VDI Windows: 5 Software Solutions and 6 Image Tuning Tips

What is VDI on Windows?

Virtual Desktop Infrastructure (VDI) enables you to remotely provision and manage desktop operating systems (OS). The virtual desktop is hosted in a data center and admins can deliver it over the network to endpoint devices, such as PCs, thin clients, or mobile devices. Users can then interact with the OS and applications from their devices without local installation.

Windows is a common workload for VDI systems. Windows operating systems can be centrally managed and delivered to users. It is also common to deliver Microsoft applications, such as Office 365, as virtualized applications over a VDI infrastructure.

A key concept in Windows-based VDI is the “golden image”—an optimized version of the operating system, which includes only the features and services needed for VDI users.

What is a Windows VDI Golden Image?

The Windows golden image is the base standard of the operating system users will gain access to through VDI. Admins must carefully manage, update, and optimize their Windows golden images to ensure the VDI environment is scalable, stable, secure and fast.

This is also one of the main operating costs of running a VDI environment. Images need to be updated and optimized frequently to ensure the environment is running in an optimal manner to get the most out of the hardware and support as many users as possible with one server.

The desktop Windows operating system was not planned to be used for virtualization, and contains features that are not required for a VDI environment. By removing these features, you can improve both server utilization and user experience.

An important note is that Microsoft recently released Windows 10 Enterprise Multisession, a specially-designed operating system intended for use with its desktop as a service (DaaS) offering, Windows Virtual Desktop (WVD). Learn more in our guide to Windows Virtual Desktop vs Citrix.

Six Windows 10 Golden Image Tuning Tips

Here are a few ways you can optimize a Windows 10 golden image.

Windows Features

As a general rule, any Windows feature that is not absolutely necessary in a VDI environment, and has low value to users, should be disabled. Specifically, make sure to disable:

  • Features that perform telemetry (collection of metrics) or reporting
  • Boot logging

Disabling features is an easy way to improve virtualized desktop performance, and also contributes to security.

Services

Windows runs many system services by default. Most of them are not relevant in a data center setting, or when a desktop is virtualized and not really running on a user’s PC.

At least the following services should be disabled:

  • BranchCache
  • Geolocation
  • Connection Sharing

Scheduled Tasks

Windows runs system tasks automatically on a regular basis. These tasks have value for desktop deployments or Windows, but in a VDI setting, they can have a detrimental effect on the entire environment.

The core issue is that these tasks are typically scheduled to run when the system is idle. In a data center, even if one desktop is idle, resources must be used to serve active users. Any automated task that starts running in the background across hundreds or thousands of desktops will drain resources from VDI servers, and may cause a slowdown for users.

Disable at least the following scheduled Windows tasks:

  • Defragmentation
  • Optimization and maintenance services
  • Scanning for bluetooth connections

Microsoft OneDrive

OneDrive is Microsoft’s cloud store and synchronization solution. This service too is not designed for a VDI environment, because it synchronizes all cloud content locally. If you are running non-persistent desktops, this synchronization will repeat itself every time the users logs into the system, which will be very annoying for users and use up huge amounts of bandwidth.

You can remove OneDrive from your golden image, to conserve disk space and prevent the unneeded synchronizations.

Note that some desktop as a service (DaaS) providers, including AWS and Azure, support OneDrive as part of their cloud-based VDI service.

Hardware Acceleration

Microsoft has built hardware acceleration technology into newer versions of Microsoft Office (since Office 2010). The operating system uses a graphical processing unit (GPU), if available, to improve performance of Office applications, and if there is no GPU, passes rendering to the CPU.

If virtualized desktops do not have access to GPUs, this feature can needlessly drain system resources on VDI servers. You can enable rendering for Internet Explorer, but disable it for Microsoft Office.

Image Optimizer Tools

Microsoft is releasing minor versions of Windows 10 more frequently than Windows 7, and with every minor release, you will need to update your golden image. It is very important to stay up to date to ensure the environment is secure. You will need to evaluate existing optimizations to see if they are still valid, and add new optimizations (for example, disable a new service added in the latest version which is not suitable for VDI).

It is very difficult to gather best practices, test and apply optimizations, and administrators find themselves spending much more time on golden images for Windows 10 virtualized desktops. This raises the need for an automated optimization tool.

There are several tools and scripts available to help you apply optimizations to Windows 10. The most commonly used tools are the Citrix Optimizer and VMware Operating System Optimization Tool (OSOT) (both available for free from the vendors). Both tools provide a user interface where you can apply specific optimizations to your golden image.

Image optimization tools provide templates for various operating systems (e.g. Windows 7, 8 and 10) and server operating systems (e.g. Windows Server 2008, 2012 and 2016). You can use these templates, customize them, or create your own.

Addressing VDI Windows Challenges with Hysolate

Choosing, creating, managing and optimizing a VDI solution running Windows,  is a large project and a huge undertaking for an organization. Creating, planning the infrastructure, making sure everything is tested, and has the proper sizing to support the target population, requires thousands of hours of work and a huge investment.

In addition, running the servers on premise, involves tremendous costs of purchasing the servers, and of course maintaining the infrastructure leading to high OPEX and CAPEX costs.

DaaS solutions such as WVD or Amazon Workspaces are a great solution for delivering a desktop experience in the cloud, but are far from perfect. User experience is lacking, especially when working remotely, running intensive workloads, or in low bandwidth environments. Users cannot use desktops offline and the management overhead of WVD and especially RDS is high.

In today’s remote first world, users connecting to the datacenter VDI solution, sometimes over a VPN tunnel will get poor performance and user experience and desktops are not available when offline.

Hysolate solves these problems with an innovation called isolated workspace as a service (IWaaS). Users get a local isolated operating system running on their machine deployed within minutes which is managed from the cloud.

Isolated workspaces enable:

  • A higher level of freedom on employees corporate devices
  • Ability to receive 3rd party generated content in an isolated zone
  • Access to IT admins, DevOps, developers, and other privileged users in their everyday environment
  • Access to employees from personal, unmanaged devices

The behavior of the workspace is managed in the cloud, while all of the computing resources run locally on user machines.

This eliminates the need to invest in a large and costly infrastructure, and provides a better local user experience, with offline availability.

Learn more about our Isolated-Workspace as-a-Service platform

Read More

Dig In

dig-in event

Live Webinar:

Register for the live webinar to learn how Celsius CISO has dealt with the shift to remote work and frequent changes in business requirements, without opening up his business to security risks.

Read Now