Welcome to the Custom Image Build Deployment guide! This guide will walk you through the process of deploying a custom image build solution for your Azure Virtual Desktop environment. By following these steps, you'll be able to create and deploy optimized and customized images for use with Azure Virtual Desktop.
Before you begin the deployment process, please ensure that you have met the following prerequisites:
- Subscription Requirements:
- Access to the Azure Virtual Desktop shared services Azure subscription with owner permissions.
- The Microsoft.VirtualMachineImages resource provider must be registered in the subscription to be used for deployment.
- ALZ Architecture Deployment: It is recommended (though not mandatory) to have already deployed an ALZ architecture using the template reference implementation available. You can find more information on deploying the ALZ architecture in your own environment at Deploying Enterprise-Scale Architecture in your own environment
- Disable Private Endpoint Network Policies: If you are using an existing virtual network,ensure that the private endpoint or private link services network policies are disabled. The deployment process will fail if these policies are enabled. You can find instructions on how to disable these policies in the following articles: Disable private endpoint network policy and Disable network policies for Private Link.
- URL Access for Virtual Network Subnet: The virtual network subnet used for deployment needs access to the following URLs:
This section covers the high-level steps for planning a Custom Image Build deployment and the decisions that need to be made. The deployment will use the Microsoft provided Bicep/PowerShell/Azure CLI templates from this repository and the customer provided configuration files that contain the system specific information.
This solution supports deployment into greenfield scenarios (no Azure Virtual Desktop Azure infrastructure components exist) or brownfield scenarios (some Azure Virtual Desktop Azure infrastructure components exist).
In the Greenfield scenario, there are no existing Azure infrastructure components. The automation framework will create the Custom Image Build solution in the desired Azure region. When a build is executed on the image template, all the required resources for the deployment and communication of the build VM will be provisioned. If you have security requirements that do not allow the deployment of public IP addresses, use the Brownfield deployment option instead.
In the Brownfield scenario, the automation framework will deploy the solution using an existing virtual network. Other existing resources may exist as well, like a log analytics workspace. For customers that cannot deploy public IP addresses, when an existing virtual network is specified, AIB relies on the Private Link service to download "customizers" to your build VM. This allows tighter security controls to be enforced in your environment without breaking the build process.
The templates and scripts need to be executed from an execution environment. Here are the available options:
Deployment Type | Link |
---|---|
Azure portal UI | |
Command line (Bicep/ARM) | |
Terraform |
The Custom Image Build creates a new image from the Azure marketplace in an Azure compute gallery, optimized, patched and ready to be used. This deployment is optional and you can customize to extend functionality, like adding additional scripts to further customize your images.
It is preferable to have a new subscription, adhering to the Azure Landing Zone guidance. However, the solution can also be deployed to an existing subscription. See Resource Organization for further information.
To get an overview of the Azure resources and organization created with this reference implementation, take a look at this diagram. The diagram illustrates an example using the following input values:
- Custom image deployment:
deploymentLocation
: East US 2sharedServicesSubId
: ID for Subscription name: Subscription Azure Virtual Desktop Shared ServicescustomNaming
: false
The accelerator incorporates built-in resource naming automation based on then Microsoft Cloud Adoption Framework (CAF) best practices for naming convention, the recommended abbreviations for Azure resource types and suggested tags.
To learn more about the resource naming conventions used in this accelerator, refer to the Naming Standard and Tagging page.
- Azure Virtual Desktop LZA - Custom image build - Deployment to build an updated image for your Azure Virtual Desktop session hosts.