When using VMware App Volumes, you must either add enough controllers for the maximum number of disks you will be using or not set this option. You will accept most of the default settings and specify that you are doing a new installation rather than an update.
The screen at which you enter audit mode depends on which Windows operating system you are using. For example, some operating systems will automatically log in to Windows after a restart operation, while others will prompt for user credentials. If prompted, use Administrator for the user name and leave the password field blank. Note : Different Windows operating systems provide different prompts after the initial installation. The following screenshot shows the prompt after you install Windows 10 21H1.
VMware Tools is a set of services and modules that enable several features in VMware products for better management of, and seamless user interactions with, guests operating systems. For example, VMware Tools can run scripts that automate OS operations and can synchronize the time in the guest operating system with the time on the vSphere host.
At the end of the previous exercise, Install Windows, you powered off the VM, which left the remote VM console dark, as shown in the following screenshot. If you closed that console, you need to open it again before you can begin this exercise. If you did not power off the VM, you must do so or the Install VMware Tools link will not be available in the second screenshot.
The following screenshot shows an example of successfully running this command. Deferring feature upgrades does not affect security updates. Click Restart now. Run Windows Update again until no more updates are available and no restarts are required. If you plan to create VMware Horizon desktop or application pools or server farms, you must install Horizon Agent on the golden VM image so that VMware Horizon servers can communicate with and manage the VMs that you deploy.
Note : This procedure describes running the Horizon Agent installer in the guest operating system of a vSphere-based VM. Selecting this option configures the Windows Server machine as a single-user virtual desktop rather than as an RDS host.
Log in to the OS of the VM as an Administrator, double-click the installer file to start the wizard, and click Next on the Welcome page. The environment must be either IPv6 only or IPv4 only.
Horizon does not support a mixed IPv6 and IPv4 environment. This screenshot shows an example of the screen that might appear when installing the agent on Windows Server. The following screenshot shows an example of a screen for Windows Now that all the correct components are configured to be installed, click Install.
Unlike traditional application profile management solutions, Dynamic Environment Manager captures only the settings that the administrator specifies. This reduces login and logout time because less data needs to be loaded. User data is managed through folder redirection. To install this component, you run the same VMware Dynamic Environment Manager Setup wizard that you run to install the management console.
Install this agent only if you plan to use this functionality. This procedure describes running the FlexEngine installer in the guest operating system of a vSphere-based VM. However, you are required to have purchased Dynamic Environment Manager. Although our primary application-delivery mechanism is App Volumes, it might be desirable to install select applications in the primary VM so that all clones get those applications in their base disk.
Many applications have integrated auto-update functionality. Install these applications and update them to the latest version, and then turn off or deactivate the auto-update functionality to prevent the clones from updating individually. Horizon Cloud delivers feature-rich virtual desktops and applications using a purpose-built cloud platform that is scalable across multiple deployment options, including fully managed infrastructure from VMware and public cloud infrastructure from Microsoft Azure.
The service supports a cloud-scale architecture that makes it easy to deliver virtualized Windows desktops and applications to any device, anytime. And, with a flexible subscription model, organizations can easily get up and running quickly. When completing the import wizard, you select various check boxes in order to automatically install Horizon Agent and the App Volumes Agent.
The following procedure describes the process. When prompted, log in with your AD credentials. RDP to the machine using the IP address listed and install any applications and drivers that you want to have in the base image. OSOT includes customizable templates to activate or deactivate Windows system services and features, according to VMware recommendations and best practices, across multiple systems.
Because most Windows system services are enabled by default, OSOT can be used to easily deactivate unnecessary services and features to improve performance. Note : This version of this document does not include instructions for using Windows mandatory profiles. We found that login times are nearly equivalent if you use default user profiles instead of mandatory user profiles.
In this procedure, you download the OSOT, check for template updates, analyze the list of recommended optimizations, and select and apply those optimizations. Here you can select alternate defaults that will change the selection of optimizations. As an example for a persistent VM, you probably want to make changes to Windows Update , Search , and Security , or you might want to keep certain Store Apps. If you prefer, you can revert to the old behavior in the Common Options:.
Generalizing a Windows image means removing computer-specific information so that the image can be deployed throughout an enterprise. Note : This procedure pertains to vSphere-based VMs. The OSOT can perform the following tasks, which you were previously required to do manually for VMs that you plan to use in a vSphere infrastructure:. After downloading and extracting the executables, right-click each file sdelete App Volumes delivers applications that are not in the golden VM image.
Application containers, called AppStacks in App Volumes 2. With this strategy, user changes can persist between sessions. App Volumes can also provide user-writable volumes, which allow users to install their own applications and have those applications follow the user as they connect to different virtual desktops.
Administrators install the App Volumes Agent on the golden VM image so that the App Volumes Manager can communicate with the cloned desktops that are deployed and attach the correct applications when a user logs in. Likewise, we can remove the SATA controller. For example, in this screenshot, the value for Storage usage is To create a desktop pool of cloned VMs, or to create a farm of cloned RDSH server VMs, you need to create a frozen state, or base image, from which the clone can be derived.
This procedure describes taking a VM snapshot. Although it is possible to take a snapshot of a VM that is powered on, for the purposes of creating a base image for a Horizon desktop pool or server farm, the VM must be shut down and powered off. Much of the initial configuration and ongoing management of virtual desktops, RDSH server farms, feature enablement, and end-user experience is performed by creating and applying group policies in Active Directory.
Some standard Microsoft Group Policy Object settings are required to configure virtual desktops and applications, as described later in this guide. If you use Horizon, you can also use VMware-provided GPO administrative templates for fine-grained control of access to features. To prevent group policy settings from being applied to other Windows servers or workstations in the same domain as your desktops or server farms, you can create a GPO for group policies and link it to the OU that contains your VMs.
You can also delegate control of the OU to subordinate groups, such as server operators or individual users. You should also create groups for different types of users in Active Directory. For example, you can create a group called End Users for your end users and another group called Horizon Administrators for users that will administer virtual desktops and applications. Later in this guide, you will add a user group containing end users to the local Remote Desktop Users group in AD.
Then members of the group will be able to connect to any VM that is joined to the domain. When adding new users, you need only add them to the Remote Desktop Users group. Before you can perform the procedure in this article, you must have created one or more user groups in Active Directory that contain the end users who will connect to the virtual desktops and RDSH servers. We recommend using Dynamic Environment Manager configuration files to control these application settings.
Now repeat the steps from Install VMware Tools. Important : Updating Windows in the VM image is not recommended. Rather, it is better to generate a new image. An alternative to manually creating a new VM image each time you want to update Windows is to use automation. If, however, you want to update Windows in the VM image, you can do so. If you have followed the instructions in this guide and used the OSOT as directed, some of the Windows Update facilities have been deactivated.
Before you can update Windows, you must re-enable Windows Update. To update Windows, follow the instructions from the earlier Update Windows procedure in this guide. With the image optimization procedures in this guide, you are able to achieve a significant reduction in the amount disk space, CPU, and memory used by virtual desktop and RDSH server VMs and their vSphere hosts. The result is a corresponding savings in initial deployment time, user logon times, and IOPS. This guide also provided step-by-step instructions for configuring the Windows image to perform optimally in a virtual environment, where CPU cores are shared among many VMs, and where users might be accessing a new VM every time they log in, though they probably will not realize it.
Seventeen discreet versions of the Windows OS were tested using the procedures in this guide, including thirteen versions of Windows The procedures in this guide help you create an optimized Windows image that you can use in a VMware Horizon implementation or in other types of deployments. End users will have a great experience, whether they access their personalized virtual desktops or remote applications from company laptops, their home PCs, thin-client devices, Macs, tablets, or smartphones.
For more information about the VMware products mentioned in this guide, you can explore the following resources:. This message will close in seconds. You are about to be redirected to the central VMware login page. Net Framework 3. The operating system on a physical machine determines whether or not resources are available. One-time actions impact the user only the first time they are performed because the machine is never refreshed.
For example, a user typically gets a new user profile the first time they log on, and they continue to use that same profile with all subsequent logons. Virtual desktops — In contrast, in a virtual environment, the guest operating system behaves as if it has exclusive access to the CPU cores, but in reality the cores are shared between 2 to 8 virtual machines.
Advantages of an Optimized Image Optimizing the golden image is well worth the time and effort involved. Initial Deployment Time Savings By trimming the image, you can reduce the amount of required disk space by up to 80 percent, which translates to a significant reduction in the time it takes to create desktop pools up to 3 times faster. User Logon Time Savings When a user logs on, the portion of logon time devoted to creating a standard user profile can take up to 30 seconds, but when optimized, this portion of logon time could be reduced to 3.
Host Memory Savings A default deployment can use up to 2 GB of active memory, but with optimization, memory requirements can be reduced significantly up to 50 percent. If you need to have Windows Update enabled out of the gate, try the scripts under this folder and raise an issue if any problems are found.
Apps running in the background Several of the built-in UWP apps, such as Skype, Phone, and Photos, will start processes and run in the background, even though the user has not started the app s.
On a single machine this is near-zero impact, but on multi-session Windows, it can be a slightly larger impact issue. There is a setting in the 'Settings' app, under 'Background apps' that allows you to control this behavior on a per-user basis. However, there is currently no way to change this behavior as a global setting, other than to completely uninstall the app. If you would like to keep one or more of these apps in your image, and still control the background behavior, you can edit the default user registry hive and set the following settings:.
You could also set these settings with Group Policy Preferences, and should take effect after a log off and log back on. In some virtual environments, such as Azure Windows Virtual Desktop, some of the application windows will have no border.
An example is Windows File Explorer. You can replicate this by opening Wordpad and File Explorer, then move then around and note that you may not see a border where one app starts and the other ends. One of the optimizations in the latest drop changes the Visual Effects settings found in System Properties to reduce animations and effects, while still maintaining a good user experience such as "smoothing screen fonts". The other two optimizations: "show shadows under mouse pointer" and "Show shadows under windows" will enable a shadow effect around the windows like File Explorer, so that the border of the app is now visible.
These settings are written to the default user profile registry hive, so would apply only to users whose profile is created after these optimizations run, and on this computer. With the active tests disabled, Office is not able to contact it's licensing service, and therefore would not run any of the Office apps. Once we confirm that resolves the issue we will merge The issue is that Windows will not check certificate information, and thus MSC on the reference image If a pilot or simulation is not feasible, a good guideline is to provision one disk spindle for four active virtual machines.
When appropriate, use Disk Deduplication and caching to reduce the disk read load and to enable your storage solution to speed up performance by caching a significant portion of the image. In order to use virtual machines running on a deduplicated volume, the virtual machine files need to be stored on a separate host from the Hyper-V host.
If Hyper-V and deduplication are running on the same machine, the two features will contend for system resources and negatively impact overall performance. For a typical knowledge worker workload, guest virtual machines running x86 Window 8 or Windows 8. However, Dynamic Memory will likely increase the guest virtual machine's memory to about MB, depending on the workload. For x64, we see about MB starting, increasing to MB.
Therefore, it is important to provide enough server memory to satisfy the memory that is required by the expected number of guest virtual machines, plus allow a sufficient amount of memory for the server. When you plan server capacity for an RD Virtualization Host server, the number of virtual machines per physical core will depend on the nature of the workload.
As a starting point, it is reasonable to plan 12 virtual machines per physical core, and then run the appropriate scenarios to validate performance and density. Higher density may be achievable depending on the specifics of the workload. We recommend enabling hyper-threading, but be sure to calculate the oversubscription ratio based on the number of physical cores and not the number of logical processors. This ensures the expected level of performance on a per CPU basis. If you are interested in increasing your security settings, start with the project known as AaronLocker.
For more information, see "AaronLocker" overview. One of the goals of a VDI image is to be as light as possible. One way to reduce the size of the image is to remove UWP applications that won't be used in the environment.
With UWP apps, there are the main application files, also known as the payload. There is a small amount of data stored in each user's profile for application specific settings. There is also a small amount of data in the 'All Users' profile. Connectivity and timing are important factors when it comes to UWP app cleanup.
If you deploy your base image to a device with no network connectivity, Windows 10 can't connect to the Microsoft Store and download apps and try to install them while you are trying to uninstall them. This might be a good strategy to allow you time to customize your image, and then update what remains at a later stage of the image creation process. If you modify your base. WIM before you install, the apps won't be installed to begin with and your profile creation times will be shorter.
Later in this section there is information on how to remove UWP apps from your installation. WIM file. A good strategy for VDI is to provision the apps you want in the base image, then limit or block access to the Microsoft Store afterward. Store apps are updated periodically in the background on normal computers. The UWP apps can be updated during the maintenance window when other updates are applied. For more information see Universal Windows Platform Apps.
UWP apps that are not needed are still in the file system consuming a small amount of disk space. For apps that will never be needed, the payload of unwanted UWP apps can be removed from the base image using PowerShell commands. In fact, if you remove those from the installation.
WIM file using the links provided later in this section, you should be able to start from the beginning with a very slim list of UWP apps. Run the following command to enumerate provisioned UWP apps from a running operating system, as in this truncated example output from PowerShell:. UWP apps that are provisioned to a system can be removed during operating system installation as part of a task sequence, or later after the operating system is installed.
This might be the preferred method because it makes the overall process of creating or maintaining an image modular. Once you develop the scripts, if something changes in a subsequent build, you edit an existing script rather than repeat the process from scratch. Here are some links to information on this topic:. Removing Windows 10 in-box apps during a task sequence.
Windows 10 Keeping apps from coming back when deploying the feature update. Each UWP app should be evaluated for applicability in each unique environment. You'll want to install a default installation of Windows 10 , then note which apps are running and consuming memory.
For example, you might want to consider removing apps that start automatically, or apps that automatically display information on the Start Menu, such as Weather and News that might not be of use in your environment. If utilizing the scripts from GitHub, you can easily control which apps are removed before running the script. After downloading the script files, locate the file 'AppxPackages.
See the section Customization for details. For more information, see the Windows Server powershell forum. To enumerate currently installed Windows Features, run the following PowerShell command:. Next, you might want to remove the Windows Media Player package. There are two Windows Media Player packages in Windows 10 You can use the built-in Dism.
A Dism. The Windows technology involved is called Features on Demand. Any settings made to this file will be applied to any subsequent user profiles created from a device running this image. You can control which settings to apply to the default user profile, by editing the file 'DefaultUserSettings. One setting that you might want to consider carefully, new to this iteration of settings recommendations, is a setting called TaskbarSmallIcons. You might want to check with your user base before implementing this setting.
TaskbarSmallIcons makes the Windows Task Bar smaller and consumes less screen space, makes the icons more compact, minimizes the Search interface, and is depicted before and after in the following illustrations:. Also, to reduce the transmitting of images over the VDI infrastructure, you can set the default background to a solid color instead of the default Windows 10 image. You can also set the logon screen to be a solid color, as well as turn off the opaque blurring effect on logon.
The following settings are applied to the default user profile registry hive, mainly in order to reduce animations. If some or all of these settings are not desired, delete the settings not to be applied to the new user profiles based on this image. The goal with these settings is to enable the following equivalent settings:. For Windows 10, version , the following are the optimization settings applied to the default user profile registry hive to optimize performance:. In the local policy settings, you might want to disable images for backgrounds in VDI.
If you do want images, you might want to create custom background images at a reduced color depth to limit network bandwidth used for transmitting image information. If you decide to specify no background image in local policy, you might want to set the background color before setting local policy, because once the policy is set, the user has no way to change the background color. It might be better to specify " null " as the background image.
There is another policy setting in the next section on not using background over Remote Desktop Protocol sessions. If the equivalent settings are not specified in any other way, such as group policy, the settings would still apply.
The following settings were chosen to not counter or conflict with any setting that has anything to do with security. These settings were chosen to remove settings or disable functionality that might not be applicable to VDI environments.
We recommend using a low resolution, non-complex image so less data is transmitted over the network each time the image is rendered. If you enable this policy setting, automatic learning stops, and any stored data is deleted. Users can't configure this setting in Control Panel.
Windows doesn't connect to an online font provider and only enumerates locally-installed fonts. Disable passive polling check box Enabled. Use this setting if you're on an isolated network or using a static IP address. Offline files Allow or disallow use of Offline Files.
In the disabled state, no Teredo interfaces are present on the host. The Connect to suggested open hotspots , Connect to networks shared by my contacts , and Enable paid services are turned off, but users on this device can enable them.
If you enable this setting, apps and system features won't be able to receive notifications from the network from WNS or by using notification-polling APIs. Enabled Device installation Prevent device metadata retrieval from the Internet Enabled Device installation Prevent Windows from sending an error report when a device driver requests additional software during installation Enabled Device installation Turn off Found New Hardware balloons during device installation.
Turns off web-to-app linking and http s URIs are opened in the default browser instead of starting the associated app. The Windows device is not discoverable by other devices, and can't participage in cross-device experiences. If you enable this policy setting, all Windows Update features are removed. Windows automatic updating is also disabled; you'll neither be notified about nor will you receive critical updates from Windows Update.
This policy setting also prevents Device Manager from automatically installing driver updates from the Windows Update website.
If you enable this policy setting, when you are presented with a certificate issued by an untrusted root authority, your computer won't contact the Windows Update website to see if Microsoft has added the CA to its list of trusted authorities. NOTE: Only use this policy if you have an alternate means to the latest certificate revocation list. This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator NCSI to determine whether your computer is connected to the Internet or to a more limited network As part of determining the connectivity level, NCSI performs one of two active tests: downloading a page from a dedicated Web server or making a DNS request for a dedicated address.
If you enable this policy setting, NCSI does not run either of the two active tests. With this setting enabled, the background image shows without blur. If you disable or do not configure this policy setting, the local computer clock doesn't synchronize time with NTP servers.
NOTE: Consider this setting very carefully. Windows devices that are joined to a domain should use NT5DS. Virtual machines sometimes use "enhancements" or "integration services". If you enable this policy setting, the advertising ID is turned off. Apps can't use the ID for experiences across apps. If you choose the Force Deny option, Windows apps are not allowed to access account information and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access the call history and employees in your organization cannot change it.
If you choose the Force Deny option, Windows apps are not allowed to access contacts and employees in your organization cannot change it. If you choose the Force Allow option, Windows apps are allowed to access email and employees in your organization cannot change it.
If you choose the Force Deny option, Windows apps are not allowed to access location and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access messaging and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access motion data and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access notifications and employees in your organization cannot change it.
If you choose the Force Deny option, Windows apps are not allowed to access tasks and employees in your organization cannot change it. If you choose the Force Deny option, Windows apps are not allowed to access the calendar and employees in your organization can't change it.
If you choose the Force Deny option, Windows apps are not allowed to access the camera and employees in your organization can't change it. If you choose the Force Deny option, Windows apps are not allowed to access the microphone and employees in your organization can't change it.
0コメント