In this video, I sit down and chat with Joe Cooper to find out “What’s the deal with TPMs, vTPMs, vSphere NKP, and VDI?”
We’ll be talking about everything from Physical TPMs, to Virtual TPM (vTPM), VMware vSphere Native Key Provider (NKP), and specialized workloads such as Virtual Desktop Infrastructure (VDI).
A big thank you to Joe Cooper for co-producing and joining me on this video.
In this video, I’ll show you how to properly create a Windows 11 gold image, for use with Omnissa Horizon VDI (both persistent VM template full-clones, and non-persistent Instant Clones).
We’ll be using the manual process to create the VDI Golden Image.
In this video, I’ll show you how to:
Use Windows ADK and WinPE add-on to create a WinPE ISO to pre-boot the Windows 11 Installer
Use the WinPE ISO to pre-boot and install Windows 11, without a vTPM
Prepare the Windows 11 image for deployment
Install Omnissa Horizon agent
Install Microsoft 365 using the ODT (Office Deployment Toolkit)
Use the Omnissa Operating System Optimization Tool (OSOT)
Optimize the image using OSOT
Generalize the image using OSOT
Finalize the image using OSOT
Note on VDI (Virtual Desktop Infrastrucutre), TPM and vTPM devices
When deploying Windows 11 in VDI environments there are special considerations due to Windows 11 TPM requirements. Windows 11 Golden images should not have a vTPM, nor should they ever have a vTPM attached and then removed. Attaching and removing a vTPM or TPM from Windows 11 is considered data loss, and can cause issues with the image.
If you are deploying persistent full-clones, after the cloning process you can add a vTPM to the persistent VM.
If you are deploying non-persistent Instant Clones, the desktop pool in Horizon should be configured to add a vTPM to Instant Clones on provisioning.
References
A big thank you goes out to Graeme Gordon and Hilko Lantinga for their documentation and techzone articles providing this information for Partners, Customers, and Community!
So you’re in a situation where you need to update the Omnissa UAG IP Configuration via Shell or Console.
Your Omnissa UAG (Unified Access Gateway) network configuration usually takes place on deployment, or can be modified via the Web Admin interface running on port 9443.
In some scenarios you may lose access, or have to change the networking configuration when you don’t have access to the web administration GUI. This could be because of firewall rules, network changes, or troubleshooting.
PLEASE NOTE: Normally it is considered best practice to deploy new UAGs if an IP change is required. UAG deployment should be automated (using the powershell scripts from Omnissa). This post is for informational purposes only for special situations, troubleshooting, or in scenarios where deploying a new UAG, isn’t possible.
Updating your UAG IP Network Configuration
If you need to update or change your network configuration on your UAG, via console or SSH, you can run the following command:
Joe Cooper and I (Stephen Wagner), talk about AI Prototyping and AI Development with NVIDIA vGPU powered Virtualized Workstations.
Using NVIDIA vGPU technology, NIMs (NVIDIA Inference Microservices), and VDI you can enable high powered, private, and secure AI Development Workstations.
These environments can be spun up on your VMware infrastructure using NVIDIA datacenter GPUs, NVIDIA NIMs, and using Omnissa Horizon or Citrix for delivery.
Recently, new deployments of Windows 11 (23H2 images with the latest updates) have changed the behavior of the start menu and introduced the Windows 11 Microsoft Account Center.
This also effects 24H2, however 24H2 isn’t supported on Omnissa Horizon as of yet (to my knowledge) and probably most other VDI platforms, but this will be a concern once support is available.
The introduction of the Microsoft Account Center in the Windows Start Menu will become an issue for VDI deployments, as it changes the behavior of the Start Menu, and introduces some complexities for logging off users as well as introducing the need for training or alternative methods for users to log off.
Update – October 27 2024
When completing the latest Windows Updates, as of October 27th, 2024, the behavior has now changed.
The new behavior is now suitable for easy logoffs.
Behavior
When clicking on Start and proceeding to click on the user name, users are no longer prompted with options like “Sign out, Switch User, Account Settings”. Users are now presented with the new “Microsoft Account Center”, which on non-VDI deployments provides actions for the Microsoft Account. Optimizing your image may slightly change the behavior of the Microsoft Account Center.
Here is an example of the original start menu:
Here is an example of the new start menu with the new Microsoft Account Center:
Users, who are expecting to be able to sign out, will not have to click on the “…” on the top right.
Additional Considerations
In addition to the examples provided above, the following behaviors can be expected:
On the base image, clicking the user icon will do nothing (and may possibly kill the start menu)
In deployments with Hybrid domain joined Instant Clones
If the machine hasn’t achieved Hybrid Domain Join, clicking the user account icon will function.
If the machine has Hybrid domain joined but a PRT has not been issued, click the user account icon will kill the start menu.
If the machine has Hybrid domain joined and a PRT has been issued, it will perform properly using the new style.
In deployments with Hybrid Domain Joining and PRT disabled, the new “Microsoft Account Center” from the user icon, should function properly with the new style.
As of today, I haven’t seen the latest Windows Updates change older base images, but I haven’t had the opportunity to sample a large enough number of environments. If this occurs, you may need to brief users on how to log out using the new “Microsoft Account Center”, using the “Log Off” function on the Horizon Client, or possibly even create a desktop shortcut for the users.
Workaround
To workaround this issue, you may need to train users on the new behaviour, advise them to Log off with the VMware Horizon client (proper logoff, not just clicking the “X” which will only disconnect sessions), or create a “Log off” shortcut on their desktop.
I will continue to investigate and update this post, hopefully ultimately with a fix.
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.
Do you accept the use of cookies and accept our privacy policy? AcceptRejectCookie and Privacy Policy
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
