The Gold Image
Session Hosts and Images
The course is part of this learning path
This course covers imaging in Azure to show you how you can build Azure Virtual Desktop session hosts as well as prepare for the AVD Specialty exam. This is going to cover a lot of information on the Windows OS, imaging tools, and how we work with images in Azure. Then we'll look at how to manage, maintain, and update those images. Finally, we'll cover how you can automate the whole process so you can scale as well as generate a new image each month or when a zero-day patch comes out, so you can stay secure.
- Create a custom image
- Deploy a session host with a custom image
- Modify a session host image
- Install language packs
- Plan for image update and management
- Create and use Azure Compute Gallery image
- Automate custom images with Azure Image Builder
- Azure administrators with subject matter expertise in planning, delivering, and managing virtual desktop experiences and remote apps, for any device, on Azure
- Anyone looking to learn more about Azure Virtual Desktop
- Windows operating system
- Imaging a Windows OS
- Azure Virtual Machines
- VM snapshots
- Azure Compute Gallery
- Azure Image Builder
Another thing that makes the image management process complex is that things can go wrong. And depending how bad it is, you could lose all of your work and have to recreate your image from scratch. That's where snapshots come in. Snapshots are save states that will let you roll back to an earlier version of the VM. When creating a gold image, a snapshot should be used at each step of the process, so you could go back to that step in case something goes wrong. This can also save you if the capture process fails, and that process itself will make the VM unusable.
Let's walk through creating a snapshot. In the Azure Portal, go to your virtual machine, on the left, select the Disks, then select your operating system disk, and at the top, click to create a snapshot. The subscription and resource group will already be selected for you, and you need to give your snapshot a name. When thinking about the name, I like to put the name of the virtual machine and some kind of reference to what I did and a number for the snapshot. Since you're going to have multiple snapshots in the VM creation process, the numbers and the names will let you know which ones you need to roll back to in case you have issues.
Next, you have your snapshot type. For image creation snapshots, I always recommend a full instead of incremental. Incrementals work by snapshotting the differences between the virtual machine and the current state, and if I end up with a real big problem like OS corruption along the process, the incremental won't be able to do a complete restore. A full snapshot will go back completely, and it's safer for this kind of process. The rest of the items on this page are pulled from the source virtual machine data and cannot be edited.
So the last item here is the storage type for your snapshot. Those are zone-redundant, standard hard disk drive and premium SSD. Zone redundancy is needed if you're deploying VMs across multiple availability zones. This is a good way to create high availability for your workload. However, be aware that availability zones are still being rolled out and integrated across all of the Azure features, so not everything supports availability zones at this time. But if you've tested everything in availability zones, they are a great solution.
As for the other two options, I would use standard hard disk drives over premium SSDs. The reason is because SSDs are more expensive than hard disks, and there is no performance to be gained by using an SSD in this case. And once we have a good image, we're going to delete all of our snapshots anyway. Click Next, and then we have our encryption type. Now all storage in Azure is encrypted at rest by default using platform managed keys. There are several other choices including customer-managed keys or double encryption by combining a platform and a customer-managed key together.
Unless you have a specific requirement for customer-managed keys or double encryption, I recommend using the default platform managed key for simplicity's sake. Click Next, and here we have an option for adding network layer security to your images by using something called a private endpoint. Since Azure is a public cloud, you can reach all kinds of services in Azure if you have the right access and security. This particular feature will set up an IP address on your private Azure network for you to directly access your image or deny any kind of network access at all, which would also block the ability to export the snapshot from the cloud.
This is another one of those features that can enhance the security, but also the complexity of your solution. So if you don't have a specific requirement for private endpoints, then the public endpoint is just fine. Again, because these snapshots will be deleted once the image creation is successful. Click Next, and here's where we can add tags to your snapshots. Tags are additional metadata that are key and value pairs, and you can assign them to almost every resource in Azure. These can be used to give you additional context as well as searchability and automation in the cloud beyond how you name the resource.
Now I'm not gonna cover tagging strategies in this particular course, but here's an example of tags that I like to use. The application that this resource is associated with. The cost code, so I know who's being charged for this resource. The environment, which in this case is my lab. The owner of the resource, so I know who to contact if there's a problem. And then the support contact information. Once you're done, go ahead and create your snapshot.
Dean Cefola is a Principal Azure Engineer at Microsoft and has worked in the IT industry for over 20 years. Dean has been supporting Azure Virtual Desktop from the beginning and is the Microsoft FastTrack Global Leader for AVD.