Deploy Marketplace Image using PowerShell

Not ready to jump on JSON template modification when the Marketplace template doesn’t fit your requirements?

We can use PowerShell to get the same marketplace image deployed with our own modified configuration.

#Choose subscription
Select-AzureRmSubscription -SubscriptionId dc9b2339-0138-4de6-b2c2-c7e9408fdfa4

$ComputerName = 'labroynepa02'
$CredentialVM = Get-Credential
 
#Create Network Interface
$nic0 = New-AzureRmNetworkInterface -Name "labroynepa02-eth0" -ResourceGroupName "LAB-ROY-NE-NETWORK" -Location "West Europe" -SubnetId "/subscriptions/dc9b2339-0138-4de6-b2c2-c7e9408fdfa4/resourceGroups/LAB-ROY-NE-NETWORK/providers/Microsoft.Network/virtualNetworks/fwVNET/subnets/MgMt" -IpConfigurationName "IPConfiguration0"
$nic1 = New-AzureRmNetworkInterface -Name "labroynepa02-eth1" -ResourceGroupName "LAB-ROY-NE-NETWORK" -Location "West Europe" -SubnetId "/subscriptions/dc9b2339-0138-4de6-b2c2-c7e9408fdfa4/resourceGroups/LAB-ROY-NE-NETWORK/providers/Microsoft.Network/virtualNetworks/fwVNET/subnets/Untrust" -IpConfigurationName "IPConfiguration1"
$nic2 = New-AzureRmNetworkInterface -Name "labroynepa02-eth2" -ResourceGroupName "LAB-ROY-NE-NETWORK" -Location "West Europe" -SubnetId "/subscriptions/dc9b2339-0138-4de6-b2c2-c7e9408fdfa4/resourceGroups/LAB-ROY-NE-NETWORK/providers/Microsoft.Network/virtualNetworks/fwVNET/subnets/Trust" -IpConfigurationName "IPConfiguration2"

#Get Availability Set
$avset = Get-AzureRmAvailabilitySet -ResourceGroupName LAB-ROY-NE-NETWORK -Name LAB-ROY-NE-NETWORK-PA

#Set VM name, size and availability set
$vmconfig = New-AzureRmVMConfig -VMName DEMO-ROY-TEST02 -VMSize "Standard_D3_V2" -AvailabilitySetId $avset.ID

#Set VM OS disk
#$vmconfig = Set-AzureRmVMOSDisk -VM $vmconfig -Name DEMO-ROY-TEST01-vmseries1-byol.vhd -VhdUri https://demoroytestdisks767.blob.core.windows.net/vhds/DEMO-ROY-TEST01-vmseries1-byol.vhd -CreateOption attach -Linux
 
#Set VM data disk
#$vmconfig = Add-AzureRmVMDataDisk -VM $vmConfig -Name appdisk01 -VhdUri <Specify VHD URL> -Lun 0 -CreateOption attach -Caching none -DiskSizeInGB 500
 
#Set Network Interface
$vmconfig = Add-AzureRmVMNetworkInterface -VM $vmconfig -Id $nic0.Id -Primary
$vmconfig = Add-AzureRmVMNetworkInterface -VM $vmconfig -Id $nic1.Id
$vmconfig = Add-AzureRmVMNetworkInterface -VM $vmconfig -Id $nic2.Id

#Set Plan for Marketplace Image
$vmconfig = Set-AzureRmVMPlan -VM $vmconfig -Publisher "paloaltonetworks" -Product "vmseries1" -Name "byol"

#Set Operating System, ComputerName and Local credentials for VM
$vmconfig = Set-AzureRmVMOperatingSystem -VM $vmconfig -linux -ComputerName $ComputerName -Credential $CredentialVM

#Set Configuration for Marketplace Image
$vmconfig = Set-AzureRmVMSourceImage -VM $vmconfig -PublisherName "paloaltonetworks" -Offer "vmseries1" -Skus "byol" -Version "7.1.1"

#Deploy new VM with Marketplace Image as Source
New-AzureRmVM -ResourceGroupName LAB-ROY-NE-NETWORK -vm $vmconfig -Location "West Europe"

This image from Palo Alto can only be deployed to an empty resource group, but I often see that virtual network appliance isn’t allways the first resource to be deployed, so this resitriction in the marketplace template isn’t helping the customers.

The Next Generation Firewall from Palo Alto uses three network interfaces, so we have to create them and attach them to the new VM Configuration.

Basically it is configuring the virtual machine as we want it, and then we apply the OSdisk image from the Marketplace.

Sometimes you are required to use an OSdisk image that isn’t the latest, so we are using the Set-AzureRmVmSourceImage to apply earlier versions of the OSdisk image.