Blog Post

ITOps Talk Blog
4 MIN READ

Quick look at the Azure Shared Image Gallery

thomasmaurer's avatar
thomasmaurer
Icon for Microsoft rankMicrosoft
Feb 19, 2019

When it comes to server deployment, companies often have the custom virtual machine images and templates. I want to share more about a not widely known feature, called the Azure Shared Image Gallery, which helps customer managing, sharing and deploying custom images in Azure.

Today, Azure allows you to create virtual machines ether stored from Images in the Marketplace, or your own custom managed images. These are great, if you want to quickly create a customized image to use to deploy other virtual machines.

 

However, there are some challenges today, and customers are asking for:

  • Easier organization of custom managed images
  • Move custom images to another regions
  • Deploy virtual machines based on a custom managed image in different subscriptions
  • Creating a lot of Instances form custom managed Images without performance impact

To address these requests, the Azure team announced a new feature in public preview at Microsoft Ignite 2018, called the Shared Image Gallery. The Shared Image Gallery makes the custom management of virtual machine images easier in Azure. It does not create a new imaging solution, but it extends the custom managed image capabilities for easier management, sharing, and deploying at scale.

 

Management

One of the main reasons to use the Shared Image Gallery is easier management and organization of custom managed images. The image gallery builds a hierarchy introducing three new resource types and the existing Managed Image type.

 

Shared Image Gallery Management hierarchy

  • Managed image – A Managed Image is created from a generalized virtual machine. It can be used to deploy as an image for new virtual machines. In the concept of SIG, it can be used to create an image version in an image gallery.
  • Shared Image Gallery – The Image Gallery is the repository for sharing and managing images.
  • Image Definition – Definition of the image, like image type, Windows or Linux, release notes, and minimum and maximum memory requirements.
  • Image Version – The version of the image.

Sharing

All these resources can be shared with Azure AD users, service principal or an AAD group using Role Based Access Control (RBAC). Images in the Shared Image Gallery can now be deployed in all Azure subscriptions within the same Azure AD tenant, where the identity has enough permissions.

 

Azure Shared Image Gallery RBAC

This also allows organizations to delegate the management of specific image definitions and images to a team. Think about the internal SQL team, which manages the managed image for the companies SQL Server on IaaS deployment. They can now have access to update and modify their specific image, without having access to other images.


Images cannot only be shared with different users over different subscriptions, images can also be replicated over different Azure regions. This allows organizations to replicate each shared image version to different regions depending on what makes sense for your organization.

 

 

Azure Shared Image Gallery Replication

 

Today the Shared Image Gallery can be created in the following regions:

  • West Central US
  • East US 2
  • South Central US
  • Southeast Asia
  • West Europe
  • West US
  • East US
  • Canada Central

Images can be replicated to all public Azure regions. (To replicate to Australia Central and Australia Central 2 you need to have your subscription whitelisted.)

 

Scale

If you have deployed managed images in scale before, you might have experienced throttling and the performance decrease which comes with this. In Shared Image Gallery you can now create multiple replicas of images to reducing the chance of instance creation processing being throttled. This is especially useful when deploying a large set of VMs or working with Virtual Machine Scale Sets (VMSS).

 

Getting Started with Shared Image Gallery using Azure PowerShell

Here is a quick example of creating a Shared Image Gallery with all the steps included to create an image definition, image version and attach a managed image. If you want to give it a quick try, I recommend that you try out Azure Cloud Shell

 

Register Shared Image Gallery Feature

Shared Image Gallery is currently in public preview, you will need to register the feature first.

 

 

Register-AzProviderFeature -FeatureName GalleryPreview -ProviderNamespace Microsoft.Compute
Register-AzResourceProvider -ProviderNamespace Microsoft.Compute

 

Create a Shared Image Gallery

Next you can create a new Shared Image Gallery in Azure. Remember, the Image Gallery needs to be in the same region as the managed images you want to add to it. You can replicate these later to different regions.

 

$resourceGroup = New-AzResourceGroup `
   -Name 'TomCorpImageGallery-rg' `
   -Location 'West Europe'  
$gallery = New-AzGallery `
   -GalleryName 'TomCorpGallery' `
   -ResourceGroupName $resourceGroup.ResourceGroupName `
   -Location $resourceGroup.Location `
   -Description 'Shared Image Gallery for Thomas Maurer Corp.'

 

Create an Image Definition

The image definition describes the image it self.

 

$galleryImage = New-AzGalleryImageDefinition `
   -GalleryName $gallery.Name `
   -ResourceGroupName $resourceGroup.ResourceGroupName `
   -Location $gallery.Location `
   -Name 'TomsImageDefinition' `
   -OsState generalized `
   -OsType Windows `
   -Publisher 'TomCorp' `
   -Offer 'myOffer' `
   -Sku 'mySKU'

 

Get managed image which you want to add

If you don’t have created a custom managed image, you can follow these steps on the Azure Docs.

 

### List managed images
Get-AzImage

### Get the managed image
$managedImage = Get-AzImage `
   -ImageName 'InternalIT-WindowsServer2019' `
   -ResourceGroupName 'managedimages-rg'

 

Create an Image Version

You can now create the image version and define the replication. In this example I have one replica in West Europe and two replicas in South Central US. This can take a couple of minutes, especially if you replicate the image to other regions.

 

$region1 = @{Name='West Europe';ReplicaCount=1}
$region2 = @{Name='South Central US';ReplicaCount=2}
$targetRegions = @($region1,$region2)
$job = $imageVersion = New-AzGalleryImageVersion `
   -GalleryImageDefinitionName $galleryImage.Name `
   -GalleryImageVersionName '1.0.0' `
   -GalleryName $gallery.Name `
   -ResourceGroupName $resourceGroup.ResourceGroupName `
   -Location $resourceGroup.Location `
   -TargetRegion $targetRegions  `
   -Source $managedImage.Id.ToString() `
   -PublishingProfileEndOfLifeDate '2020-01-01' `
   -asJob

 

Create a VM from Shared Image Gallery

After the creation and replication of the image definition is done. You can now start using the image to deploy new virtual machines.

 

New-AzVm `
   -ResourceGroupName "tomvmsfromimage-rg" `
   -Name "myVMfromImage" `
   -Image $imageVersion.Id `
   -Location "West Europe" `
   -VirtualNetworkName "myImageVnet" `
   -SubnetName "myImageSubnet" `
   -SecurityGroupName "myImageNSG" `
   -PublicIpAddressName "myImagePIP" `
   -OpenPorts 3389

 

 

I hope this post gave you a quick introduction into the Azure Shared Image Gallery feature. If you want to know more about it, check out the Shared Image Gallery documentation

and check out the video from Kay Singh (Senior PM Microsoft Azure) session about the Shared Image Gallery at Microsoft Ignite 2018.

Updated Feb 19, 2019
Version 7.0
azure
powershell
Windows Server
  • recklessop's avatar
    recklessop
    Copper Contributor
    May 08, 2019

    I have a custom freebsd vm (pfsense) that I would love to use the shared image gallery for.  I use this VHD to deploy many lab environments, and it cannot be generalized. 

     

    Will there ever be support for non-generalized images?