VMware Windows Server 2019 Template Best Practices
Deploying Windows Server 2019 virtual machines from template is a great way to streamline the process of getting up and running with a new instance of Windows Server in your vSphere infrastructure quickly and easily. Templates help to take much of the heavy lifting out of the process for deploying Windows Server 2019, Windows Server 2016, and other Windows Server versions. However, there are a few things you want to consider when you look at VMware Windows Server 2019 template best practices. Let’s take a look at a few things that need to be considered when deploying your Windows Server 2019 virtual machine from a template in VMware vSphere.
Why Use a VMware Template?
In case you are not currently a user of VMware templates, what is their benefit? Some are right on the cusp of not really deploying enough virtual machines in their minds to really warrant using a template. However, if you are not using VMware templates today, what are some reasons that you might start doing so?
Why use a VMware template? Templates provide a “cookie cutter” approach to having a Windows Server 2016 or Windows Server 2019 virtual machine “look” the way you want it to look as soon as it is deployed.
Using a template is similar to the old days of using an “image” so to speak of a server. We used to get a server or workstation the way we wanted it to look and then we created an image. The image was then used to deploy additional servers or workstations from.
In a similar vein, VMware templates provide the means and ability to create exact representations of all the software, configuration, and other applications that may need to be loaded for a particular environment or use case and then deploy that image into the environment.
Additional benefits include the ability to use templates with further automation in your environment. Many of the DevOps and scripting tools can take a VMware template and use this as the source of cloning for quick and automated deployments.
Using VMware templates to deploy also allows you to use customization specifications which allow you to do things like join Windows Active Directory domains, run one-off commands and scripts, set network configuration automatically, name the computer, and many tasks.
VMware Windows Server 2019 Template Best Practices
Since using VMware templates is a great way to deploy Windows Server in a powerful way, let’s take a look at VMware Windows Server 2019 Template Best practices to follow when using VMware templates:
- Keep your VMware templates updated
- Install all software and security applications in the template
- Include VMware Tools in the template
- Include tweaks for automation tools you may use
- Install all Windows updates that are current
- Make the decision on how you will sysprep
- Use folders to organize your templates
- Use the notes field to provide relevant version information
- Decide what configuration will be included in your customization specification
1. Keep your VMware templates updated
This is an extremely important point to consider. What adds to the value of using VMware templates is that you are saved from many manual processes and provisioning steps.
If the Windows Server 2019 VMware template becomes stale and is quite old, you will no doubt find yourself having to perform update steps and other software configuration updates to align with what is current. Having a process to automatically update your Windows Server 2019 templates is a great way to stay current with the build of Windows Server 2019 you are using.
A great tool to use is Hashicorp’s Packer. With Packer you can fully automate the installation and build of your Windows Server 2019 template, including Windows Updates, etc.
I have written on this topic a number of times. Be sure to check out my post here:
With Packer, you can literally schedule to rebuild your Windows Server 2019 template on a specified frequency of your choosing. In this way, you can automatically have an up-to-date Windows Server 2019 template.
2. Install all software and security applications in the template
One of the main reasons that you use a Windows Server 2019 template is to have a source of your clone operation that already has the applications and software needed already installed.
A best practice with your VMware Windows Server 2019 template is to include not only all your applications and software that are business-critical and support those processes, but to also include all security software that is needed.
This may include antivirus or other cybersecurity agents. This helps to ensure that these components are not missed in a manual installation of software when provisioning your Windows Server 2019 servers manually.
3. Include VMware Tools in the template
In a VMware vSphere environment, it is important to make sure that you install VMware Tools in your Windows Server 2019 template. VMware Tools is the guest operating system tools that allows VMware to interact effectively and efficiently when running your virtual machines in a vSphere environment.
VMware Tools allows the hypervisor to interact with VMs in such a way to perform operations such as graceful shutdowns, restarts, resets, and other power management.
In addition VMware Tools is generally required for effective backups that are “application aware” as these generally use VMware Tools for properly quiescing applications and file activity for an application aware snapshot.
Be sure to include VMware Tools as part of the software you install in the Windows Server 2019 virtual machine.
Again, this can easily be accomplished automatically by using Packer to build your Windows Server 2019 template. See again my article describing how to automate this process in a Windows Server 2019 Core installation.
4. Include tweaks for automation tools you may use
If you intend to use other automation tools in your environment with the Windows Server 2019 template that you create, it is a good idea to think about what needs to be done for these automation tools to interact with your Windows Server 2019 template.
I use Ansible quite extensively in my environment, so making sure that Ansible can properly speak to your Windows Server 2019 installation is an example of this.
Ansible includes a ConfigureRemotingForAnsible.ps1 script that makes it easy to ensure your Windows Server host is ready for Ansible to be able interact with. This script is found here:
5. Install all Windows updates that are current
Another great advantage of using a Windows Server 2019 template is to have a template to clone and deploy from that is current with the latest Windows updates. It is certainly a best practice to keep your Windows Server 2019 templates updated with the latest and greatest Windows updates.
Again, you can do this as part of your automated Windows Server 2019 template build with Packer. Packer can simply take advantage of the PowerShell module PSWindowsUpdate.
Read about how to do this as part of your automated installation using Packer here:
6. Make the decision on how you will Sysprep
One of the things that you need to consider when creating a Windows Server or any other Windows templates is how you will handle Sysprep. The Sysprep tool from Microsoft is the supported way to generalize a Windows Server operating system.
This ensures there are no duplicates on the network or domain with SIDs, etc. There has been some discussion and controversy about how needed Sysprep is, however, it is still generally considered best practice to use it currently.
The reason I bring up “make the decision on how you will Sysprep” is that you will need to decide if you are Sysprepping your Windows Server 2019 server before you convert to template, or after.
Generally, what I see is that you don’t Sysprep as part of the template. This is especially the case if you are using tools like VMware’s customization specification or using something like Terraform.
These tools have the sysprep step as part of their deployment mechanisms and will bomb if you already have sysprepped the box before converting to template.
However, you may not be using customization specs or another automation tool and just want to be able to clone and be done using the already Sysprepped template.
7. Use folders to organize your templates
It is a good idea to use folders to organize your VMware templates. This allows you to be able to find your templates all in one place very easily. Folders not resource pools are the way to organize your virtual resources in this way.
8. Use the notes field to provide relevant version information
The Notes field in your vSphere inventory is a great way to provide helpful metadata to your templates. You could include information such as the following:
- Date the template was created
- Operating system it contains
- Any relevant software version information
- Relevant security agent information
- Customized information related to your business
9. Decide what configuration will be included in your customization specification
As mentioned early on, generally in most VMware vSphere environments, you will want to take advantage of using customization specifications. Below are notes from VMware on customization specifications:
“Using customization specs helps prevent conflicts that can result if you deploy virtual machines with identical settings, such as duplicate computer names.
When you clone an existing virtual machine, or deploy a virtual machine from a VM template in a folder, you can customize the guest operating system of the resulting virtual machine during the clone or the deployment tasks.
When you deploy a virtual machine from a template in a content library, you can customize the guest operating system only after the deployment task is complete
When you build your Windows Server 2019 template, you want to think about commands that you may run in the customization specification and those that need to be included as part of the tempate.
The customization spec helps to take care of the computer name, domain joins, network configuration, and one off, ad-hoc commands you may want to run.
Wrapping Up
As you can tell, there are many VMware Windows Server 2019 Template Best Practices to consider when building out your Windows Server 2019 template.
Leveraging VMware templates in your infrastructure helps to ensure that you can efficiently deploy new Windows Server 2019 servers as needed in a way that is streamlined and consistent.
Using other tools such as Packer, Ansible, and Terraform in conjunction with VMware vSphere templates is a great way to further extend the power of your VMware templates in your environment.