VDI Windows: 5 Software Solutions and 6 Image Tuning Tips

What is VDI on Windows?

Virtual Desktop Infrastructure (VDI) enables you to remotely provision and manage desktop operating systems (OS). The virtual desktop is hosted in a data center and admins can deliver it over the network to endpoint devices, such as PCs, thin clients, or mobile devices. Users can then interact with the OS and applications from their devices without local installation.

Windows is a common workload for VDI systems. Windows operating systems can be centrally managed and delivered to users. It is also common to deliver Microsoft applications, such as Office 365, as virtualized applications over a VDI infrastructure.

A key concept in Windows-based VDI is the “golden image”—an optimized version of the operating system, which includes only the features and services needed for VDI users.

What is a Windows VDI Golden Image?

The Windows golden image is the base standard of the operating system users will gain access to through VDI. Admins must carefully manage, update, and optimize their Windows golden images to ensure the VDI environment is scalable, stable, secure and fast.

This is also one of the main operating costs of running a VDI environment. Images need to be updated and optimized frequently to ensure the environment is running in an optimal manner to get the most out of the hardware and support as many users as possible with one server.

The desktop Windows operating system was not planned to be used for virtualization, and contains features that are not required for a VDI environment. By removing these features, you can improve both server utilization and user experience.

An important note is that Microsoft recently released Windows 10 Enterprise Multisession, a specially-designed operating system intended for use with its desktop as a service (DaaS) offering, Windows Virtual Desktop (WVD). Learn more in our guide to Windows Virtual Desktop vs Citrix.

Six Windows 10 Golden Image Tuning Tips

Here are a few ways you can optimize a Windows 10 golden image.

Windows Features

As a general rule, any Windows feature that is not absolutely necessary in a VDI environment, and has low value to users, should be disabled. Specifically, make sure to disable:

  • Features that perform telemetry (collection of metrics) or reporting
  • Boot logging

Disabling features is an easy way to improve virtualized desktop performance, and also contributes to security.

Services

Windows runs many system services by default. Most of them are not relevant in a data center setting, or when a desktop is virtualized and not really running on a user’s PC.

At least the following services should be disabled:

  • BranchCache
  • Geolocation
  • Connection Sharing

Scheduled Tasks

Windows runs system tasks automatically on a regular basis. These tasks have value for desktop deployments or Windows, but in a VDI setting, they can have a detrimental effect on the entire environment.

The core issue is that these tasks are typically scheduled to run when the system is idle. In a data center, even if one desktop is idle, resources must be used to serve active users. Any automated task that starts running in the background across hundreds or thousands of desktops will drain resources from VDI servers, and may cause a slowdown for users.

Disable at least the following scheduled Windows tasks:

  • Defragmentation
  • Optimization and maintenance services
  • Scanning for bluetooth connections

Microsoft OneDrive

OneDrive is Microsoft’s cloud store and synchronization solution. This service too is not designed for a VDI environment, because it synchronizes all cloud content locally. If you are running non-persistent desktops, this synchronization will repeat itself every time the users logs into the system, which will be very annoying for users and use up huge amounts of bandwidth.

You can remove OneDrive from your golden image, to conserve disk space and prevent the unneeded synchronizations.

Note that some desktop as a service (DaaS) providers, including AWS and Azure, support OneDrive as part of their cloud-based VDI service.

Hardware Acceleration

Microsoft has built hardware acceleration technology into newer versions of Microsoft Office (since Office 2010). The operating system uses a graphical processing unit (GPU), if available, to improve performance of Office applications, and if there is no GPU, passes rendering to the CPU.

If virtualized desktops do not have access to GPUs, this feature can needlessly drain system resources on VDI servers. You can enable rendering for Internet Explorer, but disable it for Microsoft Office.

Image Optimizer Tools

Microsoft is releasing minor versions of Windows 10 more frequently than Windows 7, and with every minor release, you will need to update your golden image. It is very important to stay up to date to ensure the environment is secure. You will need to evaluate existing optimizations to see if they are still valid, and add new optimizations (for example, disable a new service added in the latest version which is not suitable for VDI).

It is very difficult to gather best practices, test and apply optimizations, and administrators find themselves spending much more time on golden images for Windows 10 virtualized desktops. This raises the need for an automated optimization tool.

There are several tools and scripts available to help you apply optimizations to Windows 10. The most commonly used tools are the Citrix Optimizer and VMware Operating System Optimization Tool (OSOT) (both available for free from the vendors). Both tools provide a user interface where you can apply specific optimizations to your golden image.

Image optimization tools provide templates for various operating systems (e.g. Windows 7, 8 and 10) and server operating systems (e.g. Windows Server 2008, 2012 and 2016). You can use these templates, customize them, or create your own.

Addressing VDI Windows Challenges with Hysolate

Choosing, creating, managing and optimizing a VDI solution running Windows,  is a large project and a huge undertaking for an organization. Creating, planning the infrastructure, making sure everything is tested, and has the proper sizing to support the target population, requires thousands of hours of work and a huge investment.

In addition, running the servers on premise, involves tremendous costs of purchasing the servers, and of course maintaining the infrastructure leading to high OPEX and CAPEX costs.

DaaS solutions such as WVD or Amazon Workspaces are a great solution for delivering a desktop experience in the cloud, but are far from perfect. User experience is lacking, especially when working remotely, running intensive workloads, or in low bandwidth environments. Users cannot use desktops offline and the management overhead of WVD and especially RDS is high.

In today’s remote first world, users connecting to the datacenter VDI solution, sometimes over a VPN tunnel will get poor performance and user experience and desktops are not available when offline.

Hysolate solves these problems with an innovation called isolated workspace as a service (IWaaS). Users get a local isolated operating system running on their machine deployed within minutes which is managed from the cloud.

Isolated workspaces enable:

  • A higher level of freedom on employees corporate devices
  • Ability to receive 3rd party generated content in an isolated zone
  • Access to IT admins, DevOps, developers, and other privileged users in their everyday environment
  • Access to employees from personal, unmanaged devices

The behavior of the workspace is managed in the cloud, while all of the computing resources run locally on user machines.

This eliminates the need to invest in a large and costly infrastructure, and provides a better local user experience, with offline availability.

Learn more about our Isolated-Workspace as-a-Service platform

Virtualization for Windows 10: A Practical Guide

What is Virtualization for Windows 10?

One of the features included in Windows 10 is the ability to create virtual machines. A virtual machine is a packaged operating system that can run on top of a “host” operating system. Virtualization allows the same host to run multiple “guest” operating systems, and easily move virtual machines between hosts.

Windows 10 virtualization is managed by Microsoft’s own hypervisor, called Hyper-V. This is the hypervisor used to run the entire Azure cloud stack, so it is robust and secure enough for even the largest enterprise deployments. Hyper-V Windows virtualization enables:

  • Running software that requires an earlier version of Windows or a non-Windows operating system, on top of a Windows machine.
  • Testing software with several operating systems, without having access to a device that has them installed.
  • Export virtual machines and import them into any Hyper-V based system, including the Microsoft Azure cloud.
  • Running virtual desktop infrastructure (VDI) Windows workloads on Windows 10 machines.

Hyper-V on Windows 10

Hyper-V performs hardware virtualization. This means that all virtual machines typically run on virtual hardware—you can define virtual disks, virtual switches, and other virtual devices and add them to virtual machines.

Hyper-V is a Type 1 hypervisor, which runs directly on physical hardware. It differs from other virtualization solutions like VMware vSphere and VirtualBox, which are Type 2 hypervisors that run on top of an operating system.

System Requirements

Hyper-V is available for 64-bit editions of Windows 10 Pro, Enterprise and Education (not the Home version).

Here is a list of important hardware considerations related to implementing Hyper-V on computers running Windows 10:

  • Processor—each virtual machine is assigned up to 240 virtual processors per virtual machine. The main factor in this case is the active operating system. To use CPU resources efficiently, you need to determine how many virtual processors (processor cores) each virtual machine needs.
  • Memory—to ensure high performance, you need to allocate enough RAM resources for Hyper-V hosts and virtual machines. You can use the Dynamic Memory feature to resize virtual machine memory automatically. You must have at least 4 GB of RAM available for the Hyper-V host and the virtual machines running on it (more RAM is required the more VMs you run, or the more intensive your workloads).
  • Storage—adequate I/O bandwidth is required to run virtualized workloads without interruption. This requires high performance storage controllers and hard drives. In addition, to optimize I/O between multiple disk drives, RAID should be configured correctly.
  • CPU cache—a large CPU cache is very useful when running virtual environments with heavy workloads. The processor cache is very fast, virtual machines can access critical data or applications more quickly than from main memory.

Hyper-V Limitations

When planning your Windows 10 virtualized deployment, consider the following limitations of Hyper-V:

  • Applications—Applications strongly dependent on specific hardware may not run properly on virtual machines. In addition, latency-sensitive applications may have issues when running in a virtualized environment.
  • Complexity—running Hyper-V requires expertise, and involves advanced tasks like enabling Intel VTx, managing networks and vSwitches, and tuning the resources allocated to each VM (cores, memory, and dynamic memory allocation).
  • Management—there is no central management interface to create and manage Windows 10 virtual machines. Users have to do this manually, or admins can automate creation of VMs using scripting.
  • Security—virtual storage is not encrypted out-of-the-box, meaning that attackers who compromise the host can access the content of any virtual machines. The Windows Remote Desktop Protocol (RDP) is not protected against screen/keyboard capturing or injecting. Hyper-V does not provide network segregation or any firewall capabilities out of the box.
  • Patching—users and administrators now have to manage multiple operating systems, including patching and maintenance.
  • Automation—Hyper-V does not automate virtual desktop processes such as automatically joining a user to Azure Active Directory (Azure AD).

Hyper-V on Windows 10 Windows Server

Some features of Hyper-V are different in Windows 10 compared to Windows Server.

Hyper-V on Windows 10 does not support live migration of VMs between hosts, replicas, Virtual Fiber Channel, shared virtual hard disk files (VHDX), and SR-IOV networking. These features are only supported on Windows Server.

Hyper-V on Windows Server does not support Quick Create, NAT switches and VM gallery.

In addition, the Hyper-V memory management model is different on each system. On Windows Server, Hyper-V allocates all memory to virtualized workloads. On Windows 10, Hyper-V assumes the machine is running other software in addition to the virtual machine, and allows memory to be allocated to non-virtualized workloads.

Running Containers on Windows with Hyper-V Virtualization

Microsoft recently introduced container technology, allowing developers to create and run Windows and Linux containers on Windows 10 devices.

Containers can run as a separate process in Windows (just like traditional Linux containers). However, the limitation is that the containerized application shares the operating system kernel. This means the container must run the same operating system as the host.

Hyper-V provides a feature called container isolation, which lets you run each container in a customized virtual machine, and get access to any operating system kernel, even Linux. This allows Windows and Linux containers to run simultaneously in the same machine.

These isolated containers are similar to traditional virtual machines. However, they are optimized to conserve resources. For example, Linux Containers on Windows 10 (LCOW) runs a virtual machine with a minimal Linux kernel that has just enough capabilities to support the container. Isolated containers can also dramatically improve security, because they offer hardware-level isolation between containers.

For more details, read on in-depth blog post on Windows Containers

How to Enable Virtualization on Windows 10

To enable Hyper-V virtualization on a Windows 10 machine, follow these steps:

  1. Make sure Intel VT-x is enabled in your BIOS settings. This enables your CPU to function as multiple virtual cores.
  2. In the Windows command line, run systeminfo in CMD and ensure that Hyper-V Requirements are all set to Yes. If not, ensure the machine meets all the system requirements.
  3. Install Hyper-V by opening PowerShell and running the following command (all in one line). Ensure you are logged in as administrator of the machine. Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
  4. Reboot the machine, and from the start menu, select Hyper-V Quick Create.
  5. Select an operating system, or provide your own operating system image by clicking Local Installation Source, and selecting a VHDX or other image file.
  6. Make sure to deselect Secure Boot if you are running a Linux VM.
  7. Click Create Virtual Machine.

Manage Virtual Machines in Windows 10

There are two main features you should be aware of to manage Windows 10 VMs in Hyper-V.

Enhanced Session Mode

You can enable Enhanced Session Mode in Hyper-V to allow the hypervisor to connect to virtual machines using the remote desktop protocol (RDP). This provides the following benefits:

  • Lets you resize a VM screen and make use of high DPI monitors.
  • Allow VMs to use a shared clipboard, and transfer files from the local system with drag and drop.
  • Allows local devices to be shared with the VM, including audio devices, USB storage, printers, and disk drives.

Using Checkpoints

Hyper-V lets you create a snapshot of your virtual machine, called a checkpoint. Make sure to create checkpoints before changing configurations, performing an update, or installing software applications. This will allow you to revert to a known good state before you made the change.

Hyper-V supports two types of checkpoints:

  • Standard—copies the entire VM with its current memory state. This is not a complete backup, and may cause consistency issues, especially in Active Directory.
  • Production—uses Windows Volume Shadow Copy Service (VSS), or on Linux VMs, File System Freeze (FSF), to create a snapshot that is data consistent. This type of checkpoint does not capture the memory state of the virtual machine.

Dig In

Live Webinar:

Register for the live webinar to learn how Celsius CISO has dealt with the shift to remote work and frequent changes in business requirements, without opening up his business to security risks.

Read Now