Image management is crucial for Azure Virtual Desktop (AVD) as it affects performance. AVD host pools use a golden image from a reference VM. Creating this image is vital, but the manual method is slow and prone to errors. To simplify, Microsoft and others offer automatic methods for generating reference images.
In this post, we'll focus on the Custom Image Management Portal feature, which simplifies and automates the creation of golden images. By utilizing this feature, administrators can effortlessly include all necessary applications, configurations, and updates in the image, saving time and ensuring consistency across deployments. Let's explore how this powerful tool enhances the efficiency and reliability of image management for Azure Virtual Desktop.
Prerequisites
Resource providers registration,
The following resource providers need to be registered on your subscription:
- DesktopVirtualization
- VirtualMachineImages
To register a resource provider, go to Subscription—Resource providers, Type the resource provider's name, and click Register.
User-assigned managed Identity for Azure Image builder
Custom image templates use Image Builder for the automated build process. For AIB to work, you need a managed identity with role-based access permissions. First, we need to create a managed identity and assign custom permissions.
- Create a User-assigned managed identity.
Login to Azure portal - Managed Identities – Create new managed identity.
- Create custom role - Login to Azure portal – Subscriptions – Access control IAM – Add – Add custom role.
Provide the name for the custom role and click JSON.
Click Edit in the JSON, copy and paste the following permissions in the JSON actions""Microsoft.Compute/galleries/rea"",""Microsoft.Compute/galleries/images/rea"",""Microsoft.Compute/galleries/images/versions/rea"",""Microsoft.Compute/galleries/images/versions/writ"",""Microsoft.Compute/images/writ"",""Microsoft.Compute/images/rea"",""Microsoft.Compute/images/delet""
Save and go to permissions to see if permissions are assigned correctly.
- Assign custom role to Managed Identity - Find the previously created managed identity and click Azure role assignments.
Click Add role assignment and select the custom role that was created before
If you don't see the role, you might need to wait a few minutes and retry
Create Compute gallery.
Azure Compute Gallery is a repository in Azure that stores pre-built virtual machine images, making it easy to deploy standardized environments for various purposes, such as development and production.
Login to Azure portal – Find for Azure compute galleries – Create
Create a Custom image template.
- Login to Azure Portal – AVD – click Custom image templates.
Select the latest marketplace image as the source.
As a destination, select the Gallery that was created previously.
Select the VM configurations for AIB build VM
Next, you need to select customizations. There are two options to push configurations to your build image: Add built-in scripts and your own script.
Built-in scripts - From built-in scripts, you can push common AVD configurations to the build, such as time zone redirection, FSlogix, and Windows updates
Add your own script—You can specify your own script, which can be useful in deploying custom applications and app configurations.
In the next post, I will describe how we can create our custom application.
Click Save. Next and Create to complete the template
When you go to custom image templates, you will see that the template has been created and the status is Success.
Select the template and click Start Build to run the template.
When this process finished, you will see a latest image is being created in your compute gallery.
You can use this latest image to deploy the next set of VMs. When you need to update the image, you can rerun the build process.
I hope this post is helpful.
