With Golden VDI images, multiple virtual desktops can be implemented based on one basic image. This configuration simplifies management, ensures that users have a consistent experience with every login, and ensures that all systems meet the company’s security and compliance requirements: All virtual desktops generated by the image are exactly the same and comply with the policy.
The vast majority of virtual desktops are delivered to the users non-persistently. This means that every change (user profile, installed applications, configuration adjustments) disappear when the VDI is restarted. So make sure you have a good user profile solution. For those machines that are delivered persistent (think about developers for example), you can create a writable clone of the golden image, and from then onwards all changes (security updates, configuration changes new applications) are made within that new branch.
What Goes into your golden Image?
A golden VDI image contains the Windows OS and patches. It also contains a minimum set of configurations, optimisations and applications. Configurations and optimizations that go into the golden image should only be those that are needed before the computer boots. All other can go into Group Policies. For included applications I prefer to focus on only those 10-15 most commonly used applications, otherwise you risk that the image becomes to big and slow to manage. Application virtualization can be used as a method for the other, less commonly used apps.
I install following applications into my image:
- Windows OS (Obviously)
- .NET framework
- Visual C++ Redistributables (all of the supported versions, don’t install outdated versions as they can introduce security risks)
- Microsoft Silverlight if needed
- Broker agent (eg. Citrix Virtual Apps and Desktops or VMware Horizon View)
- Virus Scanner
- Any application that is used by 75%+ of the user community. In most cases that is
Other applications I would deliver with a virtualization tool like App-V, until MSIX becomes the new standard. Remember that with Windows 10, enterprise version App-V is included.
How to build the Image?
Images can be managed using automation tools such as Microsoft Endpoint Manager (Formerly SCCM & Intune), Microsoft App-V, Ivanti Automation, Citrix App Layering, VMware App Volumes, custom scripts or … (God Forbid) completely manually.
Keep your users happy, test before you deploy.
It is important to know that, with any automation tool you use, every golden image update applies to ALL virtual desktops, so you must always test, test and test updated golden images before you assign them to production. Every implementation that I do has several phases, starting with the build. The following is IT testing, where basic implementation testing is performed by IT personnel. Later a subset of users will be asked to perform user acceptance tests, where a small group of end users can test the functionality of the LOB applications. In each phase, the testers provide feedback and adjustments are made accordingly. Testing is vital for the success of a VDI project. I have seen all too often that a project is being accelerated under time pressure, skipping testing phases, with disastrous consequences for users and the business.