mariuszdotnet ☁

My brain's scratchpad.

VSTS Private Agents with ARM

My customers love to use VSTS to enable their DevOps capabilities, but in some cases they are not able to use the Hosted Agents due to security restrictions. In that case, the alternative is to use Private Agents. For detailed description on differences between the two configurations checkout this article.

In this blog we’ll discuss how to automagically deploy a VSTS Private Agent with Azure Resource Manager (ARM) and some PowerShell.

The example does the following:

The scripts referenced below are based on A Visual Studio based Visual Studio Team Services (VSTS) Build Agent Vm, but I’ve made improvements and simplifications to make them more enterprise ready.

Some of the improvements/modification are:


Step 1 – Configure the Parameters for the ARM Template

All the required scripts can be found in this GitHub repo. Start by cloning or forking the repo. The first file you need to modify is the azuredeploy.parameters.json file.

ARM Parameters

Step 2 – Execute the PowerShell Script to run the ARM Template

Open your favorite editor and run the deploy.ps1 script. The script does a few basic things:

ARM Template

The ARM Template azuredeploy.json file does the following:

Note: the script currently downloads the installvstsagent.ps1 from a public GitHub URL. To make it more secure you could get the file from an Azure Storage Account. Also, all the parameters/secrets could be tokenized into the configuration file and/or retrieved from Azure Key Vault.

Assuming everything funtions properly, in 5 to 10 minutes you should be able to see the registered Private Agent in your VSTS Agent Pool.

Agent Pool with Private Agent