Product Documentation

Creating and Configuring ESD Update VMs

Sep 28, 2016
Virtual machines (VMs) that are used to update a Managed vDisk must first be created on the hypervisor prior to configuring for vDisk Update Management in Provisioning Services. Supported hypervisors include; Citrix Xenserver, Microsoft SCVMM/Hyper-V, and VMWare vSphere/ESX.

The type of ESD determines the specific steps involved in creating and configuring the VM on the hypervisor. However the following general prerequisites apply to Update VMs regardless of the ESD system selected:

  • Download, install, and configure the appropriate ESD Server software on the server.
  • A VM must be uniquely named on the hypervisor and follow naming conventions equivalent to a Provisioning Services target device name. The name can be up to 15 bytes in length.
  • Only one VM should exist for a Managed vDisk because only one update task can occur on that vDisk at any given time.
  • Citrix recommends allocating at least 2GBs of memory for each VM.
  • Appropriate ESD licenses must be made available and the ESD client software must be properly installed and enabled on the vDisk.
  • Using Microsoft HyperV Server without SCVMM is not supported.
  • Configuring the Update VM, that is used to build the Update vdisk, with multiple nics when streaming to SCVMM server fails to PXE boot. Citrix suggests using a single NIC or use only one Legacy NIC.
  • Because the image update client requires .NET 3.5 or higher, it must be installed on the vDisk that serves the update VM.
  • Citrix recommends to only apply updates that can be downloaded and installed in 30 minutes or less.

The following ESD systems are supported:

  • WSUS
  • SCCM

Creating and configuring a WSUS update VM

  1. Under the server hypervisor, create and boot up a client. For the purpose of providing an example, the client VM NameA (client VMs must be unique on the hypervisor).
  2. Add the client VM (NameA) to the domain and make any other settings specific to your environment.
  3. Install the Provisioning Services Target Device software on the client VM (NameA).
  4. Build a vDisk image from the client VM (NameA), and when prompted, you must enter a target device name. For the purpose of this example, the target device name will be NameB.
  5. After successfully building the vDisk image, shutdown the target device.
  6. Optional. If using Active Directory, enable Active Directory on the vDisk and then create a machine account for the target device (NameB) using the Provisioning Services Console.
  7. In the Console, set the target device to boot from the vDisk image in Private Image mode.
  8. Boot the target device, then complete the following:
    1. Verify that the Windows firewall setting is set to Off.
    2. Run Gpedit.msc navigate to: Computer Configurations>Administrative templates>Windows Components>Windows Update>Specify the Intranet Microsoft update service location and set to be Enabled.
    3. Enter the name of the WSUS server (from step one) under the Set the intranet update service for detecting updates and Set the intranet statistics server name (http://WSUS-SERVER-NAME).
    4. Install the Windows Update Agent specific to the platform from:
    5. Restart the target device to configure the Windows Update Agent.
  9. Shutdown the target device.
  10. On the hypervisor, create a diskless VM to serve as the Update VM (NameC), then set the Update VM to boot from the network (do not boot).
  11. From the WSUS server, approve the updates for your client VM
  12. From the Console,
    1. Set the Access Mode for the vDisk to Standard Image mode, on the vDisk Properties General tab.
    2. Configure the host connection, refer to Configure virtual host connections for automated vDisk updates.
    3. Configure a managed vDisk for automated updates. Refer to Configure Managed vDisks for automated updates.
    4. Create an update task. Refer to Create an update task.

Creating and configuring a SCCM update VM

Creating the device and preparing the vDisk

  1. Create a VM and give it a name that meets DNS requirements for computer object names.
  2. Install the operating system.
  3. Install the Provisioning Services target device software.
  4. Run the imaging wizard. For the same device name, use the VM name in step 1.
  5. Reboot to image the device.
  6. Shut down.
  7. Add the device to the OU that SCCM is scanning. You are advised to dedicate an OU for this rather than giving SCCM free rein of the entire Active Directory.
  8. Boot the client in private image mode.
  9. Open the firewall ports for SCCM on both the target device and the Provisioning Server.
  10. Make the SCCM administrator and the SCCM server a local administrator.

Installing the SCCM client

  1. On the SCCM server, select Administration > Discovery methods. Right-click on Active Directory System Discovery and choose the option Run Full Discovery Now. By default, SCCM only scans for new clients every 8 hours.
  2. Wait for the client to appear. Typically, this takes about 10 minutes.
  3. Right-click on the SCCM client and push it to the device.  Wait until the SCCM client is installed and appears as active in SCCM.
  4. Assign the client to a device collection in SCCM.
  5. In SCCM Administration > Client Settings give the client a new setting and select the custom setting Computer Agent.  Select the option Additional software manages the deployment of applications and software updates.  Push this out to the device collection in step 4 as soon as possible.

Configuring on the Provisioning Services Console

  1. Go to the site’s Property > vDisk Update tab and enable the automatic vDisk update option for the site.
  2. After the SCCM client is installed and appears as active, shut down the device.
  3. Change the vDisk to standard image mode.
  4. Right-click on the device and choose Active Directory > Delete Machine Account.
  5. Delete the Provisioning Services device record.
  6. Create a host record of where the image VM is located.
  7. Create a managed vDisk record. Note: The device name is case-sensitive.
  8. Create a task.

Note: When pushing updates and software, always push to the SCCM device collection.