Home / Blog

Working with Azure Image Builder

Jason Li
Sr. Software Development Engineer
Skilled Angular and .NET developer, team leader for a healthcare insurance company.
March 17, 2021

Azure Image Builder

Cloud migration is the norm amongst businesses that handle a vast amount of data on a daily basis. Standardized Virtual Machine (VM) images allow business enterprises for performing cloud migration while ensuring apt consistency in deployments. These images typically comprise predefined security as well as configuration settings with the use of necessary software. However, setting up an image pipeline requires time as well as infrastructure & setup. Azure Image Builder simplifies the whole process as one just needs to provide a configuration describing your image and submit it to the service. The image gets built & distributed.

Azure VM Image Builder works with a Windows or Linux-based Azure Marketplace image along with various existing custom images. It allows you in adding your own customizations as well. As the image builder is built on HashiCorp Packer, there are some similarities. It has the benefits of mhanaged services. One can specify the place for your images to be hosted in the Azure Shared Image Gallery, as a managed image or a VHD.

How does Azure Image Builder work?

As mentioned, the Azure VM Image Builder, a fully managed Azure Service, is accessible by an Azure Resource Provider. Just provide a configuration to the service that specifies: a source image, customizations to perform, and where the new image is to be distributed to. The template configurations get passed using ARM templates. PowerShell, and Azure VM Image Builder DevOps Task. An Image Template Resource gets created when you submit the images to the service. Subsequently, you observe a Staging Resource Group created in your subscription. This Staging Resource Group contains all files & scripts referenced in the File, Shell, and PowerShell with customization in the ScriptURl property.

For running the build, invoke RUN on the Image Template Resource. The service deploys additional resources for the build such as a VM, Network, and Disk among others. When the Build finishes, all resources get deleted except for the Staging Resource Group & the storage account. To remove these, just delete the Image Template Resource or leave them there to run the build again.

Working with Azure Image Builder

A major benefit of Azure Image Builder is that one can dynamically generate as well as customize the Azure Virtual Machines. Virtual machines are a part of cloud infrastructure since the early days of AWS (Amazon Web Services) and Azure. They play a key role in bringing familiar workloads to the cloud. This allows existing applications & skillsets to lift and shift from on-premises to a global-scale platform.

Our data centres are engaging with virtual infrastructures while running on hyper-converged hardware. Here on, dense computing and virtual storage, act as a connection between various traditional architectures as well as cloud-native environments. Nowadays the cloud platforms can provide serverless functions while offering more effective PaaS; a more familiar IaaS business model remains significant.

Virtual Infrastructures & VM Images

As is known, a well-designed virtual infrastructure built on common images gets used as a foundation for various applications & services. It ultimately simplifies both management as well as maintenance. A standardized image is perfect for finding the apt security & configuration settings along with defining common policies as well as software installations. The process takes both discipline & time while developing your image creation pipeline and also during the training of developers as well as administrators.

It's important for ensuring the images in repositories to be used meet the right standards. Otherwise, it ends up adding unexpected weaknesses to the security model. It is mandatory that you quickly respond to user demands for all custom images.

Increased demand for images does cause a novel problem. Time is taken for its development as well as its customization. Automating the process is of essence & bake it into the continuous delivery pipeline. This ensures that applications get built & deployed on the latest images. The novel approach allows you to kick-start a shift to idempotent infrastructures, tying virtual infrastructures for builds & deployments. It is important to ensure that every change to an application gets deployed with a complete, secure, and tested infrastructure.

A Preview to Azure Image Builder

The general launch of Azure Image Builder, originally scheduled for the fourth quarter of 2020, is currently delayed. As mentioned, the Azure Image Builder gets built on HashiCorp Open-Source Packer Image Creation Tool. It is integrated into the Azure Command-Line & focuses on building Linux as well as Windows Azure Virtual Machines. Packer produces both VMware & Hyper-V images for cloud architectures such as AWS, Google Cloud Platform, and Azure. Microsoft focuses on creating Hyper-V images with ample support for Gen1 VMs. This works for both Azure as well as on-premises Azure Stack instances.

Although the preview does not have all planned features, it helps with building & managing your library of images automatically. One can start by using it to design baseline images that get modified & deployed once configured properly. It patches images as updates-release, which ensures that your library is up-to-date and that deployments have the latest security updates.

Things start getting interesting when Azure Image Builder gets integrated with an existing DevOps environment. With Desired State Configurations (DSC), one can set lower limits on configurations so that you have base-level security & features get better only with a systems-update. Options are there to integrate with any existing build-pipeline, which ensures that the changes to images are automatically deployed to repositories.

Designing VM Images from Code

vm images

Microsoft helps you in working with most of the currently supported Azure-based VM OS. This includes long-term support Ubuntu Releases, SUSE Linux Enterprise Server, and Windows Server 2016 & 2019. It simplifies support & you can use this to go from a custom OS image to application containers as part of the migration from on-premises to cloud-native. The process gets done through the Azure-hosted virtual infrastructure. The code runs on supported host OS in Azure-managed Kubernetes.

While working with AIB, it's important to get the Image Builder permissions right. Azure uses the managed identities for accessing resources. One needs to set up the appropriate permissions across various resource groups using an identity tag in the templates. An identity is created in the Azure CLI or PowerShell with appropriate permissions for creating, managing and distributing images.

Behind the scenes, the service is based around a JSON image template, which is deployed & managed in the Azure CLI. The service defines the VM image & its capabilities that gets stored as an artefact in an Azure Resource Group. Once a template is in place, Azure Image Builder downloads the source files for a VM image along with any scripts needed for designing the image.

As expected, the design & build process is not free. There are various costs to compute, network, and storage resources. Most of the costs accumulate from storage & network as you deploy images across multiple regions. Images get stored in a Shared Image Gallery that is replicated globally. The applications get configured using ARM templates to build on these images. The high availability & targeted regional distribution minimizes the time needed for deploying an image.

Get started with predefined image templates

To get started with Azure Image Builder, Microsoft provides sample image templates in a GitHub repository. These images should help you get started with a mix of ready-to-run quick starts & parameterized ARM templates for Image Builder. The latest templates are easiest to customize although it's probably best, to begin with, quick starts for understanding how to design & use these image templates.

Once you have all the image templates in place, configure the Image Builder for delivering images as required. Then, you can start building them into the DevOps pipelines thereby triggering a VM image build as part of your application design. Thus, you become ready to inject application files and deploy either to a test or a production environment.

The above-said approach changes the way, a code is designed forcing you to re-think what a virtual infrastructure is & how you interact with it. Dynamic image generation forms a logical part of any infrastructure-as-code approach to DevOps. Making it part of the IaaS model of Azure encourages more development teams for deploying infrastructures as part of every build.


Azure Image Builder helps with cloud migration that helps businesses handle the data that needs processing & analysis for its evolution. The Image Builder consistently helps design those standardized virtual machine images that work wonders with cloud migrations as well as the DevOps processes. Microsoft Azure Image Builder ultimately simplifies the whole process of cloud integration through the development of images and giving options to incorporate with much-needed services.