The Gold Image
Session Hosts and Images
The course is part of this learning path
This course covers imaging in Azure to show you how you can build Azure Virtual Desktop session hosts as well as prepare for the AVD Specialty exam. This is going to cover a lot of information on the Windows OS, imaging tools, and how we work with images in Azure. Then we'll look at how to manage, maintain, and update those images. Finally, we'll cover how you can automate the whole process so you can scale as well as generate a new image each month or when a zero-day patch comes out, so you can stay secure.
- Create a custom image
- Deploy a session host with a custom image
- Modify a session host image
- Install language packs
- Plan for image update and management
- Create and use Azure Compute Gallery image
- Automate custom images with Azure Image Builder
- Azure administrators with subject matter expertise in planning, delivering, and managing virtual desktop experiences and remote apps, for any device, on Azure
- Anyone looking to learn more about Azure Virtual Desktop
- Windows operating system
- Imaging a Windows OS
- Azure Virtual Machines
- VM snapshots
- Azure Compute Gallery
- Azure Image Builder
The best way to work in the cloud is through automation. Our images are no exception. We can automate the imaging process in Azure with the Azure Image Builder. To use the Azure Image Builder, we need a few things. An Azure subscription, a resource group, an Azure user assigned managed ID so that the the Image Builder can access your subscription, which will also require a custom role, so Image Builder will only do what we allow it to do. Then we'll need an image template, and this will describe the source image, updates, reboots, applications, and other customizations you need all through code.
Step one is we'll need to create that image configuration. This will start off with picking your source image and Azure Image Builder supports both Windows and Linux. Although for Azure virtual desktop today, we'll just be working with Windows. Then we look at your customizations. These can be for Windows through powershell scripts and command files, and these scripts need to be accessible to the Image Builder service, so I usually store my scripts on my public GitHub repo. However, there is a way to do this by accessing your resources through a private virtual network, but we'll just save that for another course.
There's also native support for running windows updates and restarting your virtual machine. And that means we can also use image builder to automate your monthly update servicing. Your configuration here is fully defined as an image template, and then it's going to be submitted to the Image Builder service. The Image Builder service itself will spin up some temporary resources in your Azure subscription and build your VM from your image template all through a pipeline in the background. What you'll see in the Azure portal is a staging resource group and staging resources. And that leads us to the last part, which is the distribution of your brand new Gold Image.
Once the staging VM is finished, CIS prep will run and the VM will be shut down. And the image capture process will occur just like you've seen earlier. Then your new Gold Image will be imported into the Azure compute gallery. And a new image version will be established. If you've selected multiple regions then your image version will be replicated out to those regions and the process will be complete. So let's see it in action. Over on the right is the Azure Image Builder GitHub repository for Azure virtual desktop. And you can see that there are several files here. This will say it up and configure FSLogix as well as the Windows optimization code for pooled systems and install teams in an automated way just like we showed you earlier. Then we have an armed template and this is the image template file.
So if we walk through this real quick we have a resource here and this is the image template itself that we'll be creating. And it has a input required here for a managed ID. There is a property for the build timeout and that means that after 120 minutes by default, the image process will stop. So if everything you are doing will take longer than 120 minutes, you can just increase this number. When Image Builder does its magic, it's going to build a virtual machine in the cloud in a staging resource group. And that machine will be a D2 V2 in size, and it will use 127 gigabytes for the operating system disc. And this is because the image that it's going to use as its source is the Windows 10 multi-session image for version 20h1 for enterprise. If you would like to use a different version, you just need to change these values. And if want to use your own existing custom image like we already created, you would replace these four lines of code with an ID for your image.
Then we have the customization section, and here, as I said we're going to install FSLogix, then run the optimization code. We'll do a Windows restart, and then install teams followed by another restart. And these script URLs are how we're going to call applications for Image Builder, and they are in a public GitHub repository that I showed you a moment ago. Then at the bottom, we have our distribution section going to our image gallery. This will create an image definition for you and then replicate the image into the region of your choice. Again, I only recommend going to one region for the initial process. That way, if something goes wrong, the process will finish as fast as possible.
Now over on the left, I have the Azure Cloud Shell open and that's just to give me a powershell environment that we can execute all of this code. And that begins with this prerequisites section. And this will register the image builder service for your subscription, and then checks on that service to verify that everything is loaded and running. Now I of course have already this, so I'm not going to repeat the process, but you would just copy this code, paste it into your cloud shell, and then wait for it to respond as registered.
In the next section, we're going to set up some environment variables for Image Builder to function, and I'll just paste those here into the cloud shell. And now we have a WVD image demo resource group set up in the west US2. And if you wanted something different, then you can just modify the name of the resource group in your own code or the location, or even the name of the image builder template. And the next step we'll create our managed ID, and we'll paste that code, and then we'll hit the yes to all.
Now we'll assign those new permissions to our managed ID so that the Image Builder can distribute our image to our shared image gallery. Next we'll create a shared image gallery and so far and we have a new resource group as well as managed ID, our image gallery, and our new image definition. Back in the code, I've scrolled down to the download template and configure section. And this is going to download the image template that we looked at earlier into your cloud shell. Make a few edits based on your subscription, resource group, name, region, image definition name, and your managed ID, and insert all of those into your template. And if we just look at the files that are here in my cloud shell, and if we cat the armTemplateWvd.json file, and under our image template resource we have our managed user ID, and we scroll down to see our source image of Windows Multi-session 20h2, and we have our customizations to install FSLogix, the Windows optimizations, reboot, install teams, reboot, and then run Windows update.
And finally, we'll distribute this image to our shared image gallery to the proper image definition into our selected region. So if we scroll down over here in the code to submit our template, paste into power shell, and that has created a new image template resource, and we can see that over in the Azure portal. We've got all the details here for what we just created, including a JSON view, where you can and look at the code and see that it matches everything that we just asked for.
Now, at this point the image template resource has been created, but we haven't begun the image process. This has just set up everything we need for Image Builder to run. So you can start the process by either clicking start build here in the portal, or over here in powershell. You can copy this text to start your build. And with that, the process is now running. The image template has been submitted to the Image Builder service, and it will begin the process. And you can check on the process with this block of code and you see that the process is currently running with the status of building.
Back in the Azure portal, you can see the same thing with the build run state. And this process will take approximately 20 to 40 minutes depending on what you have inside your image. And it will go for a maximum of 120 minutes because that is what was defined inside our template. And you'll find a new resource group in your subscription starting with IT underscore, and then the name of the staging resource group, and the name of your template. And as you can see, this has created our staging resources to perform the image creation, and then it will do the capture, which it will deposit our image inside our shared image gallery, just like we saw earlier.
Dean Cefola is a Principal Azure Engineer at Microsoft and has worked in the IT industry for over 20 years. Dean has been supporting Azure Virtual Desktop from the beginning and is the Microsoft FastTrack Global Leader for AVD.