Use Custom Image Templates in Azure Virtual Desktop and never patch session hosts again?

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
a while back I posted a video on how you could create your own custom images and use those when deploying session hosts for asrial desktop and that is not a too complicated of a process but the method I showed in that video video is a very manual one and also it's pretty old school to create images in that way that the method is a very manual one also means that it will be prone to human errors because we humans tend to make mistakes and getet things unfortunately and there are ways to automate the entire image creation process for example using pipelines and Packer or using the actual image Builder but while those are really cool and useful it does require you to familiarize yourself with those tools and you need to be comfortable with working with code if you want a simpler way or just prefer doing it all in the portal you do have a way that is specifically tailored towards Azure virtual desktop it's actually built upon the Azure image Builder but it is made to be used right there in the as portal it is called Custom Image templates and it is indeed the topic of today's video I'll show you the steps involved in creating custom images through the Custom Image templates service and along the way I'll tell you more about this service you know how it works and how it could also work as the first step in never patching your session hosts again sound good [Music] cool so for today's demo part I have prepared some bits and some bits I'll do live as we go through this seeing as the process of actually building the image does take quite a while I have already done that once and we'll use that image when deploying session hosts later on but the steps takes are precisely the same ones I have also prepared a basic setup with avd so we can just add some session HS later on um the setup is basically just a v-net Bastion and a Nat Gateway and if you didn't watch my video on Nat Gateway the link is uh up in the corner and in the description it will be a necessity when we get to September next year so going forward I'll always be using that or some other way to Pro provide outbound access to my Azure environments anyway if you want to you can check my basic setup and the bicep files for it over on GitHub link again is in the description all right let's get the prerequisites for Custom Image templates taken care of the prerequisites for Custom Image templates are uh six specific resource providers the desktop viralization the virtual machine images storage compute Network and key Walt you need a resource oup to store your Custom Image templates and images in you need a user assigned managed identity and a custom role to ass assigned to that managed identity there is also two optional prerequisites an aure compute gallery to store your images in and a v-net to be used during the building process I do have a script that will take care of these prerequisites over on my GitHub so you can check that out and if you want to and in that way get your lab quickly running uh up and running so but for the sake of this video let us do it manually so let us begin with the resource providers the these are per subscription so uh I'll go into my subscription and then down to the resource providers and first let us check the first one that will be the desktop viralization as you can see in my case it is already registered for my subscription but if it wasn't then you'd simply select it and then click register I have had occasions in the past where this would say registered but still get error message stating that the resource provider isn't registered in those cases usually the solution is to Simply reregister resource providers simply by selecting it and clicking this button right here all right now to verify the rest of these resource providers the uh the process is the similar so uh let's just speed through this all righty all good the next prere is that we have a resource Group and I already have created one so that is good next would be the user assigned managed identity so from my Resource Group here I'd click create then I'd search just for managed uh identity and then on user assigned managed identity click create and user assign managed identity give it a pretty name like managed uh managed ID perfect uh review and create then hit create all righty next on the list of Rex is a custom role that we can assign to this managed identity and in my case I only want this custom Ro to be assignable to my one Resource Group so I'll go back to my Resource Group and from this Resource Group I'll go to access control then I'll hit add and add custom roll I'll give it a fitting name like for example Custom Image templates and from here uh I'll beit go a bit uh not so logical I guess I'll select start from from Json and then I'll jump to the Json tab here and then I want to go to the documentation for this uh the link is of course in the description and I'll copy this uh Json list over here go back to the portal and then hit edit and within the actions here I will paste the uh the permissions that I copied from the documentation then I'll just hit save I just find this way of doing it a bit easier than either selecting the permissions from the list or even writing the entire Json myself but if I now go back to the permissions tab you can see that the list here is populated with a couple of uh permissions and it's all of the permissions required uh for our custom roll now in a production environment you would probably go to the assignment Scopes here and change that to match your manag mement groups or subscriptions but like I said for my setup now I only need this role to be assignable to this one Resource Group so we'll just go uh to review and create and then create Hit okay and now we need to you know add that custom Ro to uh or assign this role to my uh user assign managed identity so hit add and then add roll assignments and I'll search for my Custom Image template rooll then go to members and I'll select the managed identity here and then select members this will be a user assign managed identity and I can find my managed ID here select click on it and then click select and then review and assign and then review assign yet again to assign that custom role to my managed identity now that was actually all of the required prerequisites but but we do have those two optional ones one of which I would like to set up and that would be the Azure compute gallery to store our images in the reason this is an optional prerequisite is that the Custom Image templates feature can either store your uh produced images in as managed images or put the images in asro computer gall or both and of those I do prefer to have it in a gallery so that we have a proper versioning and that kind of stuff the other optional prerequisite would be a v-net to be used when building images which will be useful if you need to have access to some of your existing resources while building the images uh for example a file share with installers on or something like that but in my case that is not needed but I do want that a compute Gallery so from the overview of my Resource Group I'll hit create and then I'll search for gallery and then on the aure compute Gallery I'll hit create and aure compute Gallery give this a name of demo gallery and that is actually all that we are required to set up here so hit review and create and then create now in a production environment you might might really want to go through all of the sharing settings and stuff like that but again this is a lab environment so I don't really care about all of that as of yet and then we actually need to wait for this deployment because once it's done we need to go in and add a VM image definition so I'll hit go to Resource since this is now done deploying and from our Gallery we'll hit add an VM image definition and this VM definition should be called uh demo image I guess always type will be Windows because uh that's what we're going to be deploying and here on the security type you already here need to make a informed decision on what kind of session host you will be deploying later on because if you select standard here then you cannot deploy trusted launch session hosts later on or confidential machines for that matter safest bet is probably to go in and select the trusted launch supported because that will allow you to deploy both standard and trusted launch it does not however allow you to deploy confidential session hosts also worth noting that selecting anything but standard here will remove the option to create gen one VMS so if you are required to use gen one VMS then make sure to select the standard uh in my case I'll select the trusted launch supported uh for now so I'll have both both the option of doing security typee standard on my session host and the security type of trusted launch I do not have a need for Gen one so that is fine that we do not have the option there further down we have the O states which needs to be generalized with Custom Image templates lucky for us that that is the default selection the last things here is the publisher offer and SKU these are really all up to you but if you will be dealing with a lot of templates you should probably have a proper naming convention for these just a bit of heads up there in my case I'll just input um better Tech uh the offer would be image and the SKU will be 01 the rest of the settings here are not needed uh as of now so I'll go ahead and click review and create and then create in in a production environment you would you might want to carefully go through the other settings but as they are not a requirement I simply skip them for now this is after all just a lab setup after all that we now have successfully completed all of the prerequisites for Custom Image templates the setup in this resource goup uh now is pretty much the ex exact same as you would end up if you simply ran the script that I'm made that I mentioned earlier just download it off my demo St repo and run it with the name of the resource Group like this and that should yield you pretty much all you need and have the exact same kind of setup as I do have here now now for the more exciting part the Custom Image templates part because now that we've all of our pre taken care of we can head on over to Astro virtual desktop and down on the left side here you'll find Custom Image templates and like I mentioned I have created one earlier so you will see this one listed here but let us create a new one and click add custom image templates um we'll just call this Custom Image template and since I already have one created it will automatically select the yes on the question if you want to import from existing template so I'll set that to no since we want to create a brand spanking new one then make sure that subscription and Resource Group are all selected correctly and also location uh that would be for me today North Europe and then on the managed identity select the one that we created earlier on uh if you use my script that would be a managed identity called Custom Image template identity so hit next on our source image here I highly recommend that you always use the platform images um or you know an image from the marketplace they are listed as platform images there the reason for that is that those images are activ maintained by Microsoft so they will actually be patched each month so basing your image off of one of those will save you some time since you don't have to immediately start patching your images or the session host you create from that image and as you can see you can also choose to select uh either a managed image as a source or selecting one from the as compute Gallery so you can also base stuff off of your own images but like I said go with platform images if you can and I will do so and I'll select the windows 11 Enterprise multi session 23 H2 Gen 2 because as you remember we need to use a again Gen 2 Source image next and then here we select the uh oh where we want those images to end up like I mentioned earlier you can opt for the destination being a managed image an naal Compu gallery or both the the simplest way here is uh to use a manage image and that is also why the compute Gallery is an optional prerequisites I do however prefer to use compute galleries since they provide us with a lot better versioning on our images so I'll check the as compute Gallery here select My Demo gallery and the definition that we created and for gallery image version here we need to input a version number with three segments uh so for now I'll just go with 1.0.0 the Run output name here is something you will rarely have a use for but if you end up in a situation where you need to troubleshoot the image building process itself then you will need that name to locate the logs for that building process so choose something that makes sense like uh output Dash and then the name of your Custom Image template for example in my case I'll go uh with the every creat name of output replication regions is just to which regions your image should be replicated I suggest you select all regions that you will be creating session hosts in based on this image you know for Speed reasons uh so that when you deploy a session host in J us they doesn't pull the image from Europe for example the exclude from latest question here is a curious one you might have noticed when you are deploying vmc that you often can select an image and then the version of that image or just latest latest is great for those cases where you regularly create new versions of images and don't want to have to update the deployment process with the new image every time but the uh but the standard selection here is that the this new version should be excluded from the latest meaning that if your deployment process is set to use the latest then this new version would not be used since it is excluded from latest so I'll change that to no in my case the storage account type will give you the standard choices of either lrs locally redundant storage or zrs Zone redundant storage if you don't recall the difference between those then I have a video on that link is up in the corner in in the description and by the way like and subscribe will you cool and then I'll just hit next here since lrs are it's perfectly fine for me in this case now on the build properties here choose rather carefully first of all the build timeout here this is the uh length of time that the image creation process can take before it times out and fails selecting a too short of a timeout will perhaps not allow for the image to be created successfully think since things tend to take some time selecting the max can also be bad or at least painful if you're impatient uh say for example the image creation process is hanging on something it can then spend up to 960 minutes or 16 hours before timing out and failing that is a long time in my experience the build process usually takes around 1 and 1/2 hours for a pretty standard build without too much customization so so the default of 240 minutes here can actually also be a bit too much uh especially if you're testing out new stuff and don't want to wait around but it also depends on the next selection here um by the way I'll just leave it on default 240 now um the next selection here is the size of the VM that image building process will take place on and I recommend you not being a cheap skate here just go big the VM will not live longer than at Max the build timeout you specify and the bigger the VM the faster the build process will complete usually so I tend to click see all sizes and I'll find the latest version of the D series and um let's see yeah let's go for a d16s that's probably fine so that's uh the size and now we have the OS dis size I recommend you do not alter the OS dis size unless you have to go go bigger now the build process will have to create a few temporary resources uh things like the VM U that it will build the image of a storage account a keyal and so on and the Staging Group here is the name of a resource Group that houses all of those temporary resources it is optional if you do not specify anything then a semi random name will be generated based on the name of the resource Group where the Custom Image templates sides uh it would also be prefixed with it uncore so it will probably stick out like a sore thump and specify a name if that is not your thing another reason why one would specify a name here is um if you for example have an a policy that enforces a specific name structure on resource groups because that semi random name will probably go against that policy and then the build process will fail so yeah select one if you need to um and uh in my case I won't so the next one here is actually also optional and that is the v-net here is the reason why a v-net was an optional prerequisite you can choose to leave this field empty and that will make the image building process create a temporary venet for you again you might have ashro policies in place that will hinder this in those cases create a v-net and specify it here another reason to specify minut it would be that if you at some point in the image building process will have a script or something that needs to pull stuff off from existing infrastructure like a file share in my simple lab setup that is not a worry not the resource Group and not the v-net so I will leave those both empty now it's the fun part the customizations and this is where the Custom Image template service actually gets very useful because this is everything custom that you want in your image and there's a ton of built-in stuff here let's click the add built-in scripts and we'll see we're not going to go through all of these but let's do some highlights uh at the bottom you have the apply Windows updates and there should really not be any to if you base your image off of the marketplace images like I said those are maintained but it doesn't hurt to check this box anyway and if you basee your images uh off your own images those are probably not patched every month so this little check box would be neat in that case you can also add or remove office applications so if you want to you know add the Visio or project application or remove the uh access application you can do so by simply by selecting it here you can remove Apex packages so if you don't want your session hosts to all have the clip champ application and you simply remove it this way you also have here uh like session timeouts screen capture protection uh RTP short path and so on and so on uh in my case now I will do something that is uh immediately visible so I'll set the default OS language and I'll install that language so taking all both of these boxes and then selecting uh Norwegian and um that should yal us an image that has the default ow language of Norwegian so select those and then hit save that is only the builtin ons you can also add your own customizations or your own scripts here so if I click add your own script here and just for uh demo purposes I'll do one that installs Powers shell so install Powershell and then I'll head on over to my GitHub page and grab a script that I made a while back on a live stream over on twitch.tv/ uh link to the script is in the description but just keep in mind that if you want to use your own scripts here the links needs to point to the raw version of those files so I'll just grab this then go back and paste this as a URI and as you can see you can also add in reboots after running your scripts if you need to and then I'll hit save and a fun thing here is that you can also see the links to all of those built-in scripts as well as your own built-in script so um if you want to take a look at those scripts you can actually head on over to GitHub and take a look at them because they're all public which is kind of cool after adding all of my customizations I can hit next and tags I'll skip for now so we'll hit next again then I have the summary of my Custom Image templates and I'll go ahead and click create here and this process well at least for now it does have a bit of a delay on it so the new Custom Image template isn't immediately visible in this page so uh in my experience it only takes a few minutes uh and then you can start hitting that refresh button like a maniac and here we see we have our new Custom Image templates it is in the status of creating so let us give it a few moments more all right the template is now created is is it is in a success state that means that we can now go ahead and build images off of our Custom Image templates so if I check mark this Custom Image templates I can do start build and this will start the you know build process of this image it will uh initiate the creation of uh the resource Group the staging Resource Group uh the VM the storage account and all of that and the need thing is they you can actually watch this in action so you have the link to your staging Resource Group all over here and as I said it is prefixed with Itor and then uh name of your resource Group as you can see currently there's only a storage account here but if we refresh we will probably at some point soon see couple more resources so now we have our key and this will go on and on and create all the VMS and uh the virtual network card and so on and so on uh and when the image building process is complete it will remove everything in this resource except for the storage account and the reason for that is that the storage account will still house the logs from the image building uh process so if you need to go back and do some troubleshooting or uh find out why something something happened in the image building process then that storage account is where you will find the logs for that now if we go back to our um Custom Image templates this and refresh of course you'll see that the uh image build process is running and like I said initially this is a process that does take a while um in my experience the same thing that we did here will take about 1 and 1 half hours and uh we're not going to be sitting around waiting for that so what we'll do now is to go ahead and create some new session hosts based on an image that I created using the exact same stages it's actually the image that was the result of this cit1 here so uh in my case I already have a host pool and all that set up so I'll go to host pools uh hbo1 and then to session hosts and I'll hit add and on Virtual machines I will give these a prefix it will be aure virtual machines it will need no infrastructure redundancy and for security type I'll use standard for now and then on the image I'll click to see all images and on shared images here you can see all of the custom images that I have so uh we also have the demo image that we just now created but this is in a process of being created so uh let us select the image one which is one that I created earlier on and then the VM size that's fine we will do 1 VM and select the vets and fun thing here you can see the temporary vet that was created for my Custom Image template so that's also kind of neat so I'll select a vet now one for now I'll skip the nsgs select enter ID join uh select a username and all that and then hit review and create and then create and this should yield us one session host the based off of our Custom Image and if you remember this would be with a Norwegian language and the Powershell installed uh proper one not the windows pow shell so uh let's just wait out this deployment and then uh try and connect to our new session host all right so now we should have a brand new session host created from that Custom Image with the language change and power preinstalled so we should be able to head on over to our remote desktop client and log onto it and see how it works and I noticed immediately that the language has changed it is now in fact a nor regian so uh yeah and also power shell is pre-installed which is great this means that our Custom Image template has done its job and created a brand new Custom Image with the those few little customizations that we had I did mention that this could be a first step in never patching your session hosts again so let me quickly tell you how that would work so if we go back into Ash virtual desktop and our Custom Image templates here now we are basing our images on the marketplace images which are maintained and patched each month so when now a month has passed and you should generally be updating your session host instead of updating the existing ones we could create a new image and the way we would do that is add a custom image template and just call this uh template O2 and as I said earlier the import from template is now defaultly selected to yes so we can leave it that and then brow image template and I can select the one that I created earlier and then select now all of the settings in this Custom Image template is inherited from that previous template so you see the source image is the same the distribution Target is the same what I can do now is to use the same demo image as a image definition but I can now set the version to be 1.0.1 for example this would then mean that whenever you deploy something from that image using the latest you will now use the 101 uh version which will be based on the now patched Marketplace image which has the latest patches as of this month and the rest of the settings are also kept so I can go ahead and and go all the way through and create and then the process would be the same as before you would select it and then click Start build process and you would have a new image and you can now deploy new session Nots based off of them that image so that is how you could use this feature uh to you know not patch your session not again and the added benefit is that you will always have freshly new installed session hosts neat huh now in this video I I did have a pre-existing avd setup so I didn't really cover those bits I assume that you maybe know all that stuff but if you don't I have a video on that showing you how to set up AV for basic simple scenarios you you um might want to watch that next and uh like subscribe do comment down below if there's any feedback on the video or stuff you want to see in from me in future videos and uh yeah cheers
Info
Channel: PetterTech
Views: 1,876
Rating: undefined out of 5
Keywords: windows virtual desktop, azure, Azure virtual desktop, avd, avd demo of the day, microsoft azure, azure demo, azure virtual desktop demo, avd demo, azure tutorial, azure training, azure cloud, azure architecture, azure fundamentals, custom image, custom image avd, avd custom image, template, avd template, custom template, avd custom template, golden image, avd golden image, compute gallery, vm image, azure image, custom session host, pettertech, custom image template
Id: o3A9J7CbCyA
Channel Id: undefined
Length: 33min 0sec (1980 seconds)
Published: Tue Mar 05 2024
Related Videos
How to properly do DNS in Azure with Private Resolver | An introduction and demo
PetterTech
2K
New! Azure Image Builders Portal Integration
Travis Roberts
7.3K
Azure Virtual Desktop on Azure Stack HCI
John Savill's Technical Training
13K
How to create flowcharts and diagrams using ChatGPT in 2024!
BridgeMind AI
6.1K
Avoid These 3 Mistakes With VM Images
Azure Academy
5.6K
The AVD Admins Super Power!!!
Azure Academy
12K
How to use the Army Virtual Desktop
MilTut
6.4K
Live: Dev Box from Microsoft | What is it, how does it work and why should you care?
PetterTech
2.1K
How to run Azure Virtual Desktop on-premises
Microsoft Mechanics
33K
Custom Images In Azure Virtual Desktop | How to create and deploy
PetterTech
9.3K
Elon Musk JUST Revealed The Last And Most TERRIFYING Secret We Are NOT Supposed To Know
Star Investing
1.8K
Install Applications in Azure Image Builder with PowerShell!
Travis Roberts
4.1K
Microsoft exams just got easier! Use Learn while taking the exam
PetterTech
987
Mermaid In Markdown, Diagrams As Code: Introduction, How-to, And Demo
PetterTech
12K
Windows 365 Frontline: An Introduction And Demo
PetterTech
549
12 Tips to Get More Done Using Microsoft Outlook
Jonathan Edwards
70K
Azure regions, datacenters, availability zones and more | Get the basics down for your AZ-900
PetterTech
612
Creating your first Azure VM!
John Savill's Technical Training
20K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.