Forum Discussion

ReturiVSSSK's avatar
ReturiVSSSK
Copper Contributor
Mar 09, 2020

WVD production help required

Hello All, 

 

When we had a discussion with one of our client regarding wvd POC, we got below questions

 

 

1) Who manages security patches and OS updates managed by?? Microsoft?

2)  Is it different from azure  general vm update management?

3) if there are any updates to customized applications how can we push those updates to wvd  OS?

4)can we manage updates through SCCM? Did any one used this option.

Could some kindly help me with these answers. 

 

We are already proceeding for wvd production for one of our client. Once this reaches to larger users in production above question may become issues. 

 

 

 

  • ReturiVSSSK 

     

    To answer your questions, I'd like to go over how we manage our WVD images.

     

    (Please don't take this as a complete list of all the necessary steps; this is just a crude outline.  There are a lot of details being skimmed over here.)

     

    1. Create a virtual machine using the latest version of the multi-session Windows 10 image from the Marketplace.
    2. Run Windows Update to grab all the latest patches.
    3. Install whatever application(s) you want to share with WVD, including all the latest patches for that application.
    4. Run sysprep.exe on the virtual machine and shut it down.
    5. Copy the managed disk of the virtual machine to a .vhd file that you will save in a storage account.  We use something similar to this process:
      https://github.com/Azure/azure-docs-powershell-samples/blob/master/virtual-machine/copy-managed-disks-vhd-to-storage-account/copy-managed-disks-vhd-to-storage-account.ps1
    6. Create a custom image using this .vhd file.  This becomes our WVD image for this particular application.
    7. Create a host pool based on this custom image.  Share your application as needed.

    When it comes time to patch, we do the following:

     

    1. Create a new virtual machine using the application WVD image we created above.
    2. Install whatever OS and/or application patches are necessary
    3. Run sysprep, shutdown, copy the VHD to a storage account.
    4. Create a new custom image based on this new .vhd file.  Obviously give it a different name like "MyAppImage_Version20200309" or something.
    5. Update the host pool using the new custom image.

    And, er, confession.  Currently the "update host pool" ARM template doesn't work with custom images.  So we end up destroying the host pool and redeploying it, which requires a one-hour downtime.  But that's not so bad for our needs.

     

    So as you can see, we completely control what patches get installed, and how often they get installed.

     

    Technically you could use SCCM to apply patches to your backend servers.  You'd just have to be absolutely certain that every time a new backend server is spun up, the patching happens immediately before any users start using the application.  So if you decide to scale up from three backend servers to four, you'll want to freeze people out of the fourth backend server until patching has completed. 

     

    We find it much more convenient to update the image itself and redeploy the entire host pool, as described above.

     

    I hope this gives you the answers you're looking for.

    • tobeadvised's avatar
      tobeadvised
      Copper Contributor

      FortyMegabytes We have Windows 10 virtual desktops registered in our SCCM environment, v1906, however they report the OS as Microsoft Windows NT Server 10.0. The Windows 10 updates arent applying, im guessing because they are being detected as a Server OS's. Should the VDI's be able to be patched through SCCM? Thanks

      • Irfan Fakih's avatar
        Irfan Fakih
        Copper Contributor
        Hi tobeadvised. Currently, We are having the same issue with SCCM. Were you able to find the technical issue related to patching WVD VMs via SCCM?
  • Davide Salsi's avatar
    Davide Salsi
    Copper Contributor

    Hi all,

    with MECM CB 1910 and above, it's possibile to update Windows Virtual Desktop Session Host. It's necessary to select "Windows Server, version 1903 and later" from Products section in Software Updates Point Component Properties.

     

    Best regards,

    Davide

Resources