Create a virtual machine using an approved base

This article describes how to use Azure to create a virtual machine (VM) containing a pre-configured, endorsed operating system. If this isn't compatible with your solution, it's possible to create and configure an on-premises VM using an approved operating system.

Note

Before you start this procedure, review the technical requirements for Azure VM offers, including virtual hard disk (VHD) requirements.

Select an approved base Image

Select one of the following Windows or Linux images as your base.

Windows

Linux

Azure offers a range of approved Linux distributions. For a current list, see Linux on distributions endorsed by Azure.

Create VM on the Azure portal

  1. Sign in to the Azure portal.

  2. Select Virtual machines.

  3. Select + Add to open the Create a virtual machine screen.

  4. Select the image from the dropdown list or select Browse all public and private images to search or browse all available virtual machine images.

  5. To create a Gen 2 VM, go to the Advanced tab and select the Gen 2 option.

    Select Gen 1 or Gen 2.

  6. Select the size of the VM to deploy.

    Select a recommended VM size for the selected image.

  7. Provide the other required details to create the VM.

  8. Select Review + create to review your choices. When the Validation passed message appears, select Create.

Azure begins provisioning the virtual machine you specified. Track its progress by selecting the Virtual Machines tab in the left menu. After it's created, the status of Virtual Machine changes to Running.

Configure the VM

This section describes how to size, update, and generalize an Azure VM. These steps are necessary to prepare your VM to be deployed on Azure Marketplace.

Connect to your VM

Refer to the following documentation to connect to your Windows or Linux VM.

Install the most current updates

The base images of operating system VMs must contain the latest updates up to their published date. Before publishing, ensure you updated the OS and all installed services with all the latest security and maintenance patches.

  • For Windows Server, run the Check for Updates command.
  • For Linux distributions, updates are commonly downloaded and installed through a command-line tool or a graphical utility. For example, Ubuntu Linux provides the apt-get command and the Update Manager tool for updating the OS.

Perform additional security checks

Maintain a high level of security for your solution images in Azure Marketplace. For a checklist of security configurations and procedures, see Security Recommendations for Azure Marketplace Images.

Perform custom configuration and scheduled tasks

If you need additional configuration, use a scheduled task that runs at startup to make final changes to the VM after it has been deployed. Also consider the following:

  • If it is a run-once task, the task should delete itself after it successfully completes.
  • Configurations should not rely on drives other than C or D, because only these two drives are always guaranteed to exist (drive C is the operating system disk and drive D is the temporary local disk).

For more information about Linux customizations, see Virtual machine extensions and features for Linux.

Generalize the image

All images in Azure Marketplace must be reusable in a generic fashion. To achieve this, the operating system VHD must be generalized, an operation that removes all instance-specific identifiers and software drivers from a VM.

For Windows

Windows OS disks are generalized with the sysprep tool. If you later update or reconfigure the OS, you must run sysprep again.

Warning

After you run sysprep, turn the VM off until it's deployed because updates may run automatically. This shutdown will avoid subsequent updates from making instance-specific changes to the operating system or installed services. For more information about running sysprep, see Generalize a Windows VM.

For Linux

  1. Remove the Azure Linux agent.
    1. Connect to your Linux VM using an SSH client.
    2. In the SSH window, enter this command: sudo waagent –deprovision+user.
    3. Type Y to continue (you can add the -force parameter to the previous command to avoid the confirmation step).
    4. After the command completes, enter Exit to close the SSH client.
  2. Stop virtual machine.
    1. In the Azure portal, select your resource group (RG) and de-allocate the VM.
    2. Your VM is now generalized and you can create a new VM using this VM disk.

Capture image

Note

The Azure subscription containing the Azure Compute Gallery must be under the same tenant as the publisher account in order to publish. Also, the publisher account must have at least Contributor access to the subscription containing Azure Compute Gallery.

Once your VM is ready, you can capture it in an Azure Compute Gallery (formerly know as Shared Image Gallery). Follow the below steps to capture:

  1. On Azure portal, go to your Virtual Machine’s page.
  2. Select Capture.
  3. Under Share image to Azure Compute Gallery, select Yes, share it to a gallery as an image version.
  4. Under Operating system state select Generalized.
  5. Select a Target image gallery or Create New.
  6. Select a Target image definition or Create New.
  7. Provide a Version number for the image.
  8. Select Review + create to review your choices.
  9. Once the validation is passed, select Create.

Set the right permissions

If your Partner Center account is the owner of the subscription hosting an Azure Compute Gallery, nothing further is needed for permissions.

If you only have read access to the subscription, use one of the following two options.

Option one – Ask the owner to grant owner permission

Steps for the owner to grant owner permission:

  1. Go to the Azure Compute Gallery.
  2. Select Access control (IAM) on the left panel.
  3. Select Add, then Add role assignment.
    The add role assignment window is shown.
  4. For Role, select Owner.
  5. For Assign access to, select User, group, or service principal.
  6. For Select, enter the Azure email of the person who will publish the image.
  7. Select Save.

Option Two – Run a command

Ask the owner to run either one of these commands (in either case, use the SusbscriptionId of the subscription where you created the Azure Compute Gallery).

az login
az provider register --namespace Microsoft.PartnerCenterIngestion --subscription {subscriptionId}
Connect-AzAccount
Select-AzSubscription -SubscriptionId {subscriptionId}
Register-AzResourceProvider -ProviderNamespace Microsoft.PartnerCenterIngestion

Note

You don’t need to generate SAS URIs as you can now publish an Azure Compute Gallery Image on Partner Center. However, if you still need to refer to the SAS URI generation steps, see How to generate a SAS URI for a VM image.

Next steps

  • Recommended next step: Test your VM image to ensure it meets Azure Marketplace publishing requirements. This is optional.
  • If you don't want to test your VM image, sign in to Partner Center to publish your image.
  • If you encountered difficulty creating your new Azure-based VHD, see VM FAQ for Azure Marketplace.