Image Management – Create and Manage Session Host Images

Image Management

A golden image is a copy of a full VM including any attached data disks (if any). You can create VMs from an image multiple times, and a copy of the VHD from the image is used to create a new VM disk. If you have multiple images that you need to maintain and would like to make them available throughout your company and let specific teams access specific images, then the Azure Image Gallery is your best option to manage multiple images with RBAC.

The following resources get created when you use the Azure Image Gallery to store images:

•\ Image definition: Image definitions are a logical grouping of image versions, and they carry information about the image and any requirements for using it to create VMs. There are three parameters for each image definition that are used in the combination: Publisher, Offer, and SKU. These parameters are used to find a specific image definition. This includes whether the image is Windows or Linux,
release notes, and minimum and maximum memory requirements. It is a definition of a type of image

•\ Image version: An image version is what you use to create a VM when using a gallery and image version, which allows you to store/create

Figure 7-7.  Azure image gallery version and definition

Generalized and Specialized Images

There are two operating system states supported by Azure Compute Gallery. Typically, images require that the VM used to create the image has been generalized before taking the image. Generalizing is a process that removes machine- and user-specific information from the VM. For Windows, the Sysprep tool is used. For Linux, you can use the waagent -deprovision or -deprovision+user parameter.

Specialized VMs have not been through a process to remove machine-specific information and accounts. Also, VMs created from specialized images do not have an osProfile associated with them. This means that specialized images will have some limitations in addition to some benefits.

•\   VMs and scale sets created from specialized images can be up and running quicker. Because they are created from a source that has already been through the first boot, VMs created from these images boot faster.

•\   Accounts that can be used to log into the VM can also be used on any VM created using the specialized image created from that VM.

•\   VMs will have the computer name of the VM the image was taken from. You should change the computer name to avoid collisions.

•\   The osProfile is how some sensitive information is passed to the VM, using secrets. This may cause issues using KeyVault, WinRM, and other functionality that uses secrets in the osProfile. In some cases, you can use Managed Service Identities (MSI) to work around these limitations.