Create an Azure Shared Image Gallery using the portal

A Shared Image Gallery simplifies custom image sharing across your organization. Custom images are like marketplace images, but you create them yourself. Custom images can be used to bootstrap deployment tasks like preloading applications, application configurations, and other OS configurations.

The Shared Image Gallery lets you share your custom VM images with others in your organization, within or across regions, within an AAD tenant. Choose which images you want to share, which regions you want to make them available in, and who you want to share them with. You can create multiple galleries so that you can logically group shared images.

The gallery is a top-level resource that provides full role-based access control (RBAC). Images can be versioned, and you can choose to replicate each image version to a different set of Azure regions. The gallery only works with Managed Images.

The Shared Image Gallery feature has multiple resource types. We will be using or building these in this article:

Resource Description
Managed image A basic image that can be used alone or used to create an image version in an image gallery. Managed images are created from generalized VMs. A managed image is a special type of VHD that can be used to make multiple VMs and can now be used to create shared image versions.
Snapshot A copy of a VHD that can be used to make an image version. Snapshots can be taken from a specialized VM (one that hasn't been generalized) then used alone or with snapshots of data disks, to create a specialized image version.
Image gallery Like the Azure Marketplace, an image gallery is a repository for managing and sharing images, but you control who has access.
Image definition Images are defined within a gallery and carry information about the image and requirements for using it within your organization. You can include information like whether the image is generalized or specialized, the operating system, minimum and maximum memory requirements, and release notes. It is a definition of a type of image.
Image version An image version is what you use to create a VM when using a gallery. You can have multiple versions of an image as needed for your environment. Like a managed image, when you use an image version to create a VM, the image version is used to create new disks for the VM. Image versions can be used multiple times.

Important

Specialized images are currently in public preview. This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.

Known preview limitations VMs can only be created from specialized images using the portal or API. The is no CLI or PowerShell support for the preview.

Before you begin

To complete the example in this article, you must have an existing managed image of a generalized VM, or a snapshot of a specialized VM. You can follow Tutorial: Create a custom image of an Azure VM with Azure PowerShell to create a managed image, or Create a snapshot for a specialized VM. For both managed images and snapshots, the data disk size cannot be more than 1 TB.

When working through this article, replace the resource group and VM names where needed.

Sign in to Azure

Sign in to the Azure portal at https://portal.azure.com.

Note

If you registered to use Shared Image Galleries during the preview, you might need to re-register the Microsoft.Compute provider. Open Cloud Shell and type: az provider register -n Microsoft.Compute

An image gallery is the primary resource used for enabling image sharing. Allowed characters for Gallery name are uppercase or lowercase letters, digits, dots, and periods. The gallery name cannot contain dashes. Gallery names must be unique within your subscription.

The following example creates a gallery named myGallery in the myGalleryRG resource group.

  1. Select Create a resource in the upper left-hand corner of the Azure portal.
  2. Use the type Shared image gallery in the search box and select Shared image gallery in the results.
  3. In the Shared image gallery page, click Create.
  4. Select the correct subscription.
  5. In Resource group, select Create new and type myGalleryRG for the name.
  6. In Name, type myGallery for the name of the gallery.
  7. Leave the default for Region.
  8. You can type a short description of the gallery, like My image gallery for testing. and then click Review + create.
  9. After validation passes, select Create.
  10. When the deployment is finished, select Go to resource.

Create an image definition

Image definitions create a logical grouping for images. They are used to manage information about the image versions that are created within them. Image definition names can be made up of uppercase or lowercase letters, digits, dots, dashes and periods. For more information about the values you can specify for an image definition, see Image definitions.

Create the gallery image definition inside of your gallery. In this example, the gallery image is named myImageDefinition.

  1. On the page for your new image gallery, select Add a new image definition from the top of the page.
  2. For Image definition name, type myImageDefinition.
  3. For Operating system, select the correct option based on your source VM.
  4. For VM generation, select the option based on your source VM. In most cases, this will be Gen 1. For more information, see Support for generation 2 VMs.
  5. For Operating system state, select the option based on your source VM. For more information, see Generalized and specialized.
  6. For Publisher, type myPublisher.
  7. For Offer, type myOffer.
  8. For SKU, type mySKU.
  9. When finished, select Review + create.
  10. After the image definition passes validation, select Create.
  11. When the deployment is finished, select Go to resource.

Create an image version

Create an image version from a managed image. In this example, the image version is 1.0.0 and it's replicated to both West Central US and South Central US datacenters. When choosing target regions for replication, remember that you also have to include the source region as a target for replication.

Allowed characters for image version are numbers and periods. Numbers must be within the range of a 32-bit integer. Format: MajorVersion.MinorVersion.Patch.

The steps for creating an image version are slightly different, depending on whether the source is a generalized image or a snapshot of a specialized VM.

Option: Generalized

  1. In the page for your image definition, select Add version from the top of the page.
  2. In Region, select the region where your managed image is stored. Image versions need to be created in the same region as the managed image they are created from.
  3. For Name, type 1.0.0. The image version name should follow major.minor.patch format using integers.
  4. In Source image, select your source managed image from the drop-down.
  5. In Exclude from latest, leave the default value of No.
  6. For End of life date, select a date from the calendar that is a couple of months in the future.
  7. In Replication, leave the Default replica count as 1. You need to replicate to the source region, so leave the first replica as the default and then pick a second replica region to be East US.
  8. When you are done, select Review + create. Azure will validate the configuration.
  9. When image version passes validation, select Create.
  10. When the deployment is finished, select Go to resource.

It can take a while to replicate the image to all of the target regions.

Option: Specialized

  1. In the page for your image definition, select Add version from the top of the page.
  2. In Region, select the region where your snapshot is stored. Image versions need to be created in the same region as the source they are created from.
  3. For Name, type 1.0.0. The image version name should follow major.minor.patch format using integers.
  4. In OS disk snapshot, select the snapshot from your source VM from the drop-down. If your source VM had a data disk that you would like to include, select the correct LUN number from the drop-down, and then select the snapshot of the data disk for Data disk snapshot.
  5. In Exclude from latest, leave the default value of No.
  6. For End of life date, select a date from the calendar that is a couple of months in the future.
  7. In Replication, leave the Default replica count as 1. You need to replicate to the source region, so leave the first replica as the default and then pick a second replica region to be East US.
  8. When you are done, select Review + create. Azure will validate the configuration.
  9. When image version passes validation, select Create.
  10. When the deployment is finished, select Go to resource.

We recommend that you share access at the image gallery level. The following walks you through sharing the gallery that you just created.

  1. Open the Azure portal.
  2. In the menu at the left, select Resource groups.
  3. In the list of resource groups, select myGalleryRG. The blade for your resource group will open.
  4. In the menu on the left of the myGalleryRG page, select Access control (IAM).
  5. Under Add a role assignment, select Add. The Add a role assignment pane will open.
  6. Under Role, select Reader.
  7. Under assign access to, leave the default of Azure AD user, group, or service principal.
  8. Under Select, type in the email address of the person that you would like to invite.
  9. If the user is outside of your organization, you will see the message This user will be sent an email that enables them to collaborate with Microsoft. Select the user with the email address and then click Save.

If the user is outside of your organization, they will get an email invitation to join the organization. The user needs to accept the invitation, then they will be able to see the gallery and all of the image definitions and versions in their list of resources.

Create VMs

Now you can create one or more new VMs. This example creates a VM named myVM, in the myResourceGroup, in the East US datacenter.

  1. Go to your image definition. You can use the resource filter to show all image definitions available.
  2. On the page for your image definition, select Create VM from the menu at the top of the page.
  3. For Resource group, select Create new and type myResourceGroup for the name.
  4. In Virtual machine name, type myVM.
  5. For Region, select East US.
  6. For Availability options, leave the default of No infrastructure redundancy required.
  7. The value for Image is automatically filled with the latest image version if you started from the page for the image definition.
  8. For Size, choose a VM size from the list of available sizes and then choose Select.
  9. Under Administrator account, if the image was generalized, you need to provide a username, such as azureuser and a password. The password must be at least 12 characters long and meet the defined complexity requirements. If your image was specialized, the username and password fields will greyed out because the username and password for the source VM are used.
  10. If you want to allow remote access to the VM, under Public inbound ports, choose Allow selected ports and then select RDP (3389) from the drop-down. If you don't want to allow remote access to the VM, leave None selected for Public inbound ports.
  11. When you are finished, select the Review + create button at the bottom of the page.
  12. After the VM passes validation, select Create at the bottom of the page to start the deployment.

Clean up resources

When no longer needed, you can delete the resource group, virtual machine, and all related resources. To do so, select the resource group for the virtual machine, select Delete, then confirm the name of the resource group to delete.

If you want to delete individual resources, you need to delete them in reverse order. For example, to delete an image definition, you need to delete all of the image versions created from that image.

Next steps

You can also create Shared Image Gallery resource using templates. There are several Azure Quickstart Templates available:

For more information about Shared Image Galleries, see the Overview. If you run into issues, see Troubleshooting shared image galleries.