Med-V 2.0 Trial Guide

42
Trial Guide This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Transcript of Med-V 2.0 Trial Guide

Trial Guide

This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista, Active Directory, Microsoft SQL Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Trial Guide

Contents1 Introduction to the Trial Guide ................................................................................................ 3 2 Overview of Microsoft Enterprise Desktop Virtualization ..................................................... 4 2.1 Whats New in MED-V 2.0 ........................................................................................................5 2.2 MED-V 2.0 Components ...........................................................................................................7 3 Trial System Requirements ................................................................................................... 8 4 Setting up the MED-V 2.0 Environment .............................................................................. 10 4.1 Configure the MEDVADMIN Administration computer .............................................................. 10 4.2 Installing the MED-V Workspace Packager .............................................................................. 12 4.3 Installing the MED-V Host Agent ............................................................................................ 12 5 Preparing a Virtual PC Image for MED-V ............................................................................ 13 5.1 Configure the Windows XP Mode Virtual Machine .................................................................... 13 5.2 Sealing the MED-V Image Using Sysprep ................................................................................ 15 5.3 Merge the Virtual Hard Disk ................................................................................................... 18 6 Deploying the MED-V Workspace ....................................................................................... 19 6.1 Create a Workspace Deployment Package .............................................................................. 20 6.2 Deploying the MED-V Workspace ........................................................................................... 22 6.3 Testing the MED-V Workspace ............................................................................................... 23 7 Manage a MED-V Workspace .............................................................................................. 26 7.1 Managing URL Redirection ..................................................................................................... 26 7.2 Manage MED-V Workspace Settings ....................................................................................... 27 8 MED-V Administration Toolkit ............................................................................................ 28 9 Operations Security Best Practices ..................................................................................... 30 10 Appendix A: Preparing an image for Sysprep ..................................................................... 32

Evaluation Guide

Trial Guide

1 Introduction to the Trial GuideThis trial guide is designed to help you quickly set up a Microsoft Enterprise Desktop Virtualization (MEDV) evaluation in a test environment. This guide provides details of the steps necessary to install Microsoft MED-V components, for both the Microsoft MED-V Workspace Packager and MED- V Host Agent. This guide creates an environment where a Windows XP-based guest (virtual machine) with applications can be integrated into a Windows 7 host machine. The guide includes: Installation of the MED-V Workspace Packager and MED-V Host Agent, preparing a Windows Virtual PC-based virtual machine for MED-V, creating and deploying a MED-V workspace, administering MED-V, troubleshooting, and exploring the MED-V Administration Toolkit. To help this process flow as smoothly as possible, we recommend that you read this guide carefully before installing the Microsoft MED-V platform.

AUDIENCE FOR THIS GUIDEThis guide was written for Microsoft Windows system administrators. As an information technology (IT) professional, you should have sufficient knowledge and experience to accomplish the following tasks. Set up operating systems and install applications Add computers to domains Set up and work comfortably Active Directory Domain Service and Microsoft Domain Name System (DNS) Familiarity with Windows Virtual PC

PRODUCT DOCUMENTATIONComprehensive documentation for MED-V is available on Microsoft TechNet in the MED-V TechCenter at http://go.microsoft.com/fwlink/?LinkId=207065. The TechNet documentation includes the online Help for Getting Started with MED-V, Planning and Deployment, Operations, and Troubleshooting.

3

Trial Guide

2 Overview of Microsoft Enterprise Desktop VirtualizationMicrosoft Enterprise Desktop Virtualization, a core component of the Microsoft Desktop Optimization Pack (MDOP) for Software Assurance, enables deployment and management of Microsoft Windows Virtual PC desktops to enable key enterprise scenarios. Incompatibility of applications with newer versions of Microsoft Windows can delay enterprise operating system (OS) upgrades. Testing and migrating applications can be time-consuming, and meanwhile users are unable to take advantage of the new capabilities and enhancements offered by the new OS. By delivering applications in a Windows Virtual PC that runs a previous version of Windows XP, MED-V removes the barriers to OS upgrades and allows administrators to complete testing and to deal with incompatible applications after the upgrade. From the users perspective, these applications are accessible from the standard desktop Start menu and appear side-by-side with native applicationsso there is minimal change to the user experience. MED-V helps enterprises upgrade to the latest version of Windows when some applications are not yet functional or supported. MED-V enables customers to migrate to Windows 7 while still leveraging existing legacy Windows XP line of business applications.

4

Trial Guide

2.1 Whats New in MED-V 2.0MED-V 2.0 contains the following improvements since version 1.0. If you are an experienced MED-V 1.0 administrator using this guide to evaluate MED-V 2.0, please take note.

MED-V WORKSPACE CREATIONMED-V Workspace Packages must be created by using Windows Virtual PC. Existing Virtual PC 2007 images must be migrated. The virtual machine Prep tool is not included in MED-V 2.0 and administrators should configure, update, and optimize their images according to the MED-V 2.0 help file. Running Sysprep on the MED-V image is a required step and must be performed prior to packaging.

MED-V WORKSPACE PACKAGINGThe MED-V Workspace Packager packages the virtual hard drive with the appropriate settings and image so that it can be easily deployed by administrators. Advanced features are provided in the background using Windows PowerShell . This functionality replaces some of the former console abilities and functionality that managed centralized functions of MED-V.TM

MED-V WORKSPACE DISTRIBUTIONDedicated server infrastructure is no longer required for MED-V 2.0 and the client pull method for deploying MED-V workspaces has been removed. MED-V workspaces are now deployed using electronic software distribution (ESD) infrastructure and can be stored on common shares that are used for other installation packages.

FIRST TIME SETUPThe first time setup process is now integrated with the standard imaging convention of Sysprep. The MED-V workspace first time setup process can dynamically apply settings specified in the MED-V Workspace Packager to the image as it begins Mini-Setup. The scripting tool in the console has been removed and the first time setup process is now based on options that are specified in the sysprep.inf file and configured in the MED-V Workspace Packager by the administrator.

APPLICATION PUBLISHINGAdministrators can install applications on the MED-V image either prior to packaging, after the MED-V workspace has been deployed, or by using a combination of both. MED-V no longer looks at MED-V workspace policy to publish applications, but instead refers to what is actually installed on the guest. As

5

Trial Guide

applications are installed on the guest, they are automatically detected and published to the host Start menu and are ready to be started by the end user.

URL REDIRECTIONMED-V 2.0 provides seamless host-to-guest web address redirection based on the settings configured and managed by the administrator. After a URL is redirected to the guest browser, the default experience is to attempt to limit the user to that redirected site. This minimizes the browsing activities that a user can perform that are not intended by the administrator. Guest-to-host browser redirection was removed.

TROUBLESHOOTINGMED-V now leverages standard host-based processes for troubleshooting. Because the MED-V workspace in no longer encrypted, it can be opened in full-screen mode within the Windows Virtual PC console, where it can be viewed and worked with as a standard workstation. In addition, the logs are no longer encrypted locally or logged centrally. MED-V now makes extensive use of the local event logs, and the logging level of the output from informational to debug levels is easily configured. Finally, a troubleshooting toolkit is now provided so administrators and help-desk personnel can have a graphical, aggregated view of all the troubleshooting options, and they can effortlessly select the activities that best suit their needs. MED-V is no longer run as a system service. Instead, it is run as user-owned processes and it only runs when a user is logged on. Functionality that was formerly provided by the system-owned service is now provided in the user-side processes.

6

Trial Guide

2.2 MED-V 2.0 ComponentsMED-V WORKSPACE PACKAGERThe MED-V Workspace Packager is responsible for converting a prepared Windows Virtual PC image in to a MED-V compatible workspace package. It facilitates packaging the MED-V Workspace Package in such a way that it can be easily distributed via any ESD method and configures how the MED-V Workspace will interoperate with the host desktop. The MED-V Workspace Packager provides step-bystep guidance on how to create MED-V workspaces and contains wizards that help in the process.

MED-V HOST AND GUEST AGENTThere are two separate but related components to the MED-V 2.0 solution: the MED-V Host Agent and Guest Agent. The Host Agent resides on the host computer (a users computer that is running Windows 7) and provides a channel to communicate with the MED-V Workspace (the MED-V virtual machine running in the host computer). It also provides certain MED-V related functionality, such as application publishing. The MED-V software contained in the MED-V Guest Agent provides a channel to communicate with the MED-V host. It also supports the MED-V Host Agent with functions like performing first time setup. The MED-V Guest Agent is installed initially during first time setup and is updated by the Host Agent post installation.

7

Trial Guide

3 Trial System RequirementsThe following section lists the computer systems used for this evaluation. This Trial Guide was designed to allow you to explore the features of Microsoft Enterprise Desktop Virtualization. This document was not designed for evaluating how Microsoft Desktop Virtualization should be implemented in a production environment. As such, it is strongly recommend that the trial be implemented in a test lab environment using new or unused physical or virtual machines following the exact configurations described in this guide. SYSTEMS DIAGRAM

8

Trial Guide

SYSTEM CONFIGURATION MED-V Administration Machine Note: For the purpose of the Trial Guide this machine will be referred to as MEDVADMIN This machine must be a physical machine meeting the following requirements: Requirements for Trial Guide Windows 7 Professional, Enterprise, or Ultimate (32- or 64-Bit) 2GB of RAM 40GB Hard Drive (C: partition with at least 20GB of free space) Network Connectivity to MEDVDC Installed During Trial Guide Windows Virtual PC Windows XP Mode Virtual Machine1

Note: For the purpose of the Trial Guide this machine will be referred to as Windows XP MODE Windows Update KB977206 Note: Not necessary if Windows 7 SP1 is installed MED-V Host Agent MED-V Workspace Packager

Windows Domain Controller This machine can be physical or virtual. During this trial, the Domain Controller will only be used to create and authenticate computer and user accounts. Note: For the purpose of the Trial Guide this machine will be referred to as MEDVDC Requirements for Trial Guide Windows Server 2008 or 2008 R2 Active Directory Domain Services Installed with DNS Optional During Trial Guide Additional User Accounts

Note: Additional user accounts are for testing only and will not be covered during the trial guide.

1

While it is possible to use the Windows XP Mode image with MED-V 2.0 for trial or proof of concept purposes, Microsoft recommends that customers build images for MED-V based on their volume license media as this allows customers to have a higher level of control over their MED-V workspace environment. For production use, customers should use volume license media to create Windows OS images as the Windows XP Mode virtual image is not covered under Virtual Desktop Access (VDA) or Windows Software Assurance virtualization rights.

9

Trial Guide

4 Setting up the MED-V 2.0 EnvironmentThis section with walk you throw the process of preparing the MED-V environment for use: Configuring the MEDVADMIN Administration computer Installing the MED-V Workspace Packager Installing the MED-V Host Agent

4.1 Configure the MEDVADMIN Administration computerThis process will configure the MEDVADMIN machine for use with Windows Virtual PC, XP Mode and MED-V. 1. Join the MEDVADMIN machine to the domain and restart the machine. 2. Apply all windows updates to the machine. 3. Ensure the .NET Framework 3.5 SP1 Windows feature is enabled in Control Panel\Programs and Features\Turn Windows Features On or Off. 4. Install Windows XP Mode: a. Click on the link to the Windows XP Mode with Virtual PC Home Page: Windows XP Mode with Virtual PC b. Select your edition of Windows 7 and desired language for the installation. c. Click Download Windows XP Mode (Step 2), save the installation file to C:\TrialGuide. Note: You may be prompted to run validation. If so, run through validation in order to download Windows XP Mode. d. Click Download Windows Virtual PC (Step 3), save the installation file to C:\TrialGuide. e. Click Update Windows XP Mode (Step 4), save the installation file to C:\TrialGuide. f. Open C:\TrialGuide and launch WindowsXPMode_en-us.exe to install the XP Mode virtual machine.

g. Welcome to Setup for Windows XP Mode, click Next. h. Accept the default destination folder for installing Windows XP Mode, then click Next. i. Setup Completed, deselect Launch Windows XP Mode and click Finish.

10

Trial Guide

j.

Next, launch Windows6.1-KB958559-xZZ-RefreshPkg.msu to install Windows Virtual PC, where ZZ will be the bit version (x86 or x64), which was selected during the initial selection of downloads. Click Yes to install the Windows Update (KB958559). Accept the Microsoft Software License Agreement.

k. l.

m. Installation Complete, click Restart Now. n. (Optional) After restarting, open C:\TrialGuide and launch Windows6.1-KB977206xZZ.msu to install the XP Mode Update, where ZZ will be the bit version (x86 or x64) based on selection during download portion and click Yes to install the Windows Software Update and upon completion click Restart Now. Note: This last update is only required if the machine used as the MEDVADMIN machine doesnt support hardware-assisted virtualization or it isnt enabled in the BIOS. Note: If the Windows 7 machine has Service Pack 1 installed, this is also not required as it has already been applied.

11

Trial Guide

4.2 Installing the MED-V Workspace PackagerThis process will walk you through installing the MED-V Workspace Packager on the MEDVADMIN machine. The Workspace Packager will be used later to package the MED-V Workspace for distribution to clients and define how the image will interoperate with the host desktop. Perform the following steps on the MEDVADMIN computer: 1. Double-click the MED-V_WorkspacePackager_setup.exe installer file to start the installation. 2. The Microsoft Enterprise Desktop Virtualization (MED-V) Workspace Packager Setup wizard opens. Click Next to continue. 3. Accept the Microsoft Software License Terms, and then click Next. 4. Accept the default destination folder for installing the MED-V Workspace Packager, and then click Next. 5. On the Ready to Install MED-V Workspace Packager page, click Install. 6. After the installation is completed successfully, click Finish to close the wizard. 7. To verify that the installation of the MED-V Workspace Packager was successful, click Start\All Programs\Microsoft Enterprise Desktop Virtualization\MED-V Workspace Packager.

4.3 Installing the MED-V Host AgentThis process will walk you through installing the MED-V Host Agent on the MEDVADMIN machine. The Host Agent is the MED-V component that facilitates communication between the host and the MED-V Workspace that is providing the MED-V functionality to the end user. Perform the following steps on the MEDVADMIN computer: 1. Double-click the MED-V_HostAgent_Setup.exe installer file to start the installation. 1. The Microsoft Enterprise Desktop Virtualization (MED-V) Host Agent Setup wizard opens. Click Next to continue. 2. Accept the Microsoft Software License Terms, and then click Next. 3. Accept the default destination folder for installing the MED-V Host Agent. Click Next. 4. To begin the installation, click Install. 5. After the installation is completed successfully, click Finish to close the wizard.

12

Trial Guide

5 Preparing a Virtual PC Image for MED-VMED-V requires preparation of a Windows Virtual PC virtual machine image before moving forward with configuring for deployment using MED-V. This section will walk through: Configuring the Microsoft Windows 7 XP Mode virtual machine for use as a MED-V Workspace image. Sealing the MED-V Image using Sysprep

5.1 Configure the Windows XP Mode Virtual MachinePerform the following steps on the MEDVADMIN computer to setup WINDOWS XP MODE: 1. Click Start\All Programs\Windows Virtual PC\Windows XP Mode to start Setup. 2. Accept the Microsoft XP Mode License Agreement, click Next. 3. Installation folder and credentials: a. Accept the default installation directory. b. Enter and Confirm Password, click Next. 4. Help protect your computer, choose Not right now, click Next. 5. Setup will share drives on this computer with Windows XP Mode, click Start Setup. 6. The setup process for the Windows XP Mode will take a few minutes to complete. Important: MED-V requires the installation of the Integration Components package. As this guide is using the XP Mode virtual machine, the integration components are already installed. If you are creating your own virtual machine, see the following link for more information: Install the Integration Components Package 7. RemoteApp Update: After installing the Integration Components package, you are prompted to install the following update: "Update for Windows XP SP3 to enable RemoteApp". This is a required component for MED-V. Important: If you are not prompted to install the RemoteApp update, you can download and install it on the Windows XP Mode virtual machine manually from the following link: Update for Windows XP SP3 to enable RemoteApp Reboot the virtual machine after the install of RemoteApp is complete.

13

Trial Guide

8. From the Windows XP Mode virtual machine, block Internet Explorer 7 and 8 automatic updates: Download the IE7BlockerToolkit.exe: Toolkit to Disable Automatic Delivery of IE7 Download the IE8BlockerTookit.exe: Toolkit to Disable Automatic Delivery of IE8 o The downloaded files, when run, will ask where to place extracted files. Enter C:\TrialGuide then click Yes to confirm creation of the directory. o Once complete, open command prompt and change directory to C:\TrialGuide. Enter the following command including the periods: IE70Blocker.cmd . /B IE80Blocker.cmd . /B

9. Install the .NET Framework 3.5 SP1: Microsoft .NET Framework 3.5 Service Pack 1. 10. Apply all Windows Updates to the Windows XP Mode machine by running Windows Update. 11. Download and install the Microsoft XML Notepad 2007 application. a. Note: XML Notepad will normally work natively on Windows 7. The installation of XML Notepad has been included as a way to demonstrate MED-V application interoperability with the Windows 7 host and is NOT a requirement for MED-V to function in any environment. 12. Create a shortcut to the Microsoft XML Notepad 2007 application in the C:\Documents and Settings\All Users\Start Menu. 13. Enable the local Administrator account and assign it a password: a. In Computer Management, expand Local Users and Groups, select Users, right-click Administrator and select Properties. b. Uncheck the Account is disabled box and click Ok. c. Right-click the Administrator account, select Set Password and click Proceed. d. Provide a password for the local Administrator account, click Ok and click Okay. Note: Be sure to remember this password for the local administrator account. Since the Windows XP Mode virtual machine is being used for this trial no further preparation is required to perform further clean up or compacting of the Windows XP Mode virtual machine before moving on to the Sysprep phase.

14

Trial Guide

In the future, if you decide to prepare your own Windows Virtual PC images for use with MED-V, you may wish to perform these additional tasks in order to minimize the overall size of the Windows Virtual PC Image before moving on to Sysprep. Information regarding these additional steps is provided in Appendix A.

5.2 Sealing the MED-V Image Using SysprepAfter you have installed everything that you want to include in your Windows Virtual PC image, you can configure the image for use in MED-V. This section provides guidance for configuring your MED-V image using Sysprep to run first-time setup (FTS) prior to creating your workspace package. First-time setup prepares a MED-V workspace for use by the end user. The process creates a virtual machine from the image packaged in the MED-V workspace and then runs Windows Mini-Setup on the virtual machine. This includes the running of custom setup scripts and the first time setup completion application, FtsCompletion.exe. Perform the following steps on the Windows XP Mode computer: 1. Click Start\All Programs\Windows Virtual PC\Windows XP Mode to start the virtual machines. 2. Create a folder named Sysprep in the root of the MED-V image C: drive. 3. Download the Windows XP Service Pack 3 Deployment Tools (deploy.cab). 4. Right click and extract the deploy.cab file and copy Sysprep.exe, Setupcl.exe and Setupmgr.exe to the Sysprep folder. Note: For the step-by-step process on how to use the System Preparation Tool (Sysprep) click here. 5. From the Sysprep folder, double click Setupmgr.exe to start the Windows Setup Manager Wizard, and then click Next on the Welcome screen. 6. On the New or Existing Answer File, leave Create new checked, and then click Next. 7. On the Product to Install, choose Sysprep setup, click Next. 8. On the Platform screen, choose Windows XP Professional, the click Next. 9. License Agreement screen, select Yes, fully automate the installation, and click Next. 10. Complete the answer file questions with the following information: a. Name and Organization: Enter the name and organization appropriate for destination computers. b. Display Settings: Leave the defaults. c. Time Zone: Select the appropriate time for destination computers.

15

Trial Guide

d. Product Key: Enter the product key that was provided in the file that was included with the XP Mode virtual machine. This can be found on the MEDVADMIN computer in C:\Program Files\Windows XP Mode\Key.txt. NOTE: The product key is not validated in this form and you will not be warned if it is entered incorrectly. Make sure to check that the key is correct. e. Computer Name: Select Automatically generate computer name. f. Administrator Password: Select Use the following Administrator password and type the password for the Administrator account. Also, select When a destination computer starts, automatically log on as Administrator and set the Number of times to log on automatically to 1.

g. Networking Components: Select Typical Settings. h. Workgroup or Domain: Click Domain then enter in the domain name for the Active Directory domain created for the Trial Guide Example: Contoso.com. Click the check box for Create a computer account in the domain. Specify a user account that has permission to add a computer to the domain and enter and confirm the password. Click Next.

Important: You must configure the MED-V guest to join the domain specifying an account that has permission to add a computer to the domain. i. j. Telephony: Click Next. Regional Settings: Click Next, unless specific regional settings are required.

k. Languages: Select any languages required to support end users. Click Next. l. Install Printers: Click Next.

m. Run Once: Add the following commands, and then click Next.

wmic /namespace:\\root\default path SystemRestore call Disable %SystemDrive%\ c:\Program Files\Microsoft Enterprise Desktop Virtualization\FtsCompletion.exe

n. Additional Commands: Click Next. o. Identification String: Click Next.

16

Trial Guide

11. After completing the answer file select Finish. A message box appears stating that Setup Manager created an answer file with the settings provided. 12. Save the answer file in the C:\Sysprep directory created earlier and select OK. Click Cancel on the Setup Manager screen or File and Exit. 13. From the C:\Sysprep, execute the System Preparation Tool (Sysprep.exe). 14. Select OK when the warning prompt appears. 15. The Sysprep Properties dialog appears. Select Dont reset grace period for activation. Select Use Mini-Setup.

16. Click Reseal. A confirmation prompt appears. Select OK. Sysprep will complete and the machine will shut down. 17. After you have run Sysprep on your Virtual PC, image, the virtual machine shuts down the next step is Merging the hard disk into one VHD file.

17

Trial Guide

5.3 Merge the Virtual Hard DiskThis section is required only because we are using the XP Mode virtual machine. The XP Mode machine creates a differencing disk when first launched and stores all changes in the differencing disk. In order to allow this virtual machine to work with MED-V, we need to merge these disks in to one VHD. The steps in this section may not be necessary when using your own virtual machine. 1. Click Start\All Programs\Windows Virtual PC\Windows Virtual PC. 2. Right-Click the Windows XP Mode Virtual Machine from the list and select Settings. 3. Select Hard Disk 1 from the list of settings. 4. Select Modify to start the Virtual PC Modify virtual hard disk wizard. 5. Select Merge virtual hard disk. 6. Select the New File radio button, enter C:\VM\XPMode and click Merge. Select Yes at the warning. 7. Select OK to close the wizard.

18

Trial Guide

6 Deploying the MED-V WorkspaceBefore the MED-V image can be used it must be packaged and deployed to MED-V hosts. This section will walk you through: Creating a MED-V workspace package Deploying the MED-V workspace package Testing the MED-V workspace

19

Trial Guide

6.1 Create a Workspace Deployment PackageA MED-V workspace is the Windows XP desktop environment that hosts legacy Windows and Internet Explorer-based applications. You can create multiple MED-V workspaces, each customized with its own applications, configuration, settings, and rules, and deploy one workspace per Windows 7 host. The MED-V Workspace Packager is divided into two main sections: 1. The main panel that includes three buttons you use to create and manage MED-V workspaces. 2. A Help Center on the right side of the GUI that provides information and guidance to help you create, test, and manage MED-V workspaces.

20

Trial Guide

CREATING A WORKSAPCE PACKAGE Perform the following steps on the MEDVADMIN computer: 1. Open the MED-V Workspace Packager, click Start\All programs\Microsoft Enterprise Desktop Virtualization\MED-V Workspace Packager. 2. On the MED-V Workspace Packager main panel, click Create a MED-V Workspace Package. a. Package Information: Specify the MED-V workspace package name. Enter: MED-V Trial Specify the MED-V workspace package folder: Enter: C:\MED-V Trial b. Select Windows XP Virtual Image: Click Browse to the location for the merged Virtual hard drive (C:\VM\XPMode.vhd). Click Open and then Click Next. c. Select First Time Setup Settings which specify the process that MED-V follows during first time setup. Unattended setup, but notify end users before first time setup begins. Create a unique MED-V workspace for each user of the computer. Automatically add MED-V workspace users to the Administrators group. Select these settings then click Next. d. MED-V Messages Screen: Review the specific messages and click Next to accept the defaults. e. Naming Computers: Specifies how the MED-V virtual machine is named. Select Let MED-V manage computer names. Note the default is MEDV + random fill. Click Next. f. Copy Settings from Host: Specifies how the settings for the MED-V workspace are defined. Select Settings to copy from Host Computer to the MED-V workspace. Choose: Copy regional settings Copy user settings Copy domain name Copy domain organizational unit Then click Next.

21

Trial Guide

g. Startup and Networking: Review the default settings for starting the MED-V workspace, networking, and under Store Credentials, select Enabled, and then click Next. h. Web Redirection: i. URL redirection contains those URLs that you want redirected from the host computer to Internet Explorer 6 in the MED-V workspace. When you are using the packaging wizard to create the MED-V workspace, you type, import or copy and paste this redirection information. Enter each web address on a single line. For example: http://www.medvdemo.com http://*.contoso.com http://www.microsoft.com/silverlight ii. Select Do no change the Internet zone security level and Remove default browsing capabilities and click Next. i. Summary: Verify your MED-V workspace settings then click Create and start to build the MED-V workspace deployment package.

3. Click Close to close the packaging wizard and return to the MED-V Workspace Packager.

6.2 Deploying the MED-V WorkspaceAfter you have created your MED-V installer package, you can deploy it throughout your enterprise by using your companys preferred method of provisioning software and other applications or manually. For the purpose of the Trial Guide the following procedures will deploy the MED-V workspace manually. Note: For the purpose of demonstrating printer redirection in this Trial Guide, if one is available, we recommend having a network printer installed that also has Windows XP drivers and is already configured as a printer on the MEDVADMIN machine. TO DEPLOY A WORKSPACE MANUALLY 1. On the MEDVADMIN computer ensure the following files are in the MED-V package folder you specified when creating the package. C:\MED-V Trial XPMode.medv setup.exe MED-V Trial.msi MED-V Trial.ps1

22

Trial Guide

MED-V Trial.reg

2. On the MEDVADMIN computer browse to C:\MED-V Trial 3. In the MED-V Trial folder double click setup.exe to start the installation of the MED-V workspace. 4. On the Welcome to the MED-V Trial Setup Wizard, click Next. 5. Ready to install MED-V Trial, click Install. Note: This will start the installation of the VHD file and may take several minutes. 6. On the MED-V Trial Setup Wizard Complete window, leave the check mark in the box next to Start MED-V, and then click Finish. This will start the initiation of the workspace. The Set up the MED-V Workspace window will open indicating the virtual environment is being created for application compatibility. Click the Start button to begin the installation immediately. You will be prompted to enter your credentials that are used to log in to the MED-V workspace. This is where MED-V end users will enter their domain credentials. Enter the credentials to continue. Check the Remember my credentials checkbox and click Ok. On the Task Bar the MED-V 2.0 icon is available. Hover the mouse over the MED-V icon and the message Setting up the MED-V Workspace for use will be displayed. Again this could take some time. As the process of Setting up the MED-V Workspace continues, the message The MEDV Workspace is initializing will be displayed over the MED-V icon.

7. At the completion of the MED-V configuration, a balloon message will appear stating The MED-V Workspace was successfully setup. Again, hover the mouse over the MED-V icon on the system tray and a message will be displayed indicating The MED-V workspace Applications are Ready for Use.

6.3 Testing the MED-V WorkspaceThe topics in this section provide instructions to test the deployed MED-V workspace. You can verify the settings that you configured in your MED-V workspace on the MEDVADMIN computer by performing the following tasks.23

Trial Guide

HOW TO TEST URL REDIRECTION 1. Open an Internet Explorer browser in the MEDVADMIN computer and test the following URLs: http://www.medvdemo.com http://www.contoso.com http://www.microsoft.com/silverlight 2. Verify that the webpage is opened in Internet Explorer on the Windows XP Mode virtual machine. 3. Notice that the Internet Explorer bar has limited functionality that promotes users only using it for the websites that require Internet Explorer 6. 4. Repeat this process for each URL that you want to test.

HOW TO TEST MED-V APPLICATION AND DOCUMENT REDIRECTION 1. On the MEDVADMIN computer, click Start, All Programs and launch XML Notepad. 2. Not that the XML Notepad application launches within a Windows XP-style window. This shows that the application is running from within the MED-V workspace. 3. Ensure that the Tree View is selected and choose Insert | Comment | Before and type some text in the right pane. 4. Click File, Save As. Name the document Test and save it in the My Documents folder. 5. Close XML Notepad. 6. From the MEDVADMIN desktop, click Start, Documents. Notice that you see the Test document in the folder. 7. Double-click the Test document. Notice that XML Notepad re-opens from within MED-V. This is due to MED-V having created a File Type Association on the MEDVADMIN computer. MANAGING PRINTERS IN MED-V WORKSPACES In most cases, MED-V handles printer redirection automatically. After first time setup finishes, MED-V identifies all network printers installed on the host then installs the relevant drivers in the MED-V workspace. The network printer must have windows XP drivers installed and available for the printer to automatically be installed on the MED-V Workspace. The following list offers some additional guidance: MED-V only manages network printers. MED-V only installs printer drivers if found on the print server.

24

Trial Guide

MED-V workspace users must be members of the Administrative group of the MED-V workspace to install third-party printer drivers. Printers manually installed on the guest are not accessible to the host.

Perform the following steps to test the printing capabilities of the MED-V workspace. 1. Open Internet Explorer 8 and open http://www.medvdemo.com. 2. After it opens in Internet Explorer 6 click on File | Print. 3. Choose to print the document and drop down the list of available printers and select an appropriate printer.

25

Trial Guide

7 Manage a MED-V WorkspaceAfter the MED-V Workstation is deployed to MED-V Hosts, it may be necessary to update MED-V configuration. This section provides guidance updating settings after deployment: Managing URL Redirection Managing MED-V Workspace Settings

7.1 Managing URL RedirectionAfter you deploy a MED-V workspace you can use the MED-V Workspace Packager to add or remove URL redirection in the MED-V workspace. METHOD 1: MANAGE WEB REDIRECTION WITH THE MED-V WORKSPACE PACKAGER 1. To open the MED-V Workspace Packager, click Start\All Programs\Microsoft Enterprise Desktop Virtualization\MED-V Workspace Packager. 2. On the MED-V Workspace Packager main panel, click Manage Web Redirection. 3. In the Manage Web Redirection window, you can type, paste, or import a list of the URLs that are redirected to Internet Explorer in the MED-V workspace. 4. Click Save as to save the updated URL redirection files in the specified folder. MED-V then creates a registry file that contains the updated URL redirection information. Deploy the updated registry key by using your chosen method, such as a logon script or ESD solution, by creating a script that will merge the REG file settings with the local system. METHOD 1: UPDATE URL REDIRECTION INFORMATION USING GROUP POLICY Note: This method will overwrite any current settings for URL Redirection so all of the current URLs would need to be included unless the intent is in removal. 1. Launch GPMC.MSC on your Domain Controller. 2. Expand Domains, yourDomain, Group Policy Objects. 3. Right-click Group Policy Objects and click New. 4. In the Name field, enter MED-V Web Redirection and click Ok. 5. Right-click MED-V Web Redirection and select Edit. 6. Under Computer Configuration, expand Preferences, Windows Settings. 7. Right-click Registry and select New, Registry Item.

26

Trial Guide

8. Set Action to Replace. Set Hive to HKEY_LOCAL_MACHINE, Set Key Path to SOFTWARE\Microsoft\Medv\v2\UserExperience, Set Value Name to RedirectUrls, Set Value type to REG_MULTI_SZ. In Value data enter http://download.microsoft.com and click Ok. 9. Close the Group Policy Management Editor window. 10. Under Group Policy Objects, drag-and-drop the MED-V Web Redirection GPO to the OU that contains the MEDVADMIN machine. Open Internet Explorer and browse to http://download.microsoft.com. Notice that the web page opens within the Internet Explorer 6 browser from the MED-V workspace.

7.2 Manage MED-V Workspace SettingsMANAGE SETTINGS IN A MED-V WORKSPACE 1. Open the MED-V Workspace Packager; click Start\All Programs\Microsoft Enterprise Desktop Virtualization\MED-V Workspace Packager. 2. On the MED-V Workspace Packager main panel, click Manage Settings. 3. In the Manage Settings window, you can configure the following MED-V workspace settings: a. Start MED-V workspace: Choose whether to start the MED-V workspace at user logon, at first use, or to let the end user decide when the MED-V workspace starts. b. Networking: Choose Shared or Bridged for your networking settings. The default is Shared. c. Store credentials: Choose whether you want to store the end user credentials.

4. Click Save asto save the updated configuration settings in the specified folder. MED-V creates a registry file that contains the updated settings. Deploy the updated registry file by using your chosen method such as a logon script. Note: MED-V also creates a Windows PowerShell script in the specified folder that you can use to re-create this updated registry file.

27

Trial Guide

8 MED-V Administration ToolkitIn the event that you are encountering issues with the operation of the MED-V Workspace and you wish to gather more detailed troubleshooting data, the MED-V Administration Toolkit lets you access and configure event logs, restart or reset the MED-V workspace, and view the published applications and redirected web addresses in the MED-V workspace. You can also use the Med-V Administrations Toolkit to open the MED-V workspace virtual machine in full-screen mode. OPEN THE MED-V ADMINISTRATION TOOLKIT 1. From the Start menu of the host computer that contains the MED-V workspace you are troubleshooting, open the Command Prompt. 2. Navigate to C:\Program Files\Microsoft Enterprise Desktop Virtualization. 3. At the command prompt, type MedvHost /toolkit. VIEWING AND CONFIGURING MED-V LOGS 1. On the MED-V Administration Toolkit window, click the Host Events (Windows 7) button to open the event viewer for the host computers. Or, click the Guest Events (Windows XP) button to open the event viewer for the guest virtual machine. 2. The event viewer opens and displays the corresponding event logs that you can use when troubleshooting issues with MED-V. CONFIGURING MED-V EVENT LOGS You can specify the MED-V event logging level by selecting the corresponding option button on the MED-V Administrations Toolkit. When setting the event logging level, it is set for both the host computer and the guest virtual machine. RESTARTING AND RESETTING A MED-V WORKSPACE Restarting the MED-V workspace is the same as restarting a physical computer. Resetting the MED-V workspace reruns first time setup, which deletes all data stored in the virtual machine. Typically you should only reset the MED-V workspace to resolve serious troubleshooting issues. RESTARTING A MED-V WORKSPACE 1. On the MED-V Administration Toolkit window, click Restart MED-V Workspace. A dialog window opens for you to confirm that you want to restart the workspace. 2. Click Restart. RESETTING A MED-V WORKSPACE 1. On the MED-V Administration Toolkit window, click Reset MED-V Workspace. A dialog window opens for you to confirm that you want to reset the workspace.28

Trial Guide

Warning: Resetting the MED-V workspace causes first time setup to rerun; this reloads the original virtual hard drive. All data that has been stored in the MED-V workspace since first time setup will be deleted. 2. Click Reset. VIEWING MED-V PUBLISHED APPLICATIONS 1. On the MED-V Administration Toolkit windows, click View Published Applications. 2. The published applications window opens and displays a list of the published applications in the MED-V workspace. You can use this information to troubleshoot certain issues, such as determining whether an application was published as expected. VIEWING MED-V REDIRECTED WEB ADDRESSES 1. On the MED-V Administration Toolkit window, click View Redirected Web Addresses. 2. The Web Addresses Redirected to the MED-V Workspace windows open and displays a list of the redirected web addresses. You can use this information to troubleshoot certain issues, such as determining whether a web address was specified correctly for redirection. OPENING THE MED-V WORKSPACE VIRTUAL MACHINE 1. On the Med-V Administration Toolkit window, click View MED-V Workspace Full Screen. 2. MED-V closes if it was running, and the MED-V workspace virtual machine opens in full screen mode. You can use this full screen window to easily access all of the components of the virtual machine that might be helpful in troubleshooting, such as its hard drive and settings files.

29

Trial Guide

9 Operations Security Best PracticesAs an authorized administrator, you are responsible to protect the information of the users and maintain security of your organization during and after the deployment of MED-V workspaces. In particular, consider the following issues. 1. Customizing Internet Explorer in the MED-V workspace. Earlier versions of the Windows operating system and Internet Explorer are not as secure as current versions. Therefore, Internet Explorer in the MED-V workspace is configured to prevent browsing and other activities that can pose security risks. In addition, the Internet security zone setting for Internet Explorer in the MEDV workspace is set to the highest level. By default, both of these configurations are set in the MED-V Workspace Packager when you create your MED-V workspace package. By using Internet Explorer Administration Kit (IEAK) or by changing the defaults in the MED-V Workspace Packager, you can customize the MED-V version of Internet Explorer. However, realize that if you customize Internet Explorer in the MED-V workspace in such a way as to make it less secure, you can expose your organization to those security risks that are present in older versions of Internet Explorer. From a security perspective, best practices for managing the MED-V version of Internet Explorer are as follows: When creating your MED-V workspace package, leave the defaults set so that the MEDV version of Internet Explorer is configured to prevent browsing and other activities that can pose security risks. When creating your MED-V workspace package, leave the defaults set so that the security setting for the Internet security zone remains at the highest level. Configure your enterprise proxy or Internet Explorer Content Advisor to block domains that are outside your companys intranet.

2. Configuring a MED-V workspace for all users on a shared computer. When configuring a MED-V workspace so that it can be accessed by all users on a shared computer, realize that the guest virtual machine (VHD) is put in a location that gives Read and Write access to all users on that system. 3. Configuring a proxy account for domain joining. When configuring a proxy account for joining virtual machines to the domain, you must know that it is possible for an end user to obtain the proxy account credentials. Thus, necessary precautions must be taken, such as limiting account user rights, to prevent an end user from using the credentials for causing harm. 4. Sysprep Configuration. Although the Sysprep.inf file is encrypted by default, its contents can be decrypted and read by any determined end user who can successfully log on to the virtual machine. This raises security concerns because the Sysprep.inf file can contain credentials in addition to a Windows product key.

30

Trial Guide

You can lessen this risk by setting up a limited account for joining virtual machines to the domain and specifying the credentials for that account when configuring Sysprep. Alternately, you can also configure Sysprep and first time setup to run in Attended mode and require end users to provide their credentials for joining the virtual machine to the domain. A MED-V best practice is to specify that FtsCompletion.exe is run under an account that gives the end user rights to connect to the guest through the Remote Desktop Connection (RDC) Client. 5. End-user authentication. Enabling the startup and networking screen, store credentials, disable caching of end user credentials provides the best user experience of MED-V, but creates the potential that someone could gain access to the end users credentials. The only way to lessen this risk is by electing to disable the caching of credentials in step 6.1.2.g.

31

Trial Guide

10 Appendix A: Preparing an image for SysprepAlthough it is optional, it is recommended that you compact your virtual hard disk to reclaim empty space and reduce the size of the virtual hard disk. COMPACTING THE VIRTUAL HARD DISK Perform the following step on the MEDVADMIN computer: PREPARING THE VIRTUAL HARD DISK Perform the following steps on the WINDOWS XP MODE virtual machine: 1. Clear the DLL cache. a. At a command prompt, type sfc /cachesize=1 b. Restart the virtual machine by clicking the Ctrl-Alt-Del button in the Virtual PC Toolbar, clicking the Shut Down button, setting the pull-down menu to Restart and clicking OK.. c. At a command prompt, type sfc /purgecache

2. Turn off System Restore. You can also specify this step in your Sysprep.inf file. a. In the Control Panel, change to Classic View, double-click System, and then select the System Restore tab. b. Select Turn off System Restore and then click OK. 3. Set maximum event log sizes and clear all events. a. Open the event viewer. b. Right-click on Application and click Properties. c. In the Log Size area, set Maximum Log Size to 512KB and then select Overwrite events as needed.

d. Click Clear Log. In the Event Viewer dialog box that appears, click No. e. In the Properties window, click OK. f. Repeat steps a through e for the Security and System logs.

4. Run the Disk Cleanup Tool. In the Start menu, select All Programs\Accessories\System Tools\Disk Cleanup. 5. Remove the page file.

32

Trial Guide

a. In the Control Panel, double click System, and then select the Advanced tab. b. In the Performance area, click Settings. c. Select the Advanced tab. In the Virtual Memory area, click Change.

d. Select the No paging file button, click Set, click Ok, Ok and click Ok e. Click Yes to restart the virtual machine. f. Once the virtual machine has restarted after removing the page file, from within the virtual machine, Shut Down the virtual machine by clicking the Ctrl-Alt-Del button in the Virtual PC Toolbar, clicking the Shut Down button, setting the pull-down menu to Shut down and clicking OK.

DEFRAGMENTING AND PRE-COMPACTING THE VIRTUAL HARD DISK Perform the following step on the MEDVADMIN computer: 1. In Control Panel on the host computer that is running Windows 7, click Administrative Tools, double-click Computer Management, then click Disk Management. 2. By using the Disk Management Console, attach (mount) the virtual hard disk and then defragment the disk. 3. By using an ISO extraction tool, extract the precompact.iso located in the \Program Files\Windows Virtual PC\Integration Components folder. 4. Use the precompact.exe program to compress the Windows XP virtual hard disk. 5. By using the Disk Management Console, detach the virtual hard disk. COMPACTING THE VIRTUAL HARD DISK Perform the following step on the MEDVADMIN computer: 1. Open Windows Virtual PC. 2. Click Start, click All Programs, click Windows Virtual PC, then click Windows Virtual PC. 3. Right-click your Windows XP image and select Settings. 4. Click Hard Disk for the one that corresponds to your Windows XP image, and then click Modify. 5. Click Compact virtual hard disk. 6. Click Compact and then click OK. 7. Create a backup copy of your Windows XP image by making and storing an additional copy of the .vhd file located in the directory that you specified in step 4.1.4.e, after it has been compacted.

33