Wednesday, January 26, 2011

Creating a Windows Server 2008 R2 (x64) vSphere 4.1 VM Template (Part 1)

This post is dedicated to my brain. This should help you understand the adventure you recently went on!

I have this in 2 parts, because Part 1 addresses the ‘standardization’ of our image, and Part 2 addresses the ‘templating’ of our image

There are a few places that I’ve found info about creating a Windows Server 2008 R2 VM Template (on VMware). I’m detailing here what I did to create our template at Calvary. I started learning from Jeremy Waldrop first and then used quite a bit of material from Jason Samuel and his instructions here. I did make some changes to this process based on my experience, Calvary’s needs, and the good thread of comments on the Jason Samuel 2008 R2 post. Hence the documentation here of my process.

Interesting tidbits:

  • Windows Server 2008 R2 needs more resources than 2003. Count on at least 1.5GB of RAM and 30GB of disk. I prefer to start w/ 2GB RAM and 30GB of disk. Many recommend (and VMware’s default) 4GB RAM and 40GB disk. I guess I’m just stingy Winking smile
  • DO NOT use the vSphere sysprep tools if you want to maintain the user profile customization that you perform. If you use the directions below and then tell vSphere to sysprep, you’ll end up ‘double-sysprepping’ and you’ll end up with a headache.
  • If you are using ESXi 4.0 (pre Update 1) the vmware tools install won’t install the graphics drivers properly. You’re stuck w/ the SVGA driver until you get the host updated (See this KB: 1011709). I unfortunately struggled with this issue for a couple hours one day when my host was 4.0.0 b261974.

Basic Outline:

  1. Create your VM

  2. Customize your VM

  3. Install the OS

  4. Customize the OS

Now, let’s get on to the interesting part (the details)!

Creating your VM in vSphere 4.0 Update 1 or better

I’m running vSphere 4.1.0, 258902, and we’ll be using Windows Server 2008 R2; from what I understand this process is different if you’re using vSphere 3.5, and/or Windows 2008 (non-R2) or Windows 2003.

  • Create a new VM

  • Make sure to choose the following ‘non-standard’ settings:
      • Specify a ‘Custom’ configuration

      • VM Version 7

      • Server 2008 R2 (64-bit)

      • 1 vCPU

      • 2GB RAM

      • VMXNET3 NIC (qty. 1)

      • 40GB (thin-provisioned) LSI Logic SAS SCSI Controller (I have DAS, not a SAN. If you have a different storage subsystem, plan appropriately)

    • Make sure to check-mark the ‘Edit the virtual machine settings before completion’ box and then change the following:
        • Under the ‘Options’ tab, under ‘Advanced –> General’ make sure that ‘enable logging’ is unchecked

        • Under ‘Advanced –> Boot Options’ check-mark the ‘Force BIOS Setup’ box

      • Click ‘Finish’

      Further customization of the VM after first boot

      When I created the VM, I forced the system into the BIOS. Make the following changes

      • Disable Serial ports A & B
      • Disable the Parallel Port

      Exit the BIOS, and connect the virtual CD/DVD drive to the Guest OS installer (an ISO in my case)

      Installing the Guest OS (Server 2008 R2)

      Use the typical click, next, etc. making sure to input the following settings (read through them before starting):

      • Windows Server 2008 R2 Datacenter (Full Installation)
        We use Datacenter Edition because of a previous bug where Enterprise Edition license keys were not available to us in VLSC
      • Choose a ‘Custom’ install
      • Wait for the base install to finish

      Customizing the Guest OS

      • Change the administrator password (you’re forced to do this at first startup)

      • Create any other local user’s that are needed

      • Set the Time Zone

      • Install VMware Tools

          • DO NOT choose the automatic install, choose ‘Custom’

          • Disable the ‘Shared Folders’ feature under ‘VMware Device Drivers’ (it won’t be used, and has had issues in the past)

          • Set time synching in VMware Tools: It’s on the ‘Options’ tab for VMware Tools properties

          • Reboot the server when prompted

        • Set your network configuration, removing unnecessary pieces

          • Under Local Area connection:
              • Uninstall QoS Packet Scheduler (we don’t use it @ the server)

              • Uncheck IPv6 (because we don’t use it, and uninstalling it is a pain)

          • Set the server name

            note: Keep in mind that this is our base template

            • System Properties

            • Change Computer Name

            • Set the proper name, and then restart when prompted (I did join the server to the domain)
              note: to reiterate, we will be logging in with a local administrator account, not the domain admin
          • Configure Windows Update
              • Open the Windows Update config screen

              • Select ‘Download updates but let me choose whether to install them’

              • Make sure that ‘Recommended updates’ is not checked

              • Click OK

            • Run Windows Update, restarting as appropriate

            • Enable Remote Desktop
                • Open the Computer Properties (or use the initial configuration tasks shortcut)

                • Choose ‘Allow connections from computers running any version of Remote Desktop (less secure)’

                • Add the proper accounts to the allowed users list (local admins in my case)

              • Disable Windows Firewall (we enable the firewall at the GPO level)

              • Disable the automatic launching of Server Manager, by choosing ‘Do not show me this console at logon’, and then close Server Manager

              • Make the following taskbar changes:
                  • ‘Unpin’ the Windows Explorer icon on the taskbar by right-clicking on it and then choosing ‘unpin this program from taskbar’

                  • If you want, remove the PowerShell and/or Server Manager icons from the taskbar (I prefer to leave both)

                  • Right-click the Taskbar, and then choose Properties. Choose the ‘Customize’ button under the Notification area. Select ‘Turn system icons on or off’. I prefer to turn off the ‘Volume’ icon (unless I’m working on a Terminal Server/Remote Desktop template).

                • System Performance changes:
                    • Open Server Manager and select ‘Change System Properties’

                    • Select the ‘Advanced’ tab, and then under Performance click the ‘Settings’ button and choose ‘Adjust for best performance’.

                  • Folder and Search Options changes:

                      • Open ‘Computer’, then select ‘Organize’, then choose ‘Folder and Search options’

                      • On the ‘View’ tab:
                          • Select the ‘Show hidden files, folders, and drives’ option (we want to see these on the server)

                          • Un-check the ‘Hide extensions for known file types’ check-box. (we also want to see the file extensions)

                      • Change the IE ESC config:
                          • In ‘Server Manager’, in the ‘Security Information’ section choose ‘Configure IE ESC’

                          • Under the ‘Administrators’ section choose ‘Off’

                            This may be controversial, but a large portion of the tools we use have web control panels, config screens, etc. An Administrator should already be trained to not install the typical issue-creating software on servers (Flash, Adobe Reader, Java, etc.), and should not be going to any typical website (if any external sites at all!)

                        • Set the Power Options
                            • Open Control Panel, and then change the ‘Power Plan’ to ‘High Performance’

                          • Disable Hibernation
                              • At a command prompt (or powershell), with admin privileges, enter powercfg.exe –h off

                                Can anyone tell me why hibernate options are not available in Control Panel easily? I’m not sure

                            • Defrag the system
                                • First, turn off the ‘Automatic’ Virtual Memory allocation:
                                    • System Properties > Advanced Tab > Performance Options > Advanced Tab > Virtual Memory ‘Change’ button, then deselect the ‘Automatic…’ box

                                  • Choose the ‘No paging file’ option, and then click the ‘Set’ button.

                                  • Open a ‘Computer’ window, then choose ‘Organize’, then ‘Folder and Search Options’, then the ‘View’ tab, then un-check ‘Hide protected operating system files’

                                    note: we will be turning this back on later

                                  • Reboot

                                  • Verify that there is no pagefile.sys on the C: drive

                                  • Defrag the C: drive

                                • Shutdown the VM and snapshot before editing the VM hardware

                                  At one point I ran into issues with the way that the templating process handled the addition of a 2nd virtual disk for the pagefile, so I always snapshot the VM before adding the 2nd disk (who wants to redo all of the previous work)

                                • Add the 2nd Hard disk to the VM
                                    • Edit the VM properties in vSphere

                                    • Make the 2nd disk 10GB

                                      This disk does not need to be thin provisioned (I chose not to make it think provisioned, so there would be no argument re: performance)

                                    • Set the ‘Virtual Device Node’ to SCSI (1:0)

                                      note: this will create a 2nd SCSI Controller (LSI Logic SAS in my case)

                                  • Boot up the VM

                                  • Set the Page File to the 2nd disk

                                      • Format the drive

                                        I choose to use drive letter Z:

                                      • Set the Page File to 6144MB:
                                          • System Properties > Advanced Tab > Performance Options > Advanced Tab > Choose Z: then type 6144 for both boxes under ‘Custom’ and hit the ‘Set’ button

                                          • NOTE: Choose wisely the amount that you set the page file to. If my VM (after I clone it, etc.) is hosting an application, I often use this article to determine where my page file should be set. (thanks to Carlo Costanzo for the heads up)

                                      • Restart the VM

                                      In Part 2 I’ll outline the process that I used to ‘template’ this standardized config