Answers to questions about Azure that we often see at Cornell

Basics

How do I request a Cornell Azure subscription?

To request a Cornell Azure subscription, or to migrate an Azure subscription you already have to the Cornell Azure Enterprise Agreement, complete this form: https://cornell.qualtrics.com/jfe/form/SV_5nWBzF2mrsHRAwJ

How do I access my Cornell Azure subscription?

Login to https://portal.azure.com with your Cornell netId credentials. If the login process asks you, choose "school/work account", not "microsoft.com account".

Support

How much does Azure support cost?

Azure support is free at present, whether you seek it directly from Azure or ask the CIT Cloud Team.

How do I get technical support for Azure?

You can request support from Azure directly or from the CIT Cloud Team.

Costs & Billing

How am I billed for my Azure charges?

Billing for Azure is handled through CloudCheckr. Invoices are sent out monthly.

What will Azure cost me? Does Cornell get any discounts in Azure?

The list cost for each service at Azure can be seen here : https://azure.microsoft.com/en-us/pricing/calculator/

Cornell does receive a discount by virtue of having an Enterprise Agreement (EA) with Microsoft. Any subscription that is under our EA automatically receives the discount. To see the exact EA price for each Azure resource, please follow the instructions here : Azure Pricing Calculator

Is there a data egress waiver in Azure, like there is in AWS?

Yes there is a data egress waiver. See https://azure.microsoft.com/en-us/blog/azure-egress-fee-waiver-for-the-academic-community/

The egress waiver is automatic. There is nothing that the customer has to do to receive the benefit.

Networking

Is there private network connectivity between the Ithaca campus and Azure?

Yes. Campus 10 space has been extended to Azure via an ExpressRoute connection.


Authorization and Authentication

Can I use an Active Directory security group to grant permissions to my Azure subscription and/or resources?

Yes! You can use any combination of individual netIDs and/or security groups to meet your need. Documentation to make permission changes is available directly from Microsoft.

I'm working with a researcher at another institution, can I invite them to my Azure subscription to collaborate?

You can as long as they have a Microsoft account. Any person from an institution that is using O365 will have a Microsoft account. Additionally, even personal Microsoft accounts can be invited. You can scope their access as appropriate from the subscription as a whole even down to the individual resource level.


Learning

What training options are there to learn more about Azure?

Microsoft offers a free online learning path for Azure Fundamentals. In addition to that, within the Microsoft Learn training options, there are currently 1,381 related to "Azure".

Additional training opportunities are available here: Azure Training


Virtual Machines

What are the recommended settings for synchronizing the system clock?

Images from the Azure Marketplace should include default configurations for system clock management.  These range from using an emulated real-time-clock within the guest or reaching out to public network time servers around the world.

In cases where you have configured restrictive Network Security Groups (NSG) that limit out-bound traffic, you should confirm that outbound probes to NTP servers are permitted.  Typically, this traffic operates on UDP port 123.  No special in-bound rules are required, since NSGs at Azure are stateful.

Additional details may be found in Microsoft's published guidelines for clock synchronization when running Linux platforms or Windows platforms in Azure.

Will my MAC address change?

The MAC does not change until you delete the network interface. Here’s the official documentation answer : https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-faq#will-the-mac-address-remain-the-same-for-my-vm-once-its-created

What is the difference between "stopped" and "stopped (deallocated)"?

Azure VMs can exist in several states including “stopped” and “stopped (deallocated)”. Shutting down the VM from within the OS puts the VM in a “stopped” state. In that state you still accrue charges for the VM and for any OS and data disks. Putting the VM in a “deallocated” state releases the hold on the backend Azure host resources so once the VM is in that state you are not charged for the VM but you are still charged for the OS and any data disks. Here is some more information : https://blogs.technet.microsoft.com/uspartner_ts2team/2014/10/10/azure-virtual-machines-stopping-versus-stopping-deallocating/

What is the default size of a Windows Server VM's OS disk?

All Windows Server images at Azure are provisioned by default with a 128GB OS disk. Azure does not officially support shrinking the size of the OS disk. To provision a Windows Server with a smaller (32GB) OS disk, you need to select the OS image that is indicated as "smalldisk". Growing the OS disk can be done at any time after the VM is in a "deallocated" state. See how to grow a disk at Azure.

Can I resolve Cornell 10-space addresses to hostnames in Azure?

The Azure cloud provides its own DNS service, which is perfect for virtual machines that do not need to look up 10-space addresses in Cornell's DNS.  If you have applications or servers that require the ability to turn a Cornell "10.x.y.z" IP address into a host name, you will need to replace Azure's DNS servers with ones run by Cornell.  See DNS Resolution for Azure Virtual Machines for more information.

Helpful Azure Links 

Tips and Tricks : 

https://microsoft.github.io/AzureTipsAndTricks/

Azure Migration Examples 

https://docs.microsoft.com/en-us/azure/migrate/contoso-migration-overview

Fun Trivia

How to say Azure, Microsoft's Cloud Platform

https://confluence.cornell.edu/x/GDeJFg