Transcript Engineering a MED

SESSION CODE: CLI305
Samesh Singh
Principal Consultant
Microsoft
ENGINEERING A MED-V V2
SOLUTION
(c) 2011 Microsoft. All rights reserved.
Agenda
Windows XP VHD
MED-V Packager
MED-V Workspace
Host – Windows 7
ESD Agent
Enterprise Software
Distribution Tool
Guest – Windows XP SP3
IE 8+
ESD Agent
IE 6
Incompatible
Apps
MEDV Guest
Agent
Redirection
MEDV
Host Agent
Incompatible
Published Apps
RDP
Windows Virtual PC
Diff Disk
Parent
(c) 2011 Microsoft. All rights reserved.
Session Objectives and Takeaways
► Objectives
– Describe the difference between the MED-V v1 and V2
architectural models
– Describe the process to engineer a MED-V v2 solution
– Describe the basics of how MED-V v2 components can be
deployed with CM
► Takeaways
– MED-V v2 scales along with its deployment mechanism
– Scalable deployment and management platform for MED-V v2
– MED-V is another desktop in your environment
The Evolution of MED-V
MED-V v2
MED-V v1
• Client/Server
architecture
• Limited scalability
• Management, database
and image servers
required for deployment
• Application architecture
• Unlimited scalability
• Deployed as any other
application
Product and Version Comparison
XPM
MED-V v1
MED-V v2
Seamless AppCompat Environment
Seamless access to documents and data files
Support for USB devices – including Smart Cards
Automatic application publishing
Deploy your custom Windows XP image
Integrates with System Center or third party systems
Seamless redirection of URLs to Internet Explorer 6/7
Shared environment support
Wake-to-patch the virtual environment
Automated first-time setup
Easy-to-use packaging and configuration wizard
WMI monitoring interface
Automatically synchronise host network
printers
(c) 2011
Microsoft. All rights reserved.
New for
MED-V v2
MED-V 2.0 Host Requirements
Windows 7
Professional, Enterprise or Ultimate
X86 or x64
Minimum 2 GB
RAM
RTM or SP1
Windows Virtual Internet Explorer
8 or 9 (Host)
PC with non-HAV
patch (KB977206) Internet Explorer
10 GB disk space
Included in SP1
6 or 7 (Guest)
recommended
MED-V 2.0 Workflow
MED-V v2 Guest Requirements
Windows XP Service Pack 3 with all security patches
Windows Virtual PC Integration Components
RemoteApp for Windows XP SP3 – KB961742
.NET 3.5 Service Pack 1
.NET Framework Update – KB 959209
Performance Update for Windows XP SP3 – KB 972435
Internet Explorer 7 Blocker Tool
Internet Explorer 8 Blocker Tool
Management & Security Application
3rd party Applications if required
(c) 2011 Microsoft. All rights reserved.
MED-V Image Best Practice
► Assess your corporate image for resourcefulness
and not functionality
► MED-V is the usability engine – don’t configure
usability in the virtualised system
► Empty recycle bin
► Disable system restore points
► Defragment and compact the virtual hard disk
(c) 2011 Microsoft. All rights reserved.
Sysprep.inf Overview
These are required for MED-V. The
absence of these items will cause
setup to fail.
These items may be configured by
MED-V – set in the MED-V
Workspace Packager
These items are MED-V best
practices and setup calls
MED-V image creation
with MDT
MED-V 2.0 Workflow
MED-V Workspace
Packager
MED-V on a Shared Computer
A Unique Workspace
for Each User
A Workspace that
all users will share
► Overview
– Recommended for knowledgeworker and single-user machines
– Single parent VHD, unique
differencing disk per user
– MED-V data and settings located in
user space
– MED-V end-user setup run for each
unique user
► Overview
– Recommended for task-workers
and multi-user machines
– Single parent VHD, one
differencing disk for all users
– MED-V data and settings located in
global location
– MED-V end-user setup only run
once per machine
► Details
– Each user is added as a member of
the remote desktop users group
– Could create multiple workspaces
on a single machine
► Details
– All authenticated users are added
to the remote desktop users group
– Guarantees a single workspace per
machine
Internet Explorer Web Redirection
► Automatic redirection from the host
browser to the workspace browser
– Users type the URL in the IE host browser,
click a link, or access a bookmark
– MED-V evaluates the destination against
the list of admin-controlled URL’s
– Matched URL’s are automatically open in
the redirected guest browser
► Redirected Web Address Setup
– Administrators can define a set of
redirected URL’s during the package setup
– Post-deployment, redirected URL’s can be
easily removed and added by deploying a
registry update
Examples
Wildcard Redirections:
http://*.contoso.com
Site Redirections:
http://intranet.contoso.com/HR
Page or Application Redirections:
https://intranet.contoso.com/HR/be
nefits.asp
Port redirection
http://vpn.contoso.com:1025
MED-V 2.0 Workflow
MED-V 2.0 Deployment Options
Manual
installation
Windows 7
image
Deployment
Electronic
Software
Distribution
MED-V 2.0 Deployment Options
Manual
installation
► Windows Virtual PC
► Windows Virtual PC QFE KB 977206 –
Windows 7 RTM only
► MED-V Host Agent
► Internet Explorer should be closed
► MED-V workspace package
MED-V 2.0 Deployment Options
Windows 7
Image
Deployment
► MED-V Host agent is installed
► MED-V pre-reqs & and workspace
install are included in the image
► Distribute image as usual
► MED-V First-time Setup runs
► ESD is used to launch the install
MED-V 2.0 Deployment Options
Electronic
Software
Distribution
► Install components independently or
together in a single script
► ESD can be used in workspace for
ongoing management
► Test networking requirements
(bridged vs. NAT)
MED-V 2.0 Deployment Options
Electronic
Software
Distribution
:: MED-V Host Agent installation
start /WAIT MED-V_HostAgent_Setup.exe /qn
IGNORE_PREREQUISITES=1
:: Workspace installation
start /WAIT .\setup.exe /qn OVERWRITEVHD=1
:: Windows Virtual PC
start /WAIT Windows6.1-KB958559-x64.msu /norestart /quiet
::Windows Virtual PC non-HAV patch, if required
Windows6.1-KB977206-x64.msu /norestart /quiet
MED-V 2.0 Deployment with CM
Target collections based on:
► Business and logistical needs
► Operating system version
► Disk space requirements
CM client within the MED-V workspace
► Examine CM client deployment options:
► If using NAT, consider pre-staging the SCCM
client in the MED-V image:
CCMSetup.exe /mp:{mpname} SMSSITECODE={auto|sitecode}
net stop ccmexec
► Remove certificates from the local computer
store
(c) 2011 Microsoft. All rights reserved.
CM Client Hotfix
► Required for MED-V workspaces using NAT
► Applied to CM Site Server
► Distributed to MED-V workspaces
► NAT configured workspaces access closest DPs
► Not required if CM2007 SP3 is deployed (already included)
(c) 2011 Microsoft. All rights reserved.
MED-V 2.0 Deployment with CM
For Deployment: Run from Distribution Point or Download
Locally
Ongoing: App-V and MED-V
► Run from Distribution
together
Point saves local disk
space
► App-V integration with
CM can use CM cache
► Download Locally
provides reliable
► Provides streaming from
distribution, but
DP or Download and
temporarily uses more
Execute
than 2x disk space
► May use extra disk space
inside MED-V workspace
Key Points when deploying MED-V with CM
► Create Packages, Task Sequences, & Advertisements
► Utilise the “Run command line” for installs
► A single reboot will require that you re-order the installs
► Suppress the reboots of the individual components
► Include success codes & continue on error as required
► Consider the client requirements x86 & 64bit
– The pre-requisites are specific to the architecture and may
require either multiple task sequences or more complex steps
(c) 2011 Microsoft. All rights reserved.
Task sequence, reboot and first time setup
First Time Setup
► Configuration is done as part of MED-V First Time Setup (FTS)
– The Workspace Setup publishes to the registry HKLM RUN key –
MedvHost.exe
– When the MED-V client is launched it validates whether FTS has run been for
that user or workstation
► What happens during FTS
–
–
–
–
–
User prompted for domain credentials
Differencing Disk is created for the Workspace and launched
Mini-Setup is run w/ MED-V overrides (if applied)
FTScompletion.exe is run
Workspace is Started
• Applications are published
• Web Apps are ready to be redirected
Live deployment
Updating MED-V Policy
► Use Workspace Packager to make desired changes to
policy
► Create package containing resulting .reg
► "regedit /s xxx.reg"
► Run with user rights for "current user reg "and Admin
rights for "local reg"
Patching – MED-V Wake to Patch
► Fast Start
► VM is always available as the host is available – patching
happens normally
► Normal Start
► VM runs only as needed
► Wake to Patch starts the VM for patching
► Default is midnight to 4am
► Changes can only be made with PowerShell not the GUI
► Note: The machine must be on with the user logged-in
► PowerShell Example for Wake to Patch
New-MedvConfiguration –VmGuestUpdateTime 01:00 –
VmGuestUpdateDuration 480 | Export-MedvConfiguration –Path
c:\medv\MEDVUPDTime.reg
Desired Configuration Management (DCM)
► This MED-V Configuration Pack tracks the successes and
failures of FTS using the Desired Configuration Manager
in Configuration Manager 2007
► Monitors First Time Setup success of deployed
workspaces
► Build collections of successful deployments
► Download URL:
http://www.microsoft.com/download/en/details.aspx?dis
playlang=en&id=26219
Installing the DCM for MED-V
► Installation Instructions
► Download and run the MSI
► Files are copied to the following location:
► C:\Program Files (x86)\System Center Configuration Packs\MEDV FTS Configuration Pack
► Import the Configuration Pack
► In the Configuration Manager console, navigate to System Center
Configuration Manager / Site Database / Computer Management /
Desired Configuration Management.
► Right-click Configuration Items, Import Configuration Data to load the
Import Configuration Data Wizard.
► Click Add, browse to the temporary directory containing the extracted
files, select the .cab file, and then click Open.
► Follow the remaining Wizard instructions.
What is a successful configuration of MEDV?
► This MED-V Configuration Pack tracks the success and
failures of FTS.
► During FTS MED-V does the following:
1. The virtual hard disk is configured. Mini-Setup runs and expands the Windows XP image.
2. Commands for additional configuration are run - such as installing ESD software or
configuring the image.
3. Ftscompletion.exe is run.
This adds the user to the RDP group, can add the user to local admin group, copies logs, signals MED-V that
the MED-V workspace is ready.
4. The workspace is then restarted by ftscompletion.exe and the end user is logged on or
prompted to log on.
5. The MED-V workspace is then started and configured for the user – this includes applying
Group Policy.
Update Settings
Save as a *.reg
Import as required
MED-V Admin Toolkit
C:\Program
Files\Microsoft
Enterprise Desktop
Virtualization\medvhost.
exe /toolkit
In Review: Session Objectives and Takeaways
► Objectives
– Describe the difference between the MED-V v1 and V2
architectural models
– Describe the process to engineer a MED-V v2 solution
– Describe the basics of how MED-V v2 components can be
deployed with CM
► Takeaways
– MED-V v2 scales along with its deployment mechanism
– Scalable deployment and management platform for MED-V v2
– MED-V is another desktop in your environment
MED-V Resources
► MED-V Localisation Patch
– Provides localised content in MED-V in 24 languages
► Deployment Guidance for Microsoft Enterprise Desktop
Virtualization 2.0
– Information on how to deploy MED-V
► MED-V Configuration Pack
– DCM integration for Configuration Manger 2007 for MED-V first time setup
► MED-V Team Blog
– Information on MED-V from members of the MED-V community
Enrol in Microsoft Virtual Academy Today
Why Enroll, other than it being free?
The MVA helps improve your IT skill set and advance your career with a free, easy to access
training portal that allows you to learn at your own pace, focusing on Microsoft
technologies.
What Do I get for enrolment?
► Free training to make you become the Cloud-Hero in my Organization
► Help mastering your Training Path and get the recognition
► Connect with other IT Pros and discuss The Cloud
Where do I Enrol?
www.microsoftvirtualacademy.com
Then tell us what you think. [email protected]
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other
countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing
market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this
presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
(c) 2011 Microsoft. All rights reserved.
Resources
www.msteched.com/Australia
www.microsoft.com/australia/learning
Sessions On-Demand & Community
Microsoft Certification & Training Resources
http:// technet.microsoft.com/en-au
http://msdn.microsoft.com/en-au
Resources for IT Professionals
Resources for Developers
(c) 2011 Microsoft. All rights reserved.