Azure rendering solution deployment framework

2022-11-20 07:15:18 -08:00 · 2022-11-20 07:15:18 -08:00 · f549d1b107
--- a/src/terraform/examples/e2e/.github/workflows/terraform.apply.yml
+++ b/src/terraform/examples/e2e/.github/workflows/terraform.apply.yml
@ -51,7 +51,7 @@ jobs:
    steps:
      - uses: hashicorp/setup-terraform@v2
        with:
-          terraform_version: 1.3.4
+          terraform_version: 1.3.5

      - uses: actions/checkout@v3
        with:
--- a/src/terraform/examples/e2e/.github/workflows/terraform.plan.yml
+++ b/src/terraform/examples/e2e/.github/workflows/terraform.plan.yml
@ -50,7 +50,7 @@ jobs:
    steps:
      - uses: hashicorp/setup-terraform@v2
        with:
-          terraform_version: 1.3.4
+          terraform_version: 1.3.5

      - uses: actions/checkout@v3
        with:
--- a/src/terraform/examples/e2e/1.security/config.auto.tfvars
+++ b/src/terraform/examples/e2e/1.security/config.auto.tfvars
@ -1,19 +1,28 @@
-#####################################################################################################################################
-# The following built-in Azure RBAC role is required for the current user to create Azure Key Vault secrets, certificates and keys. #
-# Key Vault Administrator (https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#key-vault-administrator)      #
-#####################################################################################################################################
+// ********************************************************************************************************************************************************
+// PREREQUISITE: The Azure "Key Vault Administrator" Role-Based Access Control (RBAC) role is required for the current user BEFORE deploying this module. *
+//               https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#key-vault-administrator                                       *
+// ********************************************************************************************************************************************************
+
+#######################################################
+# Storage (https://learn.microsoft.com/azure/storage) #
+#######################################################

-# Storage (https://learn.microsoft.com/azure/storage)
 storage = {
  accountType        = "StorageV2" # https://learn.microsoft.com/azure/storage/common/storage-account-overview
  accountRedundancy  = "LRS"       # https://learn.microsoft.com/azure/storage/common/storage-redundancy
  accountPerformance = "Standard"  # https://learn.microsoft.com/azure/storage/blobs/storage-blob-performance-tiers
 }

-# Key Vault (https://learn.microsoft.com/azure/key-vault/general/overview)
+############################################################################
+# Key Vault (https://learn.microsoft.com/azure/key-vault/general/overview) #
+############################################################################
+
 keyVault = {
-  type                    = "standard"
-  enablePurgeProtection   = false
+  type                        = "standard"
+  enableForDeployment         = false
+  enableForDiskEncryption     = false
+  enableForTemplateDeployment = false
+  enablePurgeProtection       = false
  softDeleteRetentionDays = 90
  secrets = [
    {
@ -61,11 +70,12 @@ keyVault = {
  ]
 }

-# Monitor (https://learn.microsoft.com/azure/azure-monitor/overview)
+######################################################################
+# Monitor (https://learn.microsoft.com/azure/azure-monitor/overview) #
+######################################################################
+
 monitorWorkspace = {
-  name               = "AzRender"
-  sku                = "PerGB2018"
-  retentionDays      = 90
-  publicIngestEnable = false
-  publicQueryEnable  = false
+  name          = "AzRender"
+  sku           = "PerGB2018"
+  retentionDays = 90
 }
--- a/src/terraform/examples/e2e/1.security/main.tf
+++ b/src/terraform/examples/e2e/1.security/main.tf
@ -1,9 +1,9 @@
 terraform {
-  required_version = ">= 1.3.4"
+  required_version = ">= 1.3.5"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
-      version = "~>3.31.0"
+      version = "~>3.32.0"
    }
  }
 }
@ -47,9 +47,12 @@ variable "storage" {
 variable "keyVault" {
  type = object(
    {
-      type                    = string
-      enablePurgeProtection   = bool
-      softDeleteRetentionDays = number
+      type                        = string
+      enablePurgeProtection       = bool
+      enableForDeployment         = bool
+      enableForDiskEncryption     = bool
+      enableForTemplateDeployment = bool
+      softDeleteRetentionDays     = number
      secrets = list(object(
        {
          name  = string
@ -89,11 +92,9 @@ variable "keyVault" {
 variable "monitorWorkspace" {
  type = object(
    {
-      name               = string
-      sku                = string
-      retentionDays      = number
-      publicIngestEnable = bool
-      publicQueryEnable  = bool
+      name          = string
+      sku           = string
+      retentionDays = number
    }
  )
 }
@ -105,12 +106,20 @@ resource "azurerm_resource_group" "security" {
  location = module.global.regionName
 }

+###########################################################################################################################
+# User Assigned Identity (https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview) #
+###########################################################################################################################
+
 resource "azurerm_user_assigned_identity" "solution" {
  name                = module.global.managedIdentityName
  resource_group_name = azurerm_resource_group.security.name
  location            = azurerm_resource_group.security.location
 }

+#######################################################
+# Storage (https://learn.microsoft.com/azure/storage) #
+#######################################################
+
 resource "azurerm_storage_account" "storage" {
  name                            = module.global.securityStorageAccountName
  resource_group_name             = azurerm_resource_group.security.name
@ -126,15 +135,22 @@ resource "azurerm_storage_container" "container" {
  storage_account_name = azurerm_storage_account.storage.name
 }

+############################################################################
+# Key Vault (https://learn.microsoft.com/azure/key-vault/general/overview) #
+############################################################################
+
 resource "azurerm_key_vault" "solution" {
-  name                       = module.global.keyVaultName
-  resource_group_name        = azurerm_resource_group.security.name
-  location                   = azurerm_resource_group.security.location
-  tenant_id                  = data.azurerm_client_config.current.tenant_id
-  sku_name                   = var.keyVault.type
-  purge_protection_enabled   = var.keyVault.enablePurgeProtection
-  soft_delete_retention_days = var.keyVault.softDeleteRetentionDays
-  enable_rbac_authorization  = true
+  name                            = module.global.keyVaultName
+  resource_group_name             = azurerm_resource_group.security.name
+  location                        = azurerm_resource_group.security.location
+  tenant_id                       = data.azurerm_client_config.current.tenant_id
+  sku_name                        = var.keyVault.type
+  purge_protection_enabled        = var.keyVault.enablePurgeProtection
+  soft_delete_retention_days      = var.keyVault.softDeleteRetentionDays
+  enabled_for_deployment          = var.keyVault.enableForDeployment
+  enabled_for_disk_encryption     = var.keyVault.enableForDiskEncryption
+  enabled_for_template_deployment = var.keyVault.enableForTemplateDeployment
+  enable_rbac_authorization       = true
 }

 resource "azurerm_key_vault_secret" "secrets" {
@ -184,14 +200,18 @@ resource "azurerm_key_vault_certificate" "certificates" {
  }
 }

+######################################################################
+# Monitor (https://learn.microsoft.com/azure/azure-monitor/overview) #
+######################################################################
+
 resource "azurerm_log_analytics_workspace" "monitor" {
  name                       = var.monitorWorkspace.name
  resource_group_name        = azurerm_resource_group.security.name
  location                   = azurerm_resource_group.security.location
  sku                        = var.monitorWorkspace.sku
  retention_in_days          = var.monitorWorkspace.retentionDays
-  internet_ingestion_enabled = var.monitorWorkspace.publicIngestEnable
-  internet_query_enabled     = var.monitorWorkspace.publicQueryEnable
+  internet_ingestion_enabled = false
+  internet_query_enabled     = false
 }

 output "resourceGroupName" {
--- a/src/terraform/examples/e2e/2.network/config.auto.tfvars
+++ b/src/terraform/examples/e2e/2.network/config.auto.tfvars
@ -82,6 +82,14 @@ storageNetworkSubnetIndex = {
  netApp    = 2
 }

+################################################################################################################
+# Network Security Groups (https://learn.microsoft.com/azure/virtual-network/network-security-groups-overview) #
+################################################################################################################
+
+networkSecurityGroup = {
+  denyOutInternet = false
+}
+
 ################################################################################################################
 # Virtual Network Peering (https://learn.microsoft.com/azure/virtual-network/virtual-network-peering-overview) #
 ################################################################################################################
--- a/src/terraform/examples/e2e/2.network/main.tf
+++ b/src/terraform/examples/e2e/2.network/main.tf
@ -1,9 +1,9 @@
 terraform {
-  required_version = ">= 1.3.4"
+  required_version = ">= 1.3.5"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
-      version = "~>3.31.0"
+      version = "~>3.32.0"
    }
  }
  backend "azurerm" {
@ -85,6 +85,14 @@ variable "storageNetworkSubnetIndex" {
  )
 }

+variable "networkSecurityGroup" {
+  type = object(
+    {
+      denyOutInternet = bool
+    }
+  )
+}
+
 variable "networkPeering" {
  type = object(
    {
@ -289,16 +297,19 @@ resource "azurerm_network_security_group" "network" {
    destination_address_prefix = "AzureResourceManager"
    destination_port_range     = "*"
  }
-  security_rule {
-    name                       = "DenyOutInternet"
-    priority                   = 3100
-    direction                  = "Outbound"
-    access                     = "Deny"
-    protocol                   = "*"
-    source_address_prefix      = "*"
-    source_port_range          = "*"
-    destination_address_prefix = "Internet"
-    destination_port_range     = "*"
+  dynamic security_rule {
+    for_each = var.networkSecurityGroup.denyOutInternet ? [1] : []
+    content {
+      name                       = "DenyOutInternet"
+      priority                   = 3100
+      direction                  = "Outbound"
+      access                     = "Deny"
+      protocol                   = "*"
+      source_address_prefix      = "*"
+      source_port_range          = "*"
+      destination_address_prefix = "Internet"
+      destination_port_range     = "*"
+    }
  }
  dynamic security_rule {
    for_each = each.value.name == "Workstation" ? [1] : []
--- a/src/terraform/examples/e2e/3.storage/main.tf
+++ b/src/terraform/examples/e2e/3.storage/main.tf
@ -1,13 +1,9 @@
 terraform {
-  required_version = ">= 1.3.4"
+  required_version = ">= 1.3.5"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
-      version = "~>3.31.0"
-    }
-    azuread = {
-      source  = "hashicorp/azuread"
-      version = "~>2.30.0"
+      version = "~>3.32.0"
    }
  }
  backend "azurerm" {
@ -242,10 +238,6 @@ data "azurerm_subnet" "storage_netapp" {
  virtual_network_name = data.azurerm_virtual_network.storage.name
 }

-data "azuread_service_principal" "hpc_cache" {
-  display_name = "HPC Cache Resource Provider"
-}
-
 data "http" "current_host" {
  url = "https://api.ipify.org?format=json"
 }
@ -482,30 +474,6 @@ resource "azurerm_private_endpoint" "storage" {
  ]
 }

-resource "azurerm_role_assignment" "storage_account_contributor" { # https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#storage-account-contributor
-  for_each = {
-    for storageAccount in var.storageAccounts : storageAccount.name => storageAccount if storageAccount.enableBlobNfsV3 && storageAccount.name != ""
-  }
-  role_definition_name = "Storage Account Contributor"
-  principal_id         = data.azuread_service_principal.hpc_cache.object_id
-  scope                = "${azurerm_resource_group.storage.id}/providers/Microsoft.Storage/storageAccounts/${each.value.name}"
-  depends_on = [
-    azurerm_storage_account.storage
-  ]
-}
-
-resource "azurerm_role_assignment" "storage_blob_data_contributor" { # https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#storage-blob-data-contributor
-  for_each = {
-    for storageAccount in var.storageAccounts : storageAccount.name => storageAccount if storageAccount.enableBlobNfsV3 && storageAccount.name != ""
-  }
-  role_definition_name = "Storage Blob Data Contributor"
-  principal_id         = data.azuread_service_principal.hpc_cache.object_id
-  scope                = "${azurerm_resource_group.storage.id}/providers/Microsoft.Storage/storageAccounts/${each.value.name}"
-  depends_on = [
-    azurerm_storage_account.storage
-  ]
-}
-
 resource "azurerm_storage_container" "containers" {
  for_each = {
    for blobContainer in local.blobContainers : "${blobContainer.storageAccountName}.${blobContainer.name}" => blobContainer
@ -653,6 +621,7 @@ resource "azurerm_network_interface" "storage_primary" {
    subnet_id                     = data.azurerm_subnet.storage_primary.id
    private_ip_address_allocation = "Dynamic"
  }
+  enable_accelerated_networking = true
 }

 resource "azurerm_network_interface" "storage_secondary" {
@ -667,6 +636,7 @@ resource "azurerm_network_interface" "storage_secondary" {
    subnet_id                     = data.azurerm_subnet.storage_secondary.id
    private_ip_address_allocation = "Dynamic"
  }
+  enable_accelerated_networking = true
 }

 resource "azurerm_managed_disk" "storage" {
--- a/src/terraform/examples/e2e/4.storage.cache/main.tf
+++ b/src/terraform/examples/e2e/4.storage.cache/main.tf
@ -1,9 +1,13 @@
 terraform {
-  required_version = ">= 1.3.4"
+  required_version = ">= 1.3.5"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
-      version = "~>3.31.0"
+      version = "~>3.32.0"
+    }
+    azuread = {
+      source  = "hashicorp/azuread"
+      version = "~>2.30.0"
    }
    avere = {
      source  = "hashicorp/avere"
@ -199,6 +203,10 @@ data "azurerm_private_dns_zone" "network" {
  resource_group_name = data.azurerm_virtual_network.compute.resource_group_name
 }

+data "azuread_service_principal" "hpc_cache" {
+  display_name = "HPC Cache Resource Provider"
+}
+
 locals {
  stateExistsNetwork      = try(length(data.terraform_remote_state.network.outputs) >= 0, false)
  deployPrivateDnsZone    = !local.stateExistsNetwork && var.computeNetwork.privateDns.zoneName != ""
@ -216,6 +224,24 @@ resource "azurerm_resource_group" "cache" {
 # HPC Cache (https://learn.microsoft.com/azure/hpc-cache/hpc-cache-overview) #
 ##############################################################################

+resource "azurerm_role_assignment" "storage_account" {
+  for_each = {
+    for storageTargetNfsBlob in var.storageTargetsNfsBlob : storageTargetNfsBlob.name => storageTargetNfsBlob if var.hpcCache.enable && storageTargetNfsBlob.name != ""
+  }
+  role_definition_name = "Storage Account Contributor" # https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#storage-account-contributor
+  principal_id         = data.azuread_service_principal.hpc_cache.object_id
+  scope                = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${each.value.storage.resourceGroupName}/providers/Microsoft.Storage/storageAccounts/${each.value.storage.accountName}"
+}
+
+resource "azurerm_role_assignment" "storage_blob_data" {
+  for_each = {
+    for storageTargetNfsBlob in var.storageTargetsNfsBlob : storageTargetNfsBlob.name => storageTargetNfsBlob if var.hpcCache.enable && storageTargetNfsBlob.name != ""
+  }
+  role_definition_name = "Storage Blob Data Contributor" # https://learn.microsoft.com/azure/role-based-access-control/built-in-roles#storage-blob-data-contributor
+  principal_id         = data.azuread_service_principal.hpc_cache.object_id
+  scope                = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${each.value.storage.resourceGroupName}/providers/Microsoft.Storage/storageAccounts/${each.value.storage.accountName}"
+}
+
 resource "azurerm_hpc_cache" "cache" {
  count               = var.hpcCache.enable ? 1 : 0
  name                = var.cacheName
@ -234,6 +260,10 @@ resource "azurerm_hpc_cache" "cache" {
  }
  key_vault_key_id                           = var.hpcCache.encryption.enable ? data.azurerm_key_vault_key.cache_encryption.id : null
  automatically_rotate_key_to_latest_enabled = var.hpcCache.encryption.enable ? var.hpcCache.encryption.rotateKey : null
+  depends_on = [
+    azurerm_role_assignment.storage_account,
+    azurerm_role_assignment.storage_blob_data
+  ]
 }

 resource "azurerm_hpc_cache_nfs_target" "storage" {
@ -427,7 +457,7 @@ output "cacheManagementAddress" {
 }

 output "cacheMountAddresses" {
-  value = var.hpcCache.enable && length(azurerm_hpc_cache.cache) > 0 ? azurerm_hpc_cache.cache[0].mount_addresses : length(avere_vfxt.cache) > 0 ? avere_vfxt.cache[0].vserver_ip_addresses : ""
+  value = var.hpcCache.enable && length(azurerm_hpc_cache.cache) > 0 ? azurerm_hpc_cache.cache[0].mount_addresses : length(avere_vfxt.cache) > 0 ? avere_vfxt.cache[0].vserver_ip_addresses : null
 }

 output "cachePrivateDnsFqdn" {
--- a/src/terraform/examples/e2e/5.compute.image/config.auto.tfvars
+++ b/src/terraform/examples/e2e/5.compute.image/config.auto.tfvars
@ -63,7 +63,7 @@ imageTemplates = [
      osDiskSizeGB   = 0
      timeoutMinutes = 120
      outputVersion  = "0.0.0"
-      renderManager  = "Deadline"
+      renderManager  = "Deadline" # RoyalRender or Deadline
      renderEngines  = []
    }
  },
@ -83,7 +83,7 @@ imageTemplates = [
      osDiskSizeGB   = 480
      timeoutMinutes = 240
      outputVersion  = "1.0.0"
-      renderManager  = "Deadline"
+      renderManager  = "Deadline" # RoyalRender or Deadline
      renderEngines  = [
        "Blender",
        "PBRT"
@ -108,7 +108,7 @@ imageTemplates = [
      osDiskSizeGB   = 512
      timeoutMinutes = 240
      outputVersion  = "2.0.0"
-      renderManager  = "Deadline"
+      renderManager  = "Deadline" # RoyalRender or Deadline
      renderEngines  = [
        "Blender",
        "PBRT"
@ -134,7 +134,7 @@ imageTemplates = [
      osDiskSizeGB   = 0
      timeoutMinutes = 180
      outputVersion  = "0.0.0"
-      renderManager  = "Deadline"
+      renderManager  = "Deadline" # RoyalRender or Deadline
      renderEngines  = []
    }
  },
@ -154,7 +154,7 @@ imageTemplates = [
      osDiskSizeGB   = 480
      timeoutMinutes = 420
      outputVersion  = "1.0.0"
-      renderManager  = "Deadline"
+      renderManager  = "Deadline" # RoyalRender or Deadline
      renderEngines  = [
        "Blender",
        "PBRT"
@ -179,7 +179,7 @@ imageTemplates = [
      osDiskSizeGB   = 512
      timeoutMinutes = 420
      outputVersion  = "2.0.0"
-      renderManager  = "Deadline"
+      renderManager  = "Deadline" # RoyalRender or Deadline
      renderEngines  = [
        "Blender",
        "PBRT"
--- a/src/terraform/examples/e2e/5.compute.image/customize.ps1
+++ b/src/terraform/examples/e2e/5.compute.image/customize.ps1
@ -22,7 +22,7 @@ Write-Host "Customize (Start): Git"
 $versionInfo = "2.38.1"
 $installFile = "Git-$versionInfo-64-bit.exe"
 $downloadUrl = "$storageContainerUrl/Git/$versionInfo/$installFile$storageContainerSas"
-Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+(New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
 Start-Process -FilePath $installFile -ArgumentList "/SILENT /NORESTART" -Wait
 $binPathGit = "C:\Program Files\Git\bin"
 $binPaths += ";$binPathGit"
@ -32,7 +32,7 @@ Write-Host "Customize (Start): Visual Studio Build Tools"
 $versionInfo = "2022"
 $installFile = "vs_buildtools.exe"
 $downloadUrl = "https://aka.ms/vs/17/release/$installFile"
-Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+(New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
 $componentIds = "--add Microsoft.VisualStudio.Component.Windows11SDK.22621"
 $componentIds += " --add Microsoft.VisualStudio.Component.VC.CMake.Project"
 Start-Process -FilePath $installFile -ArgumentList "--quiet --norestart $componentIds" -Wait
@ -45,7 +45,7 @@ Write-Host "Customize (Start): Python"
 $versionInfo = "3.11.0"
 $installFile = "python-$versionInfo-amd64.exe"
 $downloadUrl = "https://www.python.org/ftp/python/$versionInfo/$installFile"
-Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+(New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
 Start-Process -FilePath $installFile -ArgumentList "/quiet" -Wait
 Write-Host "Customize (End): Python"

@ -66,7 +66,7 @@ if ($gpuPlatform -contains "GRID") {
  Write-Host "Customize (Start): NVIDIA GPU (GRID)"
  $installFile = "nvidia-gpu-grid.exe"
  $downloadUrl = "https://go.microsoft.com/fwlink/?linkid=874181"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  Start-Process -FilePath ./$installFile -ArgumentList "-s -n" -Wait -RedirectStandardOutput "nvidia-grid.output.txt" -RedirectStandardError "nvidia-grid.error.txt"
  Write-Host "Customize (End): NVIDIA GPU (GRID)"
 }
@ -76,7 +76,7 @@ if ($gpuPlatform -contains "CUDA" -or $gpuPlatform -contains "CUDA.OptiX") {
  $versionInfo = "11.8.0"
  $installFile = "cuda_${versionInfo}_522.06_windows.exe"
  $downloadUrl = "$storageContainerUrl/NVIDIA/CUDA/$versionInfo/$installFile$storageContainerSas"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  Start-Process -FilePath ./$installFile -ArgumentList "-s -n" -Wait -RedirectStandardOutput "nvidia-cuda.output.txt" -RedirectStandardError "nvidia-cuda.error.txt"
  [System.Environment]::SetEnvironmentVariable("CUDA_TOOLKIT_ROOT_DIR", "C:\Program Files\NVIDIA GPU Computing Toolkit\CUDA\v11.8", [System.EnvironmentVariableTarget]::Machine)
  Write-Host "Customize (End): NVIDIA GPU (CUDA)"
@ -87,7 +87,7 @@ if ($gpuPlatform -contains "CUDA.OptiX") {
  $versionInfo = "7.6.0"
  $installFile = "NVIDIA-OptiX-SDK-$versionInfo-win64-31894579.exe"
  $downloadUrl = "$storageContainerUrl/NVIDIA/OptiX/$versionInfo/$installFile$storageContainerSas"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  Start-Process -FilePath ./$installFile -ArgumentList "/s /n" -Wait -RedirectStandardOutput "nvidia-optix.output.txt" -RedirectStandardError "nvidia-optix.error.txt"
  $sdkDirectory = "C:\ProgramData\NVIDIA Corporation\OptiX SDK $versionInfo\SDK"
  $buildDirectory = "$sdkDirectory\build"
@ -102,17 +102,19 @@ if ($machineType -eq "Scheduler") {
  Write-Host "Customize (Start): Azure CLI"
  $installFile = "az-cli.msi"
  $downloadUrl = "https://aka.ms/installazurecliwindows"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  Start-Process -FilePath "msiexec.exe" -ArgumentList "/i $installFile /quiet /norestart" -Wait
  Write-Host "Customize (End): Azure CLI"

-  Write-Host "Customize (Start): NFS Server"
-  Install-WindowsFeature -Name "FS-NFS-Service"
-  Write-Host "Customize (End): NFS Server"
+  if ($renderManager -eq "Deadline") {
+    Write-Host "Customize (Start): NFS Server"
+    Install-WindowsFeature -Name "FS-NFS-Service"
+    Write-Host "Customize (End): NFS Server"

-  Write-Host "Customize (Start): NFS Client"
-  Install-WindowsFeature -Name "NFS-Client"
-  Write-Host "Customize (End): NFS Client"
+    Write-Host "Customize (Start): NFS Client"
+    Install-WindowsFeature -Name "NFS-Client"
+    Write-Host "Customize (End): NFS Client"
+  }
 } else {
  Write-Host "Customize (Start): NFS Client"
  $installFile = "dism.exe"
@ -121,16 +123,22 @@ if ($machineType -eq "Scheduler") {
  Write-Host "Customize (End): NFS Client"
 }

-if ($renderManager -eq "Deadline") {
-  $schedulerVersion = "10.1.23.6"
-  $schedulerPath = "C:\Program Files\Thinkbox\Deadline10\bin"
-  $schedulerDatabasePath = "C:\DeadlineDatabase"
-  $schedulerRepositoryPath = "C:\DeadlineRepository"
-  $schedulerCertificateFile = "Deadline10Client.pfx"
-  $schedulerRepositoryLocalMount = "S:\"
-  $schedulerRepositoryCertificate = "$schedulerRepositoryLocalMount$schedulerCertificateFile"
-  $binPaths += ";$schedulerPath"
+switch ($renderManager) {
+  "RoyalRender" {
+    $schedulerVersion = "8.4.02"
+    $schedulerPath = "C:\Program Files\RoyalRender"
+  }
+  "Deadline" {
+    $schedulerVersion = "10.2.0.8"
+    $schedulerPath = "C:\Program Files\Thinkbox\Deadline10\bin"
+    $schedulerDatabasePath = "C:\DeadlineDatabase"
+    $schedulerRepositoryPath = "C:\DeadlineRepository"
+    $schedulerCertificateFile = "Deadline10Client.pfx"
+    $schedulerRepositoryLocalMount = "S:\"
+    $schedulerRepositoryCertificate = "$schedulerRepositoryLocalMount$schedulerCertificateFile"
+  }
 }
+$binPaths += ";$schedulerPath"

 $rendererPathBlender = "C:\Program Files\Blender Foundation\Blender3"
 $rendererPathPBRT3 = "C:\Program Files\PBRT\v3"
@ -147,49 +155,77 @@ if ($renderEngines -contains "Unreal") {
 }
 setx PATH "$env:PATH$binPaths" /m

-if ($renderManager -eq "Deadline") {
-  Write-Host "Customize (Start): Deadline Download"
-  $installFile = "Deadline-$schedulerVersion-windows-installers.zip"
-  $downloadUrl = "$storageContainerUrl/Deadline/$schedulerVersion/$installFile$storageContainerSas"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
-  Expand-Archive -Path $installFile
-  Write-Host "Customize (End): Deadline Download"
+switch ($renderManager) {
+  "RoyalRender" {
+    Write-Host "Customize (Start): Royal Render Download"
+    $installFile = "RoyalRender__${schedulerVersion}__installer.zip"
+    $downloadUrl = "$storageContainerUrl/RoyalRender/$schedulerVersion/$installFile$storageContainerSas"
+    (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
+    Expand-Archive -Path $installFile
+    Write-Host "Customize (End): Royal Render Download"

-  if ($machineType -eq "Scheduler") {
-    Write-Host "Customize (Start): Deadline Repository"
-    netsh advfirewall firewall add rule name="Allow Mongo Database" dir=in action=allow protocol=TCP localport=27100
-    Set-Location -Path "Deadline*"
-    $installFile = "DeadlineRepository-$schedulerVersion-windows-installer.exe"
-    Start-Process -FilePath $installFile -ArgumentList "--mode unattended --dbLicenseAcceptance accept --installmongodb true --mongodir $schedulerDatabasePath --prefix $schedulerRepositoryPath" -Wait
-    Move-Item -Path $env:TMP\bitrock_installer.log -Destination $binDirectory\bitrock_installer_server.log
-    Copy-Item -Path $schedulerDatabasePath\certs\$schedulerCertificateFile -Destination $schedulerRepositoryPath\$schedulerCertificateFile
-    New-NfsShare -Name "DeadlineRepository" -Path $schedulerRepositoryPath -Permission ReadWrite
-    Set-Location -Path $binDirectory
-    Write-Host "Customize (End): Deadline Repository"
-  }
+    Write-Host "Customize (Start): Royal Render Installer"
+    Set-Location -Path "RoyalRender*\RoyalRender*"
+    $installFile = "rrSetup_win.exe"
+    #Start-Process -FilePath .\$installFile -ArgumentList "" -Wait -RedirectStandardOutput "rr-installer.output.txt" -RedirectStandardError "rr-installer.error.txt"
+    Write-Host "Customize (End): Royal Render Installer"

-  Write-Host "Customize (Start): Deadline Client"
-  netsh advfirewall firewall add rule name="Allow Deadline Worker" dir=in action=allow program="$schedulerPath\deadlineworker.exe"
-  netsh advfirewall firewall add rule name="Allow Deadline Monitor" dir=in action=allow program="$schedulerPath\deadlinemonitor.exe"
-  netsh advfirewall firewall add rule name="Allow Deadline Launcher" dir=in action=allow program="$schedulerPath\deadlinelauncher.exe"
-  Set-Location -Path "Deadline*"
-  $installFile = "DeadlineClient-$schedulerVersion-windows-installer.exe"
-  $installArgs = "--mode unattended"
-  if ($machineType -eq "Scheduler") {
-    $installArgs = "$installArgs --slavestartup false --launcherservice false"
-  } else {
-    if ($machineType -eq "Farm") {
-      $workerStartup = "true"
-    } else {
-      $workerStartup = "false"
+    Set-Location -Path $schedulerPath
+    if ($machineType -eq "Scheduler") {
+      Write-Host "Customize (Start): Royal Render Server"
+
+      Write-Host "Customize (End): Royal Render Server"
    }
-    $installArgs = "$installArgs --slavestartup $workerStartup --launcherservice true"
+
+    Write-Host "Customize (Start): Royal Render Client"
+
+    Write-Host "Customize (End): Royal Render Client"
+    Set-Location -Path $binDirectory
+  }
+  "Deadline" {
+    Write-Host "Customize (Start): Deadline Download"
+    $installFile = "Deadline-$schedulerVersion-windows-installers.zip"
+    $downloadUrl = "$storageContainerUrl/Deadline/$schedulerVersion/$installFile$storageContainerSas"
+    (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
+    Expand-Archive -Path $installFile
+    Write-Host "Customize (End): Deadline Download"
+
+    if ($machineType -eq "Scheduler") {
+      Write-Host "Customize (Start): Deadline Repository"
+      netsh advfirewall firewall add rule name="Allow Mongo Database" dir=in action=allow protocol=TCP localport=27100
+      Set-Location -Path "Deadline*"
+      $installFile = "DeadlineRepository-$schedulerVersion-windows-installer.exe"
+      Start-Process -FilePath $installFile -ArgumentList "--mode unattended --dbLicenseAcceptance accept --installmongodb true --mongodir $schedulerDatabasePath --prefix $schedulerRepositoryPath" -Wait
+      Move-Item -Path $env:TMP\bitrock_installer.log -Destination $binDirectory\bitrock_installer_server.log
+      Copy-Item -Path $schedulerDatabasePath\certs\$schedulerCertificateFile -Destination $schedulerRepositoryPath\$schedulerCertificateFile
+      New-NfsShare -Name "DeadlineRepository" -Path $schedulerRepositoryPath -Permission ReadWrite
+      Set-Location -Path $binDirectory
+      Write-Host "Customize (End): Deadline Repository"
+    }
+
+    Write-Host "Customize (Start): Deadline Client"
+    netsh advfirewall firewall add rule name="Allow Deadline Worker" dir=in action=allow program="$schedulerPath\deadlineworker.exe"
+    netsh advfirewall firewall add rule name="Allow Deadline Monitor" dir=in action=allow program="$schedulerPath\deadlinemonitor.exe"
+    netsh advfirewall firewall add rule name="Allow Deadline Launcher" dir=in action=allow program="$schedulerPath\deadlinelauncher.exe"
+    Set-Location -Path "Deadline*"
+    $installFile = "DeadlineClient-$schedulerVersion-windows-installer.exe"
+    $installArgs = "--mode unattended"
+    if ($machineType -eq "Scheduler") {
+      $installArgs = "$installArgs --slavestartup false --launcherservice false"
+    } else {
+      if ($machineType -eq "Farm") {
+        $workerStartup = "true"
+      } else {
+        $workerStartup = "false"
+      }
+      $installArgs = "$installArgs --slavestartup $workerStartup --launcherservice true"
+    }
+    Start-Process -FilePath $installFile -ArgumentList $installArgs -Wait
+    Move-Item -Path $env:TMP\bitrock_installer.log -Destination $binDirectory\bitrock_installer_client.log
+    Start-Process -FilePath "$schedulerPath\deadlinecommand.exe" -ArgumentList "-ChangeRepositorySkipValidation Direct $schedulerRepositoryLocalMount $schedulerRepositoryCertificate ''" -Wait
+    Set-Location -Path $binDirectory
+    Write-Host "Customize (End): Deadline Client"
  }
-  Start-Process -FilePath $installFile -ArgumentList $installArgs -Wait
-  Move-Item -Path $env:TMP\bitrock_installer.log -Destination $binDirectory\bitrock_installer_client.log
-  Start-Process -FilePath "$schedulerPath\deadlinecommand.exe" -ArgumentList "-ChangeRepositorySkipValidation Direct $schedulerRepositoryLocalMount $schedulerRepositoryCertificate ''" -Wait
-  Set-Location -Path $binDirectory
-  Write-Host "Customize (End): Deadline Client"
 }

 if ($renderEngines -contains "Blender") {
@ -197,7 +233,7 @@ if ($renderEngines -contains "Blender") {
  $versionInfo = "3.3.1"
  $installFile = "blender-$versionInfo-windows-x64.msi"
  $downloadUrl = "$storageContainerUrl/Blender/$versionInfo/$installFile$storageContainerSas"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  Start-Process -FilePath "msiexec.exe" -ArgumentList ('/i ' + $installFile + ' INSTALL_ROOT="' + $rendererPathBlender + '" /quiet /norestart') -Wait
  Write-Host "Customize (End): Blender"
 }
@ -226,15 +262,15 @@ if ($renderEngines -contains "PBRT.Moana") {
  New-Item -ItemType Directory -Path $dataDirectory -Force
  $installFile = "island-basepackage-v1.1.tgz"
  $downloadUrl = "$storageContainerUrl/PBRT/$dataDirectory/$installFile$storageContainerSas"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  tar -xzf $installFile -C $dataDirectory
  $installFile = "island-pbrt-v1.1.tgz"
  $downloadUrl = "$storageContainerUrl/PBRT/$dataDirectory/$installFile$storageContainerSas"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  tar -xzf $installFile -C $dataDirectory
  $installFile = "island-pbrtV4-v2.0.tgz"
  $downloadUrl = "$storageContainerUrl/PBRT/$dataDirectory/$installFile$storageContainerSas"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  tar -xzf $installFile -C $dataDirectory
  Write-Host "Customize (End): PBRT (Moana Island)"
 }
@ -243,7 +279,7 @@ if ($renderEngines -contains "Unity") {
  Write-Host "Customize (Start): Unity"
  $installFile = "UnityHubSetup.exe"
  $downloadUrl = "https://public-cdn.cloud.unity3d.com/hub/prod/$installFile"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  Start-Process -FilePath $installFile -ArgumentList "/S" -Wait
  Write-Host "Customize (End): Unity"
 }
@ -256,7 +292,7 @@ if ($renderEngines -contains "Unreal") {
  Start-Process -FilePath $installFile -ArgumentList "/Enable-Feature /FeatureName:$featureName /Online /All /NoRestart" -Wait -Verb RunAs
  $installFile = "UnrealEngine-5.1.zip"
  $downloadUrl = "$storageContainerUrl/Unreal/$installFile$storageContainerSas"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  Expand-Archive -Path $installFile
  New-Item -ItemType Directory -Path "$rendererPathUnreal" -Force
  Move-Item -Path "Unreal*\Unreal*\*" -Destination "$rendererPathUnreal"
@ -288,7 +324,7 @@ if ($renderEngines -contains "Unreal.PixelStream") {
  Write-Host "Customize (Start): Unreal Pixel Streaming"
  $installFile = "PixelStreamingInfrastructure-UE5.1.zip"
  $downloadUrl = "$storageContainerUrl/Unreal/$installFile$storageContainerSas"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  Expand-Archive -Path $installFile
  New-Item -ItemType Directory -Path "$rendererPathUnrealStream" -Force
  Move-Item -Path "PixelStreaming*\PixelStreaming*\*" -Destination "$rendererPathUnrealStream"
@ -322,7 +358,7 @@ if ($machineType -eq "Workstation") {
  $versionInfo = "22.09.2"
  $installFile = "pcoip-agent-graphics_$versionInfo.exe"
  $downloadUrl = "$storageContainerUrl/Teradici/$versionInfo/$installFile$storageContainerSas"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  Start-Process -FilePath $installFile -ArgumentList "/S /NoPostReboot /Force" -Wait
  Write-Host "Customize (End): Teradici PCoIP"

@ -330,17 +366,17 @@ if ($machineType -eq "Workstation") {
  $versionInfo = "5.02.00"
  $installFile = "vray-benchmark-$versionInfo.exe"
  $downloadUrl = "$storageContainerUrl/VRay/Benchmark/$versionInfo/$installFile$storageContainerSas"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  $installFile = "vray-benchmark-$versionInfo-cli.exe"
  $downloadUrl = "$storageContainerUrl/VRay/Benchmark/$versionInfo/$installFile$storageContainerSas"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  Write-Host "Customize (End): V-Ray Benchmark"

  Write-Host "Customize (Start): Cinebench"
  $versionInfo = "R23"
  $installFile = "Cinebench$versionInfo.zip"
  $downloadUrl = "$storageContainerUrl/Cinebench/$versionInfo/$installFile$storageContainerSas"
-  Invoke-WebRequest -Uri $downloadUrl -OutFile $installFile -UseBasicParsing
+  (New-Object System.Net.WebClient).DownloadFile($downloadUrl, $pwd.Path + "\" + $installFile)
  Expand-Archive -Path $installFile
  Write-Host "Customize (End): Cinebench"

--- a/src/terraform/examples/e2e/5.compute.image/customize.sh
+++ b/src/terraform/examples/e2e/5.compute.image/customize.sh
@ -39,14 +39,14 @@ if [[ $gpuPlatform == *GRID* ]]; then
  downloadUrl="https://go.microsoft.com/fwlink/?linkid=874272"
  curl -o $installFile -L $downloadUrl
  chmod +x $installFile
-  ./$installFile -s 1> nvidia-grid.output.txt 2> nvidia-grid.error.txt
+  ./$installFile -s 1> "nvidia-grid.output.txt" 2> "nvidia-grid.error.txt"
  echo "Customize (End): NVIDIA GPU (GRID)"
 fi

 if [[ $gpuPlatform == *CUDA* ]] || [[ $gpuPlatform == *CUDA.OptiX* ]]; then
  echo "Customize (Start): NVIDIA GPU (CUDA)"
  dnf config-manager --add-repo https://developer.download.nvidia.com/compute/cuda/repos/rhel9/x86_64/cuda-rhel9.repo
-  dnf -y install cuda 1> nvidia-cuda.output.txt 2> nvidia-cuda.error.txt
+  dnf -y install cuda 1> "nvidia-cuda.output.txt" 2> "nvidia-cuda.error.txt"
  echo "Customize (End): NVIDIA GPU (CUDA)"
 fi

@ -59,15 +59,15 @@ if [[ $gpuPlatform == *CUDA.OptiX* ]]; then
  chmod +x $installFile
  sdkDirectory="nvidia-optix"
  mkdir $sdkDirectory
-  ./$installFile --skip-license --prefix="$binDirectory/$sdkDirectory" 1> nvidia-optix.output.txt 2> nvidia-optix.error.txt
+  ./$installFile --skip-license --prefix="$binDirectory/$sdkDirectory" 1> "nvidia-optix.output.txt" 2> "nvidia-optix.error.txt"
  dnf -y install mesa-libGL-devel
  dnf -y install libXrandr-devel
  dnf -y install libXinerama-devel
  dnf -y install libXcursor-devel
  buildDirectory="$binDirectory/$sdkDirectory/build"
  mkdir $buildDirectory
-  cmake -B $buildDirectory -S $binDirectory/$sdkDirectory/SDK 1> nvidia-optix-cmake.output.txt 2> nvidia-optix-cmake.error.txt
-  make -j -C $buildDirectory 1> nvidia-optix-make.output.txt 2> nvidia-optix-make.error.txt
+  cmake -B $buildDirectory -S $binDirectory/$sdkDirectory/SDK 1> "nvidia-optix-cmake.output.txt" 2> "nvidia-optix-cmake.error.txt"
+  make -j -C $buildDirectory 1> "nvidia-optix-make.output.txt" 2> "nvidia-optix-make.error.txt"
  binPaths="$binPaths:$buildDirectory/bin"
  echo "Customize (End): NVIDIA GPU (OptiX)"
 fi
@ -79,9 +79,11 @@ if [ $machineType == "Scheduler" ]; then
  dnf -y install azure-cli
  echo "Customize (End): Azure CLI"

-  echo "Customize (Start): NFS Server"
-  systemctl --now enable nfs-server
-  echo "Customize (End): NFS Server"
+  if [ $renderManager == "Deadline" ]; then
+    echo "Customize (Start): NFS Server"
+    systemctl --now enable nfs-server
+    echo "Customize (End): NFS Server"
+  fi

  echo "Customize (Start): CycleCloud"
  cycleCloudPath="/usr/local/cyclecloud"
@ -130,18 +132,24 @@ if [ $machineType == "Scheduler" ]; then
  echo "Customize (End): CycleCloud"
 fi

-if [ $renderManager == "Deadline" ]; then
-  schedulerVersion="10.1.23.6"
-  schedulerPath="/opt/Thinkbox/Deadline10/bin"
-  schedulerDatabaseHost="$(hostname)"
-  schedulerDatabasePort="27017"
-  schedulerRepositoryPath="/DeadlineRepository"
-  schedulerCertificateName="Deadline"
-  schedulerCertificateFile="$schedulerCertificateName.pfx"
-  schedulerRepositoryLocalMount="/mnt/scheduler"
-  schedulerRepositoryCertificate="$schedulerRepositoryLocalMount/$schedulerCertificateFile"
-  binPaths="$binPaths:$schedulerPath"
-fi
+case $renderManager in
+  "RoyalRender")
+    schedulerVersion="8.4.02"
+    schedulerPath="/opt/RoyalRender"
+    ;;
+  "Deadline")
+    schedulerVersion="10.2.0.8"
+    schedulerPath="/opt/Thinkbox/Deadline10/bin"
+    schedulerDatabaseHost="$(hostname)"
+    schedulerDatabasePort="27017"
+    schedulerRepositoryPath="/DeadlineRepository"
+    schedulerCertificateName="Deadline"
+    schedulerCertificateFile="$schedulerCertificateName.pfx"
+    schedulerRepositoryLocalMount="/mnt/scheduler"
+    schedulerRepositoryCertificate="$schedulerRepositoryLocalMount/$schedulerCertificateFile"
+    ;;
+esac
+binPaths="$binPaths:$schedulerPath"

 rendererPathBlender="/usr/local/blender3"
 rendererPathPBRT3="/usr/local/pbrt/v3"
@ -157,84 +165,117 @@ if [[ $renderEngines == *Unreal* ]]; then
 fi
 echo "PATH=$PATH$binPaths" > /etc/profile.d/aaa.sh

-if [ $renderManager == "Deadline" ]; then
-  echo "Customize (Start): Deadline Download"
-  installFile="Deadline-$schedulerVersion-linux-installers.tar"
-  downloadUrl="$storageContainerUrl/Deadline/$schedulerVersion/$installFile$storageContainerSas"
-  curl -o $installFile -L $downloadUrl
-  tar -xzf $installFile
-  echo "Customize (End): Deadline Download"
-
-  if [ $machineType == "Scheduler" ]; then
-    echo "Customize (Start): OpenSSL Certificates"
-    pip install pyOpenSSL
-    installFile="SSLGeneration-master.zip"
-    downloadUrl="$storageContainerUrl/Deadline/$installFile$storageContainerSas"
+case $renderManager in
+  "RoyalRender")
+    echo "Customize (Start): Royal Render Download"
+    installFile="RoyalRender__${schedulerVersion}__installer.zip"
+    downloadUrl="$storageContainerUrl/RoyalRender/$schedulerVersion/$installFile$storageContainerSas"
    curl -o $installFile -L $downloadUrl
    unzip -q $installFile
-    cd "SSLGeneration-master"
-    schedulerCertificateOrg="Azure"
-    schedulerCertificateOrgUnit="HPCRender"
-    python ssl_gen.py --cert-org $schedulerCertificateOrg --cert-ou $schedulerCertificateOrgUnit --ca
-    python ssl_gen.py --cert-name $schedulerCertificateName --server
-    python ssl_gen.py --cert-name $schedulerCertificateName --client
-    python ssl_gen.py --cert-name $schedulerCertificateName --pfx
-    cd "keys"
-    schedulerCertificateKeyFile="$(pwd)/$schedulerCertificateName.pem"
-    schedulerCertificateAuthorityFile="$(pwd)/ca.crt"
-    cat $schedulerCertificateName.crt > $schedulerCertificateKeyFile
-    cat $schedulerCertificateName.key >> $schedulerCertificateKeyFile
-    mkdir -p $schedulerRepositoryPath
-    cp $schedulerCertificateFile $schedulerRepositoryPath/$schedulerCertificateFile
-    chmod +r $schedulerRepositoryPath/$schedulerCertificateFile
+    echo "Customize (End): Royal Render Download"
+
+    echo "Customize (Start): Royal Render Installer"
+    dnf -y install fontconfig
+    dnf -y install libXrender
+    dnf -y install libXext
+    cd "RoyalRender__${schedulerVersion}__installer"
+    installFile="rrSetup_linux"
+    chmod +x $installFile
+    mkdir $schedulerPath
+    ./$installFile -console -rrRoot $schedulerPath 1> "rr-installer.output.txt" 2> "rr-installer.error.txt"
+    echo "Customize (End): Royal Render Installer"
+
+    cd $schedulerPath
+    if [ $machineType == "Scheduler" ]; then
+      echo "Customize (Start): Royal Render Server"
+
+      echo "Customize (End): Royal Render Server"
+    fi
+
+    echo "Customize (Start): Royal Render Client"
+
+    echo "Customize (End): Royal Render Client"
    cd $binDirectory
-    echo "Customize (End): OpenSSL Certificates"
+    ;;
+  "Deadline")
+    echo "Customize (Start): Deadline Download"
+    installFile="Deadline-$schedulerVersion-linux-installers.tar"
+    downloadUrl="$storageContainerUrl/Deadline/$schedulerVersion/$installFile$storageContainerSas"
+    curl -o $installFile -L $downloadUrl
+    tar -xzf $installFile
+    echo "Customize (End): Deadline Download"

-    echo "Customize (Start): Mongo DB"
-    mongoDbRepoPath="/etc/yum.repos.d/mongodb.repo"
-    echo "[mongodb-org-4.2]" > $mongoDbRepoPath
-    echo "name=MongoDB" >> $mongoDbRepoPath
-    echo "baseurl=https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.2/x86_64/" >> $mongoDbRepoPath
-    echo "gpgcheck=1" >> $mongoDbRepoPath
-    echo "enabled=1" >> $mongoDbRepoPath
-    echo "gpgkey=https://www.mongodb.org/static/pgp/server-4.2.asc" >> $mongoDbRepoPath
-    dnf -y install mongodb-org
-    sed -i 's/bindIp: 127.0.0.1/bindIp: 0.0.0.0/' /etc/mongod.conf
-    # sed -i "/bindIp: 0.0.0.0/a\  tls:" /etc/mongod.conf
-    # sed -i "/tls:/a\    mode: requireTLS" /etc/mongod.conf
-    # sed -i "/mode: requireTLS/a\    certificateKeyFile: $schedulerCertificateKeyFile" /etc/mongod.conf
-    # sed -i "/certificateKeyFile:/a\    CAFile: $schedulerCertificateAuthorityFile" /etc/mongod.conf
-    # sed -i 's/#security:/security:/' /etc/mongod.conf
-    # sed -i "/security:/a\  authorization: enabled" /etc/mongod.conf
-    systemctl enable mongod
-    systemctl start mongod
-    echo "Customize (End): Mongo DB"
+    if [ $machineType == "Scheduler" ]; then
+      echo "Customize (Start): OpenSSL Certificates"
+      pip install pyOpenSSL
+      installFile="SSLGeneration-master.zip"
+      downloadUrl="$storageContainerUrl/Deadline/$installFile$storageContainerSas"
+      curl -o $installFile -L $downloadUrl
+      unzip -q $installFile
+      cd "SSLGeneration-master"
+      schedulerCertificateOrg="Azure"
+      schedulerCertificateOrgUnit="HPCRender"
+      python ssl_gen.py --cert-org $schedulerCertificateOrg --cert-ou $schedulerCertificateOrgUnit --ca
+      python ssl_gen.py --cert-name $schedulerCertificateName --server
+      python ssl_gen.py --cert-name $schedulerCertificateName --client
+      python ssl_gen.py --cert-name $schedulerCertificateName --pfx
+      cd "keys"
+      schedulerCertificateKeyFile="$(pwd)/$schedulerCertificateName.pem"
+      schedulerCertificateAuthorityFile="$(pwd)/ca.crt"
+      cat $schedulerCertificateName.crt > $schedulerCertificateKeyFile
+      cat $schedulerCertificateName.key >> $schedulerCertificateKeyFile
+      mkdir -p $schedulerRepositoryPath
+      cp $schedulerCertificateFile $schedulerRepositoryPath/$schedulerCertificateFile
+      chmod +r $schedulerRepositoryPath/$schedulerCertificateFile
+      cd $binDirectory
+      echo "Customize (End): OpenSSL Certificates"

-    echo "Customize (Start): Deadline Repository"
-    installFile="DeadlineRepository-$schedulerVersion-linux-x64-installer.run"
-    # ./$installFile --mode unattended --dbLicenseAcceptance accept --dbauth true --dbssl true --dbclientcert $schedulerRepositoryPath/$schedulerCertificateFile --dbhost $schedulerDatabaseHost --dbport $schedulerDatabasePort --prefix $schedulerRepositoryPath
-    ./$installFile --mode unattended --dbLicenseAcceptance accept --dbhost $schedulerDatabaseHost --dbport $schedulerDatabasePort --prefix $schedulerRepositoryPath
-    mv /tmp/bitrock_installer.log $binDirectory/bitrock_installer_server.log
-    echo "$schedulerRepositoryPath *(rw,no_root_squash)" >> /etc/exports
-    exportfs -a
-    echo "Customize (End): Deadline Repository"
-  fi
+      echo "Customize (Start): Mongo DB"
+      mongoDbRepoPath="/etc/yum.repos.d/mongodb.repo"
+      echo "[mongodb-org-4.4]" > $mongoDbRepoPath
+      echo "name=MongoDB" >> $mongoDbRepoPath
+      echo "baseurl=https://repo.mongodb.org/yum/redhat/8/mongodb-org/4.4/x86_64/" >> $mongoDbRepoPath
+      echo "gpgcheck=1" >> $mongoDbRepoPath
+      echo "enabled=1" >> $mongoDbRepoPath
+      echo "gpgkey=https://www.mongodb.org/static/pgp/server-4.4.asc" >> $mongoDbRepoPath
+      dnf -y install mongodb-org
+      sed -i 's/bindIp: 127.0.0.1/bindIp: 0.0.0.0/' /etc/mongod.conf
+      # sed -i "/bindIp: 0.0.0.0/a\  tls:" /etc/mongod.conf
+      # sed -i "/tls:/a\    mode: requireTLS" /etc/mongod.conf
+      # sed -i "/mode: requireTLS/a\    certificateKeyFile: $schedulerCertificateKeyFile" /etc/mongod.conf
+      # sed -i "/certificateKeyFile:/a\    CAFile: $schedulerCertificateAuthorityFile" /etc/mongod.conf
+      # sed -i 's/#security:/security:/' /etc/mongod.conf
+      # sed -i "/security:/a\  authorization: enabled" /etc/mongod.conf
+      systemctl enable mongod
+      systemctl start mongod
+      echo "Customize (End): Mongo DB"

-  echo "Customize (Start): Deadline Client"
-  installFile="DeadlineClient-$schedulerVersion-linux-x64-installer.run"
-  installArgs="--mode unattended"
-  if [ $machineType == "Scheduler" ]; then
-    installArgs="$installArgs --slavestartup false --launcherdaemon false"
-  else
-    [ $machineType == "Farm" ] && workerStartup=true || workerStartup=false
-    installArgs="$installArgs --slavestartup $workerStartup --launcherdaemon true"
-  fi
-  ./$installFile $installArgs
-  mv /tmp/bitrock_installer.log $binDirectory/bitrock_installer_client.log
-  # $schedulerPath/deadlinecommand -ChangeRepositorySkipValidation Direct $schedulerRepositoryLocalMount $schedulerRepositoryCertificate ""
-  $schedulerPath/deadlinecommand -ChangeRepositorySkipValidation Direct $schedulerRepositoryLocalMount
-  echo "Customize (End): Deadline Client"
-fi
+      echo "Customize (Start): Deadline Repository"
+      installFile="DeadlineRepository-$schedulerVersion-linux-x64-installer.run"
+      # ./$installFile --mode unattended --dbLicenseAcceptance accept --dbauth true --dbssl true --dbclientcert $schedulerRepositoryPath/$schedulerCertificateFile --dbhost $schedulerDatabaseHost --dbport $schedulerDatabasePort --prefix $schedulerRepositoryPath
+      ./$installFile --mode unattended --dbLicenseAcceptance accept --dbhost $schedulerDatabaseHost --dbport $schedulerDatabasePort --prefix $schedulerRepositoryPath
+      mv /tmp/bitrock_installer.log $binDirectory/bitrock_installer_server.log
+      echo "$schedulerRepositoryPath *(rw,no_root_squash)" >> /etc/exports
+      exportfs -a
+      echo "Customize (End): Deadline Repository"
+    fi
+
+    echo "Customize (Start): Deadline Client"
+    installFile="DeadlineClient-$schedulerVersion-linux-x64-installer.run"
+    installArgs="--mode unattended"
+    if [ $machineType == "Scheduler" ]; then
+      installArgs="$installArgs --slavestartup false --launcherdaemon false"
+    else
+      [ $machineType == "Farm" ] && workerStartup=true || workerStartup=false
+      installArgs="$installArgs --slavestartup $workerStartup --launcherdaemon true"
+    fi
+    ./$installFile $installArgs
+    mv /tmp/bitrock_installer.log $binDirectory/bitrock_installer_client.log
+    # $schedulerPath/deadlinecommand -ChangeRepositorySkipValidation Direct $schedulerRepositoryLocalMount $schedulerRepositoryCertificate ""
+    $schedulerPath/deadlinecommand -ChangeRepositorySkipValidation Direct $schedulerRepositoryLocalMount
+    echo "Customize (End): Deadline Client"
+    ;;
+esac

 if [[ $renderEngines == *Blender* ]]; then
  echo "Customize (Start): Blender"
@ -256,10 +297,10 @@ fi
 if [[ $renderEngines == *PBRT* ]]; then
  echo "Customize (Start): PBRT v3"
  versionInfo="v3"
-  git clone --recursive https://github.com/mmp/pbrt-$versionInfo.git 1> pbrt-$versionInfo-git.output.txt 2> pbrt-$versionInfo-git.error.txt
+  git clone --recursive https://github.com/mmp/pbrt-$versionInfo.git 1> "pbrt-$versionInfo-git.output.txt" 2> "pbrt-$versionInfo-git.error.txt"
  mkdir -p $rendererPathPBRT3
-  cmake -B $rendererPathPBRT3 -S $binDirectory/pbrt-$versionInfo 1> pbrt-$versionInfo-cmake.output.txt 2> pbrt-$versionInfo-cmake.error.txt
-  make -j -C $rendererPathPBRT3 1> pbrt-$versionInfo-make.output.txt 2> pbrt-$versionInfo-make.error.txt
+  cmake -B $rendererPathPBRT3 -S $binDirectory/pbrt-$versionInfo 1> "pbrt-$versionInfo-cmake.output.txt" 2> "pbrt-$versionInfo-cmake.error.txt"
+  make -j -C $rendererPathPBRT3 1> "pbrt-$versionInfo-make.output.txt" 2> "pbrt-$versionInfo-make.error.txt"
  ln -s $rendererPathPBRT3/pbrt /usr/bin/pbrt3
  echo "Customize (End): PBRT v3"

@ -270,10 +311,10 @@ if [[ $renderEngines == *PBRT* ]]; then
  dnf -y install libXcursor-devel
  dnf -y install libXi-devel
  versionInfo="v4"
-  git clone --recursive https://github.com/mmp/pbrt-$versionInfo.git 1> pbrt-$versionInfo-git.output.txt 2> pbrt-$versionInfo-git.error.txt
+  git clone --recursive https://github.com/mmp/pbrt-$versionInfo.git 1> "pbrt-$versionInfo-git.output.txt" 2> "pbrt-$versionInfo-git.error.txt"
  mkdir -p $rendererPathPBRT4
-  cmake -B $rendererPathPBRT4 -S $binDirectory/pbrt-$versionInfo 1> pbrt-$versionInfo-cmake.output.txt 2> pbrt-$versionInfo-cmake.error.txt
-  make -j -C $rendererPathPBRT4 1> pbrt-$versionInfo-make.output.txt 2> pbrt-$versionInfo-make.error.txt
+  cmake -B $rendererPathPBRT4 -S $binDirectory/pbrt-$versionInfo 1> "pbrt-$versionInfo-cmake.output.txt" 2> "pbrt-$versionInfo-cmake.error.txt"
+  make -j -C $rendererPathPBRT4 1> "pbrt-$versionInfo-make.output.txt" 2> "pbrt-$versionInfo-make.error.txt"
  ln -s $rendererPathPBRT4/pbrt /usr/bin/pbrt4
  echo "Customize (End): PBRT v4"
 fi
@ -366,7 +407,7 @@ fi
 if [ $machineType == "Workstation" ]; then
  echo "Customize (Start): Desktop Environment"
  dnf config-manager --set-enabled crb
-  dnf -y groups install "KDE Plasma Workspaces" 1> kde.output.txt 2> kde.error.txt
+  dnf -y groups install "KDE Plasma Workspaces" 1> "kde.output.txt" 2> "kde.error.txt"
  echo "Customize (End): Desktop Environment"

  echo "Customize (Start): Teradici PCoIP"
@ -378,7 +419,7 @@ if [ $machineType == "Workstation" ]; then
  mkdir $installDirectory
  tar -xzf $installFile -C $installDirectory
  cd $installDirectory
-  ./install-pcoip-agent.sh pcoip-agent-graphics usb-vhci 1> pcoip.output.txt 2> pcoip.error.txt
+  ./install-pcoip-agent.sh "pcoip-agent-graphics usb-vhci" 1> "pcoip.output.txt" 2> "pcoip.error.txt"
  cd $installDirectory
  echo "Customize (End): Teradici PCoIP"

--- a/src/terraform/examples/e2e/5.compute.image/main.tf
+++ b/src/terraform/examples/e2e/5.compute.image/main.tf
@ -1,9 +1,9 @@
 terraform {
-  required_version = ">= 1.3.4"
+  required_version = ">= 1.3.5"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
-      version = "~>3.31.0"
+      version = "~>3.32.0"
    }
  }
  backend "azurerm" {
@ -404,7 +404,7 @@ resource "azurerm_resource_group_template_deployment" "image_builder" {
                    "inline": [
                      "[format('{0} {1}', concat(parameters('scriptFilePath'), parameters('imageTemplate').image.customizeScript), concat('-buildConfigEncoded ', base64(string(parameters('imageTemplate').build))))]"
                    ],
-                    "runElevated": "[if(equals(parameters('imageTemplate').build.machineType, 'Scheduler'), true(), false())]"
+                    "runElevated": "[if(and(equals(parameters('imageTemplate').build.renderManager, 'Deadline'), equals(parameters('imageTemplate').build.machineType, 'Scheduler')), true(), false())]"
                  }
                ]
              }
--- a/src/terraform/examples/e2e/6.compute.scheduler/main.tf
+++ b/src/terraform/examples/e2e/6.compute.scheduler/main.tf
@ -1,9 +1,9 @@
 terraform {
-  required_version = ">= 1.3.4"
+  required_version = ">= 1.3.5"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
-      version = "~>3.31.0"
+      version = "~>3.32.0"
    }
    azuread = {
      source  = "hashicorp/azuread"
@ -36,26 +36,6 @@ variable "resourceGroupName" {
  type = string
 }

-variable "batchAccount" {
-  type = object(
-    {
-      enable = bool
-      name   = string
-      storageAccount = object(
-        {
-          name              = string
-          resourceGroupName = string
-        }
-      )
-      encryption = object(
-        {
-          enable = bool
-        }
-      )
-    }
-  )
-}
-
 variable "virtualMachines" {
  type = list(object(
    {
@ -128,6 +108,26 @@ variable "virtualMachines" {
  ))
 }

+variable "batchAccount" {
+  type = object(
+    {
+      enable = bool
+      name   = string
+      storageAccount = object(
+        {
+          name              = string
+          resourceGroupName = string
+        }
+      )
+      encryption = object(
+        {
+          enable = bool
+        }
+      )
+    }
+  )
+}
+
 variable "computeNetwork" {
  type = object(
    {
@ -224,17 +224,17 @@ data "azuread_service_principal" "batch" {
 locals {
  stateExistsNetwork     = try(length(data.terraform_remote_state.network.outputs) >= 0, false)
  stateExistsImage       = try(length(data.terraform_remote_state.image.outputs) >= 0, false)
-  imageGalleryName       = !local.stateExistsImage ? var.computeGallery.name : data.terraform_remote_state.image.outputs.imageGallery.name
-  imageResourceGroupName = !local.stateExistsImage ? var.computeGallery.resourceGroupName : data.terraform_remote_state.image.outputs.resourceGroupName
+  imageGalleryName       = !local.stateExistsImage ? var.computeGallery.name : try(data.terraform_remote_state.image.outputs.imageGallery.name, "")
+  imageResourceGroupName = !local.stateExistsImage ? var.computeGallery.resourceGroupName : try(data.terraform_remote_state.image.outputs.resourceGroupName, "")
  imageVersionIdDefault  = !local.stateExistsImage ? var.computeGallery.imageVersionIdDefault : "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${local.imageResourceGroupName}/providers/Microsoft.Compute/galleries/${local.imageGalleryName}/images/Linux/versions/0.0.0"
  virtualMachinesLinux = [
    for virtualMachine in var.virtualMachines : merge(virtualMachine, {
      image = {
        id = virtualMachine.image.id
        plan = {
-          name      = lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].sku)
-          product   = lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].offer)
-          publisher = lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].publisher)
+          name      = try(lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].sku), "")
+          product   = try(lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].offer), "")
+          publisher = try(lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].publisher), "")
        }
      }
    }) if virtualMachine.operatingSystem.type == "Linux"
@ -249,47 +249,9 @@ resource "azurerm_resource_group" "scheduler" {
  location = module.global.regionName
 }

-resource "azurerm_role_assignment" "batch" {
-  count                = var.batchAccount.enable ? 1 : 0
-  role_definition_name = "Contributor"
-  principal_id         = data.azuread_service_principal.batch.object_id
-  scope                = "/subscriptions/${data.azurerm_client_config.current.subscription_id}"
-}
-
-resource "azurerm_batch_account" "scheduler" {
-  count                               = var.batchAccount.enable ? 1 : 0
-  name                                = var.batchAccount.name
-  resource_group_name                 = azurerm_resource_group.scheduler.name
-  location                            = azurerm_resource_group.scheduler.location
-  storage_account_id                  = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.batchAccount.storageAccount.resourceGroupName}/providers/Microsoft.Storage/storageAccounts/${var.batchAccount.storageAccount.name}"
-  storage_account_node_identity       = data.azurerm_user_assigned_identity.solution.id
-  storage_account_authentication_mode = "BatchAccountManagedIdentity"
-  pool_allocation_mode                = "UserSubscription"
-  public_network_access_enabled       = false
-  allowed_authentication_modes = [
-    "AAD",
-    "TaskAuthenticationToken"
-  ]
-  identity {
-    type = "UserAssigned"
-    identity_ids = [
-      data.azurerm_user_assigned_identity.solution.id
-    ]
-  }
-  key_vault_reference {
-    id  = data.azurerm_key_vault.solution.id
-    url = data.azurerm_key_vault.solution.vault_uri
-  }
-  dynamic encryption {
-    for_each = var.batchAccount.encryption.enable ? [1] : [0]
-    content {
-      key_vault_key_id = data.azurerm_key_vault_key.batch_encryption.id
-    }
-  }
-  depends_on = [
-    azurerm_role_assignment.batch
-  ]
-}
+#########################################################################
+# Virtual Machines (https://learn.microsoft.com/azure/virtual-machines) #
+#########################################################################

 resource "azurerm_network_interface" "scheduler" {
  for_each = {
@ -303,6 +265,7 @@ resource "azurerm_network_interface" "scheduler" {
    subnet_id                     = data.azurerm_subnet.farm.id
    private_ip_address_allocation = "Dynamic"
  }
+  enable_accelerated_networking = true
 }

 resource "azurerm_linux_virtual_machine" "scheduler" {
@ -504,6 +467,10 @@ resource "azurerm_private_dns_a_record" "scheduler" {
  ]
 }

+######################################################################
+# CycleCloud (https://learn.microsoft.com/azure/cyclecloud/overview) #
+######################################################################
+
 resource "azurerm_role_assignment" "cycle_cloud" {
  for_each = {
    for virtualMachine in var.virtualMachines : virtualMachine.name => virtualMachine if virtualMachine.customExtension.parameters.cycleCloud.enable && !var.batchAccount.enable
@ -513,6 +480,52 @@ resource "azurerm_role_assignment" "cycle_cloud" {
  scope                = "/subscriptions/${data.azurerm_client_config.current.subscription_id}"
 }

+############################################################################
+# Batch (https://learn.microsoft.com/azure/batch/batch-technical-overview) #
+############################################################################
+
+resource "azurerm_role_assignment" "batch" {
+  count                = var.batchAccount.enable ? 1 : 0
+  role_definition_name = "Contributor"
+  principal_id         = data.azuread_service_principal.batch.object_id
+  scope                = "/subscriptions/${data.azurerm_client_config.current.subscription_id}"
+}
+
+resource "azurerm_batch_account" "scheduler" {
+  count                               = var.batchAccount.enable ? 1 : 0
+  name                                = var.batchAccount.name
+  resource_group_name                 = azurerm_resource_group.scheduler.name
+  location                            = azurerm_resource_group.scheduler.location
+  storage_account_id                  = "/subscriptions/${data.azurerm_client_config.current.subscription_id}/resourceGroups/${var.batchAccount.storageAccount.resourceGroupName}/providers/Microsoft.Storage/storageAccounts/${var.batchAccount.storageAccount.name}"
+  storage_account_node_identity       = data.azurerm_user_assigned_identity.solution.id
+  storage_account_authentication_mode = "BatchAccountManagedIdentity"
+  pool_allocation_mode                = "UserSubscription"
+  public_network_access_enabled       = false
+  allowed_authentication_modes = [
+    "AAD",
+    "TaskAuthenticationToken"
+  ]
+  identity {
+    type = "UserAssigned"
+    identity_ids = [
+      data.azurerm_user_assigned_identity.solution.id
+    ]
+  }
+  key_vault_reference {
+    id  = data.azurerm_key_vault.solution.id
+    url = data.azurerm_key_vault.solution.vault_uri
+  }
+  dynamic encryption {
+    for_each = var.batchAccount.encryption.enable ? [1] : [0]
+    content {
+      key_vault_key_id = data.azurerm_key_vault_key.batch_encryption.id
+    }
+  }
+  depends_on = [
+    azurerm_role_assignment.batch
+  ]
+}
+
 output "resourceGroupName" {
  value = var.resourceGroupName
 }
--- a/src/terraform/examples/e2e/7.compute.farm/main.tf
+++ b/src/terraform/examples/e2e/7.compute.farm/main.tf
@ -1,9 +1,9 @@
 terraform {
-  required_version = ">= 1.3.4"
+  required_version = ">= 1.3.5"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
-      version = "~>3.31.0"
+      version = "~>3.32.0"
    }
  }
  backend "azurerm" {
@ -189,9 +189,9 @@ locals {
      image = {
        id = virtualMachineScaleSet.image.id
        plan = {
-          name      = lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].sku)
-          product   = lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].offer)
-          publisher = lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].publisher)
+          name      = try(lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].sku), "")
+          product   = try(lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].offer), "")
+          publisher = try(lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].publisher), "")
        }
      }
    }) if virtualMachineScaleSet.operatingSystem.type == "Linux"
@ -235,7 +235,7 @@ resource "azurerm_linux_virtual_machine_scale_set" "farm" {
      primary   = true
      subnet_id = data.azurerm_subnet.farm.id
    }
-    enable_accelerated_networking = false
+    enable_accelerated_networking = true
  }
  os_disk {
    storage_account_type = each.value.operatingSystem.disk.storageType
@ -352,6 +352,7 @@ resource "azurerm_windows_virtual_machine_scale_set" "farm" {
      primary   = true
      subnet_id = data.azurerm_subnet.farm.id
    }
+    enable_accelerated_networking = true
  }
  os_disk {
    storage_account_type = each.value.operatingSystem.disk.storageType
--- a/src/terraform/examples/e2e/8.compute.workstation/main.tf
+++ b/src/terraform/examples/e2e/8.compute.workstation/main.tf
@ -1,9 +1,9 @@
 terraform {
-  required_version = ">= 1.3.4"
+  required_version = ">= 1.3.5"
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
-      version = "~>3.31.0"
+      version = "~>3.32.0"
    }
  }
  backend "azurerm" {
@ -157,9 +157,9 @@ locals {
      image = {
        id = virtualMachine.image.id
        plan = {
-          name      = lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].sku)
-          product   = lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].offer)
-          publisher = lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].publisher)
+          name      = try(lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].sku), "")
+          product   = try(lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].offer), "")
+          publisher = try(lower(data.terraform_remote_state.image.outputs.imageDefinitionsLinux[0].publisher), "")
        }
      }
    }) if virtualMachine.operatingSystem.type == "Linux"
@ -183,6 +183,7 @@ resource "azurerm_network_interface" "workstation" {
    subnet_id                     = data.azurerm_subnet.workstation.id
    private_ip_address_allocation = "Dynamic"
  }
+  enable_accelerated_networking = true
 }

 resource "azurerm_linux_virtual_machine" "workstation" {