Back to Blog
AzureAZ-104ComputeAdminTutorial

VM Image Strategy with Shared Image Gallery for VMSS Rollouts

Complete AZ-104 tutorial on VMs & Scale Sets. Learn custom images, SIG replication, VMSS rolling upgrades, health extension.

Daniel Urbano
November 15, 2025
8 min read
VM Image Strategy with Shared Image Gallery for VMSS Rollouts

VM Image Strategy with Shared Image Gallery for VMSS Rollouts

Introduction

The Virtual Machine Scale Set (VMSS) is a powerful Azure service that allows users to deploy and manage a set of identical virtual machines. When scaling applications, especially in cloud-native environments, a robust image strategy becomes essential. The Shared Image Gallery (SIG) provides a more efficient way to manage custom images at scale, ensuring high availability and faster deployments. This tutorial will explore how to leverage Shared Image Gallery for VMSS rollouts, focusing on custom images, SIG replication, rolling upgrades, and health extensions. This knowledge is crucial for the AZ-104 exam, as it covers key concepts and practical applications relevant to real-world scenarios, preparing candidates to manage Azure resources effectively.

Prerequisites

To follow this tutorial, ensure you have the following:

  • An Azure subscription (create a free account if needed).
  • Sufficient RBAC permissions to create and manage resources (typically, Owner or Contributor role).
  • Familiarity with Azure CLI, PowerShell, or the Azure Portal.
  • The following services should be enabled:
    • Virtual Machine Scale Sets
    • Shared Image Gallery

Core Concepts

Definitions

  • Virtual Machine Scale Set (VMSS): A service that allows you to deploy and manage a set of identical VMs, providing high availability and scalability.
  • Shared Image Gallery (SIG): A service that simplifies the management of custom VM images with features like global replication, versioning, and better access control.

Architecture

The architecture consists of:

  1. Gallery: A container for images, which allows for organization and management.
  2. Image Definition: Contains metadata about the images (e.g., OS type, version).
  3. Image Version: The actual image used to create VMs.

When to Use

  • When needing rapid scaling and deployment of identical VMs.
  • For maintaining consistent configurations across multiple VMs.
  • When managing multiple image versions for different environments.

Limitations

  • SIG has limitations on the number of images and versions per gallery.
  • Imposing role-based access controls can complicate sharing across subscriptions.

Pricing Notes

  • Pricing for SIG is based on the number of images stored and replicated across regions. Review the Azure pricing page for details.

Syntax/Configuration

Azure CLI Commands

To create and manage a Shared Image Gallery and VMSS, you can use the following Azure CLI commands:

  1. Create a Shared Image Gallery:

    az sig create --resource-group myResourceGroup --gallery-name myGallery --location eastus

  2. Create an Image Definition:

    az sig image-definition create --resource-group myResourceGroup --gallery-name myGallery --gallery-image-definition myImageDefinition --os-type Linux --publisher myPublisher --offer myOffer --sku mySku

  3. Create an Image Version:

    az sig image-version create --resource-group myResourceGroup --gallery-name myGallery --gallery-image-definition myImageDefinition --gallery-image-version 1.0.0 --source myImageSource

  4. Create a VMSS:

    az vmss create --resource-group myResourceGroup --name myScaleSet --image myImageSource --upgrade-policy-mode automatic --admin-username azureuser --generate-ssh-keys

Parameter Tables

Command Description
--resource-group The name of the resource group.
--gallery-name The name of the Shared Image Gallery.
--gallery-image-definition The name of the image definition in the gallery.
--os-type OS type (Linux or Windows).
--publisher, --offer, --sku Metadata for the image definition.

Practical Examples

1. Creating a Shared Image Gallery

Create a new Shared Image Gallery in your resource group:

az sig create --resource-group myResourceGroup --gallery-name myGallery --location eastus

2. Creating an Image Definition

Define an image in your gallery:

az sig image-definition create --resource-group myResourceGroup --gallery-name myGallery --gallery-image-definition myImageDefinition --os-type Linux --publisher myPublisher --offer myOffer --sku mySku

3. Creating an Image Version

Create a new version of your image:

az sig image-version create --resource-group myResourceGroup --gallery-name myGallery --gallery-image-definition myImageDefinition --gallery-image-version 1.0.0 --source myImageSource

4. Creating a VMSS

Deploy a VMSS using the image version:

az vmss create --resource-group myResourceGroup --name myScaleSet --image myImageSource --upgrade-policy-mode automatic --admin-username azureuser --generate-ssh-keys

5. Scaling Up VMSS Instances

To increase the number of instances in your VMSS:

az vmss scale --resource-group myResourceGroup --name myScaleSet --new-capacity 5

6. Updating a VMSS with a New Image Version

Update the VMSS to use a new image version:

az vmss update --resource-group myResourceGroup --name myScaleSet --set virtualMachineProfile.storageProfile.imageReference.id=myImageSource

7. Configuring Rolling Upgrades

Set the rolling upgrade policy for the VMSS:

az vmss update --resource-group myResourceGroup --name myScaleSet --set upgradePolicy.mode=Rolling

8. Monitoring VMSS Health

To monitor the health of VMSS instances:

az vmss show --resource-group myResourceGroup --name myScaleSet --query "virtualMachineProfile.healthProbe"

Real-World Scenarios

Scenario 1: Rapid Deployment for Development Environments

Using SIG, a development team can quickly deploy multiple instances of a VM for testing new features, utilizing the same base image while ensuring consistency across environments.

Scenario 2: Rolling Upgrades for Production

In production, a company can use rolling upgrades to apply updates to VMSS without downtime, ensuring that a certain percentage of instances remain available to serve traffic while others are being updated.

Scenario 3: Multi-Region Deployment

A global company using Azure can replicate their images across regions using SIG to reduce latency and improve performance for users in different geographical locations.

Best Practices

  1. Use Versioning: Always version your images to track changes and roll back if necessary. 📝
  2. Monitor Health: Utilize health probes and the application health extension to ensure VMSS instances are healthy during upgrades. ✅
  3. Limit Image Size: Keep your images lightweight to reduce deployment time and costs. 💸
  4. Secure Access: Implement RBAC to control access to your Shared Image Gallery effectively. 🔒
  5. Regularly Update Images: Maintain your base images to include the latest security patches and updates. 🔄

Common Errors

  1. Error: "The specified image definition does not exist."

    • Cause: The image definition name is incorrect or has not been created.
    • Fix: Verify the image definition name and create it if necessary.

  2. Error: "Insufficient quota."

    • Cause: Exceeding the limits of VMs or cores in the subscription.
    • Fix: Request an increase in quota from Azure support.

  3. Error: "The requested VM size is not available in the specified location."

    • Cause: The chosen VM size may not be available in that region.
    • Fix: Select a different VM size or choose another region.

  4. Error: "Health probe not defined."

    • Cause: The VMSS health probe is not configured correctly.
    • Fix: Ensure a health probe is defined and associated with the VMSS.

Related Services/Commands

Service/Command Description
az sig Commands related to Shared Image Gallery.
az vmss Commands for managing Virtual Machine Scale Sets.
az vm Commands for managing Virtual Machines.
az resource General commands for managing Azure resources.

Automation Script

Here's a sample PowerShell script that automates the VMSS creation with a Shared Image Gallery:

# Define parameters
$resourceGroup = "myResourceGroup"
$galleryName = "myGallery"
$imageDefinition = "myImageDefinition"
$imageVersion = "1.0.0"
$vmssName = "myScaleSet"

# Create Shared Image Gallery
az sig create --resource-group $resourceGroup --gallery-name $galleryName --location eastus

# Create Image Definition
az sig image-definition create --resource-group $resourceGroup --gallery-name $galleryName --gallery-image-definition $imageDefinition --os-type Linux --publisher "myPublisher" --offer "myOffer" --sku "mySku"

# Create Image Version
az sig image-version create --resource-group $resourceGroup --gallery-name $galleryName --gallery-image-definition $imageDefinition --gallery-image-version $imageVersion --source "myImageSource"

# Create VMSS
az vmss create --resource-group $resourceGroup --name $vmssName --image "myImageSource" --upgrade-policy-mode automatic --admin-username azureuser --generate-ssh-keys

Conclusion

In this tutorial, we explored the VM Image Strategy using Shared Image Gallery for VMSS rollouts, including practical examples and best practices. Mastering these concepts is vital for Azure Administrators aiming to optimize resource management and deployment strategies in Azure.

Next Steps

  • Consider exploring additional resources and tutorials on Azure's official documentation.
  • Practice with hands-on labs available on Microsoft Learn.

References

This comprehensive guide provides a solid foundation for managing VMSS rollout strategies in Azure, ensuring you are well-prepared for the AZ-104 exam. 🚀