Skip to main content
Version: 2024.1

Azure VM From Gallery Image 2G Deployment Path Attributes

The following attributes would be used to define the Azure VM From Gallery Image 2nd Gen:

AttributeDescription
Cloud ProviderName of the Azure cloud provider resource to be used
Shared Image GalleryName of the shared image gallery to be used to create a VM. The image gallery is listed in the Shared image galleries blade of the Azure portal.
Image DefinitionThe image definition is listed in the Image definitions blade of the Azure portal.
Image VersionName of the image version to be used to create Azure VMs. Use "latest" if version is unavailable.
Shared Gallery Resource GroupResource group in which the shared image gallery resides.
Shared Gallery Image Subscription IDThe subscription ID of the shared image gallery. Use "current" if not set.
VM Size

(Optional) Size of the Microsoft Azure computing resources, including CPU, memory and networking capacity of the VM. Leave it empty to use the default VM Size that was set in the cloud provider resource. For example: "Standard_A1_v2”.

important

For Azure Apps that will run configuration management operations, specify a VM size of Standard_A2_v2 or larger.

For additional information, see the Azure help page Sizes for virtual machines in Azure or use Azure CLI to get a list of your region's supported sizes.

Disk Type

Type of disk to use for the VM's operating system.

  • Standard HDD
  • Standard SSD
  • Premium SSD
  • Standard SSD (zone-redundant storage)
  • Premium SSD (zone-redundant storage)
Disk Size

(Optional) Disk size (in GB) of the VM's operating system. For example, "17” or "35”.

If you leave it empty, CloudShell will determine the disk size according to the App's VM Size.

Data Disks

Semicolon-separated list of data disks that will be added to the VM.

The syntax is: disk_name:disk_size,disk_type

For example:

disk1:10;disk2:20,Premium SSD;disk3:20,Standard SSD (zone-redundant storage)

Supported disk types are:

  • Standard HDD (default)
  • Standard SSD
  • Premium SSD
  • Ultra SSD
  • Standard SSD (zone-redundant storage)
  • Premium SSD (zone-redundant storage)
License Type

Optionally apply an OS license you own to the VM.

Options are:

  • No License: None
  • Windows OS: Windows_Client
  • Windows Server OS: Windows_Server
  • Red Hat Enterprise Linux (RHEL): RJE:_BYOS
  • SUSE Linux Enterprise Server (SLES): SLES_BYOS
Enable Boot DiagnosticsEnable Boot diagnostics for the VM. For additional information, see Microsoft Docs' Azure boot diagnostics article.
Boot Diagnostics Storage AccountThe name of a storage account where boot diagnostic artifacts will be stored. Enter "Sandbox Storage" to use the storage account created by the sandbox. By default: the managed storage account is used if Enable Boot Diagnostics is enabled.
Resource Group Name(Optional) The name of the predefined resource group where the VM will be deployed. This resource group will contain all cloud resources created for the VM (such as network interfaces, security groups, disks and the VM itself). When the VM tears down, its cloud resources will be deleted from the resource group but the resource group will remain.
Add Public IP

Set to True to use a public IP address to communicate with the VM from outside the virtual network.

In most cases the public IP address is associated with the VM until the VM is stopped or terminated, after which the IP is no longer available. To ensure that the IP is available to your subscription at any time, reserve it by setting the Public IP Type attribute to Static.

Wait for IPDetermines if the App deployment process waits for the VM to get an IP. Default is False.
Extension Script File / Configuration

(Optional) Custom extension script (PowerShell, Python, batch, etc.) to execute on the deployed VM.

  • Extension Script File: Raw URL of the script file

  • Extension Script Configuration: Space-separated value containing the tool to be used to execute the script, such as Python or PowerShell, the script's file name and extension, and any inputs that need to be passed to the script. For example: python my_script.py input1 input2

    Notes

    • For non-PowerShell scripts, the tool to be used to execute the script must be installed on the VM.

    • For Linux VMs, you must specify the tool to be used. For Windows VMs, PowerShell is used by default, unless a different tool is specified.

    • Extension scripts are not supported on Kali Linux images in Azure Marketplace. To fix this issue, you will need to use a modified version of the Marketplace image:

      1. Deploy a VM based on the Kali Linux Marketplace image.

      2. Run the following command:

        sudo nano /usr/lib/python3/dist-packages/azurelinuxagent/common/osutil/factory.py

      3. Find the line:

        from .debian import DebianOSModernUtil

      4. Replace with:

        from .debian import DebianOSModernUtil,DebianOSBaseUtil

      5. Press [CTRL] + [O] and [Enter] keys.

      6. Press [CTRL] + [X] and [Enter] keys.

      7. Restart the walinuxagent.service service.

      8. Create a custom image out of the VM.

note

To support the execution of extension scripts, custom images created outside of Azure Marketplace must include the ProvisionGuestAgent agent. For additional information, see Virtual machine extensions and features for Windows.

Public IP TypeSet to Static to ensure that the VM always uses the same public IP. By default, public IPs are Dynamic and the address associated to them may change when the VM is powered off.
Inbound Ports

(Optional) Semi-colon separated list of ports and protocols to open for inbound traffic. Note that by default access from the management VPC is allowed and all ports are open for traffic between Azure App VMs within the sandbox, but this can be changed using the Allow All Sandbox Traffic attribute.

In addition, all outbound traffic is allowed.

The syntax is:

port[single/range]:protocol[tcp(default)/udp]

For example: "80;443:tcp;200-220:udp".

note

If not specified, the protocol defaults to TCP.

Tips
  • To allow QualiX in-browser connections to the VM from the sandbox, include port "22".
  • To set more specific security groups, it is recommended to use the TestShell API's SetAppSecurityGroups method instead. Unlike the Inbound Ports attribute, it enables you to define different port settings per subnet and allow inbound access to specific source CIDRs. For additional information, see SetAppSecurityGroups Code Example.
Custom TagsSemi-colon separated list of up to 9 tags to be applied to all related Azure objects created during the App deployment, such as the sandbox's resource group, VNETs, subnets, NSGs and VMs. Attribute supports the following syntax: [TagName]=[TagValue]; [TagName]=[TagValue]. For example: "Tag1=Val1;Tag2=Val2”
Allow All Sandbox Traffic

Determines if the App allows inbound traffic from all other Azure Apps in the sandbox. If set to False, the App's VM will be isolated. Access from specific Apps or subnets can be defined using the Inbound Ports attribute or API.

note

By default, this attribute is True, and access is allowed to all ports from all Apps in the sandbox. By default, all ports are open for traffic within the sandbox.

Enable IP ForwardingEnables IP forwarding on all network interfaces of the app in order to support virtual appliances like routers and firewalls that are connected to multiple subnets.
AutoloadEnables the automatic execution of the Autoload command during reservation Setup.
Availability ZonesSpecify the Availability Zone (1, 2, or 3) in which the App’s VM, managed disk and public IP (if available) will be deployed. Leave empty to inherit the Availability Zones defined on the cloud provider resource. For details and supported regions, see Regions and availability zones.