With VMs being deployed at what seems to be an ever increasing rate, it has become common for organizations to...
perform image-based VM deployments. Doing so allows new VMs to be created quickly, efficiently and, most importantly, consistently. While it is difficult to deny the benefits of image-based VM deployments, it is important to think about the anatomy of a VM image. After all, any VMs that are created from your VM image will essentially be clones of that image, so it is important to create a VM image that meets the organization's needs. In practice, however, this is easier said than done.
What often happens is that an image is created and the IT staff uses the image to generate a few new VMs. Shortly after those VMs are put into production, the IT staff realizes that the VMs are not properly configured. As such, the IT staff creates a new VM image that can be used to generate new VMs. This process may happen several times before the VM image is considered to be correct.
It's hard to get around this trial and error approach to the image creation process. However, you can increase your odds of creating a good VM image by spending some time up front thinking about what needs to be included in the image. Obviously, every organization is going to have different needs for their images. Even so, one of the more easily overlooked areas of the image creation process involves enabling VMs that are generated from the image for remote management. As such, there are some things that you should include in your VM image.
Windows Firewall Settings
One of the first things that you should take a look at is the Windows firewall settings. Again, every organization has different needs, but there may be certain firewall ports that need to be open in order for the VMs to function properly.
Microsoft has long recommended configuring firewall settings at the group policy level, and you should indeed use group policies to control firewall settings. However, it is equally important to practice defense in-depth and you should therefore take the time to configure the local security policy in a way that will ensure that your firewall settings remain in effect even before the VMs have a chance to download a security policy from the Active Directory. As an alternative, you could choose to configure the firewall manually prior to creating the image.
One of the most important things that you should do prior to generating a VM image is to fully patch the computer that will be referenced during the image creation process. Performing patch management in advance will save you a lot of time; doing so will greatly reduce the number of patches that have to be applied to VMs which are eventually created from the image. It will also help to prevent brand new VMs from containing gaping security holes the moment they are brought online. Patch management might not initially seem to have anything to do with remote VM management, but depending on the patches that are present, some of the security patches could potentially make your remote management sessions more secure.
Some organizations like to manage VMs through PowerShell remoting. If you plan to use PowerShell remoting with your VMs, there are a couple of things that you can do to prepare the image. For instance, you might enable the WinRM service and open a PowerShell window and enter the Enable-PSRemoting –force command.
Enhanced Session Mode
In a Hyper-V environment, it can be beneficial to use Enhanced Session Mode when connecting to VMs because doing so allows you to use local resources when interacting with VMs. There isn't a lot that you can do to prepare your VMs to use Enhanced Session Mode, because much of the configuration process takes place at the Hyper-V level. If you plan to use Remote Session Mode, however, then the VM must be running a supported operating system (i.e., Windows 8, Windows 8.1, Windows Server 2012, or Windows Server 2012 R2) and the Remote Desktop Services must be enabled within the guest OS.
Creating a VM image is always a tricky process. Even so, there are some things that you can do to improve the odds that your image will meet your needs. One such possibility is that of configuring the image to allow for the eventual remote management of VMs.
How do VMware and Hyper-V compare?
Managing user support with virtual desktop remote control
Speed up VM provisioning process with PowerShell remoting