A containerized desktop infrastructure has the benefits of “Image as code” and more….

The technology is based docker so the images can be built in VSCode as dockerfiles. Since the image is built as code and this helps teams share knowledge on how the image was built, what software is installed and how configurations were applied. Having your image as code also helps with continuous improvements since it increases the admin’s confidence to make changes and improve the UX. The base OS and applications are updated at build.

Above you can see the Containerized Desktop and Programmable Image ( Image as Code )

The build is validated when you commit to Dockerhub which reduces errors at launch.

Above you can see the dockerfile shows SUCCESS since it was validated when committed to dockerhub.

Containers are an abstraction of the OS so you don’t have to worry about the underlying hypervisor’s API to build your images which also allows for portability. Distaster recover is easy since you can spin up the container on-prem with a docker server or any cloud.

Containers vs Virtual Machines

Benefits of having your image as code are:

  • The OS and installed software is updated on every build / release.
  • Provisioning a full image takes minutes, not days so teams can deliver value rapidly and not waste time on repetitive installation or configuration tasks.
  • Reduce errors from installing and adding configurations manually or from outdated documentation.
  • Increased team confidence since builds are predictable when making changes.
  • Increased team collaboration since everyone can see the documented code and improve it.
  • Lighter images since you are not carrying incremental changes.

VDI Challenges with Gold Image Management

There are different ways we can build a base image but the elements are the same: An operating system with software installed and configurations. After we have the initial build we must keep the gold image and software updated for security, bugs and new features. There are different tools we can use as good solutions to save some time but they often lack devops practices or automation.

I. App Layering Solutions

Above is Citrix App Layering which does save some time.

We can build with Citrix App Layering, VMWare AppVolumes and others with similar VHD mount technologies. Citrix App Layering might save you time in the beginning by “freezing in time” app installations and configurations but the process is time consuming and done manually. You can create different images by selecting different layers with a specific to a specific base OS layer like Windows 10. If you have another OS layer, let’s say Windows Server 2019, you might have to duplicate your work on software installs. Other app volumes technologies also “freeze” the apps in time but in this day and age of DevOps the developers have faster cycles requiring apps to be updated or patched frequently. Admins spend a lot of time keeping these up to date and unfortunately fall behind on updates, patches and bug fixes.

Above is an admin’s month work of installs with Citrix App Layering.

II. Another way: Push packages with “software distributors”

Then there is SCCM/MDT with task sequences, Altiris with package manager, PDQ Deploy and others which push packages to targets. These sequences are handed off to the agents / clients which often error out and stop if there are unexpected conditions on scripts or package installs. If you are using these in a VDI you have to keep track of package cache build up which has to be cleaned up if space is a concern and the client has to be disabled when the VDI is live. The VDI has to be separated on a collection not receiving constant pushes and updates to save bandwidth and reduce errors. The same overhead happens here with package management, it is a full time job to package software and keep packages up to date.

Fun keeping all these packages up to date!

III. Not recommended: One Gold VM

The most common approach I see is admins using one VM as the golden image and every month they turn it on so that they can manually run windows updates, software updates, new software installations and add fixes in the form of executables, registry keys or manual config files. In the long run this VM gets bloated with small mistakes, bloated registry and a long chain of incremental patches with OS dependencies. When a new OS comes around all the work has to be repeated from scratch. If lucky you might have outdated documentation to somewhat follow.

Will you remember which plugins you added next time you need to install?
Snapshots management is not a good solution to keep track of changes.

IV. Recommended: A DevOps way – VDI Gold Image Orchestration

The best case for image management is to use software repos like chocolatey for Windows and automation tools like Hashicorp’s Packer to have the “image as code” and execute from pipelines. This works well for Azure, AWS, VMWare but not all hypervisors have direct integration. Azure offers the new Azure Image Builder as well.

Azure DevOps pipeline tasks for building a gold image
A sample Packer template

I wrote a full article on how to use Azure DevOps to create a Win10 gold image and you can see it here.

In the next page we will cover software installations with more details and comparisons

Pages: 1 2 3 4 5 6