Written by amalcloud

Leverage Custom Image templates for easily creating AVD Master images

Microsoft has made its Image builder functionality available in the Azure portal specially to create the custom AVD master images for AVDs and W365. The “Custom Image template” functionality helps organizations to create a custom image from the preferred marketplace image, deploy softwares, optimize the image and distribute the image via SIG.Let us see how we can create a custom AVD image using “custom image template”.

Pre-requisites

1.Register the following Service Providers.

  • Microsoft.DesktopVirtualization
  • Microsoft.VirtualMachineImages
  • Microsoft.Storage
  • Microsoft.Compute
  • Microsoft.Network
  • Microsoft.KeyVault

2.Create a user-assigned managed identity

3.Create a custom Role with below permissions and assign the same to the user-assigned managed identity.

 “permissions”: [

            {

                “actions”: [

                    “Microsoft.Compute/galleries/read”,

                    “Microsoft.Compute/galleries/images/read”,

                    “Microsoft.Compute/galleries/images/versions/read”,

                    “Microsoft.Compute/galleries/images/versions/write”,

                    “Microsoft.Compute/images/write”,

                    “Microsoft.Compute/images/read”,

                    “Microsoft.Compute/images/delete”,

                    “Microsoft.Network/virtualNetworks/read”,

                    “Microsoft.Network/virtualNetworks/subnets/join/action”

                ],

4.Optionally if you need to distribute the image across regions, then create an SIG for holding your image else you can create a managed Image.

Note:- Azure Image builder will create the temporary storage, preparation VM etc in a custom resource group if you haven’t specified one.The image builder will create a custom VNET for the VM preparation as well. If you want to specify your corporate VNET, then make sure the private endpoint policies are disabled . To disable the private endpoint policy, follow the article

https://learn.microsoft.com/en-us/azure/private-link/disable-private-link-service-network-policy?tabs=private-link-network-policy-powershell

Image Creation Process using Custom template.

The image creation process contains two steps.’

  • Create a custom image template
  • Create an image from the custom image template.

Let us create a new Image using the “Custom image template”.

Navigate to Azure portal–>AVD–> Check “Custom image template” under Manage.

Click on “+custom image template” to launch the image template wizard.

In the Basics page, provide the name of the template, select whether you need to use the existing templates or create a new one. This option is to create newer version of image templates as once the template is created we cannot change the parameters of the template. Select the subscription, Resource group, Location and the user-assigned managed identity.

In the source image tab, select the marketplace image which need to be used as the base image.You can select the source image from your existing SIG image or managed Image. Click Next once selected.

In the distribution targets, either provide the details of a managed image or SIG image gallery details where the final master image will be saved.

In the “build properties” tab, select the image creation time out settings(default value is 240minutes), the Build VM size,OS size, staging Resource group. If we not specify a staging resource group, AIB will automatically create a temporary resource group for the image building purposes. Under the vnet configuration, provide the VNET and Subnet details if you want to get the build VM deployed in your own VNET. Else AIB will create a temporary VNET during the image creation process.

The next tab is the important and game changing tab. Microsoft allows us to add either custom script or AIB build scripts during the master image creation process. For example, in this blog I created a small script to download and deploy MS teams for AVD. I had also selected the Microsoft built-in scripts to optimize my image.

Click on “+Add your own script” to add the powershell script you created. The script need to be either publicly available or need to make sure that the user-assigned managed identity has access to the storage account where you are saving the script.

Provide a name for your script and the path where the script resides.

To add a built-in script, click on “+ Add built-in script” and select from the available options.

Provide your custom tags if any in the Tags tab and click Next.

In the review and create section, make sure the parameters are correct and click on Deploy.

Once the “custom image template” is created. Navigate to the image template you created and click on “Start build” to initiate the image creation process.

You can use the custom image you created using this process during the AVD deployment stage.

I faced couple of errors when I tried using my own VNET and pre-created Resource group for the staging. Providing the right permissions on the proper level is the key to isolate the issue. I given contributor rights to the user-assigned managed identity on top of the custom Role which I created.

Please do let me know your comments and feedback about this article and I will incorporate the errors and warnings FYR.

Advertisement

One thought on “Leverage Custom Image templates for easily creating AVD Master images

  1. Pingback: AVD Community Newsletter – 18th May 2023 – AVD Community

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s