You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-machines/security-isolated-image-builds-image-builder.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,18 +21,18 @@ Isolated Image Builds enable defense-in-depth by limiting network access of your
21
21
22
22
1.**Compute Isolation:** Isolated Image Builds perform major portion of image building processing in Azure Container Instances resources in your subscription instead of on AIB's shared platform resources. ACI provides hypervisor isolation for each container group to ensure containers run in isolation without sharing a kernel.
23
23
2.**Network Isolation:** Isolated Image Builds remove all direct network WinRM/ssh communication between your build VM and Image Builder service.
24
-
- If you are provisioning an Image Builder template without your own Virtual Network then a Public IP Address resource will no more be provisioned in your staging resource group at image build time.
25
-
- If you are provisioning an Image Builder template with an existing Virtual Network in your subscription then a Private Link based communication channel will no more be setup between your Build VM and AIB's backend platform resources. Instead, the communication channel will be setup between the Azure Container Instance and the Build VM resources - both of which reside in the staging resource group in your subscription.
24
+
- If you are provisioning an Image Builder template without your own Virtual Network, then a Public IP Address resource will no more be provisioned in your staging resource group at image build time.
25
+
- If you are provisioning an Image Builder template with an existing Virtual Network in your subscription, then a Private Link based communication channel will no more be set up between your Build VM and AIB's backend platform resources. Instead, the communication channel is set up between the Azure Container Instance and the Build VM resources - both of which reside in the staging resource group in your subscription.
26
26
3.**Transparency:** AIB is built on HashiCorp [Packer](https://www.packer.io/). Isolated Image Builds executes Packer in the ACI in your subscription, which allows you to inspect the ACI resource and its containers. Similarly, having the entire network communication pipeline in your subscription allows you to inspect all the network resources, their settings, and their allowances.
27
-
4.**Better viewing of live logs:** AIB writes customization logs to a storage account in the staging resource group in your subscription. Isolated Image Builds provides with another way to follow the same logs directly in the Azure portal which can be done by navigating to Image Builder's container in the ACI resource.
27
+
4.**Better viewing of live logs:** AIB writes customization logs to a storage account in the staging resource group in your subscription. Isolated Image Builds provides with another way to follow the same logs directly in the Azure portal, which can be done by navigating to Image Builder's container in the ACI resource.
28
28
29
29
## Backward compatibility
30
30
31
-
This is a platform level change and doesn't affect AIB's interfaces. So, your existing Image Template and Trigger resources continue to function and there's no change in the way you'll deploy new resources of these types. Similarly, customization logs continue to be available in the storage account.
31
+
This is a platform level change and doesn't affect AIB's interfaces. So, your existing Image Template and Trigger resources continue to function and there's no change in the way you deploy new resources of these types. Similarly, customization logs continue to be available in the storage account.
32
32
33
-
You might observe a few new resources temporarily appear in the staging resource group (for example, Azure Container Instance, and Private Endpoint) while some other resource will no longer appear (for example, Public IP Address). Just as earlier, these temporary resources will exist only for the duration of the build and will be deleted by Image Builder thereafter.
33
+
You might observe a few new resources temporarily appear in the staging resource group (for example, Azure Container Instance, and Private Endpoint) while some other resource will no longer appear (for example, Public IP Address). As earlier, these temporary resources exist only during the build and will be deleted by Image Builder thereafter.
34
34
35
-
Your image builds will automatically be migrated to Isolated Image Builds and you need to take no action to opt-in.
35
+
Your image builds will automatically be migrated to Isolated Image Builds and you need to take no action to optin.
36
36
37
37
> [!NOTE]
38
38
> Image Builder is in the process of rolling this change out to all locations and customers. Some of these details might change as the process is fine-tuned based on service telemetry and feedback. Please refer to the [troubleshooting guide](./linux/image-builder-troubleshoot.md#troubleshoot-build-failures) for more information.
0 commit comments