Quick look at the Azure Shared Image Gallery

When it comes to server deployment, companies often have the custom virtual machine images and templates. I want to share more about a not widely known feature, called the Azure Shared Image Gallery, which helps customer managing, sharing and deploying custom images in Azure.

Today, Azure allows you to create virtual machines ether stored from Images in the Marketplace, or your own custom managed images. These are great, if you want to quickly create a customized image to use to deploy other virtual machines.

However, there are some challenges today, and customers are asking for:

  • Easier organization of custom managed images
  • Move custom images to another regions
  • Deploy virtual machines based on a custom managed image in different subscriptions
  • Creating a lot of Instances form custom managed Images without performance impact

To address these requests, the Azure team announced a new feature in public preview at Microsoft Ignite 2018, called the Shared Image Gallery. The Shared Image Gallery makes the custom management of images easier in Azure. It does not create a new imaging solution, but it extends the custom managed image capabilities for easier management, sharing, and deploying at scale.

One of the main reasons to use the Shared Image Gallery is easier management and organization of custom managed images. The image gallery builds a hierarchy introducing three new resource types and the existing Managed Image type.

Shared Image Gallery - Management.png
Shared Image Gallery Management hierarchy
  • Managed image – A Managed Image is created from a generalized . It can be used to deploy as an image for new virtual machines. In the concept of SIG, it can be used to create an image version in an image gallery.
  • Shared Image Gallery – The Image Gallery is the repository for sharing and managing images.
  • Image Definition – Definition of the image, like image type, Windows or Linux, release notes, and minimum and maximum memory requirements.
  • Image Version – The version of the image.

All these resources can be shared with users, service principal or an group using Role Based Access Control (RBAC). Images in the Shared Image Gallery can now be deployed in all Azure subscriptions within the same tenant, where the identity has enough permissions.

Shared Image Gallery - RBAC.png
Azure Shared Image Gallery RBAC

This also allows organizations to delegate the management of specific image definitions and images to a team. Think about the internal SQL team, which manages the managed image for the companies on IaaS deployment. They can now have access to update and modify their specific image, without having access to other images.

Images cannot only be shared with different users over different subscriptions, images can also be over different Azure regions. This allows organizations to replicate each shared image version to different regions depending on what makes sense for your organization.

Share Image Gallery - Replication.png
Azure Shared Image Gallery Replication

Today the Shared Image Gallery can be created in the following regions:

  • West Central US
  • East US 2
  • South Central US
  • Southeast Asia
  • West Europe
  • West US
  • East US
  • Canada Central

Images can be to all public Azure regions. (To replicate to Australia Central and Australia Central 2 you need to have your subscription whitelisted.)

If you have deployed managed images in scale before, you might have experienced throttling and the performance decrease which comes with this. In Shared Image Gallery you can now create multiple replicas of images to reducing the chance of instance creation processing being throttled. This is especially useful when deploying a large set of VMs or working with Virtual Machine Scale Sets (VMSS).

Here is a quick example of creating a Shared Image Gallery with all the steps included to create an image definition, image version and attach a managed image. If you want to give it a quick try, I recommend that you try out Azure Cloud Shell.

Register Shared Image Gallery Feature

Shared Image Gallery is currently in public preview, you will need to register the feature first.

Register-AzProviderFeature -FeatureName GalleryPreview -ProviderNamespace Microsoft.Compute
Register-AzResourceProvider -ProviderNamespace Microsoft.Compute

Create a Shared Image Gallery

Next you can create a new Shared Image Gallery in Azure. Remember, the Image Gallery needs to be in the same region as the managed images you want to add to it. You can replicate these later to different regions.

$resourceGroup = New-AzResourceGroup `
   -Name 'TomCorpImageGallery-rg' `
   -Location 'West Europe'
$gallery = New-AzGallery `
   -GalleryName 'TomCorpGallery' `
   -ResourceGroupName $resourceGroup.ResourceGroupName `
   -Location $resourceGroup.Location `
   -Description 'Shared Image Gallery for Thomas Maurer Corp.'

Create an Image Definition

The image definition describes the image it self.

$galleryImage = New-AzGalleryImageDefinition `
   -GalleryName $gallery.Name `
   -ResourceGroupName $resourceGroup.ResourceGroupName `
   -Location $gallery.Location `
   -Name 'TomsImageDefinition' `
   -OsState generalized `
   -OsType Windows `
   -Publisher 'TomCorp' `
   -Offer 'myOffer' `
   -Sku 'mySKU'

Get managed image which you want to add

If you don't have created a custom managed image, you can follow these steps on the Azure Docs.

### List managed images

### Get the managed image
$managedImage = Get-AzImage `
   -ImageName 'InternalIT-WindowsServer2019' `
   -ResourceGroupName 'managedimages-rg'

Create an Image Version

You can now create the image version and define the replication. In this example I have one in West Europe and two replicas in South Central US. This can take a couple of minutes, especially if you replicate the image to other regions.

$region1 = @{Name='West Europe';ReplicaCount=1}
$region2 = @{Name='South Central US';ReplicaCount=2}
$targetRegions = @($region1,$region2)
$job = $imageVersion = New-AzGalleryImageVersion `
   -GalleryImageDefinitionName $galleryImage.Name `
   -GalleryImageVersionName '1.0.0' `
   -GalleryName $gallery.Name `
   -ResourceGroupName $resourceGroup.ResourceGroupName `
   -Location $resourceGroup.Location `
   -TargetRegion $targetRegions  `
   -Source $managedImage.Id.ToString() `
   -PublishingProfileEndOfLifeDate '2020-01-01' `

Create a VM from Shared Image Gallery

After the creation and replication of the image definition is done. You can now start using the image to deploy new virtual machines.

New-AzVm `
   -ResourceGroupName "tomvmsfromimage-rg" `
   -Name "myVMfromImage" `
   -Image $imageVersion.Id `
   -Location "West Europe" `
   -VirtualNetworkName "myImageVnet" `
   -SubnetName "myImageSubnet" `
   -SecurityGroupName "myImageNSG" `
   -PublicIpAddressName "myImagePIP" `
   -OpenPorts 3389

I hope this post gave you a quick introduction into the Azure Shared Image Gallery feature. If you want to know more about it, check out the Shared Image Gallery documentation

and check out the video from Kay Singh (Senior PM Microsoft Azure) session about the Shared Image Gallery at Microsoft Ignite 2018.


This article was originally published by Microsoft's ITOps Talk Blog. You can find the original article here.