Azure

Ever wondered what would happen if you accidentally created a VM with a Public IP without any additional security measures in place? Well, I thought I would give it a go over the weekend, and the results were rather interesting.

It’s worth noting that I am only looking at failed RDP requests. I am not counting any other scans or attempts to access the VM.

For the test, I used an isolated environment. I created a Windows 2019 Datacenter VM with a public IP address; I removed the NSG and allowed ICMP on the VM’s firewall. I wanted to make the VM as easy as possible to find. I ran the VM for about 30 hours in total.

During this time, I had a total of 11602 Failed Login Attempts.

I was interested to see what usernames the bad actors were attempting to use; as you can see below, Administrator and similar names are still the most popular.

Some of the less common usernames included:

\Recepcao	\qaz889	\skytek	\w	\P@ssword123!
\0022	\jyp	\mysql	\emill	\Auditor
\21	\2z6pqi3	\faturamento	\Staff	\PURCHASING
\camp	\PRAXIS	\test123	\17	\SUPPORT_388945a0

I exported the IP addresses and used the IP Geolocation lookup to see where the attempted access originated; as you can see, most of it is from the usual suspects.

Microsoft offers numbers security features to prevent this, which include:

I must admit this was a bit of fun, but on a serious note, make sure you have the necessary security in place. It’s a scary world we live in.

Reserved Instances offer significant savings over Pay As You Go VM’s; typically, you can get a 42% discount with a one year reserved instance and 62% with a three-year reservation. However, how can you save money on VM’s which you only intend to use for a short period?

Azure Automation allows you to automatically shut down and then restart VM’s when required, such as during off-hour periods.

The following features are available with Azure Automation:

Schedule VMs to start and stop.
Schedule VMs to start and stop in ascending order by using Azure Tags. This activity is not supported for classic VMs.
Autostop VMs based on low CPU usage.

Although Azure Automation has been around for quite a while now, most people are unaware of the saving which can be achieved by automating the shutdown and starting of VM’s.

In the below example, I have 2 VM SKU sizes, based in the UK South region, with cost comparison as follows:

PAYG monthly, based on 730 Hours a month, this is the price most customers are using.
Monthly cost with 1 year reservation
Monthly cost with 3 year reservation
Monthly cost for 310 hours, based on running a VM for 10 hours a day for 31 days.
Monthly cost for 264 hours, based on running a VM for 12 hours a day, for 22 days.

VM Size	PAYG Costs Monthly	Monthly Cost 1 Year Reservation	Monthly Cost 3 Year Reservation	310 hours per month	264 hours per month
B4MS 4Core 16GB RAM	£102.31	£59.81	£38.43	£43.45	£37.00
E4-2as v4 2 vCPU 32GB RAM	£160.23	£94.24	£60.25	£68.04	£57.94

Please see Azure Cost Advisor for the latest prices

As you can see, significant savings can be made by automatically shutting down and starting VM’s when not required. In addition, depending on the amount of time the VM’s are running, you can save more money than using Reserved Instances.

Although I wouldn’t recommend using the auto-shutdown and restart on critical servers, they are ideal for test/dev environments.

If you are interested in the savings you can make, I would recommend looking at Start/Stop Documentation and Azure Price Calculator to see how much money you can save.

Alan Curtis

Azure and Hybrid Infrastructure Blog

Why it’s important to secure your Virtual Machines

Can Azure Automation save you more money than Reserved Instances?