MED-V 2 Deployment Guidance White Paper

Deployment Guidance for Microsoft Enterprise Desktop Virtualization 2.0

Technical White PaperPublished: June 2011

By: Tim Crabb, David Trupkin, and Jeff Gilbert

CONTENTS

Introduction.......................................................................................3

Planning for MED-V Deployment.........................................................4

Planning for Component Distribution 4

Planning for Component Installation 4

Planning for Workspace Configuration 5

MED-V 2.0 Deployment Methods.........................................................7

Manual Installation 7

Windows 7 Operating System Image Deployment 8

Enterprise Software Distribution Deployment 9

Deploying MED-V 2.0 Workspaces using Microsoft System Center

Configuration Manager 2007

.........................................................................................................

11

Using Software Distribution Packages to Deploy MED-V 11

Using Operating System Deployment Task Sequences to Deploy MED-V 13

Managing MED-V Workspaces with Configuration Manager 2007 14

Monitoring MED-V Workspaces Using Desired Configuration Management 15

For More Information

.........................................................................................................

17

Appendix A: Calculating Disk Space Requirements

.........................................................................................................

18

Appendix B: Command Line Examples for Installing MED-V 2.0

Components

.........................................................................................................

20

Batch File Example 20

Configuration Manager Task Sequence Run Command Line Examples 21

Appendix C: Inventorying Deployed MED-V Workspace Instances Using

Configuration Manager 2007

.........................................................................................................

22

Configuration.mof File Modification Requirements 22

SMS_def.mof File Modification Requirements 23

INTRODUCTION

Microsoft Enterprise Desktop Virtualization (MED-V 2.0) enables enterprises to realize the

benefits of the latest client operating systems by providing a managed environment for legacy

applications.

Microsoft Enterprise Desktop Virtualization (MED-V) creates a virtual environment called a

MED-V Workspace for running applications that require Windows XP or Internet Explorer 6 or

Internet Explorer 7. The MED-V Workspace requires memory and disk space from the

Windows 7 host on which it is installed. At a minimum, 2GBs of RAM are required on the

host. Disk space is variable and is dependent on the number of applications and the amount

of data that users will have in their MED-V Workspace.

Note: It is assumed that the reader of this white paper is familiar with the MED-V

prerequisites, such as Windows Virtual PC, and has already created a MED-V

workspace suitable for deployment. For information about creating MED-V workspaces,

see Creating a Windows Virtual PC Image for MED-V in the MED-V 2.0 Technical

Library at http://go.microsoft.com/fwlink/?LinkID=220910.

The distribution model for MED-V 2.0 is based on an application model, where MED-V

leverages a company’s existing methods for deploying applications in order to deploy and

manage MED-V. This document outlines the recommended methods that an administrator

can use to deploy MED-V.

This paper assumes that readers are IT Professionals who are already familiar with

Microsoft® Windows 7 operating system, Microsoft® Windows Virtual PC, Microsoft®

System Center Configuration Manager features such as software distribution and operating

system deployment task sequences. Many of the principles and techniques described in this

paper can be used to deploy MED-V 2.0 components and virtual machine MED-V

Workspaces within any organization, and the planning considerations for MED-V 2.0

deployment can likewise be applied to most any enterprise-scale IT environment. However,

this paper is based on the MED-V product team's experience and recommendations and is

not intended to serve as a procedural guide. Each enterprise environment has unique

circumstances; therefore, each organization should adapt the plans and lessons learned

described in this paper to meet its specific needs.

MED-V 2.0 Deployment Guidance

Situation

Incompatibility of legacy applications with new versions of Windows can delay enterprise upgrades to the latest version of Windows. Testing and migrating applications takes time, and users are unable to take advantage of the new capabilities and enhancements offered by the newest operating system.

Solution

MED-V uses Microsoft Windows Virtual PC to provide an enterprise solution for desktop virtualization.

By delivering applications in a Virtual PC that runs a previous version of the operating system, MED-V 2.0 removes the barriers to operating system upgrades and allows administrators to complete testing and address incompatible applications after the upgrade.

MED-V is an integral component of the Microsoft Desktop Optimization Pack, a dynamic solution available to Software Assurance customers, which helps reduce application deployment costs, enables delivery of applications as services, and helps to better manage and control enterprise desktop environments.

Benefits

With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop.

Products & Technologies

Microsoft Enterprise Desktop Virtualization 2.0

Microsoft System Center Configuration Manager 2007

http://go.microsoft.com/fwlink/?LinkID=220910

PLANNING FOR MED-V DEPLOYMENT

When you are planning for deployment and then deploying MED-V, there are three areas to

consider – distribution, installation, and configuration. Each of these is discussed in more

detail in the following sections.

Planning for Component DistributionBefore MED-V installation components can be distributed, systems to be targeted for MED-V

deployment must be identified. As part of the planning process, both the applications that

cannot be migrated to Windows 7 and the users or computers that require MED-V to run

those applications should be identified. Depending on the application compatibility

requirements faced by your organization as you migrate to Windows 7, only certain users or

departments might need MED-V.

Next, disk space should be evaluated on the target systems. Because most MED-V

Workspace images are 2GB or larger, the available disk space on a system can be

consumed rapidly. Workspace size is also dependent on the number of users, the

configuration of MED-V, and any additional disk space required by the workspace distribution

method.

The recommended minimum amount of disk space for MED-V is 10GB. This amount of disk

space allows for a basic MED-V workspace running Windows XP SP3, any additionally

installed applications, and provides additional disk space for the host computer swap drive.

In general, a basic configuration for a MED-V Workspace will consume as much as 6-8GB.

Note: If you will have a large number of applications or more than one user per MED-V

Workspace, more disk space might be required. For information about calculating disk

space, see: Appendix A: Calculating disk space requirements.

Because MED-V 2.0 deployment is based on an application model, where existing methods

for deploying applications are leveraged to deploy and manage MED-V workspaces, the

existing application deployment infrastructure should be evaluated for use in MED-V

Workspace deployment. If an Enterprise Software Distribution (ESD) system such as

Configuration Manager 2007 is in place, you can easily leverage it to distribute required

MED-V workspace images and applications.

Planning for Component InstallationAfter identifying the systems that require MED-V component installation (MED-V Host Agent,

MED-V Workspace Packager, and MED-V Workspace), and the method of deploying the

required components to them, the installation prerequisites and the setup experience itself

should be planned for.

The MED-V Agent Host is used to run and configure the MED-V Workspaces which are

based on Windows XP SP3 Windows Virtual PC virtual machines. MED-V Workspaces are

used to host the applications and web redirection addresses required for application

compatibility in the enterprise.

The MED-V Workspace Packager is used to create MED-V Workspace installation packages

and configure the workspace setup experience for end-users. Only administrators involved in

MED-V Workspace creation need to install the MED-V Workspace Packager.


“MED-V helps ensure that we can move

forward with an enterprise-wide rollout of

Windows 7 without getting sidetracked by

application compatibility issues.”

Alex RamosSenior Manager, IT OperationsRoyal Caribbean Cruises Ltd.

For more information, see the Royal Caribbean Cruises Ltd. MED-V case study at http://go.microsoft.com/fwlink/?LinkId=220934.

http://go.microsoft.com/fwlink/?LinkId=220934

By default, MED-V Host Agent installation verifies that installation prerequisites are installed.

These prerequisites include Windows Virtual PC and, if the host operating system is running

Windows 7 without service pack 1 applied, a required update that removes the prerequisite

for hardware-assisted virtualization support for Windows Virtual PC (KB977206). These

installation prerequisites are not installed with the MED-V Host Agent and should be installed

prior to MED-V deployment either as part of a standard Windows 7 application deployment or

bundled with the MED-V deployment.

Note: For more information about obtaining Windows Virtual PC, see the Windows

Virtual PC home page at http://go.microsoft.com/fwlink/?LinkId=220907. For more

information about obtaining the prerequisite update for Windows Virtual PC on

computers running Windows 7, see article 977206 in the Microsoft Knowledge Base at

http://go.microsoft.com/fwlink/?LinkId=220908.

While MED-V Workspace creation using the MED-V Workspace Packager is out of scope for

this paper, it is important to note that there are three MED-V Workspace Setup options

available to enable administrators to select the best experience for their end-users: silent,

silent with prompt, and interactive. The MED-V Workspace setup experience can also be

configured using Windows PowerShell. For more information about using Windows

PowerShell with MED-V 2.0, see Configuring Advanced Settings by Using Windows

PowerShell in the MED-V 2.0 Technical Library at http://go.microsoft.com/fwlink/?

LinkId=220909.

When running MED-V Setup silently using an existing ESD system to deploy MED-V

Workspaces, the installation should be configured to run under the system or an

administrator account. When using the interactive setup option, each end-user is prompted

for elevated privileges because MED-V Setup must be run for all users logging onto the host

computer.

Planning for Workspace ConfigurationAfter the MED-V Workspace has been installed, it is automatically configured for each end-

user the next time that they log onto the host computer. After an end-user logs on to the host

computer, the Windows XP SP3 image is expanded and prepared to run the applications

installed in the workspace that are not compatible with Windows 7. Typically, this occurs in a

hidden window, but MED-V can be configured to display this process using the Workspace

Packager during workspace configuration. This can be useful in providing feedback to end

users because the process of installing the XP Guest can take some time and also provides

a method for the user to postpone the installation for up to four hours if needed.

After the workspace has been prepared for use, the MED-V Host Agent prompts the end-user

for their password to authenticate to the MED-V Workspace. If the option to “store user

credentials” is selected, the end-user will not be prompted again for the password.

Otherwise, they will be prompted every time the MED-V Host Agent starts-up on the host

computer.

After the end-user has authenticated to the workspace, optional administrator-defined

workspace configuration actions can be performed based on commands contained in the

sysprep.inf file associated with the workspace image. These actions can include joining the

MED-V Workspace image to an Active Directory domain, installing ESD client software,

additional applications, or image configuration changes.






For example, the following command could be run to disable system restore points on the

Windows XP image to provide additional savings in required hard drive disk space:

“wmic /namespace:\\root\default path SystemRestore call Disable %SystemDrive%\"

Note: MED-V Workspace creation is outside the scope of this white paper and is not

described in detail. For more information about creating MED-V Workspaces, see

Creating a Windows Virtual PC Image for MED-V in the MED-V 2.0 Technical Library

at http://go.microsoft.com/fwlink/?LinkID=220910 .

The final step required to complete the initial configuration of the MED-V Workspace is to run

First Time Setup. This process completes MED-V configuration by adding the end-user to the

local Administrators and Remote Desktop Users groups to enable administrative actions and

remote desktop access to the MED-V workspace. Once ready for use, any applicable group

policies and roaming profiles are applied to the MED-V Workspace and the user is notified by

a taskbar notification that the compatibility applications are ready for use from the Start

Menu just like the other applications installed on the Windows 7 host computer.

Note: It is recommended that only application compatibility policies are applied to the

MED-V workspace. For example, screen saver or desktop personalization policies

wouldn’t typically need to be applied to MED-V Workspace images.


http://go.microsoft.com/fwlink/?LinkID=220910

MED-V 2.0 DEPLOYMENT METHODS

MED-V Workspace images are deployed by leveraging an organization's existing methods

for application deployment. Some of these methods are described in this section including

manual installation, including the workspace as part of a standard Windows 7 operating

system image, and utilizing ESD systems already in use by the organization.

Manual InstallationUsing this method, the installation source files are stored on a shared network location or

provided on a DVD containing the prerequisite applications and the installation source files

that are used to install MED-V. The desktop support engineer or the end user must ensure

that all prerequisites are installed before launching MED-V Setup and then follows the on-

screen instructions for installing the MED-V Host Agent and MED-V Workspace. After

installation, the MED-V Host Agent is started to complete First Time Setup.

To manually install MED-V

1. Access the network share or load the DVD containing MED-V installation source files.

2. If not already present, install the MED-V installation prerequisites. This includes both

Windows Virtual PC as described in Knowledge Base article 958559 at

http://go.microsoft.com/fwlink/?LinkId=220911 and the Windows Virtual PC update, for

computers running Windows 7 without service pack 1 applied, described in Knowledge

Base article 977206 at http://go.microsoft.com/fwlink/?LinkId=220908. This installation

requires a restart of the host computer.

Note: The required Windows Virtual PC update for Windows 7 without service pack 1

applied removes the hardware prerequisites required to run Windows Virtual PC and XP

mode that normally include a processor that supports hardware assisted virtualization

(HAV) which is also enabled in the BIOS.

3. Install the MED-V Host Agent by running the MED-V_HostAgent_Setup.exe file. Before

installing the MED-V Host Agent, ensure that Internet Explorer is not running on the host

computer. This ensures that the URL redirection feature of MED-V is available after the

MED-V Host Agent is installed.

Note: If applicable, the MED-V Workstation Packager can be installed by running the

MED-V_WorkspacePackager_Setup.exe file.

4. Install the MED-V Workspace package by running the setup.exe file found in the

workspace installation directory created by the MED-V Workstation Packager.

5. Complete First Time Setup after MED-V Workspace installation when the MED-V Host

Agent is started or when an end-user logs in to the MED-V host computer for the first

time.

6. When First Time Setup is complete, the end-user is notified by a taskbar notification that

applications published to the Start Menu by MED-V are now available to run.




Windows 7 Operating System Image DeploymentWhen deploying MED-V as part of a standard Windows 7 operating system image, an

administrator installs all of the components into a Windows 7 image and the end-user

completes MED-V Setup on the newly configured host computer running Windows 7. This

method can be used in enterprise environments, where the end-users requiring MED-V

Workspace functionality are not well defined, to reduce the number of help desk calls to

install MED-V and also minimize the impact to users who would otherwise need to wait for

MED-V component installation.

Administrators must ensure that all prerequisites are met and that all of the required

installations are performed on the base computer that will be used to create the Windows 7

operating system image. After the operating system image is completed, MED-V components

are distributed with any new installations using the Windows 7 operating system image. End-

users can then install the MED-V Workspace package and complete MED-V First Time

Setup.

To deploy MED-V as part of a Windows 7 operating system image

1. Configure the base computer system that will be used to create the Windows 7 operating

system image.

2. If not already present, install the MED-V installation prerequisites. This includes both

Windows Virtual PC as described in Knowledge Base article 958559 at

http://go.microsoft.com/fwlink/?LinkId=220911 and the Windows Virtual PC update, for

computers running Windows 7 without service pack 1 applied, described in Knowledge

Base article 977206 at http://go.microsoft.com/fwlink/?LinkId=220908. This installation

requires a restart of the host computer.

3. Install the MED-V Host Agent by running the MED-V_HostAgent_Setup.exe file. Before

installing the MED-V Host Agent, ensure that Internet Explorer is not running on the host

computer. This ensures that the URL redirection feature of MED-V is available after the

MED-V Host Agent is installed.

4. Copy the MED-V Workspace Package to the base computer, this includes the Setup.exe

and the MED-V workspace .MSI files

5. After ensuring all other settings and applications are correct, create a standard

Windows 7 operating system image to be distributed.

6. Distribute the Windows 7 image to computers using standard computer imaging

deployment methods.

7. Because the MED-V software and workspace were distributed in the operating system

image, administrators can use system management tools to complete the installation of

MED-V when end-users require the functionality. Completing the deployment on-

demand as required without having to copy MED-V across the network.

8. At the conclusion of the MED-V install and First Time Setup

9. The end-user is notified by a taskbar notification that MED-V published applications are

now available to run.




Enterprise Software Distribution DeploymentAdministrators can also use the same Enterprise Software Distribution (ESD) system that

they normally use to install applications to Windows 7 computers to install MED-V

components on users' Windows 7 host computers. Depending on the ESD used, there could

be some subtle differences, but in general the MED-V installation packages are distributed to

computers meeting some specified criteria or list of requirements. For example, all

Windows 7 computers in a particular department.

When using an ESD deployment method, administrators must ensure that the MED-V

installation files are packaged appropriately for the ESD and also that the installation

package content is accessible to the affected end-users or computers that will run the

installations. Because Windows Virtual PC requires a reboot after installation, you can

simplify component installation by suppressing the restart after Virtual PC installation and

instead force a single restart after all MED-V components are installed. The MED-V Host

Agent will automatically start First Time Setup after the system restarts.

For ongoing management of the MED-V Workspace after deployment, the ESD client agent

should also be installed in the MED-V Workspace. Because the MED-V Workspace will be

distributed to multiple users, and might have unique networking requirements such as

Network Access Translation (NAT), you should thoroughly test and validate the packaging

and deployment method prior to use in a production deployment.

To deploy MED-V using an ESD

1. Using the ESD that will be used to deploy MED-V, identify a group of users or computers

that meet the MED-V deployment criteria such as use of applications that are not

compatible with Windows 7 and also meet free disk space and RAM requirements.

2. Create the necessary MED-V component installation packages for each of the files that

need to be distributed. When creating the packages, ensure that they are configured to

run under local system or administrator account privileges. Packages should also be

configured to run in silent mode with no user interaction required to eliminate user

prompts that would otherwise stop unattended installations.

Note: Packages to be created include: Windows Virtual PC, Windows 7 update for

Virtual PC for computers running Windows 7 with no service pack applied, MED-V Host

Agent, and the MED-V Workspace. The MED-V Workspace Packager can also be

packaged for deployment to MED-V administrator computers.

3. Controls are put in place that ensure that the MED-V components are installed on the

target computers with any required restarts suppressed until all packages have been

installed.

4. Assign the MED-V installation packages to the target set of users or computers.

5. The ESD client agent installed on the host computer recognizes that a new installation

package is available and installs the MED-V components. The installation should run

sequentially in silent mode with any required restarts suppressed until all of the required

installation packages are installed.


Note: Sample command lines are included in Appendix B of this document as a

reference for creating MED-V installation packages for ESD deployment.

6. After MED-V component installation is complete, the host computer must be restarted to

complete MED-V Workspace configuration. Depending on the particular ESD this restart

could be forced or done at some later time by the end-user of the host computer.

7. After the restart, the MED-V Host Agent starts automatically with Windows and the end-

user can then authenticate to the MED-V Workspace to begin First Time Setup.




DEPLOYING MED-V 2.0 WORKSPACES USING MICROSOFT SYSTEM CENTER CONFIGURATION MANAGER 2007The standard Microsoft System Center Configuration Manager 2007 software distribution

methods can be used to deploy MED-V components to targeted Windows 7 host computers.

In addition to standard Configuration Manager software distribution, the Operating System

Deployment feature of Configuration Manager provides the capability to create software

installation task sequences to install MED-V installation prerequisites and components.

Using Software Distribution Packages to Deploy MED-V When using standard Configuration Manager 2007 software distribution methods to deploy

MED-V components, administrators must create software distribution packages, programs,

and advertisements that are targeted to collections of computers that meet the criteria for

MED-V deployment.

As with the general ESD deployment method, Configuration Manager software distribution

installation packages should be distributed to computers matching a set of requirements. For

example, a collection could be created to distribute MED-V to a group of Windows 7

computers in a particular department that use an application that is not compatible with the

Windows 7 operating system. Additional safeguards to consider when creating the target

collection are the amount of available RAM and disk space to ensure the computers are

capable of hosting MED-V Workspaces.

After a collection of computers has been identified, MED-V installation packages and

programs must be created to install required components. It is recommended to create two

Configuration Manager software distribution packages, one containing all of the required

prerequisites and MED-V component installation files and separate packages containing the

actual MED-V Workspace to be deployed. Programs created for the packages should run in

unattended mode and with administrative rights. To simplify component installation, you can

suppress the restart required after Virtual PC installation and force a single restart after all

components are installed.

After creating the required software distribution packages and programs, software distribution

advertisements can be created that target the appropriate collection. When creating program

advertisements for Configuration Manager software distribution packages, consideration

must be given to how the advertisement will be configured to run on client computers. There

are two options to choose from when configuring the software distribution advertisement:

"Download content from distribution point and run locally" and "Run program from distribution

point".

While using the "Download content from distribution point and run locally" option is the most

reliable and recommended option, the following should be taken into consideration:

The MED-V Workspace must be smaller than the Configuration Manager client's

configured cache size. By default, the Configuration Manager client cache size is

configured for 5GB. If the MED-V Workspace image is larger than the Configuration

Manager client's allocated cache size, the workspace installation package will fail to

download to the host computer.


The hard disk space requirements for MED-V Workspace installation will double as the

installation package will exist in the client cache as well as being expanded locally in

order to run.

This method will require additional time for downloading to the workstation installation

package using from the Configuration Manager distribution point.

Alternatively, when using the “Run program from distribution point” advertisement option, the

following should be taken into consideration:

This option requires half the disk space required by the "Download content from

distribution point and run locally" option.

The Configuration Manager distribution point infrastructure is leveraged to stream the

MED-V Workspace installation to host computers across the enterprise.

It will take longer to complete the installation and there could be connectivity issues

depending on the amount of network traffic.

To deploy MED-V components using standard Configuration Manager 2007 software

distribution methods

1. Identify a group of users or computers that meet the MED-V deployment criteria such as

use of applications that are not compatible with Windows 7 and computers that meet free

disk space and RAM requirements.

2. Create the necessary MED-V component installation packages.

3. Create the programs required to run the installation files for each package. When

creating the programs, ensure that they are configured to run hidden and with

administrative rights. Programs should also be configured so that user interaction is not

enabled to eliminate user prompts that would otherwise stop unattended installations.


reference for creating Configuration Manager software distribution programs to be used

with each of the packages.

4. Create the software distribution advertisements to assign software installation of the

appropriate packages to the targeted collection created in step 1. Ensure that any

required restarts are suppressed until all packages have been installed.

5. The Configuration Manager client agent installed on the host computer recognizes that a

new installation package is available and installs the MED-V components. The

installation should run sequentially in silent mode with any required restarts suppressed

until all of the required installation packages are installed.

6. After MED-V component installation is complete, the host computer must be restarted to

complete MED-V Workspace configuration. This restart can be forced or done at some

later time by the end-user of the host computer.

7. After the restart, the MED-V Host Agent starts automatically with Windows and the end-

user can then authenticate to the MED-V Workspace to begin First Time Setup.




Using Operating System Deployment Task Sequences to Deploy MED-VIn addition to standard Configuration Manager software distribution methods, MED-V

installation prerequisites and installation components can be delivered through the use of a

Configuration Manager operating system deployment task sequence. Configuration Manager

task sequences can be configured to perform multiple steps or tasks on a client computer at

the command line level without requiring user intervention to ensure that the order and

integrity of all of the required software installations is correct. Using a Configuration Manager

task sequence to deploy MED-V components also allows you to monitor task sequence

execution on MED-V host computer clients from within the Configuration Manager console.

Note: The Configuration Manager task sequence described in this document is a custom

task sequence that does not require an operating system boot image.

Just as with standard Configuration Manager software distribution, careful consideration

should be given to how client computers access the installation source files required by the

task sequence to install MED-V. When using task sequences to install MED-V, there are

three options to choose from when configuring the task sequence advertisement: "Download

content locally when needed by running task sequence", "Download all contents locally

before starting task sequence", and "Access content directly from a distribution point when

needed by the running task sequence". Many of the same advertisement considerations

mentioned for standard distribution program advertisements also apply for running task

sequence installations of MED-V with "Download all contents locally before starting task

sequence" is the recommended method for advertising MED-V installation task sequences to

client computers.

To deploy MED-V components using a Configuration Manager 2007 operating system

deployment task sequence

1. Create a collection of computers that meet the MED-V deployment criteria such as the

use of applications that are not compatible with Windows 7, and computers that meet

free disk space and RAM requirements.

Note: Configuration Manager task sequences can only be advertised to collections of

computers.

2. Create the necessary MED-V component installation packages.

Note: It is not necessary to create standard software distribution programs and

advertisements when using the task sequence deployment method.

3. Right-click the Task Sequences node in the Configuration Manager console and select

the Create a new custom task sequence option to create a new task sequence and

save it.


Note: It is not necessary to select a boot image when creating the task sequence for

MED-V deployment.

4. Right-click the task sequence created in step 3 and select Edit to start the task

sequence editor. To avoid possible computer restarts during MED-V installation, it is

recommended to use Run Command Line tasks rather than Install Software tasks for

MED-V deployment. Using the task sequence editor, add the required Run Command

Line tasks to the task sequence to run the command lines necessary to install MED-V

prerequisites and installation components. For MED-V prerequisite component

installations, the Continue on error checkbox on the Options tab of the Run

Command Line tasks should be selected. Setting this option allows the installation to

continue even when an error is detected. For example, the task sequence should

continue on to the next task if Windows Virtual PC or the update for Windows Virtual PC

is already installed.


reference for creating Configuration Manager task sequence Run Command Line tasks.

5. Add the Restart Computer task following the installation tasks. Ensure that the currently

installed default operating system will be restarted, the user is notified before the restart

and the message display time-out is set to a long enough duration to ensure users have

time to either accept the restart or work until the timeout is reached and save the task

sequence.

Note: Restarting is mandatory to complete the installation.

6. Advertise the task sequence to assign MED-V installation to targeted computers in the

collection created in step 1. Ensure that no user interaction is enabled for the task

sequence on the Interaction page of the Task Sequence Advertisement Wizard.

7. The Configuration Manager client agent installed on the host computer runs the task

sequence and installs the MED-V components. The installation should run sequentially

in silent mode with any required restarts suppressed until all of the required installation

packages are installed.

8. After the computer completes the task sequence installation and restarts, the MED-V

Host Agent starts automatically with Windows and the end-user can then authenticate to

the MED-V Workspace to begin First Time Setup.



Managing MED-V Workspaces with Configuration Manager 2007A MED-V Workspace can be managed like any other computer client by Configuration

Manager When the Configuration Manager client is installed on the host computer and the

desired configuration management feature of Configuration Manager is enabled. Using the

desired configuration management feature, administrators can determine MED-V component

configuration compliance. Additionally, MED-V Workspaces deployed on Configuration


Manager client host computers can be inventoried by modifying the default hardware

inventory control files.

Note: For more information about hardware inventory modifications necessary to

discover MED-V workspaces installed on host computers, see Appendix C:

Inventorying Deployed MED-V Workspace Instances Using Configuration Manager

2007.

To install the Configuration Manager client agent, you can include it in the MED-V Workspace

or install the client on the MED-V Workspace using standard Configuration Manager client

installation methods after it is deployed. When including the Configuration Manager client

agent in the MED-V Workspace, the Configuration Manager client agent should be in a

dormant state to enable it to be uniquely configured for each MED-V host computer.

To install the Configuration Manager client on a MED-V workspace image, you must not

specify a site code to assign the client to during client installation and you must remove any

computer-specific certificates that are installed on the master image computer. For example,

if you are in native mode, you must remove the client authentication certificate before

imaging the computer. If Configuration Manager clients cannot query Active Directory

Domain Services to locate a management point, they use the trusted root key to determine

trusted management points.

To include the Configuration Manager client agent in the MED-V Workspace

1. Manually install the Configuration Manager 2007 client software on the MED-V

Workspace without specifying a Configuration Manager 2007 site code for the client in

the CCMSetup.exe command-line properties.

2. At a command prompt, type: net stop ccmexec. Doing this ensures that the SMS Agent

Host service (Ccmexec.exe) is stopped on the MED-V Workspace.

3. If all imaged clients will be deployed in the same hierarchy as the master computer,

leave the trusted root key in place. If the clients will be deployed in different hierarchies,

you should remove the trusted root key by running the following CCMSetup command on

the MED-V Workspace: CCMSetup RESETKEYINFORMATION = TRUE.

4. Remove any certificates stored in the local computer store on the master image

computer. Additionally, remove any native-mode client certificates if applicable. For more

information, refer to your public key infrastructure (PKI) documentation.

Note: When MED-V Workspaces are configured to use Network Access Translation

(NAT) networking settings, a QFE is required to enable workspace management using

Configuration Manager. For more information, see article 2504904 in the Microsoft

Knowledge Base at http://go.microsoft.com/fwlink/?LinkId=220914.



Monitoring MED-V Workspaces Using Desired Configuration ManagementThe Configuration Manager 2007 desired configuration management feature provides a set

of tools and resources that can help assess and track configuration compliance of client

computers in the enterprise. If enabled, the desired configuration management feature of

Configuration Manager can be used to determine MED-V component configuration

compliance.

Note: For more information about the desired configuration management feature of

Configuration Manager 2007 see Desired Configuration Management in

Configuration Manager in the Configuration Manager 2007 Technical Library at


Compliance is evaluated by defining a configuration baseline that contains the configuration

items you want to monitor and rules that define the compliance that you require. This

configuration data can be imported from the Web in Microsoft System Center Configuration

Manager 2007 Configuration Packs as best practices defined by Microsoft and other vendors,

or defined within Configuration Manager, or defined externally and then imported into

Configuration Manager.

Note: The configuration pack for MED-V (MEDV_FTS_configuration_pack.msi) can be

downloaded from the following location: http://go.microsoft.com/fwlink/?LinkId=220917.

You can monitor the results of the configuration baseline evaluation compliance from the

Desired Configuration Management home page in the Configuration Manager console. You

can also run a number of desired configuration management reports to drill down into details,

such as which computers are compliant or non-compliant and which element of the

configuration baseline is causing a computer to be non-compliant. You can also view

compliance evaluation results from the client itself by using the Configurations tab from

Configuration Manager Properties.




FOR MORE INFORMATION

For more information about Microsoft Configuration Manager 2007 or Microsoft Enterprise

Desktop Virtualization (MED-V) 2.0, see the official documentation online respectively at

http://go.microsoft.com/fwlink/?LinkId=220920 and http://go.microsoft.com/fwlink/?

LinkId=220918.

For more information about Microsoft products or services, call the Microsoft Sales

Information Center at (800) 426-9400. In Canada, call the Microsoft Canada information

Centre at (800) 563-9048. Outside the 50 United States and Canada, please contact your

local Microsoft subsidiary. To access information through the World Wide Web, go to:

http://www.microsoft.com

http://www.microsoft.com/technet/itshowcase

The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.

This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

2011 Microsoft Corporation. All rights reserved.


http://www.microsoft.com/technet/itshowcase

http://www.microsoft.com/




APPENDIX A: CALCULATING DISK SPACE REQUIREMENTS

To calculate the disk space required for a MED-V Workspace on a host computer, the

following information is needed:

Users per machine – MED-V creates a MED-V Workspace for each user on the host

computer. This consumes disk space as each user logs in and the MED-V Workspace is

created.

Size of the base VHD – this is the VHD that was used when the MED-V Workspace was

packaged. Do not use the .MEDV file size as this is compressed.

Size of the Saved State file – this is the file that is used to maintain state in the virtual

machine. Typically, this is just a bit larger than the allocated RAM for the VM. For

example, 1GB of RAM allocated would create a file about 1,081KB in size.

Size of the differencing disk – this disk is used to track the difference from the base

VHD. Its size varies as you add applications and software updates and patches to the

VHD. Each MED-V user will have a differencing disk created for them as they launch

MED-V for the first time.

With the above information, you can use the following equation to calculate the approximate

size of the required space to install MED-V:

Base VHD + (User per machine x (Difference Disk +Saved State))

Note: The size of the VHD is variable and will increase based on the number of

applications and the amount of data that are placed in that VHD.

The following examples describe how to apply the formula to calculate the disk space

requirements for two different scenarios.

Example 1:

A VHD that is 3GB in size and has 1GB of RAM assigned for the virtual machine

3GB + (1 x (500MB + 1GB)) = 4.5GB

This is the minimum that would be required, with this increasing based on the amount of

applications and data added to the virtual machine.

Example 2:

A host computer with three users and additional deployed applications

2.6GB + (3 x (1.5GB + 1GB)) = 10.1GB

This example shows the differencing disk for each user and shows that with additional

software and policy updates, the differencing disk will be larger.

Example of Calculating Disk Space Using a Lab Deployment

A best practice would be to calculate the required space using a lab deployment to validate

the assumptions on required space – for example:

1. Machine Settings

a. Base VHD – 2.62GB


2. User Settings

a. Differencing Disk – 2.2GB

b. Virtual Saved State – 1.08GB

Note: Typically the saved state file for each user is slightly larger than the amount of

RAM allocated for the MED-V workspace.

Because it will be a single user per machine, a deployment of 5.9GB for MED-V would be a

minimum. Allowing for additional space on the host for additional applications and data in the

MED-V Workspace, the recommended minimum of 10GB would be appropriate for this

deployment.

After deploying the MED-V workspace, the following locations contain the files for the base

VHD and user settings files:

The base VHD file is named depending on what was selected in the MED-V workspace

packager and is stored in the C:\ProgramData\Microsoft\Medv\Workspace directory.

The differencing disk (%workspace name%.VHD) and saved state (%workspace name

%.VSV) files for each user are stored in the C:\Users\%username%\AppData\Local\

Microsoft\MEDV\v2\Virtual Machines directory.

If you are using a shared VHD deployment on a machine, the difference would be that

“users per machine” is always “1”, since this only configures a single differencing disk for

all users whereas the default would configure a differencing disk for each user. The size

of the differencing disk and the saved state file can be found in: C:\ProgramData\

Microsoft\Medv\AllUsers.


APPENDIX B: COMMAND LINE EXAMPLES FOR INSTALLING MED-V 2.0 COMPONENTS

MED-V prerequisites and installation components can be installed using command line

options using the examples provided in this appendix. Command line options should be

provided for each required installation to run with administrative rights and in unattended

mode to account for installation options that are normally presented to the end-user.

The following are examples for each MED-V installation component describing the

recommended command line options:

Note: All commands should be included on a single line and the command line switches

are the same for both x86 and x64 versions of Virtual PC and the required update.

The following component installation command line examples for x64 prerequisite

installations show how to install each component in unattended mode with restarts

suppressed:

Windows Virtual PC:

Windows6.1-KB958559-x64.msu /quiet /norestart

Virtual PC update for Windows 7:

Windows6.1-KB977206-x64.msu /quiet /norestart

MED-V Host Agent:

MED-V_HostAgent_Setup.exe /qn IGNORE_PREREQUISITES=1

Note: The IGNORE_PREREQUISITES=1 command line switch is optional and can be

used to install the MED-V Host Agent without verifying that Windows Virtual PC and its

required update are installed first. This can be useful if the installation order does not

install Windows Virtual PC before the MED-V Host Agent or if there are existing pending

computer restarts due to previously installed Windows Updates.

MED-V Workspace:

setup.exe /qn

MED-V Workspace Packager:

MED-V_WorkspacePackager_Setup.exe /qn

Batch File ExampleThe following example uses the component installation command lines previously described

to perform all of the commands in a single process using a simple batch file. The batch file

installs the MED-V components without checking for installation prerequisites before

installing Virtual PC to ensure that no restarts are prompted by the Windows Update agent

prior to MED-V component installation.

Using a simple text editor, the following example can be used to create a batch (.bat) file to

install MED-V prerequisites and installation components with no user interaction. Computer

restarts are also suppressed during installation with a forced restart at completion. The .bat


created should be run from an Administrator command prompt with each of the components,

including all workspace package files, stored in a single directory. If the .bat file is run from a

network share, the decompression of the .MEDV file will take significantly longer.

Note: When using a .bat file to perform software distribution actions in Configuration

manager, ensure that the "Requires drive letter" option is selected on the program

properties requirements tab.

start /WAIT Windows6.1-KB958559-x64.msu /quiet /norestart

start /WAIT Windows6.1-KB977206-x64.msu /quiet /norestart

start /WAIT MED-V_HostAgent_Setup.exe /qn IGNORE_PREREQUISITES=1

start /WAIT MED-V_WorkspacePackager_Setup.exe /qn

.\setup.exe /qn OVERWRITEVHD=1

shutdown /r /f /t 20 /c "This computer must restart to continue."

exit

Configuration Manager Task Sequence Run Command Line ExamplesThe following examples can be used to install x64 MED-V prerequisites and installation

components using Configuration Manager task sequence Run Command Line task sequence

tasks.

Note: MED-V prerequisite installation tasks should be configured to continue on error to

enable the task sequence to continue if the prerequisites are already installed on

targeted computers. Because wusa.exe is used to install .msu files, cmd /c must be

appended to the beginning of the update installation command lines.

Windows Virtual PC:

cmd /c Windows6.1-KB958559-x64.msu /quiet /norestart

Virtual PC update for Windows 7:

cmd /c Windows6.1-KB977206-x64.msu /quiet /norestart

MED-V Host Agent:

MED-V_HostAgent_Setup.exe /qn

MED-V Workspace Packager:

MED-V_WorkspacePackager_Setup.exe /qn

MED-V Workspace:

setup.exe /qn


APPENDIX C: INVENTORYING DEPLOYED MED-V WORKSPACE INSTANCES USING CONFIGURATION MANAGER 2007Configuration Manager 2007 hardware inventory can be modified to inventory all MED-V

Workspace instances installed on Configuration Manager client computers throughout the

enterprise. By inventorying existing MED-V workspace deployments, administrators can

create collections that can be used to manage applications on those workspaces.

Note: For more information about modifying the default Configuration Manager hardware

inventory control files, see How to Extend Hardware Inventory at


Configuration.mof File Modification RequirementsThe following information must be added to the Configuration.mof file stored on the

Configuration Manager site server computer to enable MED-V Workspace installation to be

discovered by Configuration Manager hardware inventory:

// Add the following code to the Configuration.mof file

// This file is found in :

// <ConfigMgr install directory>\inboxes\clifiles.src\hinv

// Note: All information on the PropertyContext lines

// until the comma should be on one line.

//----------------------

// MED-V

//----------------------

#pragma namespace ("\\\\.\\root\\cimv2")

[DYNPROPS]

class Win32Reg_SMSMedv

{

[key]

string InstanceKey;

Boolean IsMedvGuest = false;

string PhysicalHostName;

string PhysicalHostNameFullyQualified;

};

[DYNPROPS]

instance of Win32Reg_SMSMedv

{

InstanceKey = "MedvKey";

PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Medv\\v2\\AppData|

FtsCompletionApplicationExecuted"),

Dynamic, Provider("RegPropProv")]

IsMedvGuest;



[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Virtual

Machine\\Guest\\Parameters|PhysicalHostName"),


PhysicalHostName;

[PropertyContext("local|HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Virtual

Machine\\Guest\\Parameters|PhysicalHostNameFullyQualified"),


PhysicalHostNameFullyQualified;

};

SMS_def.mof File Modification RequirementsThe following information must be added to the SMS_def.mof file stored on the

Configuration Manager site server computer to enable MED-V Workspace installation to be

reported by Configuration Manager hardware inventory:

// Add the following code to the SMS_def.mof file

// This file is found in :

// <ConfigMgr install directory>\inboxes\clifiles.src\hinv

//----------------------

// MED-V

//----------------------

#pragma namespace ("\\\\.\\root\\cimv2\\sms")

[ SMS_Report (TRUE),

SMS_Group_Name ("Virtual Machine"),

SMS_Class_ID ("MICROSOFT|MEDV|2.0"),

SMS_Context_1 ("__ProviderArchitecture=32|uint32"),

SMS_Context_2 ("__RequiredArchitecture=true|boolean") ]

Class Win32Reg_SMSMedv : SMS_Class_Template

{

[SMS_Report (TRUE), key ] string InstanceKey;

[SMS_Report (TRUE) ] Boolean IsMedvGuest;

[SMS_Report (TRUE) ] string PhysicalHostName;

[SMS_Report (TRUE) ] string PhysicalHostNameFullyQualified;

};

// End of MOF file edit


MED-V 2 Deployment Guidance White Paper

Documents

Transcript of MED-V 2 Deployment Guidance White Paper