Welcome to the first part of our series on desktop image lifecycle management. Throughout this article and the parts that follow, we’ll explore tactics and concepts you can use to take your cloud computing practice to the next level. Deciding to shift to Azure Virtual Desktop (AVD) is just the first step of the journey. The next step is understanding how to get the most out of this solution, and how it can help you to streamline your efforts to maintain and update the resources that underpin the end-user experience in the environments you support.
Deploying Session Hosts with Images
First, let’s discuss images in general. If you’re newer to AVD, or if you’ve been working with it for a while but haven’t operationalized the use of images, you’re missing out on some important optimizations. While dynamic session hosts can be configured manually, you’ll find that this becomes an extremely inefficient practice in a very short time. To discover why, let’s consider an example:
You are the administrator for an Azure environment, and you’ve been tasked with building three dynamic, multi-user session hosts with breadth-first load balancing and configuring FSLogix to handle profile redirection for your end users.
In this case, yes, the session hosts can be built manually, but using this as our method inherently requires that we triple the effort and time spent to deploy the three identical hosts. On top of that, if any of the production session hosts are configured incorrectly, it can contribute to configuration drift over time. And if all that wasn’t enough, if any of the session hosts experiences a critical failure during the business day, it can take hours to rebuild it. The end-user experience is also affected in this scenario, as they are all pushed to the two remaining session hosts until the third can be restored. Overall, manually building session hosts every time isn’t just harder on you, it also directly impacts other core elements of your business.
So, what can we do instead?
The answer to this question is to create a golden image with the appropriate configuration. Microsoft defines a golden image as an image that contains all apps, configurations, and settings you want to apply to your deployment. You can set yourself up for success with images in just ten short steps.
Configuring a Host Session:
- Create a virtual machine (VM) and create a backup. (Note: You can create a backup of the VM now to save the initial “fresh” state.)
- Apply any relevant updates to bring it into your organization’s compliance standards and install any relevant applications (those that should be generally available to end users).
- Note: Using an RMM solution? Don’t install it just yet. Instead, install your RMM software on the session hosts once they are deployed.
- Remove any local accounts.
- This is a crucial step – the presence of local accounts on the VM can cause Sysprep to fail for several reasons.
- When you’re done, take create a final backup of the VM – just in case Sysprep fails.
- Clone the VM
- Power off / deallocate the original VM.
- Sysprep the cloned VM.
- Capture the cloned VM as an image.
- Delete/deallocate the cloned VM.
- Use the image to deploy the dynamic session hosts.
Since all three of the dynamic session hosts are configured in the same way in this scenario, a single image can be used to quickly deploy a host for the first time or to redeploy a session host that has suffered a critical failure. What used to take hours of work can now be resolved in a matter of 20-30 minutes. Creating your golden image is the crucial first step to centralizing updates and management.
Note: Sysprep generalizes and removes user and domain-specific information from the machine, which in turn allows you to use the configuration in an image on various machines, even if all the components aren’t a direct match. You can use these to quickly provision dynamic hosts, or to provide a basis for the initial deployment of persistent/static hosts or Windows 365 (W365) cloud PCs. Learn more here.
Golden Desktop Images
Ready to create your first golden image? Check out this Microsoft article for the steps to capture a golden image in Azure.
Want an even easier way to build your golden image? Nerdio Manager for MSP and Nerdio Manager for Enterprise both offer a quick, easy means to get started with images. Check out the links below for more information:
Nerdio Manager for MSP
Nerdio Manager for Enterprise
Putting Images to Work for Future Updates and Management
Now that we’ve streamlined our deployment process for deploying our dynamic hosts with images, things are working much more efficiently. If we have any major failures on our session hosts, we can easily deploy another host with an identical configuration. Users don’t experience as much downtime, and our team doesn’t have to waste time painstakingly rebuilding the same session hosts or restoring from a backup whenever something goes wrong.
But using images to manage initial dynamic host deployment is only half of the power of this methodology. We can also use the golden image to handle patches and updates as they occur in our environments. At Nerdio, we refer to this as Image Lifecycle Management. If you’re not using your golden image to solve for patches and updates, you’re most likely manually applying updates to each session host, one at a time.
Again, this works, but this methodology creates all sorts of unintended consequences.
- You may cause downtime for users if a session host must be rebooted or if users cannot be logged into it while you work.
- You may be adding to your costs by deploying a temporary fourth VM that allows you to maintain a total of three active session hosts while you work on each.
Manually Applying Updates
To top it off, if you’re manually applying updates to your production session hosts, you’re also causing them to deviate further from that golden image we discussed earlier. If your manually updated session hosts have three months’ worth of patches and updates applied, but your golden image is still in the original state, you can’t use it to redeploy those hosts quickly if something goes wrong.
These are big problems to account for, but the good news is, the solution to them is as straightforward as it is simple. All it takes is a small shift in tactics to solve all three of these pitfalls in one go.
To get started, we’ll go back to the original VM that we used to build our golden image. Then, it’s a simple matter of nine easy steps to apply our updates.
- Log into the original VM
- Apply updates and changes.
- Remember to create backups as you go!
- Then power the original VM off and deallocate it.
- Create a clone of the original VM.
- Remove any local accounts from the cloned VM.
- Sysprep the cloned VM.
- When Sysprep is complete, capture an image from the cloned VM
- Deallocate/delete the cloned VM.
- Redeploy session hosts.
And that’s all there is to it! If you’ve ever worked with images before, you’ll know that Sysprep can be fickle for several reasons. Chief among them is the limit to the total number of times you can Sysprep a machine. By adopting this workflow, we don’t ever need to Sysprep the original VM. Running Sysprep on the clone instead allows you to maintain and update the ideal configuration of your golden image over time. If you choose to, you can also maintain different versions of the golden image over time. This way, you’ll have a record of image objects you can use to redeploy if something goes awry.
Now that you’ve applied updates to your images, applying them to your environment is simple and straightforward. When you’re ready to implement the changes, simply deploy a new dynamic session host with the most recent version of the golden image and set the others to drain mode. Once the original session hosts are empty of users, you can deallocate them. The benefits of doing this are significant. Managing updates in this manner ensures a soft handoff between session hosts and exponentially reduces both the downtime end users may experience, and the time it takes for your team to apply updates throughout the environment.
The Nerdio Advantage
Just like creating or importing images, Nerdio Manager for MSP and Nerdio Manager for Enterprise make reimaging with a golden image simple and fast. Steps 3 – 8 are automated in NMM and NME, meaning that a new golden image is just a click away once you finish applying updates to the original VM. Check out the links below to learn more about how Nerdio helps to streamline updating your session hosts with golden images.
Nerdio Manager for MSP:
Nerdio Manager for Enterprise:
Note: Image Lifecycle Management is often used with dynamic hosts with profile redirection enabled (FSLogix). Outside of forming a golden image to use as a base to deploy new cloud PCs, it is not recommended for static hosts (AVD) or personal cloud PCs (W365) that require persistent, per-user configurations (E.g., custom application installations).
And that’s Image Lifecycle Management in a nutshell! If you’ve been manually building session hosts, or applying updates to dynamic hosts in production, be sure to give the methods we covered in this article a try in your own environments. In part two, we’ll explore taking this one step further by automating this workflow through Nerdio Manager. We’ll see you soon!