Single Image Management for Virtual Desktop Collections in Windows Server 2012

Single Image Management for Virtual Desktop Collections in Windows Server 2012

Rate This
  • Comments 23

Hi All,

My name is Ajay Kumar and I am a developer on the Remote Desktop Virtualization (RDV) team. In Windows Server 2012 (WS2012) we introduced a new feature for VDI deployments, which allows admins to automatically create multiple virtual machines (VMs) using a single image as input and deploy them as a virtual desktop collection. These virtual desktop collections, where VMs are automatically created by Remote Desktop Services (RDS) are referred to as managed virtual desktop collections.

In a previous blog post my colleague Omair Gillani has already demonstrated how an admin can create a Remote Desktop Services deployment and a managed virtual desktop collection using Windows PowerShell. In this blog post I will share some more details about managed virtual desktop collections and how an admin can use single Master VM to create and update hundreds of VMs in a managed virtual desktop collection (Single Image Management).

Master (Gold) VM in Managed Virtual Desktop Collections

A Master or Gold VM is formally referred to as “virtual desktop template” in the WS2012 Server Manager UI console and the cmdlets in Remote Desktop Services module for Windows PowerShell. It is an input to the managed virtual desktop collection creation process that allows an admin to manage a virtual desktop collection. The Master VM is created and managed by the admin and it specifies the hardware properties and software contents of all the automatically created VMs in that managed virtual desktop collection. For example, if the master VM is assigned 2GB of RAM, then each of the automatically created VMs in the managed virtual desktop collection will be assigned 2GB RAM.

In this section, I will describe the various supported options and requirements for the Master VM.

  1. Virtual Hard Disk
    1. The Master VM can only have one virtual hard disk (VHD) attached to it; more than one VHD attached to the Master VM is not supported.
    2. The VHD attached to the Master VM must have either a Windows 7 SP1 or Windows 8 image in sysprep generalized state.
    3. A diff disk chain attached to the Master VM as its VHD is supported.
    4. Although the VHD can have more than one logical partition defined in it, it can have only one Windows OS image installed in it.
  2. Memory: If the Master VM is configured with static memory, it must have at least 1024 MB as startup RAM. If the Master VM is configured with dynamic memory, the maximum RAM must be at least 1024 MB.
  3. Network: The Master VM must have a network adapter connected to a virtual switch on the hyper-V server.
  4. Snapshots on Master VM: A Master VM can have one or more snapshots. If there are multiple snapshots created on the Master VM, the current ("Now") state of the VM will be used to automatically create the VMs in a managed collection. This allows admins to manage the Master VM more efficiently. For example, an admin can take snapshot on the Master just before running sysprep generalize command and after the sysprep is complete, the Master VM can be used for creating a managed virtual desktop collection.
  5. Domain connectivity: Since the VMs in a managed collection are automatically joined to the specified domain, admins must ensure that the domain controller is reachable through the virtual switches on all the hyper-V servers.
  6. Export: During the managed virtual desktop collection creation process, the first step that Remote Desktop Services takes is to export the Master VM. This export process creates a copy of the Master VM's current h/w settings and the VHD attached to the Master VM at the admin specified storage location. The automatically created VMs and the VHDs attached to these VMs are based upon this copy of the Master VM. The original Master VM is never modified by Remote Desktop Services. Once the export process is complete, admin can continue using it.
  7. Two or more collections can share a Master VM. Each time a new collection is created or updated, the Master VM is exported again. So each managed collection has its own copy of a Master VM.

Rolling Out Updates to a Pooled Virtual Desktop Collection

To automatically update all the VMs in a pooled virtual desktop collection, the admin has to first apply the desired changes to the Master VM manually (for example, increase RAM from 1GB to 2GB or apply a software patch). Once the Master VM has been updated the admin can use either WS2012 Server Manager console or Windows PowerShell to push the updates to all the VMs in a pooled managed collection.

To update the VMs in a pooled virtual desktop collection using the WS2012 Server Manager console please follow these steps:

  1. Log on to the connection broker server as a domain user account which is also an admin on the connection broker server. Server Manager will start automatically. If it does not automatically start, click Start, type servermanager.exe, and then click Server Manager.
  2. In the left pane, click Remote Desktop Services, and then click Collections.
  3. Select the collection node to which you wish to roll out the update
  4. Click Tasks on Virtual Desktops list view, and then click Recreate All Virtual Desktops. This will launch the Recreate All Virtual Desktops wizard.
  5. Select the updated Master VM that you want to use to roll out the updates and click Next.
  6. Specify the User Logoff Policy and click Next.
  7. On the Confirmation page, click Create.

Here is an example of the Update-RDVirtualDesktopCollection cmdlet which can also be used to push updates to the VMs in a managed pooled virtual desktop collection:

PS C:\> import-module RemoteDesktop
PS C:\> $time = Get-Date 
PS C:\> Update-RDVirtualDesktopCollection -CollectionName MyPooledCollection -VirtualDesktopTemplateName masterVm -VirtualDesktopTemplateHostServer Host1.contoso.com -StartTime $time.AddDays(1) -ForceLogoffTime $time.AddDays(2)

During the update process, The Master VM is exported again and a new Master VM copy is created on the collection storage. All the VMs in the managed pooled virtual desktop collection are recreated by the Remote Desktop Services using the newer copy of the Master VM. Once the update process is complete and all the VMs in the collections have been successfully recreated, the Remote Desktop Services delete the old copy of the Master VM from the storage.

I would like to clarify that although a Master VM can be used to automatically create VMs in both types of collections (pooled and personal virtual desktop collections) but it can be used to update only the pooled virtual desktop collection VMs. Master VM cannot be used to push updates to existing VMs in a personal virtual desktop collection.

User Session Aware Update

The update process for managed pooled virtual desktop collection provides three options to the admin to decide when\how the updates will be applied to a managed pooled virtual desktop collection:

  1. Apply update gracefully in a time period
  2. Apply update forcefully now
  3. Apply update forcefully at a schedule time

If an admin selects the option a) and provides a time period, the update process for pooled virtual desktop becomes aware of the active user sessions on the VMs in the pooled virtual desktop collection. Only the unused VMs are updated during this time period. If a user logs off on his own before the end of the admin specified time period, the VM will be automatically queued up for the update process. At the end of the time period the users, which are still active on non-updated VMs, are forcefully logged off from the non-updated VMs and the update process for these remaining VMs will start.

All the VMs (updated\non-updated) in the collection are available for the user connections during this time period, except for the VMs on which update is in-progress.

In the previous section I have already given a PowerShell example for the option a). Here is a PowerShell example for the option b), which starts updating the VMs in the collection forcefully as soon as the Update-RDVirtualDesktopCollection cmdlet is executed:

PS C:\> import-module RemoteDesktop 
PS C:\> Update-RDVirtualDesktopCollection -CollectionName MyPooledCollection -VirtualDesktopTemplateName masterVm -VirtualDesktopTemplateHostServer Host1.contoso.com

Here is a PowerShell example for the option c), which starts updating the VMs in the collection forcefully at the specified time:

PS C:\> import-module RemoteDesktop 
PS C:\> $time = Get-Date 
PS C:\> Update-RDVirtualDesktopCollection -CollectionName MyPooledCollection -VirtualDesktopTemplateName masterVm -VirtualDesktopTemplateHostServer Host1.contoso.com -ForceLogoffTime $time.AddDays(2)

In all of the three examples above, the input values of cmdlet parameters -CollectionName, -VirtualDesktopTemplateName and –VirtualDesktopTemplateHostServer represent the variables that are specific to a deployment.

  • “MyCollectionName” is the name of the virtual desktop collection to which updates will be applied.
  • “masterVm” is the name of the Master VM which contains the updates.
  • “Host1.contoso.com” is the name of the hyper-V server that is hosting the Master VM named “masterVm”.

While trying these example cmdlets, please replace these names with the appropriate values in your deployment.

Summary

To summarize, the managed virtual desktop collections in WS2012 make it really easy for the admin to create and manage hundreds of VMs using a single Master VM as the template. In this blog post I have tried to describe the role of a Master VM in a managed virtual desktop collection and the supported options for a Master VM. I have also described how an admin can use Master VM to roll out updates to managed pooled virtual desktop collections. I hope you will find it useful while creating and updating VMs in your managed virtual desktop collections.

Looking forward to your questions and feedback,

-AJ

Leave a Comment
  • Please add 4 and 7 and type the answer here:
  • Post
  • great work beautifully documented.

    was a great help.

    Thanks :)

  • Great Article , Straight to the point .

    Thanks :) .

  • Ajay,

    I am having a problem with using Server 2012 Remote Desktop Services with Windows 8 Remote Desktops. It is an issue with the Windows Store not transfering between Virtual Desktops. I don't know if you can help or maybe direct me to another team at Microsoft.

    social.technet.microsoft.com/.../62599bb0-b0de-4b0a-89d6-f1d05c46bbd9

    Thanks,

    Stephen Dunfee

  • Hi Ajay,

    We are deploying VDI 2012 managed pooled for Windows 7/8.

    1. Do we need to activate the master gold template if we plan to use MAK key for virtual desktop? Which mean enter Windows activation key prior sysprep.

    2. Do we need to activate the master gold template if we plan to use KMS key for virtual desktop? Which mean enter Windows activation key prior sysprep.

    3. Refer to question #1, if we activate the Windows with MAK and sysprep in the master gold template. Does the pooled virtual desktop do need to perform Windows activation whenever user login since the pooled virtual desktop will roll back to initial clean stage?

    4. Refer to question #2, if we activate the Windows with KMS and sysprep in the master gold tempalte. Does the pooled virtual desktop do need to perform Windows activation whenever user login since the pooled virtual desktop will roll back to initial clean stage?

    Thanks.

  • Hi Ajay,

    5. On the user profile disk, noticed that the quota size cannot be modified(grey out) after the collection was created. Any way to change it? What will happen if the user hits the quota limit of user profile disk? Any alerts or warning notified user when hit the quota limit?

    6. Does the VDI desktop support 64 bits of Windows 7 SP1 and Windows 8?

    Thanks.

  • how about sysprep requirement everytime, after 3 rearm it does not allow to sysprep

  • @ Prasanta Kumar Panda:

    For Win8, you could sysprep the master\template VM any number of time; the rearm limit of 3 has been removed.

    For Win7, you could workaround the max rearm limit in two ways:

    1. As I have explained in the blog above ( #4 under "Master (Gold) VM in Managed Virtual Desktop Collections"), Take a snapshot on the master\template VM AFTER you are done installing patches\updates\applications and just BEFORE you are about to run sysprep. First take the snapshot and then run sysprep and then use the master VM to create\patch the virtual desktop collection. After the create\patch collection operation is complete, you could apply the snapshot on the master\template VM to revert it to the state it was in before the sysprep was executed and delete the snapshot. This last step will reset the rearm count to initial value in the master VM.

    2.  Run sysprep command with an unattend file which will cause rearm count not to increase.

    a. Configure skip rearm unattend setting as per: technet.microsoft.com/.../cc722350(v=ws.10).aspx

    b. Place the unattend file (e.g. see one attached from Rajesh) into some location c:\unattend.xml

    c. Run sysprep.exe /generalize /shutdown /oobe /mode:vm /unattend:C:\unattend.xml

    d. Then when you boot up this image again and it goes through specialize, it’s not going to use the rearm setting.

  • @VDI 2012:

    Regarding the activation, Windows Server 2012 VDI only support KMS activation method. You have to  activate the master\template VM with the Windows version specific KMS Key and make sure that your KMS Server is auto discoverable.

    The snapshot on the automatically created pooled collection VM is taken before KMS activation is initiated from the guest OS. So the KMS activation would take place only after user logs on. And if rollback is enabled, the pooled VM will rollback to clean state and may perform the windows activation again when any user logs on to the VM again.

    If rollback is not enabled on the collection then no snapshot is taken and the VM will activate only once. In this case it will only require activation again when the pooled collection VM is recreated with a patched master\template VM.

    There is no way to change the user profile disk size after pool creation and there are no alerts shown (to user or Admin). The user profile VHDs are "dynamic" VHDs which grows in size as user data grows. So an admin could set the user profile VHD size to sufficiently large value during collection creation.

    Only way to increase the user profile VHD size after collection creation is by using hyper-V manager console->edit disk option or by running a hyper-V WMI script which edits the disk to increase the maximum size of the user profile VHD.

    Yes Windows Server 2012 VDI does supports 64 bit versions of Win7 SP1 and Win8.

  • Thanks, Ajay.  I have a q for you.  I've created a collection of 135 personal remote desktops.  I wanted to know if I replace this host server can I somehow export and import this collection?   The collection lives on the same server as the Hyper-V host for all the VMs used by the collection, the VM disks (vhdx) lives on a backend server separate from the VMHost..  tnx, bob@bobluhrs.com

  • thanks for a great write-up. I just rolled out Server 2012 R2 with a pooled VDI setup using user disks.

    There is a pool of 15 windows 7 ent x64.

    My concern is how do you handle the re-arm when you need to update this golden image?

  • In a HA deployment with multiple session hosts where is the recommended place to store the gold image?  

  • @Josh M:

    Please refer to my earlier answer to "Prashant Kumar Panda" on the same blog.

    --------------------------------------------------------------------------------------

    For Win7, you could workaround the max rearm limit in two ways:

    1. As I have explained in the blog above ( #4 under "Master (Gold) VM in Managed Virtual Desktop Collections"), Take a snapshot on the master\template VM AFTER you are done installing patches\updates\applications and just BEFORE you are about to run sysprep. First take the snapshot and then run sysprep and then use the master VM to create\patch the virtual desktop collection. After the create\patch collection operation is complete, you could apply the snapshot on the master\template VM to revert it to the state it was in before the sysprep was executed and delete the snapshot. This last step will reset the rearm count to initial value in the master VM.

    2.  Run sysprep command with an unattend file which will cause rearm count not to increase.

    a. Configure skip rearm unattend setting as per: technet.microsoft.com/.../cc722350(v=ws.10).aspx

    b. Place the unattend file (e.g. see one attached from Rajesh) into some location c:\unattend.xml

    c. Run sysprep.exe /generalize /shutdown /oobe /mode:vm /unattend:C:\unattend.xml

    d. Then when you boot up this image again and it goes through specialize, it’s not going to use the rearm setting.

  • @Alan Dooley:

    Assuming you have a central shared storage (CSV or Scale-Out SMB Share) in you HA Deployment, the recommended place to store the gold image is on the central storage.

  • Hi Ajay- thanks for such such a great article.

    question- the actual i/o hit happens on the master image which was syspreped or the one which get exported during the collection creation?

    one copy of master image gets copird to connection broker as well. what is the use of that?

    Thanks

    Sam.

  • Hi Ajay,

    What is a good process for updating the Golden Image ? Citrix and View does not require Sysprep but MEDV does and it is rather confusing. It would be nice if someone explains it step by step.

    Thanks

Page 1 of 2 (23 items) 12