Creating a gallery image for Azure marketplace

Create a gallery image for
Azure Marketplace
Alexey Bokov
@abokov

Contents
• Seller dashboard
• Publish dashboard
• Create Virtual Machines for Marketplace

Getting started : there’s a marketplace

And one more : vmdepot.msopentech.com
Not really a
marketplace
But repo for “open
sourced” VMs

Publishing offer: how it works
1. Company registration as a seller with Microsoft
• Completed in the Microsoft Seller Dashboard
• Once you register your company, you can continue working in parallel while the verification of your registration is
completed by the Seller Dashboard team
2. Build and certify VM image
• This step and all subsequent steps are completed in the Azure Publishing Portal
3. Create offer, input marketing content, and define pricing in Publishing Portal
4. Test in staging and go-live
Seller portal : Used to register the company information once.
Publisher portal : Used to publish and manage the offer.
Microsoft Azure Marketplace Publication Guidelines : aka.ms/am-guideline

sellerdashboard.microsoft.com
Microsoft Seller Dashboard
• Used to register the company information once.
• The registrant must be a valid representative of the company, and must provide their
personal information as a way to validate their identity.
• The person registering must use a Microsoft Account that is shared for the company,
and the same account must be used in the Azure Publishing Portal.

publish.windowsazure.com
Azure Publishing Portal
• Used to publish and manage the offer.
• The same company Microsoft Account that was used in the Seller Dashboard
registration must be used here.
• Additional users can be added to assist once the master publisher account has been
created.

Create Virtual Machine for Marketplace
Terminology:
• SKU (StockKeeping Unit) means VM Image
• VM Image contain OS disk + some amount of data disks ( may be zero ) –
for each disk it own VHD is required ( even for empty data disk ).
• VHD means Virtual Hard Disk
• VHDx means another Hyper-V format, not supported by Azure. There’s
Convert-VHD tools for make conversion between formats.

Add offer
1. Log in to the Publishing Portal (publish.windowsazure.com)
using your seller account.
2. Enter the Virtual Machines tab of the Publishing Portal. In the
prompted entry field, enter your offer name, and create. Under
seller account, enter your namespace.
3. Add any other administrators you want to be able to work with
the publishing portal.

Define SKU
1. Add a SKU. It will require an identifier, which will be used in the
URL. This will need to be unique within your Publishing Profile,
but there is no risk of identifier collision with other publishers.
2. Add a summary description for your SKU. This will be read by
humans in the UX, so it is advised to make it easily readable.
This information does not need to be locked until "Push to
Staging". Until then, you are free to edit it.
3. If you are using Windows-based SKUs, follow the suggested
links to acquire the approved versions of Windows Server.

Common thoughts
1. Your VM image (aka SKU) should works on all existing ( and future) VM sizes – from
A0 ( one shared CPU core, 0.75 GB RAM) up to G5 (32 CPU cores, 448 GB RAM ).
2. Data disks can be as large as 1 TB. Data disk VHDs should be created as a fixed
format VHD, but also be sparse.
3. When deciding on the disk size, please keep in mind that end users cannot resize
VHDs within an image.
4. Data disks can be empty or contain data

What’s next
1.Create Linux VHD
2.Create Windows VHD
3.Register VHD in publisher portal
4.Certify it

Create Linux VM
1. VHD
2. Azure Linux agent ( waagent ) and required libs/packages
3. Kernel and Logical Volume Manager (LVM)
4. Network and SSH daemon
5. Security tips
6. Generalize image
Note: if you use image from Gallery like ‘official Ubuntu’ – just to step 6 ( as soon as
image is already well prepared )

1. Create Linux VM : VHD
1. Linux OS VHD: The Linux OS VHD in your VM Image should be created as a 30GB —
50GB fixed format VHD.
2. No, It cannot be less than 30GB. If the physical size is less than VHD size, the VHD
should be sparse.
3. Linux VHDs larger than 50GB will be considered on a case by case basis.
Documentation : aka.ms/linux-vhd

2. Create Linux VM: waagent and libs
1. The Azure Linux agent (waagent) provides key functions for deploying Linux IaaS deployment in
Azure, such as image provisioning and networking capabilities.
2. You can get this agent from repos ( RPM or Deb packages ) : aka.ms/linux-distros
3. Source code: github.com/Azure/WALinuxAgent
1. Copy 'waagent' file to /usr/sbin
2. chmod 755 /usr/sbin/waagent; /usr/sbin/waagent install
3. Agent config is placed here: /etc/waagent.conf
4. Read manual
4. Check latest Linux Integration Services (LIS) driver is installed, current v4.0: aka.ms/lis-v4
5. Magical Kernel Patch for Azure I/O ( usually included in latests distros, take care about non-listed
kernels )
6. Python 2.6+ and pyasn1 ( Abstract Syntax Notation v1) package
7. OpenSLL v1.0+
Azure Linux Agent user guide: aka.ms/waagent-guide

3. Create Linux VM: Kernel and LVM
1. OS has to be placed on single root partition
2. SWAP space (if it needed ) can be created on the local resource disk with the Linux Agent
by enable swap in /etc/waagent.conf. It will automatically use the resource disk (which
comes with every VM) to create the swap. There's no need to create a disk for it. More
info : bokov.net/weblog/azure/configure-linux-in-azure
3. Serial console output must be always enabled even if you not allow any SSH to your VM (
and our support may provide you output from serial console )
4. Add good enough timeout for mounting cloud based storage device
5. Add this to kernel boot line “console=ttyS0 earlyprintk=ttyS0 rootdelay=300”
6. Do not :
• Do not use LVM Logical Volume Manager
• Do not use swap on OS or data disk

4. Create Linux VM: network and SSH
1. We recommend enable SSH for the end user, add keep live into sshd_config
by ClientAliveInterval settings - acceptable range of ClientAliveInterval is 30 to
235, recommended 180.
2. Networking configuration should use ifcfg-eth0 file and manage it via the
ifup/ifdown
3. Make sure that network device is brought up on boot and uses DHCP
4. Do not:
• Do not install Network Manager package - it conflicts with waagent.
• No custom network configuration and resolv.conf file ( please “rm /etc/resolv.conf” ).
• Do not configure IPv6 – it’s not supported yet.

5. Create Linux VM: Security
1. Do classics : install all security patches for your distribution ( sudo apt-get update;sudo
apt-get upgrade) / follow distribution security guidelines / clean up bash history
2. Please take care about root - the image should not contain a root password (!!!!!!) –
delete it and check /etc/shadow and /etc/passwd.
3. Add firewall i.e. include iptables, but do not enable any rules – default expectation from
customer is that they may easily enable it right after VM is started.
4. Do not:
• Store your Azure account credentials on VM image (!!!!!)
• Do not create default accounts, which remain the same, across provisioning instances
• A lot of other stupid things

6. Create Linux VM: Generalize Image
1. OS VHD must be deprovisioned: “waagent deprovision”. This command does:
• Removes the nameserver configuration in /etc/resolv.conf
• Removes cached DHCP client leases
• Resets host name to localhost.localdomain
2. We recommend setting /etc/waagent.conf to ensure the following actions are also
completed:
• Remove all SSH host keys: Provisioning.RegenerateSshHostKeyPair='y'
• Remore root password from /etc/shadow : Provisioning.DeleteRootPassword='y‘

Example of /etc/waagent.conf
# Azure Linux Agent Configuration
Role.StateConsumer=None
Role.ConfigurationConsumer=None
Role.TopologyConsumer=None
Provisioning.Enabled=y
Provisioning.DeleteRootPassword=n
Provisioning.RegenerateSshHostKeyPair=y
Provisioning.SshHostKeyPairType=rsa
Provisioning.MonitorHostName=y
ResourceDisk.Format=y
ResourceDisk.Filesystem=ext4
ResourceDisk.MountPoint=/mnt/resource
ResourceDisk.EnableSwap=n
ResourceDisk.SwapSizeMB=0
LBProbeResponder=y
Logs.Verbose=n
OS.RootDeviceScsiTimeout=300
OS.OpensslPath=None
Azure Linux Agent user guide:
aka.ms/waagent-guide

Cool things Linux
1. Custom data and cloud-init – way to inject a script or other metadata into a Microsoft
Azure virtual machine at provision time:
bokov.net/weblog/azure/configure-linux-in-azure/
2. Non-endorsed Linux distros : aka.ms/another-linux

Create Windows VM
1.Choose base image
2.Run image
3.Customize VM using RDP and PowerShell
4.Configure
5.Generalize image

1. Create Windows VM: choose base image
1. The OS VHD for your VM Image must be based on a Microsoft
Azure-approved base image, containing Windows Server or SQL
Server.
2. To begin, create a VM from one of the following images, located at
the Microsoft Azure Portal (portal.azure.com):
1. Windows Server 2012 R2 Datacenter, 2012 Datacenter, 2008 R2 SP1
2. SQL Server 2014 Enterprise/Standard/Web
3. SQL Server 2012 SP2 Enterprise/Standard/Web
4. SQL Server 2008 R2 SP2 Enterprise/Standard/Web
5. These links can also be found in the Publishing Portal under the SKU page.
3. Main idea is that you may use Windows Server Images published
on September 8, 2014 and later.

1. Create Windows VM: choose base image
Current list of approved images in publish.windowsazure.com

2. Create Windows VM: run image
1. Actually what you do is create VM under Azure portal, that’s all.
2. Hints:
• Choose US-* region for deployment, it would helps during certification
process because when you will submit your image for certification
team
• Do all thing in cloud, create/customize/configure VM on-premise under
Hyper-V technically correct and will work if you follow documentation,
but we don’t recommend it in most cases. Reality is that using on-
premise for this purpose makes whole process much longer and brings
very hard-to-find issues when VM is finally goes to cloud.

3. Create Windows VM: Customize VM using
RDP and PowerShell
1. RDP is recommended way to develop on your VM.

3. Create Windows VM: Customize VM using
RDP and PowerShell
1. You can use powershell to access your VM (download RDP
file to c:tools
>>Get-AzureAccount
>>Get-AzureVM
>>Get-AzureRemoteDesktopFile -ServiceName "abokov-
ws2012DC" -Name "abokov-ws2012DC" -LocalPath
"C:toolsabokov-ws2012DC.rdp" ServiceName
Name

4. Create Windows VM: configure
1. The Windows OS VHD in your VM Image should be created as a 128 GB fixed format VHD. If
the physical size is less than 128GB, the VHD should be sparse. Base images of
recommended Windows Server are already meet this, just don’t charge defaults.
2. Install patches, especially critical and security
3. No configuration should rely on drives other than C: or D:, since these are the only two
drives that are always guaranteed to exist. C: is the OS disk and D: is the temporary local
disk.
4. Don’t keep your Azure credentials inside images

4. Create Windows VM: generalize
1. Windows images should be sysprep’ed - run command line ( not PowerShell! ), change
directory to “c:windowssystem32sysprep”
2. “sysprep.exe /generalize /oobe /shutdown”
3. Remote Desktop Connection will be closed immediately
4. Wait for generalize and shutdown…

4. Create Windows VM: generalize
When it finished – go to management panel for VHD URL

Deploy a VM from your generalized VHDs
1. Generalized OS VHD from Azure storage account can be registered as a user
VM Image with which to test. You cannot directly deploy the VM by providing
generalized VHD URL.
2. You need to use the Create VM Image Rest API to register VHDs as a VM
Image.
3. There’s two options for that: Invoke-WebRequest or Save-AzureVMIMage

Option 1 – Invoke-WebRequest# Image Parameters to Specify
$ImageName='myVMImage'
$Label='IMAGE_LABEL‘
$Description='My VM Image to Test'
$osCaching='ReadWrite'
$os = 'Windows'
$state = 'Generalized'
$osMediaLink = 'http://mystorageaccount.blob.core.windows.net/vhds/myOSvhd.vhd'
$dataCaching='None'
$lun='1'
$dataMediaLink='http://mystorageaccount.blob.core.windows.net/vhds/mydatavhd.vhd'
# Subscription Related Properties
$SrvMngtEndPoint='https://management.core.windows.net'
$subscription = Get-AzureSubscription -Current -ExtendedDetails
$certificate = $subscription.Certificate
$SubId = $subscription.SubscriptionId
$body =
"" + "" + $ImageName + "" + "" + $Label + "" + "" + $Description + "" +
"" +
"" + $osCaching + "" +"" + $state + "" +"" + $os + "" +"" + $osMediaLink + "" +
"" "" +
"" +"" + $dataCaching + "" + "" + $lun + "" +"" + $dataMediaLink + "" +
"" + "" + ""
$uri = $SrvMngtEndPoint + "/" + $SubId + "/" + "services/vmimages"
$headers = @{"x-ms-version" = "2014-06-01"}
$response = Invoke-WebRequest -Uri $uri -ContentType "application/xml" -Body $body -Certificate $certificate -Headers $headers -Method POST
if ($response.StatusCode -ge 200 -and $response.StatusCode -lt 300)
{ echo "Accepted" }
else { echo "Not Accepted" }

Option 2 - Save-AzureVMImage
Save-AzureVMImage –ServiceName “myServiceName” –Name “myVMtoCapture” –OSState
“Generalized” –ImageName “myAwesomeVMImage” –ImageLabel “This is my Virtual Machine Image” -Verbose

Generate SAS URI
1. The SAS URI created should adhere to the following requirements
• When generating SAS URIs for your VHDs, List and Read-Only permissions are sufficient. Do not provide
Write or Delete access.
• The duration for access should be a minimum of 7 business days from when the SAS URI is created.
• To avoid immediate errors due to clock skews, specify a time 15 minutes before the current time.
2. You can use AzureStorageExplorer tool : AzureStorageExplorer.codeplex.com

AzureStorageExplorer (add Storage account)

AzureStorageExplorer: generate SAS URI

AzureStorageExplorer: save SAS URI to publisher
portal

Certification process
This process includes running a special certification tool, uploading the
verification results to the Azure container where your VHDs reside,
adding an offer, defining your SKU, and submitting your VM Image for
certification.
1. Download Certification tool
2. Connect to your image
1. Linux : choose SSH authentication ( DNS + username/password)
2. Windows : use FQDN ( Fully Qualified Domain Name +
username/password )
3. Run tool
4. Send results to Microsoft (contact

Certification process – tests execution

Certification process – true anywhere

Certification process – report

Certification process – final step
More details: aka.ms/azure-cert

Summary
• There’s some formalities with registration
• Create VM based on VM images from Azure gallery is quite
easy
• Certification process took some time
• Nevertheless it might took time to make publishing,
keeping in touch with folks from Microsoft helps a LOT

Creating a gallery image for Azure marketplace

More Related Content

What's hot (19)

Viewers also liked (20)

Similar to Creating a gallery image for Azure marketplace (20)

More from Alexey Bokov (20)

Recently uploaded (20)

Creating a gallery image for Azure marketplace