Import Images from the Azure Library
Nerdio Manager allows you to import a desktop image from the Azure library into a Workspace.
To import an image from the Azure library:
Navigate to Desktop Images.
Select Add from Azure library.
-
Enter the following information:
Note: For several of the required parameters, you may filter the available choices by using the Resource Selection Rules. For example, you may filter the VM Size or OS Disk choices for Intel RAM-optimized VMs only. See Resource Selection Rules Management for details.
- Name: Type the desktop image's name.
Description: Type the description.
-
Network: From the drop-down list, select the network to which the VM connects.
Note: The VM is created in the Azure region associated with the network.
-
Azure Image: From the drop-down list, select the desired image.
Note: Select the image based on the Windows OS supported by AVD. EVD = Enterprise Virtual Desktop (aka Windows 10 multi-session). Office Pro Plus contains a pre-installed Office 365 version of Pro Plus that is activated as users with appropriate licensing sign in to the desktop.
VM Size: From the drop-down list, select the size.
OS Disk: From the drop-down list, select the disk.
Resource Group: From the drop-down list, select the resource group to contain the network interface cards of the VM.
-
Security type: From the drop-down list, select the security option that best suits your desktop image VM.
Note:
Standard is set by default. Additional security options are only available for generation 2 VMs with the Geographic distribution & Azure compute gallery option enabled.
-
The Trusted launch and Confidential virtual machines security options help improve the security of Azure generation 2 virtual machines. However, additional security features they provide also have some limitations, such as the lack of support for backup, managed disks, and ephemeral OS disks. To learn more, see:
Secure Boot: Select this option to enable Secure Boot, which helps protect your VMs against boot kits, rootkits, and kernel-level malware.
vTPM: Select this option to enable Virtual Trusted Platform Module (vTPM), which is TPM 2.0 compliant and validates your VM boot integrity apart from securely storing keys and secrets.
Integrity Monitoring: Select this option to enable cryptographic attestation and verification of VM boot integrity along with monitoring alerts if the VM didn't boot because the attestation failed with the defined baseline.
-
OS State: From the drop-down list, select the OS state.
Note:
Generalized images have had the machine and user-specific information removed by running a command on the VM.
Specialized images have not been through the process to remove machine and user-specific information.
Join to AD: Deselecting this means the VM is not joined to AD during the creation process. This prevents AD GPOs from applying to the image before it is created. Be sure to specify local administrator credentials below to be able to connect to the VM, since it won't be a member of the AD domain.
-
Do not create image object: Select this option to only create a desktop image VM but not create an image object.
Note: You need to create the image object. Select Power off and set as image after the VM is created before this desktop image can be used for session host creation. If you skip image creation, you can make changes to the VM before it is converted to an image.
-
Skip removal of local profiles: Select this option to bypass this step and not remove local user profiles before running Sysprep.
Note: During the image creation process, Nerdio Manager removes all local user profiles. This increases the likelihood of Sysprep success. Selecting this option bypasses this step. If there are any partially installed APPX apps on the image VM, Sysprep will fail to remove them.
Enable time zone redirection: Select this option to enable time zone redirection on the image. This allows each user to see their local device's time zone inside of their AVD desktop session.
Set time zone: Select this option to set the time zone of the VM and then, from the drop-down list, select the time zone.
-
Install MSIX app attach certificates: Select this option to install all the stored certificates on the VM, if applicable.
Note: To view the stored certificates, navigate to MSIX App Attach > Certificates.
Optimize disk type when desktop image is stopped: Select this option to downgrade the OS disk type when the desktop image is stopped in order to save money. When the VM starts, the OS disk type are changed back to the selected one.
Provide custom credentials for a local administrator user: Toggle this option on to enter the username and password.
-
Geographic distribution & Azure compute gallery: Select this option to store the image in Azure Compute Gallery and automatically distribute it to the selected Azure regions.
-
Azure Compute Gallery: From the drop-down list, select an existing Azure Compute Gallery or create a new one.
Note: Only one Azure Computer Gallery can be selected. The existing Azure Compute Gallery must be in a linked resource group in the same Azure subscription as the image VM.
-
Azure Regions: From the drop-down list, select Azure regions where the Desktop Image version should be replicated.
Note: The current Azure region must be part of the selection.
Custom (Stack HCI) Locations: From the drop-down list, select custom locations where the desktop image should be replicated.
-
Replica Count (Per Region): Type number of replicas per region.
Note: Azure Compute Gallery replicas support a maximum of 20 concurrent clone operations per replica. Ensure that the number of replicas specified meets your deployment requirements. Up to 100 replicas per region are supported. Replicas may only be deployed within the same subscription.
-
-
Run the following scripted actions: Toggle this option on to specify the scripts that run during creation.
Notes:
Windows scripts are executed via the Azure Custom Script extension and run in the context of LocalSystem account on the clone of the desktop image VM before it is Sysprep'ed. These commands do not run on the image VM itself.
Azure runbooks are executed via the Azure automation account and run in the context of Nerdio Manager app service principal.
Several variables are passed to the script and can be used in the PowerShell commands.
-
If necessary, provide the required parameters. For example:
-
Applications Management: Toggle this option on to specify the applications to deploy during creation.
-
Applications: In the applications list, select Add new application, and then from the drop-down list, select the application to include in this policy.
Notes:
You may add as many applications as desired.
Drag and drop an application in the list to change its order on the list.
Select the "X" next to an application to remove it from the list.
Install/Uninstall: Select whether the deployment policy should install or uninstall the selected applications.
Reboot after installation: Select this option to place the host in drain mode and restart it when no sessions are present.
Show favorites only: Select this option to only display applications marked as favorites. Otherwise, you may search the list of applications.
-
-
Apply tags: Optionally, type the Name and Value of the Azure tag.
Note: You may specify multiple tags. The specified tags are applied to image VM, OS disk, network interface, image object, and Azure Compute Gallery image. See this Microsoft article for details about using tags to organize your Azure resources.
-
Once you have entered all the desired information, select OK.
The desktop image is created. This may take up to an hour to complete.
Comments (0 comments)