Azure Virtual Machines that host web applications, application servers, database, and other services are provisioned using ARM templates. Each virtual machine has a single network card with a public IP assigned to it. They're attached to a virtual network and have a private IP address from the same network. The public IP for virtual machines is optional since they're attached to a public load balancer. These virtual machines are based on a Windows 2016 server image. Operational insight agents are installed on virtual machines to monitor the virtual machines. PowerShell scripts are also executed on these virtual machines, downloaded from a storage account available in another resource group to open relevant firewall ports, download appropriate packages, and install local certificates to secure access through PowerShell. The web application is configured to run on the provided port on these virtual machines. The port number for the web application and all its configuration is pulled from the DSC pull server and dynamically assigned.