Azure Virtual Desktop (AVD)

WVD Golden image Customization and updates using Shared Image Gallery

Table of Contents

Each host pool consists of multiple session hosts, running as virtual machines in Azure and registered to the Windows Virtual Desktop service. Each host pool also consists of one or more app groups that are used to publish remote desktop and remote application resources to users. Creating host pool can be with predefined image from azure marketplace or using Shared Image Gallery repository.

Organizations use Custom Images to implement their security controls and configurations, pre-install their IT applications for users. After creating a custom image there are updates and application requirement which will require image update and changes.

To update the custom image, we have to create a disk with the snapshot (before Sysprep) to be our source for the next image update. Then we can create a new VM from using created disk.

 

Step 1: Create a managed disk from previous created Snapshot

Open Create a managed disk blade

  • Subscription: Select the subscription where the new disk will be created.
  • Resource group: Create a new resource group or use an existing one.
  • Disk name: Enter a name for the Restored Disk
  • Region: Select the (Region) where you want to create the host pool.
  • Availability Zone: (1,2,3)
  • Source Type: Select the snapshot created in previous article (Azure Shared Image Gallery and Windows Virtual Desktop)
  • Disk Size: Select Disk Size for the OS Disk.

Click Review + create

 

Step 2: Create VM from the created Managed Disk

Now new Managed Disk have been created, its time to create a VM from the created Managed Disk.

Click Go to resource


Then Click Create VM


  • Subscription: Select the subscription where the new disk will be created.
  • Resource group: Create a new resource group or use an existing one.
  • Virtual machine name: Enter a name for the Restored Master virtual machine (Ex. Az-WVD-MTR-02)
  • Region: Select the (Region) where you want to create the host pool.
  • Availability Zone: (1,2,3)
  • Source Type: Select the snapshot created in previous article (Azure Shared Image Gallery and Windows Virtual Desktop)
  • Size: Select VM Size (Ex. D2s_V3)
  • License Type: Windows Client


Under Inbound port rules, choose Allow selected ports and then select RDP (3389) from the drop-down.


Leave the Default Setting for the Disk


Click Next: Networking and Set your Network Configuration.


Click Next: Management

Set Boot diagnostics to off


Click Next: Tags

Set Your Tags and click Review + create


Last review your Virtual Machine Configuration and Click Create to Create


 

Step 3: Connect to virtual machine

Deployment complete, lets login to the VM and start our customization.

  1. Click Go to resource

  1. Select the Connect button on the overview page for your virtual machine.
  2. In the Connect to virtual machine page, keep the default options to connect by IP address, over port 3389, and click Download RDP file.
  3. Open the downloaded RDP file and click Connect when prompted.

 

Step 4: Make a disk Snapshot and VM Capture

After completing our changes and customization on the newly created Master Virtual Machine, we have to create a snapshot by repeating:

 

Step 5: Versioning and grouping of images for easier management.

After capture the VM would be better to Add a new version to the image in the Shared Image Gallery

  1. Open
    Shared image galleries blade
    and
    Click on the created SIG for WVD


  1. Select the custom image created earlier


  1. Click on Add Version


  • Subscription: Select the subscription where the new disk will be created.
  • Resource group: Create a new resource group or use an existing one.
  • Region: Select the (Region) where you want to create the image version.
  • Name (version number): allowed characters are digit and period. (Ex 0.0.1, 15.35.0)
  • Source Type: Select Managed Image
  • Source Image: Select the Master Image that we just created using Step 3 (Creating a Virtual Machine Capture)

Click Review + create


 

Step 6: Update WVD Host pool with the new Golden Image Version

Right now, there is no street forward update for the current hostpool session host with the new golden image version, hence we would have to create a new session host which will create new VMs (hosts) with the new image version and moving all users from current session to the new one by enabling drain mode on the old one (remote logons for new users are disabled. Users with an existing session may reconnect (in order to save their work and logoff). Users without an existing session are prevented from logging on)

 

Create a new session host

  1. Open
    Windows Virtual Desktop | Host pools blade
  2. Select your Host pool


  1. Click on Session Hosts


  1. Click on Add to add the new servers.


  1. We have to generate A registration key before adding a new VM to host pool



  1. After generate registration key lets add a new host.


  • Resource group: Create a new resource group or use an existing one.
  • Number of VMs: Enter the required number of VMs for the hostpool


  1. Click Create

Delete the old servers

Now we have a new host pool session host with the latest version on the created Golden image for WVD.

Last Step is Removing old session host by enabling drain mode on the old ones then deleting old server after confirming that no user are connected to as well as verify session host pool functionality.

 

NOTES: Once enabling drain mode

  1. Remote logons for new users are disabled
  2. Users with an existing session may reconnect (in order to save their work and logoff).
  3. Users without an existing session are prevented from logging on


Mahmoud A. ATALLAH

Microsoft MVP | Speaker | Azure Service Delivery Lead at Bespin Global MEA, helping customers build successful Azure practices. Talks about #AzureCloud and #AI

Recent Posts

Gitex – Ensuring a Secure & Scalable AI-powered Solution with Azure

In this session, we will explore the architecture and best practices for building secure and…

2 months ago

Part 4: Data Exfiltration Playbook – Azure WAF Security Lab

Introduction Welcome to our comprehensive series on Azure Web Application Firewall (WAF) security! In this…

4 months ago

Part 3: Vulnerability Exploitation Playbook – Azure WAF vs XSS

Introduction Welcome to the third installment of our Azure Web Application Firewall (WAF) Security Lab…

4 months ago

Part 2: Reconnaissance Playbook – Testing Azure WAF Protection

Introduction Welcome to the second installment of our Azure Web Application Firewall (WAF) Security Lab…

5 months ago

Part 1: Lab Setup – Building Your Azure WAF Testing Environment

Introduction Welcome to the first installment of our four-part Azure Web Application Firewall (WAF) Security…

5 months ago

Azure Web Application Firewall: A Hands-on Security Lab Series

Introduction In today's digital landscape, protecting web applications from sophisticated attacks is crucial. Azure Web…

5 months ago