Azure-VirtualMachines-Accelerated-Networking-Enabled

Severity : Medium

Description: This control ensures that accelerated networking is enable for Azure virtual machines. Accelerated Networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance. The Accelerated Networking benefits the site recovery for Azure virtual machines that are failed over to a different Azure region.

Remediation Steps:

Perform following to enable accelerated networking for virtual machines :

Enable accelerated networking on existing VMs using Azure PowerShell

1. Stop or deallocate the VM or, if an availability set, all the VMs in the set

   1. Stop-AzVM -ResourceGroup <resource group> -Name <vm name>

2. Enable accelerated networking on the NIC of VM

   1. $nic = Get-AzNetworkInterface -ResourceGroupName <resource group> -Name <NIC Name>

   2. $nic.EnableAcceleratedNetworking = $true

   3. $nic | Set-AzNetworkInterface

3. Restart VM or, if in an availability set, all the VMs in the set

   1. Start-AzVM -ResourceGroup <resource group> -Name <vm name>

Enable accelerated networking on existing VMs scale set using Azure PowerShell

1. Stop or deallocate the VM or, if an availability set, all the VMs in the set

   1. Stop-AzVMss -ResourceGroup <resource group> -VMScaleSetName <scale set name>

2. Enable accelerated networking on the NIC of VM

   1. $vmss = Get-AzVmss -ResourceGroupName <resource group> -VMScaleSetName <scale set name>

   2. $vmss.VirtualMachineProfile.NetworkProfile.NetworkInterfaceConfigurations[0].EnableAcceleratedNetworking = $true

   3. Update-AzVMss -ResourceGroup <resource group> `-VMScaleSetName <scale set name>` -VirtualMachineScaleSet $vmss

3. Set the applied updates to automatic so that the changes are immediately applied

   1. vmss.UpgradePolicy.Mode = "Automatic"

   2. Update-AzVMss -ResourceGroup <resource group> `-VMScaleSetName <scale set name>` -VirtualMachineScaleSet $vmss

4. Restart the scale set

   1. Start-AzVMss -ResourceGroup <resource group> -VMScaleSetName <scale set name>

Enable accelerated networking When creating VMs

1. Login to Azure Portal using https://portal.azure.com.

2. Navigate to Virtual machines.

3. Click +Create. Then select +Virtual machine.

4. On the VM tab, Select Networking.

5. Under Network information, next to Accelerated networking label, select Enable.

Important:

• To enable accelerated networking, the virtual machines must be of supported size.

• The VM must be a supported Azure Gallery image (and kernel version for Linux)

• All VMs in an availability set or a virtual machine scale set must be stopped or deallocated before you enable accelerated networking on any NIC.

Reference:

• https://docs.microsoft.com/en-us/azure/virtual-network/create-vm-accelerated-networking-powershell#enable-accelerated-networking-on-existing-vms