN \
--security-type $SECURITY_TYPE \
--os-disk-security-encryption-type $OS_ENCRYPTION_TYPE \
--size $VM_SIZE \
--location $LOCATION \
--generate-ssh-keys
With Ubuntu Pro
+++++++++++++++
To tackle vulnerabilities related to the guest OS and the internal software stack, you can use Ubuntu Pro by adding UBUNTU_PRO as the license-type of the OS. For instance, create a Confidential VM with Ubuntu Pro using:
.. code::
az vm create \
--name $VIRTUAL_MACHINE_NAME \
--resource-group $RESOURCE_GROUP_NAME \
--image $UBUNTU_IMAGE_URN \
--security-type $SECURITY_TYPE \
--os-disk-security-encryption-type $OS_ENCRYPTION_TYPE \
--size $VM_SIZE \
--location $LOCATION \
--generate-ssh-keys \
--license-type UBUNTU_PRO
For more information on Ubuntu Pro and how to get it, refer to :doc:`get-ubuntu-pro`.
.. _`official Azure documentation`: https://learn.microsoft.com/en-us/azure/virtual-machines/linux/quick-create-cli
.. _`Azure Command-Line Interface`: https://learn.microsoft.com/en-us/cli/azure/
.. _`group create`: https://learn.microsoft.com/en-us/cli/azure/group?view=azure-cli-latest#az-group-create
.. _`vm create`: https://learn.microsoft.com/en-us/cli/azure/vm?view=azure-cli-latest#az-vm-create
.. _`supports CVM on Azure`: https://learn.microsoft.com/en-us/azure/confidential-computing/virtual-machine-solutions#sizes