Upload
than-tran
View
125
Download
6
Embed Size (px)
Citation preview
Deployment Guidance for Microsoft Enterprise Desktop Virtualization 2.0
Technical White PaperPublished: June 2011
By: Tim Crabb, David Trupkin, and Jeff Gilbert
CONTENTS
Introduction.......................................................................................3
Planning for MED-V Deployment.........................................................4
Planning for Component Distribution 4
Planning for Component Installation 4
Planning for Workspace Configuration 5
MED-V 2.0 Deployment Methods.........................................................7
Manual Installation 7
Windows 7 Operating System Image Deployment 8
Enterprise Software Distribution Deployment 9
Deploying MED-V 2.0 Workspaces using Microsoft System Center
Configuration Manager 2007
.........................................................................................................
11
Using Software Distribution Packages to Deploy MED-V 11
Using Operating System Deployment Task Sequences to Deploy MED-V 13
Managing MED-V Workspaces with Configuration Manager 2007 14
Monitoring MED-V Workspaces Using Desired Configuration Management 15
For More Information
.........................................................................................................
17
Appendix A: Calculating Disk Space Requirements
.........................................................................................................
18
Appendix B: Command Line Examples for Installing MED-V 2.0
Components
.........................................................................................................
20
Batch File Example 20
Configuration Manager Task Sequence Run Command Line Examples 21
Appendix C: Inventorying Deployed MED-V Workspace Instances Using
Configuration Manager 2007
.........................................................................................................
22
Configuration.mof File Modification Requirements 22
SMS_def.mof File Modification Requirements 23
INTRODUCTION
Microsoft Enterprise Desktop Virtualization (MED-V 2.0) enables enterprises to realize the
benefits of the latest client operating systems by providing a managed environment for legacy
applications.
Microsoft Enterprise Desktop Virtualization (MED-V) creates a virtual environment called a
MED-V Workspace for running applications that require Windows XP or Internet Explorer 6 or
Internet Explorer 7. The MED-V Workspace requires memory and disk space from the
Windows 7 host on which it is installed. At a minimum, 2GBs of RAM are required on the
host. Disk space is variable and is dependent on the number of applications and the amount
of data that users will have in their MED-V Workspace.
Note: It is assumed that the reader of this white paper is familiar with the MED-V
prerequisites, such as Windows Virtual PC, and has already created a MED-V
workspace suitable for deployment. For information about creating MED-V workspaces,
see Creating a Windows Virtual PC Image for MED-V in the MED-V 2.0 Technical
Library at http://go.microsoft.com/fwlink/?LinkID=220910.
The distribution model for MED-V 2.0 is based on an application model, where MED-V
leverages a company’s existing methods for deploying applications in order to deploy and
manage MED-V. This document outlines the recommended methods that an administrator
can use to deploy MED-V.
This paper assumes that readers are IT Professionals who are already familiar with
Microsoft® Windows 7 operating system, Microsoft® Windows Virtual PC, Microsoft®
System Center Configuration Manager features such as software distribution and operating
system deployment task sequences. Many of the principles and techniques described in this
paper can be used to deploy MED-V 2.0 components and virtual machine MED-V
Workspaces within any organization, and the planning considerations for MED-V 2.0
deployment can likewise be applied to most any enterprise-scale IT environment. However,
this paper is based on the MED-V product team's experience and recommendations and is
not intended to serve as a procedural guide. Each enterprise environment has unique
circumstances; therefore, each organization should adapt the plans and lessons learned
described in this paper to meet its specific needs.
MED-V 2.0 Deployment Guidance Page 4
Situation
Incompatibility of legacy applications with new versions of Windows can delay enterprise upgrades to the latest version of Windows. Testing and migrating applications takes time, and users are unable to take advantage of the new capabilities and enhancements offered by the newest operating system.
Solution
MED-V uses Microsoft Windows Virtual PC to provide an enterprise solution for desktop virtualization.
By delivering applications in a Virtual PC that runs a previous version of the operating system, MED-V 2.0 removes the barriers to operating system upgrades and allows administrators to complete testing and address incompatible applications after the upgrade.
MED-V is an integral component of the Microsoft Desktop Optimization Pack, a dynamic solution available to Software Assurance customers, which helps reduce application deployment costs, enables delivery of applications as services, and helps to better manage and control enterprise desktop environments.
Benefits
With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop.
Products & Technologies
Microsoft Enterprise Desktop Virtualization 2.0
Microsoft System Center Configuration Manager 2007
PLANNING FOR MED-V DEPLOYMENT
When you are planning for deployment and then deploying MED-V, there are three areas to
consider – distribution, installation, and configuration. Each of these is discussed in more
detail in the following sections.
Planning for Component DistributionBefore MED-V installation components can be distributed, systems to be targeted for MED-V
deployment must be identified. As part of the planning process, both the applications that
cannot be migrated to Windows 7 and the users or computers that require MED-V to run
those applications should be identified. Depending on the application compatibility
requirements faced by your organization as you migrate to Windows 7, only certain users or
departments might need MED-V.
Next, disk space should be evaluated on the target systems. Because most MED-V
Workspace images are 2GB or larger, the available disk space on a system can be
consumed rapidly. Workspace size is also dependent on the number of users, the
configuration of MED-V, and any additional disk space required by the workspace distribution
method.
The recommended minimum amount of disk space for MED-V is 10GB. This amount of disk
space allows for a basic MED-V workspace running Windows XP SP3, any additionally
installed applications, and provides additional disk space for the host computer swap drive.
In general, a basic configuration for a MED-V Workspace will consume as much as 6-8GB.
Note: If you will have a large number of applications or more than one user per MED-V
Workspace, more disk space might be required. For information about calculating disk
space, see: Appendix A: Calculating disk space requirements.
Because MED-V 2.0 deployment is based on an application model, where existing methods
for deploying applications are leveraged to deploy and manage MED-V workspaces, the
existing application deployment infrastructure should be evaluated for use in MED-V
Workspace deployment. If an Enterprise Software Distribution (ESD) system such as
Configuration Manager 2007 is in place, you can easily leverage it to distribute required
MED-V workspace images and applications.
Planning for Component InstallationAfter identifying the systems that require MED-V component installation (MED-V Host Agent,
MED-V Workspace Packager, and MED-V Workspace), and the method of deploying the
required components to them, the installation prerequisites and the setup experience itself
should be planned for.
The MED-V Agent Host is used to run and configure the MED-V Workspaces which are
based on Windows XP SP3 Windows Virtual PC virtual machines. MED-V Workspaces are
used to host the applications and web redirection addresses required for application
compatibility in the enterprise.
The MED-V Workspace Packager is used to create MED-V Workspace installation packages
and configure the workspace setup experience for end-users. Only administrators involved in
MED-V Workspace creation need to install the MED-V Workspace Packager.
MED-V 2.0 Deployment Guidance Page 5
“MED-V helps ensure that we can move
forward with an enterprise-wide rollout of
Windows 7 without getting sidetracked by
application compatibility issues.”
Alex RamosSenior Manager, IT OperationsRoyal Caribbean Cruises Ltd.
For more information, see the Royal Caribbean Cruises Ltd. MED-V case study at http://go.microsoft.com/fwlink/?LinkId=220934.
By default, MED-V Host Agent installation verifies that installation prerequisites are installed.
These prerequisites include Windows Virtual PC and, if the host operating system is running
Windows 7 without service pack 1 applied, a required update that removes the prerequisite
for hardware-assisted virtualization support for Windows Virtual PC (KB977206). These
installation prerequisites are not installed with the MED-V Host Agent and should be installed
prior to MED-V deployment either as part of a standard Windows 7 application deployment or
bundled with the MED-V deployment.
Note: For more information about obtaining Windows Virtual PC, see the Windows
Virtual PC home page at http://go.microsoft.com/fwlink/?LinkId=220907. For more
information about obtaining the prerequisite update for Windows Virtual PC on
computers running Windows 7, see article 977206 in the Microsoft Knowledge Base at
http://go.microsoft.com/fwlink/?LinkId=220908.
While MED-V Workspace creation using the MED-V Workspace Packager is out of scope for
this paper, it is important to note that there are three MED-V Workspace Setup options
available to enable administrators to select the best experience for their end-users: silent,
silent with prompt, and interactive. The MED-V Workspace setup experience can also be
configured using Windows PowerShell. For more information about using Windows
PowerShell with MED-V 2.0, see Configuring Advanced Settings by Using Windows
PowerShell in the MED-V 2.0 Technical Library at http://go.microsoft.com/fwlink/?
LinkId=220909.
When running MED-V Setup silently using an existing ESD system to deploy MED-V
Workspaces, the installation should be configured to run under the system or an
administrator account. When using the interactive setup option, each end-user is prompted
for elevated privileges because MED-V Setup must be run for all users logging onto the host
computer.
Planning for Workspace ConfigurationAfter the MED-V Workspace has been installed, it is automatically configured for each end-
user the next time that they log onto the host computer. After an end-user logs on to the host
computer, the Windows XP SP3 image is expanded and prepared to run the applications
installed in the workspace that are not compatible with Windows 7. Typically, this occurs in a
hidden window, but MED-V can be configured to display this process using the Workspace
Packager during workspace configuration. This can be useful in providing feedback to end
users because the process of installing the XP Guest can take some time and also provides
a method for the user to postpone the installation for up to four hours if needed.
After the workspace has been prepared for use, the MED-V Host Agent prompts the end-user
for their password to authenticate to the MED-V Workspace. If the option to “store user
credentials” is selected, the end-user will not be prompted again for the password.
Otherwise, they will be prompted every time the MED-V Host Agent starts-up on the host
computer.
After the end-user has authenticated to the workspace, optional administrator-defined
workspace configuration actions can be performed based on commands contained in the
sysprep.inf file associated with the workspace image. These actions can include joining the
MED-V Workspace image to an Active Directory domain, installing ESD client software,
additional applications, or image configuration changes.
MED-V 2.0 Deployment Guidance Page 6
For example, the following command could be run to disable system restore points on the
Windows XP image to provide additional savings in required hard drive disk space:
“wmic /namespace:\\root\default path SystemRestore call Disable %SystemDrive%\"
Note: MED-V Workspace creation is outside the scope of this white paper and is not
described in detail. For more information about creating MED-V Workspaces, see
Creating a Windows Virtual PC Image for MED-V in the MED-V 2.0 Technical Library
at http://go.microsoft.com/fwlink/?LinkID=220910 .
The final step required to complete the initial configuration of the MED-V Workspace is to run
First Time Setup. This process completes MED-V configuration by adding the end-user to the
local Administrators and Remote Desktop Users groups to enable administrative actions and
remote desktop access to the MED-V workspace. Once ready for use, any applicable group
policies and roaming profiles are applied to the MED-V Workspace and the user is notified by
a taskbar notification that the compatibility applications are ready for use from the Start
Menu just like the other applications installed on the Windows 7 host computer.
Note: It is recommended that only application compatibility policies are applied to the
MED-V workspace. For example, screen saver or desktop personalization policies
wouldn’t typically need to be applied to MED-V Workspace images.
MED-V 2.0 Deployment Guidance Page 7
MED-V 2.0 DEPLOYMENT METHODS
MED-V Workspace images are deployed by leveraging an organization's existing methods
for application deployment. Some of these methods are described in this section including
manual installation, including the workspace as part of a standard Windows 7 operating
system image, and utilizing ESD systems already in use by the organization.
Manual InstallationUsing this method, the installation source files are stored on a shared network location or
provided on a DVD containing the prerequisite applications and the installation source files
that are used to install MED-V. The desktop support engineer or the end user must ensure
that all prerequisites are installed before launching MED-V Setup and then follows the on-
screen instructions for installing the MED-V Host Agent and MED-V Workspace. After
installation, the MED-V Host Agent is started to complete First Time Setup.
To manually install MED-V
1. Access the network share or load the DVD containing MED-V installation source files.
2. If not already present, install the MED-V installation prerequisites. This includes both
Windows Virtual PC as described in Knowledge Base article 958559 at
http://go.microsoft.com/fwlink/?LinkId=220911 and the Windows Virtual PC update, for
computers running Windows 7 without service pack 1 applied, described in Knowledge
Base article 977206 at http://go.microsoft.com/fwlink/?LinkId=220908. This installation
requires a restart of the host computer.
Note: The required Windows Virtual PC update for Windows 7 without service pack 1
applied removes the hardware prerequisites required to run Windows Virtual PC and XP
mode that normally include a processor that supports hardware assisted virtualization
(HAV) which is also enabled in the BIOS.
3. Install the MED-V Host Agent by running the MED-V_HostAgent_Setup.exe file. Before
installing the MED-V Host Agent, ensure that Internet Explorer is not running on the host
computer. This ensures that the URL redirection feature of MED-V is available after the
MED-V Host Agent is installed.
Note: If applicable, the MED-V Workstation Packager can be installed by running the
MED-V_WorkspacePackager_Setup.exe file.
4. Install the MED-V Workspace package by running the setup.exe file found in the
workspace installation directory created by the MED-V Workstation Packager.
5. Complete First Time Setup after MED-V Workspace installation when the MED-V Host
Agent is started or when an end-user logs in to the MED-V host computer for the first
time.
6. When First Time Setup is complete, the end-user is notified by a taskbar notification that
applications published to the Start Menu by MED-V are now available to run.
MED-V 2.0 Deployment Guidance Page 8
Windows 7 Operating System Image DeploymentWhen deploying MED-V as part of a standard Windows 7 operating system image, an
administrator installs all of the components into a Windows 7 image and the end-user
completes MED-V Setup on the newly configured host computer running Windows 7. This
method can be used in enterprise environments, where the end-users requiring MED-V
Workspace functionality are not well defined, to reduce the number of help desk calls to
install MED-V and also minimize the impact to users who would otherwise need to wait for
MED-V component installation.
Administrators must ensure that all prerequisites are met and that all of the required
installations are performed on the base computer that will be used to create the Windows 7
operating system image. After the operating system image is completed, MED-V components
are distributed with any new installations using the Windows 7 operating system image. End-
users can then install the MED-V Workspace package and complete MED-V First Time
Setup.
To deploy MED-V as part of a Windows 7 operating system image
1. Configure the base computer system that will be used to create the Windows 7 operating
system image.
2. If not already present, install the MED-V installation prerequisites. This includes both
Windows Virtual PC as described in Knowledge Base article 958559 at
http://go.microsoft.com/fwlink/?LinkId=220911 and the Windows Virtual PC update, for
computers running Windows 7 without service pack 1 applied, described in Knowledge
Base article 977206 at http://go.microsoft.com/fwlink/?LinkId=220908. This installation
requires a restart of the host computer.
3. Install the MED-V Host Agent by running the MED-V_HostAgent_Setup.exe file. Before
installing the MED-V Host Agent, ensure that Internet Explorer is not running on the host
computer. This ensures that the URL redirection feature of MED-V is available after the
MED-V Host Agent is installed.
4. Copy the MED-V Workspace Package to the base computer, this includes the Setup.exe
and the MED-V workspace .MSI files
5. After ensuring all other settings and applications are correct, create a standard
Windows 7 operating system image to be distributed.
6. Distribute the Windows 7 image to computers using standard computer imaging
deployment methods.
7. Because the MED-V software and workspace were distributed in the operating system
image, administrators can use system management tools to complete the installation of
MED-V when end-users require the functionality. Completing the deployment on-
demand as required without having to copy MED-V across the network.
8. At the conclusion of the MED-V install and First Time Setup
9. The end-user is notified by a taskbar notification that MED-V published applications are
now available to run.
MED-V 2.0 Deployment Guidance Page 9
Enterprise Software Distribution DeploymentAdministrators can also use the same Enterprise Software Distribution (ESD) system that
they normally use to install applications to Windows 7 computers to install MED-V
components on users' Windows 7 host computers. Depending on the ESD used, there could
be some subtle differences, but in general the MED-V installation packages are distributed to
computers meeting some specified criteria or list of requirements. For example, all
Windows 7 computers in a particular department.
When using an ESD deployment method, administrators must ensure that the MED-V
installation files are packaged appropriately for the ESD and also that the installation
package content is accessible to the affected end-users or computers that will run the
installations. Because Windows Virtual PC requires a reboot after installation, you can
simplify component installation by suppressing the restart after Virtual PC installation and
instead force a single restart after all MED-V components are installed. The MED-V Host
Agent will automatically start First Time Setup after the system restarts.
For ongoing management of the MED-V Workspace after deployment, the ESD client agent
should also be installed in the MED-V Workspace. Because the MED-V Workspace will be
distributed to multiple users, and might have unique networking requirements such as
Network Access Translation (NAT), you should thoroughly test and validate the packaging
and deployment method prior to use in a production deployment.
To deploy MED-V using an ESD
1. Using the ESD that will be used to deploy MED-V, identify a group of users or computers
that meet the MED-V deployment criteria such as use of applications that are not
compatible with Windows 7 and also meet free disk space and RAM requirements.
2. Create the necessary MED-V component installation packages for each of the files that
need to be distributed. When creating the packages, ensure that they are configured to
run under local system or administrator account privileges. Packages should also be
configured to run in silent mode with no user interaction required to eliminate user
prompts that would otherwise stop unattended installations.
Note: Packages to be created include: Windows Virtual PC, Windows 7 update for
Virtual PC for computers running Windows 7 with no service pack applied, MED-V Host
Agent, and the MED-V Workspace. The MED-V Workspace Packager can also be
packaged for deployment to MED-V administrator computers.
3. Controls are put in place that ensure that the MED-V components are installed on the
target computers with any required restarts suppressed until all packages have been
installed.
4. Assign the MED-V installation packages to the target set of users or computers.
5. The ESD client agent installed on the host computer recognizes that a new installation
package is available and installs the MED-V components. The installation should run
sequentially in silent mode with any required restarts suppressed until all of the required
installation packages are installed.
MED-V 2.0 Deployment Guidance Page 10
Note: Sample command lines are included in Appendix B of this document as a
reference for creating MED-V installation packages for ESD deployment.
6. After MED-V component installation is complete, the host computer must be restarted to
complete MED-V Workspace configuration. Depending on the particular ESD this restart
could be forced or done at some later time by the end-user of the host computer.
7. After the restart, the MED-V Host Agent starts automatically with Windows and the end-
user can then authenticate to the MED-V Workspace to begin First Time Setup.
8. When First Time Setup is complete, the end-user is notified by a taskbar notification that
applications published to the Start Menu by MED-V are now available to run.
MED-V 2.0 Deployment Guidance Page 11
DEPLOYING MED-V 2.0 WORKSPACES USING MICROSOFT SYSTEM CENTER CONFIGURATION MANAGER 2007The standard Microsoft System Center Configuration Manager 2007 software distribution
methods can be used to deploy MED-V components to targeted Windows 7 host computers.
In addition to standard Configuration Manager software distribution, the Operating System
Deployment feature of Configuration Manager provides the capability to create software
installation task sequences to install MED-V installation prerequisites and components.
Using Software Distribution Packages to Deploy MED-V When using standard Configuration Manager 2007 software distribution methods to deploy
MED-V components, administrators must create software distribution packages, programs,
and advertisements that are targeted to collections of computers that meet the criteria for
MED-V deployment.
As with the general ESD deployment method, Configuration Manager software distribution
installation packages should be distributed to computers matching a set of requirements. For
example, a collection could be created to distribute MED-V to a group of Windows 7
computers in a particular department that use an application that is not compatible with the
Windows 7 operating system. Additional safeguards to consider when creating the target
collection are the amount of available RAM and disk space to ensure the computers are
capable of hosting MED-V Workspaces.
After a collection of computers has been identified, MED-V installation packages and
programs must be created to install required components. It is recommended to create two
Configuration Manager software distribution packages, one containing all of the required
prerequisites and MED-V component installation files and separate packages containing the
actual MED-V Workspace to be deployed. Programs created for the packages should run in
unattended mode and with administrative rights. To simplify component installation, you can
suppress the restart required after Virtual PC installation and force a single restart after all
components are installed.
After creating the required software distribution packages and programs, software distribution
advertisements can be created that target the appropriate collection. When creating program
advertisements for Configuration Manager software distribution packages, consideration
must be given to how the advertisement will be configured to run on client computers. There
are two options to choose from when configuring the software distribution advertisement:
"Download content from distribution point and run locally" and "Run program from distribution
point".
While using the "Download content from distribution point and run locally" option is the most
reliable and recommended option, the following should be taken into consideration:
The MED-V Workspace must be smaller than the Configuration Manager client's
configured cache size. By default, the Configuration Manager client cache size is
configured for 5GB. If the MED-V Workspace image is larger than the Configuration
Manager client's allocated cache size, the workspace installation package will fail to
download to the host computer.
MED-V 2.0 Deployment Guidance Page 12
The hard disk space requirements for MED-V Workspace installation will double as the
installation package will exist in the client cache as well as being expanded locally in
order to run.
This method will require additional time for downloading to the workstation installation
package using from the Configuration Manager distribution point.
Alternatively, when using the “Run program from distribution point” advertisement option, the
following should be taken into consideration:
This option requires half the disk space required by the "Download content from
distribution point and run locally" option.
The Configuration Manager distribution point infrastructure is leveraged to stream the
MED-V Workspace installation to host computers across the enterprise.
It will take longer to complete the installation and there could be connectivity issues
depending on the amount of network traffic.
To deploy MED-V components using standard Configuration Manager 2007 software
distribution methods
1. Identify a group of users or computers that meet the MED-V deployment criteria such as
use of applications that are not compatible with Windows 7 and computers that meet free
disk space and RAM requirements.
2. Create the necessary MED-V component installation packages.
3. Create the programs required to run the installation files for each package. When
creating the programs, ensure that they are configured to run hidden and with
administrative rights. Programs should also be configured so that user interaction is not
enabled to eliminate user prompts that would otherwise stop unattended installations.
Note: Sample command lines are included in Appendix B of this document as a
reference for creating Configuration Manager software distribution programs to be used
with each of the packages.
4. Create the software distribution advertisements to assign software installation of the
appropriate packages to the targeted collection created in step 1. Ensure that any
required restarts are suppressed until all packages have been installed.
5. The Configuration Manager client agent installed on the host computer recognizes that a
new installation package is available and installs the MED-V components. The
installation should run sequentially in silent mode with any required restarts suppressed
until all of the required installation packages are installed.
6. After MED-V component installation is complete, the host computer must be restarted to
complete MED-V Workspace configuration. This restart can be forced or done at some
later time by the end-user of the host computer.
7. After the restart, the MED-V Host Agent starts automatically with Windows and the end-
user can then authenticate to the MED-V Workspace to begin First Time Setup.
MED-V 2.0 Deployment Guidance Page 13
8. When First Time Setup is complete, the end-user is notified by a taskbar notification that
applications published to the Start Menu by MED-V are now available to run.
Using Operating System Deployment Task Sequences to Deploy MED-VIn addition to standard Configuration Manager software distribution methods, MED-V
installation prerequisites and installation components can be delivered through the use of a
Configuration Manager operating system deployment task sequence. Configuration Manager
task sequences can be configured to perform multiple steps or tasks on a client computer at
the command line level without requiring user intervention to ensure that the order and
integrity of all of the required software installations is correct. Using a Configuration Manager
task sequence to deploy MED-V components also allows you to monitor task sequence
execution on MED-V host computer clients from within the Configuration Manager console.
Note: The Configuration Manager task sequence described in this document is a custom
task sequence that does not require an operating system boot image.
Just as with standard Configuration Manager software distribution, careful consideration
should be given to how client computers access the installation source files required by the
task sequence to install MED-V. When using task sequences to install MED-V, there are
three options to choose from when configuring the task sequence advertisement: "Download
content locally when needed by running task sequence", "Download all contents locally
before starting task sequence", and "Access content directly from a distribution point when
needed by the running task sequence". Many of the same advertisement considerations
mentioned for standard distribution program advertisements also apply for running task
sequence installations of MED-V with "Download all contents locally before starting task
sequence" is the recommended method for advertising MED-V installation task sequences to
client computers.
To deploy MED-V components using a Configuration Manager 2007 operating system
deployment task sequence
1. Create a collection of computers that meet the MED-V deployment criteria such as the
use of applications that are not compatible with Windows 7, and computers that meet
free disk space and RAM requirements.
Note: Configuration Manager task sequences can only be advertised to collections of
computers.
2. Create the necessary MED-V component installation packages.
Note: It is not necessary to create standard software distribution programs and
advertisements when using the task sequence deployment method.
3. Right-click the Task Sequences node in the Configuration Manager console and select
the Create a new custom task sequence option to create a new task sequence and
save it.
MED-V 2.0 Deployment Guidance Page 14
Note: It is not necessary to select a boot image when creating the task sequence for
MED-V deployment.
4. Right-click the task sequence created in step 3 and select Edit to start the task
sequence editor. To avoid possible computer restarts during MED-V installation, it is
recommended to use Run Command Line tasks rather than Install Software tasks for
MED-V deployment. Using the task sequence editor, add the required Run Command
Line tasks to the task sequence to run the command lines necessary to install MED-V
prerequisites and installation components. For MED-V prerequisite component
installations, the Continue on error checkbox on the Options tab of the Run
Command Line tasks should be selected. Setting this option allows the installation to
continue even when an error is detected. For example, the task sequence should
continue on to the next task if Windows Virtual PC or the update for Windows Virtual PC
is already installed.
Note: Sample command lines are included in Appendix B of this document as a
reference for creating Configuration Manager task sequence Run Command Line tasks.
5. Add the Restart Computer task following the installation tasks. Ensure that the currently
installed default operating system will be restarted, the user is notified before the restart
and the message display time-out is set to a long enough duration to ensure users have
time to either accept the restart or work until the timeout is reached and save the task
sequence.
Note: Restarting is mandatory to complete the installation.
6. Advertise the task sequence to assign MED-V installation to targeted computers in the
collection created in step 1. Ensure that no user interaction is enabled for the task
sequence on the Interaction page of the Task Sequence Advertisement Wizard.
7. The Configuration Manager client agent installed on the host computer runs the task
sequence and installs the MED-V components. The installation should run sequentially
in silent mode with any required restarts suppressed until all of the required installation
packages are installed.
8. After the computer completes the task sequence installation and restarts, the MED-V
Host Agent starts automatically with Windows and the end-user can then authenticate to
the MED-V Workspace to begin First Time Setup.
9. When First Time Setup is complete, the end-user is notified by a taskbar notification that
applications published to the Start Menu by MED-V are now available to run.
Managing MED-V Workspaces with Configuration Manager 2007A MED-V Workspace can be managed like any other computer client by Configuration
Manager When the Configuration Manager client is installed on the host computer and the
desired configuration management feature of Configuration Manager is enabled. Using the
desired configuration management feature, administrators can determine MED-V component
configuration compliance. Additionally, MED-V Workspaces deployed on Configuration
MED-V 2.0 Deployment Guidance Page 15
Manager client host computers can be inventoried by modifying the default hardware
inventory control files.
Note: For more information about hardware inventory modifications necessary to
discover MED-V workspaces installed on host computers, see Appendix C:
Inventorying Deployed MED-V Workspace Instances Using Configuration Manager
2007.
To install the Configuration Manager client agent, you can include it in the MED-V Workspace
or install the client on the MED-V Workspace using standard Configuration Manager client
installation methods after it is deployed. When including the Configuration Manager client
agent in the MED-V Workspace, the Configuration Manager client agent should be in a
dormant state to enable it to be uniquely configured for each MED-V host computer.
To install the Configuration Manager client on a MED-V workspace image, you must not
specify a site code to assign the client to during client installation and you must remove any
computer-specific certificates that are installed on the master image computer. For example,
if you are in native mode, you must remove the client authentication certificate before
imaging the computer. If Configuration Manager clients cannot query Active Directory
Domain Services to locate a management point, they use the trusted root key to determine
trusted management points.
To include the Configuration Manager client agent in the MED-V Workspace
1. Manually install the Configuration Manager 2007 client software on the MED-V
Workspace without specifying a Configuration Manager 2007 site code for the client in
the CCMSetup.exe command-line properties.
2. At a command prompt, type: net stop ccmexec. Doing this ensures that the SMS Agent
Host service (Ccmexec.exe) is stopped on the MED-V Workspace.
3. If all imaged clients will be deployed in the same hierarchy as the master computer,
leave the trusted root key in place. If the clients will be deployed in different hierarchies,
you should remove the trusted root key by running the following CCMSetup command on
the MED-V Workspace: CCMSetup RESETKEYINFORMATION = TRUE.
4. Remove any certificates stored in the local computer store on the master image
computer. Additionally, remove any native-mode client certificates if applicable. For more
information, refer to your public key infrastructure (PKI) documentation.
Note: When MED-V Workspaces are configured to use Network Access Translation
(NAT) networking settings, a QFE is required to enable workspace management using
Configuration Manager. For more information, see article 2504904 in the Microsoft
Knowledge Base at http://go.microsoft.com/fwlink/?LinkId=220914.
MED-V 2.0 Deployment Guidance Page 16
Monitoring MED-V Workspaces Using Desired Configuration ManagementThe Configuration Manager 2007 desired configuration management feature provides a set
of tools and resources that can help assess and track configuration compliance of client
computers in the enterprise. If enabled, the desired configuration management feature of
Configuration Manager can be used to determine MED-V component configuration
compliance.
Note: For more information about the desired configuration management feature of
Configuration Manager 2007 see Desired Configuration Management in
Configuration Manager in the Configuration Manager 2007 Technical Library at
http://go.microsoft.com/fwlink/?LinkId=220916.
Compliance is evaluated by defining a configuration baseline that contains the configuration
items you want to monitor and rules that define the compliance that you require. This
configuration data can be imported from the Web in Microsoft System Center Configuration
Manager 2007 Configuration Packs as best practices defined by Microsoft and other vendors,
or defined within Configuration Manager, or defined externally and then imported into
Configuration Manager.
Note: The configuration pack for MED-V (MEDV_FTS_configuration_pack.msi) can be
downloaded from the following location: http://go.microsoft.com/fwlink/?LinkId=220917.
You can monitor the results of the configuration baseline evaluation compliance from the
Desired Configuration Management home page in the Configuration Manager console. You
can also run a number of desired configuration management reports to drill down into details,
such as which computers are compliant or non-compliant and which element of the
configuration baseline is causing a computer to be non-compliant. You can also view
compliance evaluation results from the client itself by using the Configurations tab from
Configuration Manager Properties.
MED-V 2.0 Deployment Guidance Page 17
FOR MORE INFORMATION
For more information about Microsoft Configuration Manager 2007 or Microsoft Enterprise
Desktop Virtualization (MED-V) 2.0, see the official documentation online respectively at
http://go.microsoft.com/fwlink/?LinkId=220920 and http://go.microsoft.com/fwlink/?
LinkId=220918.
For more information about Microsoft products or services, call the Microsoft Sales
Information Center at (800) 426-9400. In Canada, call the Microsoft Canada information
Centre at (800) 563-9048. Outside the 50 United States and Canada, please contact your
local Microsoft subsidiary. To access information through the World Wide Web, go to:
http://www.microsoft.com
http://www.microsoft.com/technet/itshowcase
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
2011 Microsoft Corporation. All rights reserved.
MED-V 2.0 Deployment Guidance Page 18
APPENDIX A: CALCULATING DISK SPACE REQUIREMENTS
To calculate the disk space required for a MED-V Workspace on a host computer, the
following information is needed:
Users per machine – MED-V creates a MED-V Workspace for each user on the host
computer. This consumes disk space as each user logs in and the MED-V Workspace is
created.
Size of the base VHD – this is the VHD that was used when the MED-V Workspace was
packaged. Do not use the .MEDV file size as this is compressed.
Size of the Saved State file – this is the file that is used to maintain state in the virtual
machine. Typically, this is just a bit larger than the allocated RAM for the VM. For
example, 1GB of RAM allocated would create a file about 1,081KB in size.
Size of the differencing disk – this disk is used to track the difference from the base
VHD. Its size varies as you add applications and software updates and patches to the
VHD. Each MED-V user will have a differencing disk created for them as they launch
MED-V for the first time.
With the above information, you can use the following equation to calculate the approximate
size of the required space to install MED-V:
Base VHD + (User per machine x (Difference Disk +Saved State))
Note: The size of the VHD is variable and will increase based on the number of
applications and the amount of data that are placed in that VHD.
The following examples describe how to apply the formula to calculate the disk space
requirements for two different scenarios.
Example 1:
A VHD that is 3GB in size and has 1GB of RAM assigned for the virtual machine
3GB + (1 x (500MB + 1GB)) = 4.5GB
This is the minimum that would be required, with this increasing based on the amount of
applications and data added to the virtual machine.
Example 2:
A host computer with three users and additional deployed applications
2.6GB + (3 x (1.5GB + 1GB)) = 10.1GB
This example shows the differencing disk for each user and shows that with additional
software and policy updates, the differencing disk will be larger.
Example of Calculating Disk Space Using a Lab Deployment
A best practice would be to calculate the required space using a lab deployment to validate
the assumptions on required space – for example:
1. Machine Settings
a. Base VHD – 2.62GB
MED-V 2.0 Deployment Guidance Page 19
2. User Settings
a. Differencing Disk – 2.2GB
b. Virtual Saved State – 1.08GB
Note: Typically the saved state file for each user is slightly larger than the amount of
RAM allocated for the MED-V workspace.
Because it will be a single user per machine, a deployment of 5.9GB for MED-V would be a
minimum. Allowing for additional space on the host for additional applications and data in the
MED-V Workspace, the recommended minimum of 10GB would be appropriate for this
deployment.
After deploying the MED-V workspace, the following locations contain the files for the base
VHD and user settings files:
The base VHD file is named depending on what was selected in the MED-V workspace
packager and is stored in the C:\ProgramData\Microsoft\Medv\Workspace directory.
The differencing disk (%workspace name%.VHD) and saved state (%workspace name
%.VSV) files for each user are stored in the C:\Users\%username%\AppData\Local\
Microsoft\MEDV\v2\Virtual Machines directory.
If you are using a shared VHD deployment on a machine, the difference would be that
“users per machine” is always “1”, since this only configures a single differencing disk for
all users whereas the default would configure a differencing disk for each user. The size
of the differencing disk and the saved state file can be found in: C:\ProgramData\
Microsoft\Medv\AllUsers.
MED-V 2.0 Deployment Guidance Page 20
APPENDIX B: COMMAND LINE EXAMPLES FOR INSTALLING MED-V 2.0 COMPONENTS
MED-V prerequisites and installation components can be installed using command line
options using the examples provided in this appendix. Command line options should be
provided for each required installation to run with administrative rights and in unattended
mode to account for installation options that are normally presented to the end-user.
The following are examples for each MED-V installation component describing the
recommended command line options:
Note: All commands should be included on a single line and the command line switches
are the same for both x86 and x64 versions of Virtual PC and the required update.
The following component installation command line examples for x64 prerequisite
installations show how to install each component in unattended mode with restarts
suppressed:
Windows Virtual PC:
Windows6.1-KB958559-x64.msu /quiet /norestart
Virtual PC update for Windows 7:
Windows6.1-KB977206-x64.msu /quiet /norestart
MED-V Host Agent:
MED-V_HostAgent_Setup.exe /qn IGNORE_PREREQUISITES=1
Note: The IGNORE_PREREQUISITES=1 command line switch is optional and can be
used to install the MED-V Host Agent without verifying that Windows Virtual PC and its
required update are installed first. This can be useful if the installation order does not
install Windows Virtual PC before the MED-V Host Agent or if there are existing pending
computer restarts due to previously installed Windows Updates.
MED-V Workspace:
setup.exe /qn
MED-V Workspace Packager:
MED-V_WorkspacePackager_Setup.exe /qn
Batch File ExampleThe following example uses the component installation command lines previously described
to perform all of the commands in a single process using a simple batch file. The batch file
installs the MED-V components without checking for installation prerequisites before
installing Virtual PC to ensure that no restarts are prompted by the Windows Update agent
prior to MED-V component installation.
Using a simple text editor, the following example can be used to create a batch (.bat) file to
install MED-V prerequisites and installation components with no user interaction. Computer
restarts are also suppressed during installation with a forced restart at completion. The .bat
MED-V 2.0 Deployment Guidance Page 21
created should be run from an Administrator command prompt with each of the components,
including all workspace package files, stored in a single directory. If the .bat file is run from a
network share, the decompression of the .MEDV file will take significantly longer.
Note: When using a .bat file to perform software distribution actions in Configuration
manager, ensure that the "Requires drive letter" option is selected on the program
properties requirements tab.
start /WAIT Windows6.1-KB958559-x64.msu /quiet /norestart
start /WAIT Windows6.1-KB977206-x64.msu /quiet /norestart
start /WAIT MED-V_HostAgent_Setup.exe /qn IGNORE_PREREQUISITES=1
start /WAIT MED-V_WorkspacePackager_Setup.exe /qn
.\setup.exe /qn OVERWRITEVHD=1
shutdown /r /f /t 20 /c "This computer must restart to continue."
exit
Configuration Manager Task Sequence Run Command Line ExamplesThe following examples can be used to install x64 MED-V prerequisites and installation
components using Configuration Manager task sequence Run Command Line task sequence
tasks.
Note: MED-V prerequisite installation tasks should be configured to continue on error to
enable the task sequence to continue if the prerequisites are already installed on
targeted computers. Because wusa.exe is used to install .msu files, cmd /c must be
appended to the beginning of the update installation command lines.
Windows Virtual PC:
cmd /c Windows6.1-KB958559-x64.msu /quiet /norestart
Virtual PC update for Windows 7:
cmd /c Windows6.1-KB977206-x64.msu /quiet /norestart
MED-V Host Agent:
MED-V_HostAgent_Setup.exe /qn
MED-V Workspace Packager:
MED-V_WorkspacePackager_Setup.exe /qn
MED-V Workspace:
setup.exe /qn
MED-V 2.0 Deployment Guidance Page 22
APPENDIX C: INVENTORYING DEPLOYED MED-V WORKSPACE INSTANCES USING CONFIGURATION MANAGER 2007Configuration Manager 2007 hardware inventory can be modified to inventory all MED-V
Workspace instances installed on Configuration Manager client computers throughout the
enterprise. By inventorying existing MED-V workspace deployments, administrators can
create collections that can be used to manage applications on those workspaces.
Note: For more information about modifying the default Configuration Manager hardware
inventory control files, see How to Extend Hardware Inventory at
http://go.microsoft.com/fwlink/?LinkId=220922.
Configuration.mof File Modification RequirementsThe following information must be added to the Configuration.mof file stored on the
Configuration Manager site server computer to enable MED-V Workspace installation to be
discovered by Configuration Manager hardware inventory:
// Add the following code to the Configuration.mof file
// This file is found in :
// <ConfigMgr install directory>\inboxes\clifiles.src\hinv
// Note: All information on the PropertyContext lines
// until the comma should be on one line.
//----------------------
// MED-V
//----------------------
#pragma namespace ("\\\\.\\root\\cimv2")
[DYNPROPS]
class Win32Reg_SMSMedv
{
[key]
string InstanceKey;
Boolean IsMedvGuest = false;
string PhysicalHostName;
string PhysicalHostNameFullyQualified;
};
[DYNPROPS]
instance of Win32Reg_SMSMedv
{
InstanceKey = "MedvKey";
PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Medv\\v2\\AppData|
FtsCompletionApplicationExecuted"),
Dynamic, Provider("RegPropProv")]
IsMedvGuest;
MED-V 2.0 Deployment Guidance Page 23
[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Virtual
Machine\\Guest\\Parameters|PhysicalHostName"),
Dynamic, Provider("RegPropProv")]
PhysicalHostName;
[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Virtual
Machine\\Guest\\Parameters|PhysicalHostNameFullyQualified"),
Dynamic, Provider("RegPropProv")]
PhysicalHostNameFullyQualified;
};
SMS_def.mof File Modification RequirementsThe following information must be added to the SMS_def.mof file stored on the
Configuration Manager site server computer to enable MED-V Workspace installation to be
reported by Configuration Manager hardware inventory:
// Add the following code to the SMS_def.mof file
// This file is found in :
// <ConfigMgr install directory>\inboxes\clifiles.src\hinv
//----------------------
// MED-V
//----------------------
#pragma namespace ("\\\\.\\root\\cimv2\\sms")
[ SMS_Report (TRUE),
SMS_Group_Name ("Virtual Machine"),
SMS_Class_ID ("MICROSOFT|MEDV|2.0"),
SMS_Context_1 ("__ProviderArchitecture=32|uint32"),
SMS_Context_2 ("__RequiredArchitecture=true|boolean") ]
Class Win32Reg_SMSMedv : SMS_Class_Template
{
[SMS_Report (TRUE), key ] string InstanceKey;
[SMS_Report (TRUE) ] Boolean IsMedvGuest;
[SMS_Report (TRUE) ] string PhysicalHostName;
[SMS_Report (TRUE) ] string PhysicalHostNameFullyQualified;
};
// End of MOF file edit
MED-V 2.0 Deployment Guidance Page 24