Skip to main content

Did you know about Azure VM Applications feature?

What is VM Applications

Azure Compute Gallery now includes the existing Shared Image Gallery (SIG) service and the new VM Applications features and additional capabilities. 

With VM Applications, you can now define application packages, replicate, share and deploy them automatically to your VMs and Virtual Machine Scale Sets using ARM templates, the portal, CLI, or PowerShell. Add an application to a VM or VMSS at creation, or add, remove, and update applications on existing resources.

This feature provides flexibility and simplicity in managing, sharing, and deploying applications. Some features include:

  • Provides custom configuration of applications at deployment time
  • Require applications or specific versions through DeployIfNotExist policies
  • Create multiple replicas per region for reliability
  • Limit which VMs and VM scale sets can install an application

And this does not charge you anything extra for the service. Its only charge you for the storage. Even though this is sounds interesting for you, keep in mind this feature a is still in preview and not production ready yet. Also, there are heaps of other limitations. I’m pretty sure MS Engineering team will come back with solutions in future for sure

Some limitations

  • No more than 3 replicas per region: When creating a VM Application version, the maximum number of replicas per region is three.
  • Retrying failed installations: Currently, the only way to retry a failed installation is to remove the application from the profile, then add it back.
  • Only 5 applications per VM: No more than 5 applications may be deployed to a VM at any point.
  • 1GB application size: The maximum file size of an application version is 1GB.
  • No guarantees on reboots in your script: If your script requires a reboot, the recommendation is to place that application last during deployment. While the code attempts to handle reboots, it may fail.
  • Requires a VM Agent: The VM agent must exist on the VM and be able to receive goal states.
  • Multiple versions of same application on the same VM: You can't have multiple versions of the same application on a VM.

Let see How to deploy this feature.

To get on with this solution you need an Azure Compute Gallery present (previously known as shared image gallery). If you already have one you are good to go. If not create one as per this

Step 1

First Step is to create an Application Definition (VM application definitions are created within a gallery and carry information about the application and requirements for using it internally. This includes the operating system type for the VM application versions contained within the application definition.)

Using GUI

New VM Application Definition

Optional Attributes

Using PowerShell

Use the below code to create application image definition

$applicationName = myApp
New-AzGalleryApplication `
-ResourceGroupName $rgName `
-GalleryName $galleryName `
-Name $applicationName `
-SupportedOSType Linux `
-Description "Backend Linux application for finance."

Step 2

Using GUI

Browse the image definition you created above and create a version of the image.

Few things to highlight in here

  1. Image exe/msi file need to be saved in a storage account which can be accessed via both VM and image gallery
  2. When writing the install script you need to consider the package location in the VM as below

The download location of the application package and the configuration files are:  

  • Linux: /var/lib/waagent/Microsoft.CPlat.Core.VMApplicationManagerLinux/<appname>/<app version>
  • Windows: C:\Packages\Plugins\Microsoft.CPlat.Core.VMApplicationManagerWindows\1.0.4\Downloads\<appname>\<app version>

The install/update/remove commands should be written assuming the application package and the configuration file are in the current directory.

You can all add a custom configuration file with the application. But in my case I'm doing a basic installation of the application

During this demo I'm only going keep the application in one region. But if you need you can replicate up to 3 regions as of now.

And then just hit Create.

Using Powershell

use the below code and update it with your own parameters.

$version = 1.0.0
New-AzGalleryApplicationVersion `
-ResourceGroupName $rgName `
-GalleryName $galleryName `
-GalleryApplicationName $applicationName `
-Name $version `
-PackageFileLink "https://<storage account name><containder name>/<filename>" `
-Location "East US" `
-Install myApp.exe /silent `
-Remove myApp.exe /uninstall `

Once the deployment is complete

Let see How to Apply to a Virtual Machine

You can attach this application either to a new VM or to a Existing Virtual Machine

New VM

Simply try to create a new virtual machine in the advance section you can select this preview feature

Existing VM

As of now there is no option for us to install the application to a existing VM using GUI. Instead you can use below powershell to add the application

$vm = Get-AzVM -ResourceGroupName $rgname -Name myVM
$vmapp = Get-AzGalleryApplicationVersion `
-ResourceGroupName $rgname `
-GalleryName $galleryname `
-ApplicationName $applicationname `
-Version $version

$vm = Add-AzVmGalleryApplication `
-VM $vm `
-Id $vmapp.Id

Update-AzVm -ResourceGroupName $rgname -VM $vm

My Views on this new feature

To be honest. this feature is not yet ready to be used. and also there are other methods to install application in a VM ( Easy and Proven methods) Seems to me this feature is some what replication is one component of SCCM.

This will bring the same complexity of managing application versions. In the other had if you are trying to move away from your on prem infrastructure this feature will come in very handy when this goes live.

For more details and updates


Popular posts from this blog

Deploying an Automation Account with a Runbook and Schedule Using Bicep

Introduction Automation is a key component in many organizations' cloud strategy. Azure Automation allows you to automate the creation, deployment, and management of resources in your Azure environment. In this post, we will walk through the process of deploying an Automation Account with a Runbook and Schedule using Bicep, a new domain-specific language for deploying Azure resources. Intention My intention at the  end is to run a PowerShell  script to start and shutdown Azure VMs based on tag values. PowerShell  script that I have used is from below l ink.  And two  of me   collogue s ( Michael Turnley   and Saudh Mohomad helped to modify the  PowerShell  script. Prerequisites Before we begin, you will need the following: An Azure subscription The Azure CLI installed on your machine. The Azure Bicep extension for the Azure CLI Creating the Automation Account The first step in deploying an Automation Account with a Runbook and Schedule is to create the Aut

Migrating Azure DevOps Variable Groups

Howdy Folks, I was working on an application modernization project. And there was a requirement to migrate application deployments from one project to another in Azure DevOps. deployment pipelines were heavily dependent on variable groups. So, we wanted to migrate these variables group to the new project. Couldn't find any solutions in internet for this, so came up with the below scripts. You can grab the scripts from the below GitHub URL. DaniduWeerasinghe911/Migrate-Azure-DevOps-Variable-Groups: This Repo Include PowerShell Scripts relating to Migrating Azure DevOps Variable Groups ( Azure DevOps Variable Groups Azure DevOps Variable Groups are a way to store and manage sets of variables that can be used across multiple pipelines in Azure DevOps. These variables can include secrets, connection strings, and other sensitive information that is needed for builds and releases. Variable Groups provide a centralized way to manage these variables and ensure that they are cons

Securing Azure Services with Fetian FIDO

Hey Folks  Here again with another security topic with Fetian Fido. And once again Fetian devices proved their excellent quality and stability. For this I choose Fetian K33 -  AllinPass FIDO Security Key – FEITIAN ( and  K39 -  Single-button FIDO Security Keys | FEITIAN ( Use case  In an organization following changes needs to be implemented.  1. Update the password policy 2. Update the user session time out to 30 minutes Once these changes being implemented, the following issues need to be addressed 1. Users' complaint new passwords need to be so long 2. Users complain sessions time out makes them work so much slower with the longer passwords 3. Etc... Solution  One of my friends reached out to me to help solve this problem. All I could think of was using passwordless auth with FIDO devices. We have decided to use Fido2 keys for better security and flexibility for the users. The FIDO (Fast IDentity Online) Alliance helps to promote open authentication stand