Suntory Azure Managed Service Standard Document
| Document ID | AZ-VM-OVERVIEW-001 |
| Version | 1.0 |
| Status | RELEASED |
| Created | May 18, 2026 |
| Revised | May 18, 2026 |
| Company | Suntory Holdings Limited |
| Division | Digital & AI Global ITG |
| Author | Tomoki Koyama |
This document is a reference guide covering the service overview, architecture, VM series, pricing model, and use cases for Azure Virtual Machine.
For deployment activities, refer to AZ-VM-DESIGN-001 (Design Document) and AZ-VM-PARAM-001 (Parameter Sheet).
| Ver. | Revision Date | Author | Description | Approver |
|---|---|---|---|---|
| 1.0 | 2026-05-18 | Tomoki Koyama | Initial release | — |
| Document ID | Document Name | Type | Notes |
|---|---|---|---|
| AZ-VM-OVERVIEW-001 | Azure Virtual Machine Service Overview (this document) | Service Overview | — |
| AZ-VM-DESIGN-001 | Azure Virtual Machine Design Document | Design Document | Design rationale and standard values for each parameter |
| AZ-VM-PARAM-001 | Azure Virtual Machine Parameter Sheet | Parameter Sheet | Input and approval form for deployment |
A virtual server service in the cloud provided by Microsoft Azure. You can create and use Windows / Linux virtual machines on demand without purchasing or managing physical servers.
Azure Virtual Machine is an IaaS (Infrastructure as a Service) offering that lets you create virtual computers in the cloud.
Traditional on-premises environments required purchasing, installing, and maintaining physical servers, but with Azure VM you can access the server resources you need, whenever you need them.
You can freely choose the OS, CPU, memory, and storage, and migrate existing applications to the cloud with minimal changes.
On-Premises: Physical server purchase cost + installation + maintenance (high upfront cost, time-consuming)
Azure VM: Pay only for what you use · Starts in minutes · Management delegated to Azure (zero upfront cost)
An Azure free account comes with $200 in credits, allowing you to try a B1s VM for approximately one month at no cost.
The diagram below shows the resource configuration required to run an Azure VM.
※ This diagram shows the logical relationships between the major resources that make up an Azure VM (simplified view reflecting Suntory standard configuration)
There are VM size series optimized for different workloads. Start with the D Series (Dsv5) or B Series as the baseline selection.
| Series | Optimization Type | Primary Use Case | Suntory Recommended SKU Example | Notes |
|---|---|---|---|---|
| A Series | General Purpose (Entry) | Development / Test environments | Standard_A2_v2 | — |
| B Series ★ | Burstable | Dev / Validation, lightweight apps | Standard_B2s | Cost-effective at low load. Auto-shutdown recommended |
| D Series ★ | General Purpose (Balanced) | Web / AP, standard workloads | Standard_D4s_v5 (Dsv5) | Standard size assuming scale-out |
| E Series | Memory Optimized | Java AP, SAP, DB | Standard_E8s_v5 (Esv5) | DB (SQL/Oracle): Esv5 + Premium/Ultra Disk |
| F Series | Compute Optimized | Batch processing, compute-intensive | Standard_F8s_v2 (Fsv2) | High CPU performance ratio |
| L Series | Storage Optimized | NoSQL, temporary processing | Standard_L8s_v3 (Lsv3) | NVMe local SSD |
| N Series | GPU Optimized | AI/ML, graphics processing | Standard_NC6s_v3 | GPU / high-speed computing |
| M Series | Large Memory | Large-scale in-memory DB | Standard_M128ms | Large-scale TRX such as SAP HANA |
★ Primary series used in Suntory standard configuration / For detailed SKU selection criteria per series, refer to Design Document (AZ-VM-DESIGN-001) No.10
To optimize costs, select the appropriate pricing model based on your workload requirements.
Billed per second or per hour. No commitment required. Best for development / test environments or highly variable workloads.
Designed for continuously running workloads. Long-term commitment enables significant cost reduction. Best for production environments with stable load.
Leverages Azure's excess capacity. Subject to interruption. Suitable for batch processing, CI/CD, and fault-tolerant applications.
| Component | Role | Suntory Standard & Key Points |
|---|---|---|
| Virtual Network (VNet) | Network that manages communication between VMs and with external resources | Use existing VNets (creating new ones is not permitted in principle). Refer to Suntory VNets / Network Security Zones |
| Subnet | A smaller network that further divides the VNet | Select an existing subnet. Choose the appropriate DMZ / internal segment |
| NSG | Firewall rules for inbound / outbound traffic | Assign the Common NSG as a general rule (e.g., si2-securitygroup-shd-cs-tokyo-cmn-01). Do not create new NSGs |
| Public IP Address | IP address used to access the VM from the internet | None in principle. Per security policy, VMs are not assigned a Public IP directly. The load balancer holds the public IP |
| NIC (Network Interface) | Interface that connects the VM to the network | Enable Accelerated Networking in principle (performance improvement via SR-IOV). Enable auto-delete of NIC when VM is deleted |
| OS Disk | Boot disk containing the operating system | Standard SSD (LRS) in principle. Image default (127 GiB) as baseline. Auto-deleted when VM is deleted |
| Data Disk | Additional storage for application data | Premium SSD for DB data. Naming convention: hostname_data<N> (e.g., JZJP1WAPSP001_data01) |
| Availability Zone | Redundancy configuration against physical datacenter failures | Production VMs must use Availability Zone (Self-selected zone) in principle. SLA: 99.99%. Select different zones for multi-VM configurations |
| Azure Monitor | Monitoring service for CPU, memory, and disk | Enable recommended alert rules. Detailed monitoring including NewRelic to be considered separately |
| Azure Backup | VM snapshot and backup | Enable in principle (comply with Suntory backup policy). Confirm Recovery Services Vault with operations team |
| CyberArk (PAM) | Privileged access management for servers | Register with CyberArk after deployment and force-change the administrator account password. Do not use Microsoft Entra ID login |
| Microsoft Defender for Cloud | Cloud Security Posture Management | Auto-enabled (Foundational CSPM Free Plan). Confirm activation after deployment |
Minimize costs by starting VMs only when needed and stopping or deleting them when done. All team members can quickly provision identical environments, eliminating environment discrepancy issues. The B Series is the recommended size.
Scale out the number of VMs in response to traffic. Combine with Azure Load Balancer to build highly available web systems. The D Series (Dsv5) is the recommended size.
Run SQL Server, MySQL, Oracle, and other databases on virtual machines. The recommended combination is E Series (Esv5) + Premium/Ultra Disk. Disk design is the most critical consideration.
Migrate existing on-premises servers to Azure with minimal changes. Azure Migrate provides end-to-end support from current-state analysis to migration planning.
This is the Suntory Azure standard VM deployment procedure. Please complete the Parameter Sheet (AZ-VM-PARAM-001) and obtain approval before starting deployment.
| Step | Action | Suntory Standard & Checkpoints |
|---|---|---|
| 1. Pre-check & Approval | Complete all fields in the parameter sheet and obtain approver sign-off | Starting deployment without complete entries or approval is prohibited |
| 2. Subscription Confirmation | Identify the target Subscription for deployment | Refer to Suntory Azure Foundation Resources and Subscriptions mapping.xlsx |
| 3. Resource Group Confirmation | Verify existing resource groups and reuse or create a new one | Naming convention: rgp-<region>-<sub>-<env>-<app>-<seq> |
| 4. Hostname Determination | Determine the hostname per naming conventions and verify no duplicates exist | Duplicate check via nslookup command and ServiceNow CMDB is mandatory |
| 5. VM Creation | Create the VM in Azure Portal following the parameter sheet | Trusted launch / x64 / Password authentication (Username: AzureVmAdmin) |
| 6. Network Configuration | Select existing VNets / subnet and assign Common NSG | Public IP: None (held by load balancer). Enable Accelerated Networking |
| 7. Backup Configuration | Enable Azure Backup and configure the Recovery Services Vault | Confirm the Vault in consultation with the operations team |
| 8. CyberArk Registration | Register with CyberArk after deployment and change the administrator password | Share the temporary password through a separate channel. Do not include in this document or email body |
| 9. Deployment Verification | Confirm Defender for Cloud activation, monitoring settings, and tag accuracy | Tags must comply with Suntory Azure Foundation Tag Standards.xlsx |