Copy Azure Compute Gallery Image Versions between Azure Clouds, Tenants, and Subscriptions

Published May 17 2022 06:00 AM 1,301 Views
Microsoft

Summary

When creating images in Azure, Microsoft's best practice is to store those images in an Azure Compute Gallery. This service provides version control and replicas to allow organizations to easily manage their virtual machine deployments at scale. Images may be useful in one subscription, tenant, or Azure cloud, but customers tend to expand their footprint. For example, compliance requirements or global scaling dictates the need for expanded capacity across multiple Azure clouds, tenants, or subscriptions. While an Azure Compute Gallery allows you to share Image Versions across subscriptions, sharing can impact an Image Version. Questions may arise about cost or utilization. Who in the organization owns the charges for the images? Should one entity within an organization own the charges for that image and its replicas? Will deployments scale well if other entities within your organization run deployments simultaneously? The ability to copy an Azure Compute Gallery Image Version between Azure clouds, tenants, and subscriptions addresses these concerns.

 

Audience

This document is intended primarily for Azure engineers and administrators that are responsible for deployments and operational practices.

 

Scope

This solution will copy an Image Version from a Compute Gallery in one Azure cloud, tenant, or subscription to a Compute Gallery in another Azure cloud, tenant, or subscription.

 

Diagram.png

 

Requirements

  • Valid Azure Subscription
  • Proper RBAC access on the Azure resources
    • Compute Gallery in source and target subscriptions
    • Create, grant access, and remove Managed Disks
    • Deploy and administer an Azure Virtual Machine
  • Basic knowledge of Azure infrastructure
    • Virtual Machines
    • Virtual Networks
    • Managed Disks
    • Compute Gallery
  • Basic understanding of PowerShell and running scripts

 

Pre-Implementation Validation

Deploy a virtual machine using the Image Version in the source Compute Gallery to ensure the image is functional.

 

Implementation Steps

There are several factors to consider when migrating an image version such as network capacity, storage capacity, and security. Use the steps below to minimize the time and effort while addressing capacity and security concerns:

 

  1. Using the Azure Portal, deploy a Windows virtual machine in the source or target Azure cloud, tenant, or subscription. Estimated time: 4 minutes. NOTE: It does not make a difference between the target or source since access across Azure clouds, tenants, or subscriptions is available using Azure PowerShell. For my testing, I chose the following virtual machine properties:
    • VM Size: Standard_D4ds_v5
    • OS: Windows 10 Enterprise 21H2
    • Disk SKU: Premium SSD
    • Accelerated Networking: Enabled
  2. Stop the virtual machine. Estimated time: 1 minute.
  3. Resize the OS disk to fit the OS and Image Version that you will download to the disk. Estimated time: 20 seconds. NOTE: The OS requires roughly 18GB and most Windows Marketplace images require 127GB.
  4. Start the VM. Estimated time: 1 minute.
  5. Connect to the VM over RDP. Estimated time: 40 seconds (using Bastion).
  6. Open Disk Management, extend the "Windows C:" volume to use the full disk, and close the window. Estimated time: 20 seconds.
  7. Open PowerShell as an Administrator. Estimated time: 25 seconds.
  8. Install the “AZ” module. Estimated time: 4 minutes. NOTE: The two scripts you will run in the upcoming steps will require the AZ module. Also, you will be prompted to install the NuGet provider and to trust the PowerShell Gallery. Be sure to select "Yes" on the prompts or you will be unable to complete the following steps.
    Install-Module AZ
  9. Connect to the Azure subscription that contains the source Image Version. Estimated Time: 1 minute.
    Connect-AzAccount -Environment <Azure-Cloud-Name> -Tenant <Tenant-ID> -Subscription <Subscription-ID>
  10. Download the Export-AzureComputeGalleryImageVersion script from my GitHub repository onto your Azure VMEstimated Time: 1 minute. NOTE: The file will be blocked by default.  Open the file’s properties, select “unblock”, and click “OK”.
  11. Run the script to download the Compute Gallery Image Version to a VHD on your VM. Estimated Time: 25 minutes. NOTE: The “Get-AzStorageBlobContent” cmdlet used in this script optimizes the download speed using multiple internet connections.
    .\Export-AzureComputeGalleryImageVersion.ps1 -ComputeGalleryDefinitionName <Image-Definition-Name> -ComputeGalleryName <Compute-Gallery-Name> -ComputeGalleryResourceGroupName <Resource-Group-Name> -ComputeGalleryVersion <Image-Version-Name>
  12. Disconnect from the source Azure subscription. Estimated Time: 10 seconds.
    Disconnect-AzAccount
  13. Connect to the target Azure subscription. Estimated Time: 2 minutes.
    Connect-AzAccount -Environment <Azure-Cloud-Name> -Tenant <Tenant-ID> -Subscription <Subscription-ID>
  14. Download the Import-AzureComputeGalleryImageVersion script from my GitHub repository onto your Azure VM. Estimated Time: 1 minute. NOTE: The file will be blocked by default.  Open the file’s properties, select “unblock”, and click “OK”.
  15. Run the script to upload the VHD to a Compute Gallery Image Version. Estimated Time: 28 minutes. NOTE: The “Add-AzVhd” cmdlet used in this script optimizes the upload speed and has MD5 hash validation built-in.
    .\Import-AzureComputeGalleryImageVersion.ps1 -ComputeGalleryDefinitionName <Image-Definition-Name> -ComputeGalleryName <Compute-Gallery-Name> -ComputeGalleryResourceGroupName <Resource-Group-Name> -ComputeGalleryVersion <Image-Version-Name> -ImageOffer <Image-Offer> -ImagePublisher <Image-Publisher> -ImageSku <Image-SKU> -ImageState <Image-State> -VhdFilePath <File-Path-to-VHD>
  16. Disconnect from the Azure subscription. Estimated Time: 10 seconds.
    Disconnect-AzAccount
  17. Using the Azure Portal, delete the VM. Estimated Time: 3 minutes.

 

Post Implementation Validation

Once both scripts have completed without an error, the Image Version will exist in your target Compute Gallery. The script cleans up the Managed Disks that are created as part of the process. To validate the copy of your Image Version, deploy a virtual machine using the Image Version in the target Compute Gallery to ensure the image is functional.

 

Conclusion

While there are other ways and tools to perform this task, this method is the least risk adverse. If you have any feedback, please leave it below. If you have any suggestions to make the scripts better, please leave an issue on my GitHub repository or submit a pull request with your updates.

 

Move to Azure efficiently with customized guidance from Azure engineering: FastTrack for Azure – Benefits and FAQ | Microsoft Azure

3 Comments
Version history
Last update:
‎May 16 2022 08:09 PM
Updated by: