Skip to main content

Did you know about Azure VM Applications feature?


What is VM Applications





Azure Compute Gallery now includes the existing Shared Image Gallery (SIG) service and the new VM Applications features and additional capabilities. 





With VM Applications, you can now define application packages, replicate, share and deploy them automatically to your VMs and Virtual Machine Scale Sets using ARM templates, the portal, CLI, or PowerShell. Add an application to a VM or VMSS at creation, or add, remove, and update applications on existing resources.





This feature provides flexibility and simplicity in managing, sharing, and deploying applications. Some features include:





  • Provides custom configuration of applications at deployment time
  • Require applications or specific versions through DeployIfNotExist policies
  • Create multiple replicas per region for reliability
  • Limit which VMs and VM scale sets can install an application




And this does not charge you anything extra for the service. Its only charge you for the storage. Even though this is sounds interesting for you, keep in mind this feature a is still in preview and not production ready yet. Also, there are heaps of other limitations. I’m pretty sure MS Engineering team will come back with solutions in future for sure





Some limitations





  • No more than 3 replicas per region: When creating a VM Application version, the maximum number of replicas per region is three.
  • Retrying failed installations: Currently, the only way to retry a failed installation is to remove the application from the profile, then add it back.
  • Only 5 applications per VM: No more than 5 applications may be deployed to a VM at any point.
  • 1GB application size: The maximum file size of an application version is 1GB.
  • No guarantees on reboots in your script: If your script requires a reboot, the recommendation is to place that application last during deployment. While the code attempts to handle reboots, it may fail.
  • Requires a VM Agent: The VM agent must exist on the VM and be able to receive goal states.
  • Multiple versions of same application on the same VM: You can't have multiple versions of the same application on a VM.




Let see How to deploy this feature.





To get on with this solution you need an Azure Compute Gallery present (previously known as shared image gallery). If you already have one you are good to go. If not create one as per this





Step 1





First Step is to create an Application Definition (VM application definitions are created within a gallery and carry information about the application and requirements for using it internally. This includes the operating system type for the VM application versions contained within the application definition.)





Using GUI





New VM Application Definition








Optional Attributes




Using PowerShell





Use the below code to create application image definition





$applicationName = myApp
New-AzGalleryApplication `
-ResourceGroupName $rgName `
-GalleryName $galleryName `
-Name $applicationName `
-SupportedOSType Linux `
-Description "Backend Linux application for finance."








Step 2





Using GUI





Browse the image definition you created above and create a version of the image.





Few things to highlight in here





  1. Image exe/msi file need to be saved in a storage account which can be accessed via both VM and image gallery
  2. When writing the install script you need to consider the package location in the VM as below




The download location of the application package and the configuration files are:  





  • Linux: /var/lib/waagent/Microsoft.CPlat.Core.VMApplicationManagerLinux/<appname>/<app version>
  • Windows: C:\Packages\Plugins\Microsoft.CPlat.Core.VMApplicationManagerWindows\1.0.4\Downloads\<appname>\<app version>




The install/update/remove commands should be written assuming the application package and the configuration file are in the current directory.





You can all add a custom configuration file with the application. But in my case I'm doing a basic installation of the application









During this demo I'm only going keep the application in one region. But if you need you can replicate up to 3 regions as of now.




And then just hit Create.





Using Powershell





use the below code and update it with your own parameters.





$version = 1.0.0
New-AzGalleryApplicationVersion `
-ResourceGroupName $rgName `
-GalleryName $galleryName `
-GalleryApplicationName $applicationName `
-Name $version `
-PackageFileLink "https://<storage account name>.blob.core.windows.net/<containder name>/<filename>" `
-Location "East US" `
-Install myApp.exe /silent `
-Remove myApp.exe /uninstall `




Once the deployment is complete









Let see How to Apply to a Virtual Machine





You can attach this application either to a new VM or to a Existing Virtual Machine





New VM





Simply try to create a new virtual machine in the advance section you can select this preview feature













Existing VM





As of now there is no option for us to install the application to a existing VM using GUI. Instead you can use below powershell to add the application





$vm = Get-AzVM -ResourceGroupName $rgname -Name myVM
$vmapp = Get-AzGalleryApplicationVersion `
-ResourceGroupName $rgname `
-GalleryName $galleryname `
-ApplicationName $applicationname `
-Version $version

$vm = Add-AzVmGalleryApplication `
-VM $vm `
-Id $vmapp.Id

Update-AzVm -ResourceGroupName $rgname -VM $vm




My Views on this new feature





To be honest. this feature is not yet ready to be used. and also there are other methods to install application in a VM ( Easy and Proven methods) Seems to me this feature is some what replication is one component of SCCM.





This will bring the same complexity of managing application versions. In the other had if you are trying to move away from your on prem infrastructure this feature will come in very handy when this goes live.





For more details and updates





https://docs.microsoft.com/en-gb/azure/virtual-machines/vm-applications


Comments

Popular posts from this blog

Updating Azure VM Data Disk Sizes

Summary Hope you are doing great, this time I came up with a simple azure DevOps solution for updating VM disk sizes. The current project that I'm in has a bunch of virtual machines. So, we need a way to update the VM disk with minimal administrative effort and changes.  In this scenario, we have used Bicep as the IAC language Azure DevOps pipelines YAML variable files  Here is the high-level workflow for a particular VM in the solution YAML Pipeline file got two workflows, firstly the VM build pipeline, and the second is the disk update one. If you focus on the green arrow and the purple arrow, basically I'm modifying the same bicep module file and passing the same set of variables. You may wonder why we cannot use the same flow to build the VM and update the disk later, that's because for the disk updates VM needs to be in a shutdown state, and other components in the 1st flow need the VM up and running especially the extension modules YAML Variable Files I have decided t

Deploying an Automation Account with a Runbook and Schedule Using Bicep

Introduction Automation is a key component in many organizations' cloud strategy. Azure Automation allows you to automate the creation, deployment, and management of resources in your Azure environment. In this post, we will walk through the process of deploying an Automation Account with a Runbook and Schedule using Bicep, a new domain-specific language for deploying Azure resources. Intention My intention at the  end is to run a PowerShell  script to start and shutdown Azure VMs based on tag values. PowerShell  script that I have used is from below l ink.  And two  of me   collogue s ( Michael Turnley   and Saudh Mohomad helped to modify the  PowerShell  script. Prerequisites Before we begin, you will need the following: An Azure subscription The Azure CLI installed on your machine. The Azure Bicep extension for the Azure CLI Creating the Automation Account The first step in deploying an Automation Account with a Runbook and Schedule is to create the Aut

Securing Azure Services with Fetian FIDO

Hey Folks  Here again with another security topic with Fetian Fido. And once again Fetian devices proved their excellent quality and stability. For this I choose Fetian K33 -  AllinPass FIDO Security Key – FEITIAN (ftsafe.com) and  K39 -  Single-button FIDO Security Keys | FEITIAN (ftsafe.com) Use case  In an organization following changes needs to be implemented.  1. Update the password policy 2. Update the user session time out to 30 minutes Once these changes being implemented, the following issues need to be addressed 1. Users' complaint new passwords need to be so long 2. Users complain sessions time out makes them work so much slower with the longer passwords 3. Etc... Solution  One of my friends reached out to me to help solve this problem. All I could think of was using passwordless auth with FIDO devices. We have decided to use Fido2 keys for better security and flexibility for the users. The FIDO (Fast IDentity Online) Alliance helps to promote open authentication stand