Issue with "Add Desktop Image" Wizard and Trusted Launch

Avatar
Robin K.

Problem
The "Add Desktop Image" Wizard is not that good and intuitive to operate and use it. 

Description

Hi Nerdio Support,
(Nerdio Manager for Enterprise Version: 7.3.3.2)

I have an issue with the "Add Desktop Image" wizard when trying to create "New from Azure library". I think there is a general cosmetic issue inside, as it is already there for months and multiple versions or better to say, it is since we use Nerdio. So I guess it is reproducible in every Nerdio environment. The Support Team told me this is not an issue or incident, it works as designed and described. But this is not that good designed in my point of view. 
Therefor I raise it here again.

Whenever I want to create a new Desktop Image (or in my eyes a "Desktop Image VM" would be a better name) it does not let me configure it for Security Type: "Trusted launch" which I definitely want to use. This option is grayed out for me and not select-able.

The hovering hint is giving reasons, like always good to have it in the Nerdio Manger, but in this case it is not comprehensible to me.
First it says only possible at Gen2 VMs which means the "VM Generation Support" should be Generation 2. But this is nothing I can configure in this wizard and by default Nerdio seems to take Gen2 anyhow. And the next listed requirements I can completely not follow. Trusted launch is a virtual machine property or ability, how is this related with a (perhaps later created) image gallery or the geo-distribution of it?
I know that "Trusted launch" is also an attribute of an "VM image definition" so the image. But this is a second step and story in my eyes, if I want to create an image out of this device later or not. For sure the developers of Nerdio had a reason for this but I don't get it.

In my usual working scenarios I first create the image master VM and later, if this was running well, I decide if it is getting captured for an image or not. We have some steps we do in between to this image master VM before capturing the image of it.

Anyhow Microsoft currently announces that Trusted launch will become default switched on:
https://learn.microsoft.com/en-us/azure/virtual-machines/trusted-launch#preview-trusted-launch-as-default

 

My current annoying workaround
--------------------------------------------
As soon as I just switch ON the toggle switch below "Geographic distribution & Azure compute gallery" I'm allowed to set the "Trusted launch" (then I can also Enable Secure Boot and Enable vTPM) and switch it back OFF. I also set the tick for "Do not create image object" (as mentioned I will do later on demand). And then I'm ready to go and get a VM with "Trusted launch" enabled and later also the resulting images get this.

Please enhance or repair this wizard. 
Thanks in advance!
 

Additional topics related to this "Add Desktop Image" wizard or from:

-------------------------------------------------------------------------------------------

  1. You cannot select "Run the following scripted actions" when you ticked "Do not create image object". This is suitable as these actions are running on the clone and not at the Desktop Image VM itself. But I want to extend the HDD and do other scripted actions when creating a Desktop Image VM, during its creation. So it results in "manual" tasks for me (to trigger these scripted actions) after creation of the VM.
  2. "Run scripted actions" is not possible at Desktop Image VM, just for the clone sysprep device. That is a missing function/feature, too.

  3. There exists a change log for the images which you can fill when creating images/new image versions. So usually I write in there what I changed in this image version. But it seems that this change log is bound the Desktop Image VM, not the image version. I would expect that there is a direct link or reference from the comment to the exact image version, so that I can later read, what was in this image version. This is not designed this way. 

    As next it would be good if the change log entry (written during image creation process) would be set as a “tag” in azure to the image version. This way it would be 100% linked and visible from every view what is inside this image or what was the latest change to it.

Number 1. and 2. points to the same lack of functionality or options (… to further automate my work).
 

Vision

Would be nice to have the points above enhanced to simplify my work and make this wizard more ergonomic and closer to my working scenario.
Perhaps it would be better to treat the whole “Desktop Images” menu more in the perspective of the Desktop Image VM's instead of having the view that it is just about images. Because you are operating and managing VM's there as a base, not only images that are captured from it (or its temporary clones) .

3

Comments (3 comments)

Sort by
1
Avatar
Marek Sokół

I already had huge issues in my environment because having images with “enabled trusted lunch” with workaround you described.

It works much better to initially created standard image when using "skip image creation".

On the next step use "Trusted launch supported".

As a result, Image will be not trusted lunch enabled, but you can create from this image VM with trusted lunch enabled.

Using that method all “strange” issues I faced are gone now.

0
Avatar
Carl Long
Thank you for your feature request—your input helps shape our roadmap.

Next steps:
     • We will review your request and update its status as it moves through the evaluation process.
     • If we need more details, we'll reach out in the comments.

We also welcome additional feedback and votes from the community.
0
Avatar
Robin K.
(Edited )

Thanks to Marek for your advice.

Is there an Update from Nerdio Carl?

Please sign in to leave a comment.