Home

WVD production help required

%3CLINGO-SUB%20id%3D%22lingo-sub-1217572%22%20slang%3D%22en-US%22%3EWVD%20production%20help%20required%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1217572%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20All%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhen%20we%20had%20a%20discussion%20with%20one%20of%20our%20client%20regarding%20wvd%20POC%2C%20we%20got%20below%20questions%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1)%20Who%20manages%20security%20patches%20and%20OS%20updates%20managed%20by%3F%3F%20Microsoft%3F%3C%2FP%3E%3CP%3E2)%26nbsp%3B%20Is%20it%20different%20from%20azure%26nbsp%3B%20general%20vm%20update%20management%3F%3C%2FP%3E%3CP%3E3)%20if%20there%20are%20any%20updates%20to%20customized%20applications%20how%20can%20we%20push%20those%20updates%20to%20wvd%26nbsp%3B%20OS%3F%3C%2FP%3E%3CP%3E4)can%20we%20manage%20updates%20through%20SCCM%3F%20Did%20any%20one%20used%20this%20option.%3C%2FP%3E%3CP%3ECould%20some%20kindly%20help%20me%20with%20these%20answers.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20are%20already%20proceeding%20for%20wvd%20production%20for%20one%20of%20our%20client.%20Once%20this%20reaches%20to%20larger%20users%20in%20production%20above%20question%20may%20become%20issues.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1218181%22%20slang%3D%22en-US%22%3ERe%3A%20WVD%20production%20help%20required%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1218181%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F572022%22%20target%3D%22_blank%22%3E%40ReturiVSSSK%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20answer%20your%20questions%2C%20I'd%20like%20to%20go%20over%20how%20we%20manage%20our%20WVD%20images.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E(Please%20don't%20take%20this%20as%20a%20complete%20list%20of%20all%20the%20necessary%20steps%3B%20this%20is%20just%20a%20crude%20outline.%26nbsp%3B%20There%20are%20a%20lot%20of%20details%20being%20skimmed%20over%20here.)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3ECreate%20a%20virtual%20machine%20using%20the%20latest%20version%20of%20the%20multi-session%20Windows%2010%20image%20from%20the%20Marketplace.%3C%2FLI%3E%3CLI%3ERun%20Windows%20Update%20to%20grab%20all%20the%20latest%20patches.%3C%2FLI%3E%3CLI%3EInstall%20whatever%20application(s)%20you%20want%20to%20share%20with%20WVD%2C%20including%20all%20the%20latest%20patches%20for%20that%20application.%3C%2FLI%3E%3CLI%3ERun%20sysprep.exe%20on%20the%20virtual%20machine%20and%20shut%20it%20down.%3C%2FLI%3E%3CLI%3ECopy%20the%20managed%20disk%20of%20the%20virtual%20machine%20to%20a%20.vhd%20file%20that%20you%20will%20save%20in%20a%20storage%20account.%26nbsp%3B%20We%20use%20something%20similar%20to%20this%20process%3A%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2Fazure-docs-powershell-samples%2Fblob%2Fmaster%2Fvirtual-machine%2Fcopy-managed-disks-vhd-to-storage-account%2Fcopy-managed-disks-vhd-to-storage-account.ps1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2Fazure-docs-powershell-samples%2Fblob%2Fmaster%2Fvirtual-machine%2Fcopy-managed-disks-vhd-to-storage-account%2Fcopy-managed-disks-vhd-to-storage-account.ps1%3C%2FA%3E%3C%2FLI%3E%3CLI%3ECreate%20a%20custom%20image%20using%20this%20.vhd%20file.%26nbsp%3B%20This%20becomes%20our%20WVD%20image%20for%20this%20particular%20application.%3C%2FLI%3E%3CLI%3ECreate%20a%20host%20pool%20based%20on%20this%20custom%20image.%26nbsp%3B%20Share%20your%20application%20as%20needed.%3C%2FLI%3E%3C%2FOL%3E%3CP%3EWhen%20it%20comes%20time%20to%20patch%2C%20we%20do%20the%20following%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3COL%3E%3CLI%3ECreate%20a%20new%20virtual%20machine%20using%20the%20application%20WVD%20image%20we%20created%20above.%3C%2FLI%3E%3CLI%3EInstall%20whatever%20OS%20and%2For%20application%20patches%20are%20necessary%3C%2FLI%3E%3CLI%3ERun%20sysprep%2C%20shutdown%2C%20copy%20the%20VHD%20to%20a%20storage%20account.%3C%2FLI%3E%3CLI%3ECreate%20a%20new%20custom%20image%20based%20on%20this%20new%20.vhd%20file.%26nbsp%3B%20Obviously%20give%20it%20a%20different%20name%20like%20%22MyAppImage_Version20200309%22%20or%20something.%3C%2FLI%3E%3CLI%3EUpdate%20the%20host%20pool%20using%20the%20new%20custom%20image.%3C%2FLI%3E%3C%2FOL%3E%3CP%3EAnd%2C%20er%2C%20confession.%26nbsp%3B%20Currently%20the%20%22update%20host%20pool%22%20ARM%20template%20doesn't%20work%20with%20custom%20images.%26nbsp%3B%20So%20we%20end%20up%20destroying%20the%20host%20pool%20and%20redeploying%20it%2C%20which%20requires%20a%20one-hour%20downtime.%26nbsp%3B%20But%20that's%20not%20so%20bad%20for%20our%20needs.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20as%20you%20can%20see%2C%20we%20completely%20control%20what%20patches%20get%20installed%2C%20and%20how%20often%20they%20get%20installed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETechnically%20you%20could%20use%20SCCM%20to%20apply%20patches%20to%20your%20backend%20servers.%26nbsp%3B%20You'd%20just%20have%20to%20be%20absolutely%20certain%20that%20every%20time%20a%20new%20backend%20server%20is%20spun%20up%2C%20the%20patching%20happens%20immediately%20before%20any%20users%20start%20using%20the%20application.%26nbsp%3B%20So%20if%20you%20decide%20to%20scale%20up%20from%20three%20backend%20servers%20to%20four%2C%20you'll%20want%20to%20freeze%20people%20out%20of%20the%20fourth%20backend%20server%20until%20patching%20has%20completed.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20find%20it%20much%20more%20convenient%20to%20update%20the%20image%20itself%20and%20redeploy%20the%20entire%20host%20pool%2C%20as%20described%20above.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20hope%20this%20gives%20you%20the%20answers%20you're%20looking%20for.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello All, 

 

When we had a discussion with one of our client regarding wvd POC, we got below questions

 

 

1) Who manages security patches and OS updates managed by?? Microsoft?

2)  Is it different from azure  general vm update management?

3) if there are any updates to customized applications how can we push those updates to wvd  OS?

4)can we manage updates through SCCM? Did any one used this option.

Could some kindly help me with these answers. 

 

We are already proceeding for wvd production for one of our client. Once this reaches to larger users in production above question may become issues. 

 

 

 

1 Reply
Highlighted

@ReturiVSSSK 

 

To answer your questions, I'd like to go over how we manage our WVD images.

 

(Please don't take this as a complete list of all the necessary steps; this is just a crude outline.  There are a lot of details being skimmed over here.)

 

  1. Create a virtual machine using the latest version of the multi-session Windows 10 image from the Marketplace.
  2. Run Windows Update to grab all the latest patches.
  3. Install whatever application(s) you want to share with WVD, including all the latest patches for that application.
  4. Run sysprep.exe on the virtual machine and shut it down.
  5. Copy the managed disk of the virtual machine to a .vhd file that you will save in a storage account.  We use something similar to this process:
    https://github.com/Azure/azure-docs-powershell-samples/blob/master/virtual-machine/copy-managed-disk...
  6. Create a custom image using this .vhd file.  This becomes our WVD image for this particular application.
  7. Create a host pool based on this custom image.  Share your application as needed.

When it comes time to patch, we do the following:

 

  1. Create a new virtual machine using the application WVD image we created above.
  2. Install whatever OS and/or application patches are necessary
  3. Run sysprep, shutdown, copy the VHD to a storage account.
  4. Create a new custom image based on this new .vhd file.  Obviously give it a different name like "MyAppImage_Version20200309" or something.
  5. Update the host pool using the new custom image.

And, er, confession.  Currently the "update host pool" ARM template doesn't work with custom images.  So we end up destroying the host pool and redeploying it, which requires a one-hour downtime.  But that's not so bad for our needs.

 

So as you can see, we completely control what patches get installed, and how often they get installed.

 

Technically you could use SCCM to apply patches to your backend servers.  You'd just have to be absolutely certain that every time a new backend server is spun up, the patching happens immediately before any users start using the application.  So if you decide to scale up from three backend servers to four, you'll want to freeze people out of the fourth backend server until patching has completed. 

 

We find it much more convenient to update the image itself and redeploy the entire host pool, as described above.

 

I hope this gives you the answers you're looking for.

Related Conversations