How to create and distribute IBM Cloud Virtual Private Cloud (VPC) instances from custom images.

I use the IBM Cloud VPC virtual server instances (VSI) for some workloads. I have specific requirements for the operating system version, applications and data, and I use VPC custom images created to my exact specifications so that the compute instances are provisioned with content that meet my requirements.

Large projects with distributed development over multiple accounts typically may have corporate requirements for images. Hardened base images can be created centrally and required for all production workloads. The corporate base images can be provisioned directly or used as a starting point to derive department images.

VPC custom images can be created and distributed in a number of different ways to fit your needs. Below is a diagram capturing most of the details of such an endeavor. This blog post will drill down into subsections of this diagram and describe the details so you can apply them to your environment:

VPC custom images in the IBM Cloud.

Image basics

This diagram captures the basic usage of VPC custom images:

VPC regional images.

Images are the starting point for virtual server instances (VSIs), as represented by the dashed line. They contain the initial file system that will be used to populate the boot volume. They also contain a specification of the boot parameters.

Images are regional based and can be used to start an instance in any of the availability zones in the region. In the image above, eu-de is used to provision an instance in Zone 1. This means that an image in us-south can not be used in eu-de. A copy of the image must be created in each region.

IBM uses cloud-init, the industry standard multi-distribution method for cross-platform cloud instance initialization. Read Getting started with custom images to get an introduction to IBM images.

Creating custom images from IBM-provided stock images

The most straightforward way to create a custom image is to provision a VPC VSI with one of the IBM stock images. The running instance boot volume can be prepared by using the cloud-init user data or SSH. Follow the instructions to create an image from a volume:

Create custom image from a stock image.

There are tools like Packer that automate the steps of creating an instance, copying data, executing scripts to install software and creating an image. This blog post provides an example.

On-premises images

On-premises virtual machine image files can be exported to local storage as qcow2 or vhd files. These files can be uploaded to a IBM Cloud Object Storage (COS) bucket. A VPC image can be imported from the bucket object. Make sure the requirements specified in Creating a Linux custom image or Creating a Windows custom image are satisfied:

Import an on-premises image.

It is also possible to export IBM VPC custom images to a COS bucket and import them as VPC custom images in a different region or download them for use in your virtual environment. You can try this using the desktop QEMU work flow. The core tutorial with QEMU is a good starting point.

Most Linux distros supply “cloud images.” Search for “distro cloud images” like this and you will likely find them:

Linux cloud image.

Example of ubuntu 20.04 (jammy) current:

Navigate to a qcow2 file like this one on the Ubuntu site.

This is a qcow2 file, and you can download this to your laptop and verify the checksum. Change the name to jammy-server-cloudimg-amd64.qcow2.

Upload to a COS bucket and import it in the IBM Cloud Console VPC custom images dialog by clicking on the Create button and selecting the Image source of Cloud Object Storage.

The information message will explain how to authorize access if the bucket is not visible:

 Select image source of Cloud Object Storage.

The authorization will look something like this:

IAM Authorization like this one is a prerequisite.

Back in the image import create dialog:

Import the qcow2 image from the bucket.

When the VPC custom image creation completes, you can use the Cloud console to create a VPC VSI with the custom image:

Operating system selection in the VPC Virtual Server Instance create dialog.

Distributing images across accounts using the private catalog

There is a private catalog product type specifically for VPC custom images. A catalog product version contains a list of VPC regional images. When a VPC VSI is provisioned from a catalog product version, the appropriate regional image will be used. Terraform, Packer and CLI accept catalog product versions in addition to images when creating VSIs:

Private catalog for product x with two versions.

In the diagram, note the three steps:

  1. Create a private catalog, product x and version. The version will contain a list of identical images—each in a different region.
  2. Provision an instance specifying the private catalog, product x and one of the versions.
  3. The VSI will be started with the image in the local region.

Private catalog products can be shared across accounts in an enterprise. This makes private catalog products ideal for distributing hardened corporate images across an enterprise.

To create a private catalog product and version, open the catalog in the IBM Cloud console and click Catalog settings:

Choose Catalog settings to manage private catalogs.

  1. Select Private catalogs on the left and click Create to begin the wizard.
  2. Add a Software product and a Delivery method of Virtual server image for VPC.
  3. Choose the jammy-server-cloudimg-amd64 that you imported earlier with Software version 1.0.1 to match the diagrams.
  4. Choose a Category of Compute / Virtual Machines:

    Create a product and the first version.

To reference multiple identical images in more than one region, cancel this dialog and import the image in the desired regions:

  1. To continue, click Add product.
  2. Click on the version and walk through the wizard for the version.
  3. You will need to validate the image by providing a VPC, SSH key and subnet. This step will create a IBM Cloud Schematics workspace to create an instance with the provided image and will take a few minutes.
  4. Click the refresh arrow to see progress.

No other data is required. Click Next to continue through all of the steps. The final step for a version is the following:

Finally, use the IBM Cloud Console to create a new VSI for VPC. In the Operating system section, choose a Catalog image for Image type and then the version you just created:

Sharing products with users in your account, enterprise, or account groups is also possible.


Using VPC custom images when creating VSIs can save time during provisioning. It can also ensure that the instance is initialized to meet application and corporate requirements. VSIs are provisioned from regional images. Private catalog product versions are a single ID for a collection of identical images distributed across regions to insure consistency. Catalog products can also be shared across enterprise accounts.

Learn more about IBM Cloud VPC.

If you have feedback, suggestions or questions about this post, please email me or reach out to me on Mastodon (, LinkedIn or Twitter (@powellquiring).


More from Cloud

IBM Cloud VMware as a Service introduces multitenant as a new, cost-efficient consumption model

4 min read - Businesses often struggle with ongoing operational needs like monitoring, patching and maintenance of their VMware infrastructure or the added concerns over capacity management. At the same time, cost efficiency and control are very important. Not all workloads have identical needs and different business applications have variable requirements. For example, production applications and regulated workloads may require strong isolation, but development/testing, training environments, disaster recovery sites or other applications may have lower availability requirements or they can be ephemeral in nature,…

IBM accelerates enterprise AI for clients with new capabilities on IBM Z

5 min read - Today, we are excited to unveil a new suite of AI offerings for IBM Z that are designed to help clients improve business outcomes by speeding the implementation of enterprise AI on IBM Z across a wide variety of use cases and industries. We are bringing artificial intelligence (AI) to emerging use cases that our clients (like Swiss insurance provider La Mobilière) have begun exploring, such as enhancing the accuracy of insurance policy recommendations, increasing the accuracy and timeliness of…

IBM NS1 Connect: How IBM is delivering network connectivity with premium DNS offerings

4 min read - For most enterprises, how their users access applications and data is an essential part of doing business, and how they service those application and data responses has a direct correlation to revenue generation.    According to We Are Social’s Digital 2023 Global Overview Report, there are 5.19 billion people around the world using the internet in 2023. There’s an imperative need for businesses to trust their networks to deliver meaningful content to address customer needs.  So how responsive is the…

Kubernetes version 1.28 now available in IBM Cloud Kubernetes Service

2 min read - We are excited to announce the availability of Kubernetes version 1.28 for your clusters that are running in IBM Cloud Kubernetes Service. This is our 23rd release of Kubernetes. With our Kubernetes service, you can easily upgrade your clusters without the need for deep Kubernetes knowledge. When you deploy new clusters, the default Kubernetes version remains 1.27 (soon to be 1.28); you can also choose to immediately deploy version 1.28. Learn more about deploying clusters here. Kubernetes version 1.28 In…