Running Android inside Azure
In this post, I will describe an approach to Azure virtual machine (Android VM) for Android x86 or IoT development. Azure VM enables high-speed streaming and provides a virtual environment to test your Android apps. In this example, we are running Android in the cloud and streaming the display to a remote user. It is worth to mention that currently, Azure supports Linux/Windows OS. To build a VM for Android x86 on Azure you can follow this post.
How to set up Android VM on Azure
To create an Android-x86 VM on Azure, you will be required to take a couple of preparation steps. There are two ways to create the VM. You can either use Azure Portal GUI or Azure PowerShell. This document covers how to use PowerShell to create an Android VM.
Prerequisites
- You need an Azure account that you can create for free.
- Download and install the version of Azure CLI that is compatible with your operating system.
- Download and install Azure PowerShell. You can find the documentation on installation and details here.
Step 1: Preparing the Disk
Azure Portal requires the disks to be .vhd
. Since Android x86 releases have only .iso
files, you will need to convert the .iso
into .vhd
. Documents on Azure related to this topic can be found here.
Virtual Box makes it easy to transform the file and prepare it for Azure. Later on in the steps, you will use this file to create the VM. The focus of this post is not how to create the .vhd
file using Virtual Box. Here is the link on how to build the file.
Step 2: Login to Azure
Login to Azure using PowerShell:
az login
Step 3: Create Resources
In order to have a VM on Azure you will need to create:
- Resource Group to hold all of your Android VM’s resources,
In order to that, you need to pick a name for your Resource Group alongside the location you would like to keep your resources.
2. Virtual Network to enable your resources to communicate with each other in a private network,
Before creating the Virtual Network, you need to pick a name and the network subnet name.
3. Storage Account to hold the .vhd
disk,
The requirements for this section are the application name, just to create consistent names from here on, and the storage account name as follows:
4. Container inside your Storage Account,
In order to create the container, you will need the value of the key in the storage account you created in the previous step. To get the key, you can use the following command:
Now that the key is available you can pick a name for your container and create it using the following commands:
At this point, the environment is ready to upload the .vhd
file that you prepared in the previous step. This file will be uploaded in the blob storage. In the following command, the assumption is that you located the file in the current path that you are running the commands.
- Note: It is necessary to put the
.vhd
in Azure Blob Storage.
This step takes a while, so enjoy a coffee break!
5. Virtual Machine, that will be attached to all of the above resources.
You need to select the OS type and the virtual machine name as follow:
$osType=”linux”
$virtualMachineName=”${rgName}-vm”
Before creating the VM, you would also need to specify the size of the VM. Full documentation on different VM sizes and costs can be found here. However, for our case here is the Standard DSv2-series. This part is important because there is a trade-off between what you select and the quality of the streaming on your Android VM. In our sample, we tried streaming youtube high-quality videos and for that purpose, you don’t have to go higher than Standard_DS4_v2. For general purposes, Standard_DS2_V2 has good performance. For instance:
# Standard DS4 v2
$size=”Standard_DS4_v2"
Now everything is prepared to create your Virtual Machine:
How to Use the VM
After the VM is created, you need to set up the Network section of the VM to allow your IP to access the VM.
Login to Azure Portal and navigate to your Android VM home page. Under Settings
find Networking
as it is shown in the picture below.
Click on the Networking
to see the list of Inbound port rules
. In this section, we enabled port 5555 for adb communications. In order to do that click on Add inbound port rule
.
Note: Do not use the default Source
which is Any
. This will allow any IP addresses to access your VM. As a result, you will be facing denial-of-service (DoS) attacks against external endpoints.
The easy step to prevent that from happening is limiting the IP addresses that can have access to this VM by changing the Source
section from Any
to IP Addresses
.
Then find your IP and add it to the Source IP addresses/CIDR ranges
add 5555 in the port
the section then click on Allow
.
Now you have the port 5555 open for your network to connect to the VM.
Note: The purpose of this blog is not “how to secure a VM in Azure”. It is not suggested to follow the above settings for a live environment. However, at the end of this post, I provided different ways and links on how to secure any VM on Azure.
Connect to the Android VM
If you created a jumpbox, connect to the VM through that. Otherwise, here is how you can connect to the VM following the settings we created in the “How to Use the VM” section.
Now that everything is set on the Azure side, your Android VM is ready to connect to. In order to do that, there are some requirements you need to have on your local machine.
System Requirement Settings
To connect to the Android VM,
- Download and install Android-SDK on your system.
- Add the
Platform-Tool
path into your system environment variable path. - Use Android Debug Bridge (adb) commands to connect to the VM.
Ready to connect
To connect to the VM, open a terminal on Linux/Mac or a Command Prompt on Windows, take the public IP from the Azure VM and run the command below:
adb connect {VM Public IP}:5555
which should result in a console print of “connected to {IP}:{port}”. Now the adb
stream is set up to the VM.
Note: You may encounter some errors regarding adb
the first time you are using it. In that case, most likely the issue is the version of your adb
. It might not be compatible with what you have for your Android SDK setup.
Deployment
After your machine successfully connected to the VM on Azure, you can deploy your file using adb
commands. Before each deployment, you need to make sure to uninstall the previous Android Package Kit (APK) file.
Follow the command below in order to uninstall the current APK:
adb uninstall {Name of the APK service}
If there are no previous APKs you will see the proper message that the file is not available to be uninstalled. Otherwise, you will see the following message:
Success
Now the VM is ready for the new APK file to be installed. Follow the command below to do so:
adb install {name of the APK}
Note: The assumption is that the APK file is in the current folder that you are running the commands.
Display and Control of the Android VM
There are many ways to monitor and control Android devices, in our case, the VM we just created. One of the most convenient methods to visually monitor the Android VM is scrcpy. Compatible versions of this tool are provided to support Windows, MacOS, and Linux.
Note: scrcpy comes with its own version of adb
. Make sure to get the latest version of this tool for your operating system. In case you still see issues, copy the scrcpy’s adb
into the Platform-Tool
folder in your system.
General Note about the VM
Since you are being charged by the amount of time running VM in Azure, it helps you save money to shut down the VM at the times you are not using it. Some times you might forget so the easiest way to handle this is through Azure VM Auto-Shutdown.
Different ways in Azure to secure VM
One option is to create two VMs in the same Virtual Network (VNet), one for the Android and the other one for securing the Android VM, the jumpbox. This jumpbox can be an Ubuntu VM with SSH access and a public IP address. You need to add the adb
requirements in this VM to be able to run the commands.
The Android VM won’t have a public IP address so there is no access from outside of the VNet to it. The Network Security group that you created restricts access to the VM only through the VNet. Here, the only access will be through the jumpbox.
From now on, whenever you want to access the Android VM, you will spin up the jumpbox, ssh securely into it and run adb
commands.
Azure now has a secure way to allow safe connections to its VMs through SSL. Azure Bastion provides a secure way to connect to the VMs where there will be no need for VMs public IP address. There is an announcement post on this topic that can be found here. This document does not cover these sections since there is good documentation on how to use and setup Azure Bastion for both Windows and Linux systems.