The collection of scripts in this repository plus this readme will guide a user

1. The collection of scripts in this repository plus this readme will guide a user through the creation of an automated solution to create a templated image of a Windows VM which is updated and maintained weekly.
2.  
3. Step 0. - Pre Requisites:
4.  
5. It is expected that the user will have access to:
6. * An Azure Subscription or MSDN Account with Azure Credits.
7. * Rights within azure to create and edit resources.
8.  
9. Step 1 - Environment Setup:
10.  
11. * Create a Resource Group specifically for the use of storing and maintianing the VM template, images and automation
12. * Within the Resourse group add an Automation Account, by using the Add option in the Resource Group, searching for and selecting Automation
13. * Provide a relevant name for the automation account, ensure it is in the correct subscription and resource group, ensure the 'Create Azure Run As Account' it selected 'yes'
14. * Select the newly created Automation Account, select modules in the left hand menu and ensure the following modules are present. if not use the 'add a module' and follow the UI instuctions to add them:
15. * Azure
16. * Azure.Storage
17. * AzureRM.Automation
18. * AzureRM.Compute
19. * AzureRM.KeyVault
20. * AzureRM.Network
21. * AzureRM.Profile
22. * AzureRM.Resources
23. * AzureRM.Sql
24. * AzureRM.Storage
25. * Within the Resourse group add Key Vault, by using the Add option in the Resource Group, searching for an selecting Key Vault
26. * Provide a relevant name for the Key Vault, ensure it is in the correct Subscription and Resource Group.
27. * Select 'Access Policies' in the Key Vault Creation Page, which should have 1 principal (you). In the Access Policies menu select 'Add New'
28. * In the Add Access Policy Menu, select 'Secret Management' as the Template. Click Add Principal and seach for and select the name of the previously created automation account
29. * OK everything and Create the Key Vault
30. * Within the Resourse group add Storage Account, by using the Add option in the Resource Group, searching for an selecting 'Storage account - blob, file, table, queue'
31. * Provide a relevant name for the Storage Account, ensure it is in the correct Subscription and Resource Group.
32. * Select Stoage Account from the Resource Group Dashboard, in the left hand menu select 'Blobs' under the 'Blob Service' section
33. * In the Blobs pane that loads, click on '+ Container' at the top of the pane
34. * Provide a name for this blob store (As it is going to be used to store scripts I recommend calling it 'scripts'), ensure the access level is set to 'Private'
35. * Ok Eveything to create the Blog container.
36. * Browse to the Blob Container in the Azure Portal, (Resource Group > Storage Account > Blob Container)
37. * in the container pane, select the upload options and upload the following 2 scripts to this location:
38. 1. "2a. WindowsUpdate.ps1"
39. 2. "3a. Sysprep.ps1"
40.  
41.  
42. Step 2 - Create Automation Runbooks:
43.  
44. * Browse to the Runbooks section of the Automation Account previously created (Resource Group > Automation Account > Runbooks)
45. 1. Add a runbook, select 'Create a new runbook', give this a name ("DeployTemplateVM"), Select 'PowerShell' in Runbook type then create the Runbook
46. * When the Runbook is created it will take you to the 'Edit PowerShell Runbook' pane, enter the code from '1. Build New Template to Update.ps1'
47. * enter the relevant variables in the top section of the code and use the test pane to ensure the code executes correctly.
48. 2. Add a runbook, select 'Create a new runbook', give this a name ("InvokeUpdate"), Select 'PowerShell' in Runbook type then create the Runbook
49. * When the Runbook is created it will take you to the 'Edit PowerShell Runbook' pane, enter the code from '2. Invoke Updates.ps1'
50. * enter the relevant variables in the top section of the code and use the test pane to ensure the code executes correctly.
51. 3. Add a runbook, select 'Create a new runbook', give this a name ("InvokeSysprep"), Select 'PowerShell' in Runbook type then create the Runbook
52. * When the Runbook is created it will take you to the 'Edit PowerShell Runbook' pane, enter the code from '3. Invoke Sysprep.ps1'
53. * enter the relevant variables in the top section of the code and use the test pane to ensure the code executes correctly.
54. 4. Add a runbook, select 'Create a new runbook', give this a name ("SnapshotAndCopy"), Select 'PowerShell' in Runbook type then create the Runbook
55. * When the Runbook is created it will take you to the 'Edit PowerShell Runbook' pane, enter the code from '4. Snapshot and Move to SAs.ps1'
56. * enter the relevant variables in the top section of the code and use the test pane to ensure the code executes correctly.
57. 5. Add a runbook, select 'Create a new runbook', give this a name ("ImageAndCleanup"), Select 'PowerShell' in Runbook type then create the Runbook
58. * When the Runbook is created it will take you to the 'Edit PowerShell Runbook' pane, enter the code from '5. Create all Images and Cleanup.ps1'
59. * enter the relevant variables in the top section of the code and use the test pane to ensure the code executes correctly.
60.  
61. Step 3 - Create VM (Template/Baseline):
62.  
63. * Create a Windows VM in azure, (whatever version of windows you would like) install relevant tools ect. to setup the environemnt.
64. * Once you have built the VM and installed all required software, you need to use 'sysprep.exe' to prepare the VM for imaging.
65. * In the VM, open Powershell as an Administrator enter the following, bare in mind that this will shutdown the VM and remove all user specific files.:
66.  
67. >C:\Windows\System32\sysprep\sysprep.exe /generalize /oobe /shutdown
68.  
69. * The VM will disconnect the RDP session. After while you will see the dashed lines for the resource useage data for the VM in the VM overview, this signifies the sysprep has completed.
70.  
71. Step 4 - Create set of images.
72.  
73. * Once the Sysprep has completed, browse to the runbook "SnapshotAndCopy" (Resource Group > SnapshotAndCopy)
74. * In the Runbook, Click the 'Start' button at the top of the screen to initiate the first half of the image creation process
75. * For obvious reasons Azure Runbooks will not run forwever and the copy process takes a few hours. Wait about 3 hours from the time the 'SnapshotAndCopy' was initiated
76. * After waiting a couple of hours, browse to the runbook "ImageAndCleanup" (Resource Group > ImageAndCleanup)
77. * In the Runbook, Click the 'Start' button at the top of the screen to initiate the second half of the image creation process.
78.  
79. Step 5 - Check and Test.
80.  
81. * Once completed, browse to your Resource Group, there you should see an image for all the locations you specified along with the runbooks, automation account, key vault and storage account required for the automation.
82. * It is recommended to test a VM deployment from one of the newlsy created images to ensure that eveything has worked as expected.
83. * You can do this by running the script "CreateInvestigationVM_v2.ps1" on you local machine (you will need to configure the script with relevant variables)
84. * This will create a VM from one of the images you have created using the automation, (depending on your configuration you may need to create a new Resource Group with a Key Vault)
85.  
86. Step 6 - Create Schedual.
87.  
88. * After everything has been checked and you are happy to automate the process of updating the template and deploying updated images automatically, you need to create a scheduel to execute the runbooks in order.
89. * Navigte to the Schedules within the Automation Account (Resource Group > Automation Account > Schedules).
90. * Select "+ Add a schedule", provide a name, a start date and time, a timezone and a reccurrence, examples are as follows:
91. * Name Start Date / Time Time Zone Reccurrence
92. * Deploy_Saturday_PM 05/01/2019 23:00 UTC Every 1 week on a Sunday
93. * Update_Sunday_AM_1 06/01/2019 00:00 UTC Every 1 week on a Sunday
94. * Update_Sunday_AM_2 06/01/2019 01:00 UTC Every 1 week on a Sunday
95. * Sysprep_Sunday_AM 06/01/2019 02:00 UTC Every 1 week on a Sunday
96. * CopyToSAs_Sunday_AM 06/01/2019 04:00 UTC Every 1 week on a Sunday
97. * ImageAndCleanup_Sunday_AM 06/01/2019 07:00 UTC Every 1 week on a Sunday
98. * Finally you need to Assing the relevant Runbook to the Schedule you have just created. Navigate to each runbook (Resourse Group > Runbook)
99. * Select Schedules in the left side menu, select 'Link a schedule to your runbook', select the relevant schedule then click OK to confirm the selection.
100. * examples are as follows:
101. * Schedule Name Associated Runbook
102. * Deploy_Saturday_PM DeployTemplateVM
103. * Update_Sunday_AM_1 InvokeUpdate
104. * Update_Sunday_AM_2 InvokeUpdate
105. * Sysprep_Sunday_AM InvokeSysprep
106. * CopyToSAs_Sunday_AM SnapshotAndCopy
107. * ImageAndCleanup_Sunday_AM ImageAndCleanup
108.  
109. Thats it, you now have an automated setup to ensure regionally deployed images are updated regulaly.