Operational processes for keeping your VDI or PVS gold image updated

I often get asked about “How do I keep my gold image update to date” in a VDI environment. Does not matter if we are talking about VMware View or Citrix XenDesktop, customers of both have similar questions. The fact is you work from some master image for these technologies and you need a good process for keeping them up to date and releasing new updates. So I have put together some thoughts on this and want to try and make this a collaborative effort. So if you have something that works for you share with others in the comments or get a message to me.

 

What needs to be done

There needs to be some form of cadence when you update an image so that things do not get missed. I don’t care if you have just one image or if you have multiple to keep updated, You’re going to miss things if you don’t have a process. So I’ve put together a list to start of what might need to be updated each time you do gold image maintenance.

  • Operating System patches
  • Application updates
  • Antivirus Definitions – there’s better ways than this :)
  • Add or remove applications
  • Version tracking

 

Gold Image updates

This is the part I would like to hear feedback from others on. These are the major steps that I think should be accounted for in image management. I’ve broken them down into steps and explained my thoughts on them.

Clone image – This seems pretty obvious but wanted to make sure it was clear. You could just update your existing image but I personally make a clone of the image and perform my updates on the new clone. This clone will ultimately become the new gold image once the updates are done. I do this rather than just updating the existing and continuing to add more and more snapshots to it. I tend to keep a few versions around in case I have to roll back and also keep additional older versions on some type of backup media.

OS updates – Also a bit of an assumption here but you need some regular schedule of OS patching. This might mesh with your normal desktop patching schedule or might be specific to this. But you need to set a schedule for performing these updates. You should know if it will be done once a month will you be applying all patches, what if something of high concern comes out and you are required to update in between your regular updates.

You might manually go in and run windows update manager or maybe you have a tool for this. I read a post from Sean Massey a VMUG member from Wisconsin that he came up with for using WSUS you can read here.

Application updates – Almost no customer can completely keep applications from being installed into their images. There are just some applications that work better in the image than being presented by other methods or being virtualized in some manner. You will either need to update these at the same time you are doing the other updates or have their own schedule. To cut down on your maintenance activities I would look at doing them all in the same window when possible.

Antivirus updates – I’m not a fan of installing AV products into your gold images but if you must than look for ways to optimize the process. Vendors like Symantec have guides for using their products in VDI environments that deal with how to install, update and setup scans. There should also be guidance around how you should be updating definitions and such. Do you leave auto updates on or just update in the image update process? This will help with operations and performance. The better way would be to adopt a AV product that can scan at the hypervisor level and utilize the vShield Endpoint features from VMware.

QA testing – So you have done all your updates are you going to just put that image back into service? Well some will but I would recommend that you spend time testing and putting the updated image through some type of QA process. At minimum I would create a check list of things that you can test the image against, maybe a list of web sites or running applications that are common in your environment. Don’t forget to do some basic user tasks like web browsing, flash, java etc. To accomplish this I would recommend you create a new temp desktop pool and use the updated image. This would allow you to test the image as it will be used by your customers, rather than just testing by using the VM directly.

Update tracker – So you’ve done all these updates now what? Well I bet by lunch you will have forgotten what you all updated. This means that you will need a method for tracking what was updated in the image. To accomplish this I think a few things need to be done. The first is come up with some type of version tracking for your gold images. I think something as simple as tracking versions works for most and incorporating them into the naming convention, examples below. Also to track version info I think you should incorporate the version number into the build in some method. I have seen customers add a registry key with the version info in it. This is a good idea because you can look at this if you need to confirm what version a user is running if needed.

  • windows7-gold-V3
  • gold-image-version5

The last part of tracking updates is some type of a change log or build sheet. When you make updates and changes I think you need a way to see what is in the current version being used and what was in previous versions. This would help in troubleshooting and also audits. A simple idea that I had was to create a spreadsheet for this tracking. I’ve created a simple Google doc that you can use as a starting point and build from for your environment. You can access the doc direct via this link.

 

Conclusion

To wrap things up these are a few of my thoughts on this. I’m sure others have some great ideas and if we share, this list can be updated and become a great resources for others to use.

 

 

 

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

Citrix Receiver for Apple Mac has arrived

You may not even know what Citrix Receiver for the Mac will do for you. But if you do then you are probably pretty happy today. So if you have a Bring your own computer program with Mac users or you would just like a more seamless process to run Windows apps on your Mac. Then this new receiver from Citrix will be worth testing.

So what does Citrix Receiver for Mac do? Well along with Citrix XenApp and Dazzle, you will be able to search for and run all of your favorite Windows apps as if they were locally installed on your Mac. You will be able to select your apps with Dazzle (kind of a iTunes looking enterprise app store), you can then launch your apps from the Applications folder. You can even drag those windows apps to the doc and run them from there.


About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

How to optimize Windows XP for XenDesktop

I found a new white paper released from Citrix today that talks about steps you can take to really optimize your XP images. Sure everyone thinks about things like turning off a few unused services, screen savers and power saving features. But this paper takes a deep dive into a list of settings that you can manually change and explains others that are available in the XenConvert optimizer tool from Citrix. Head on over to Citrix and grab the doc here.

  • Offers a better alternative than replacing the default user profile (which isn’t supported and doesn’t help for users that already have profiles)
  • Makes a distinction between private mode (1:1) and standard mode (1:many) desktops
  • Provides the actual registry keys/values for all optimizations (to ensure that all settings can be set by Group Policy or login scripts)
  • Gives best practices for optimizing the user profiles (like installing UPHclean)
  • Excludes configurations and steps that don’t help (like defragmenting a disk before performing a volume copy)
  • Details what registry changes are included in the XenConvert Optimizer tool (so you know what all those checkboxes are doing)

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

Read More

Microsoft VECD license is a total joke

For those of you that have taken a deep look into VDI or have deployed solutions you should be familar with the latest Microsoft trick to milk more cash from corporations. As far as I’m concerned this is a cheap way to charge more money for now added features and pad their pockets because they did not jump into the VDI game.

Ok to explain things a bit more. Basically Microsoft requires you to purchase your desktop license (XP/Win7) of course. But if you want to do a VDI solution using XenDesktop you mush also purchase a RS or terminal services license and a VECD license. This VECD is listed as needed if you wish to run a workstation OS in a data center. This license can cost from $23 to $100 plus depending on what your end point device is and if its covered under Software Assurance. This is all additional cost on top of the Citrix XenDesktop license that you need to purchase.

I was blown away when the Microsoft rep’s were explaining this to us in a recent call. And the fact they can tell people this with a straight face amazes me.

Read More