Don’t Sysprep Me, Bro!

The top virtualization platforms allow for rapid deployment of virtual machines via templates.  This capability alone is enough to make virtual environments far more efficient than physical.

With template deployment comes VM (or “image”) customization — each instance of an OS needs to have a unique hostname and, in the case of Windows, a unique SID (security identifier).

Not surprisingly, each vendor has taken a different approach to image customization.  Let’s take a closer look.

VMware vCenter Server Image Customization

With VMware vSphere and vCenter Server, VM templates are simply virtual machines with a special flag that essentially prevents users from accidentally powering them on.  In fact, you can clone and customize a new VM from a standard VM if you prefer — converting to template first is not even required.  Sysprep is only run on the new VM after it is cloned — the original template/VM is never generalized by Sysprep.

The great thing about this design is that it gives you the ability to instantly convert a template back to a standard VM.  That makes it very easy to update templates and, for example, minimize the exposure of deploying virtual machines in dire need of numerous security patches.

Of course, vCenter also supports Linux guest customization, unlike competitors.

Virtual Machine Manager (SCVMM) Image Customization

Microsoft System Center Virtual Machine Manger also has VM templates, but the workflow is quite different from vCenter.

When you create a template in SCVMM, the guest OS is generalized with Sysprep before it is copied into the library.  That effectively destroys the original VM and, in fact, this is what the warning message states when you create a template.

Maintaining a clone of every VM template obviously introduces some management overhead.  Another option you might consider: when it is time to update a VM template, simply deploy a fresh VM from the previous template, make changes, and then re-create a new template from the VM.  That sounds like it will work, but there is actually a problem that prevents it from being a viable solution. For technical reasons, Sysprep can only be run on a particular OS image a total of three times.  You can read all about the details in this TechNet article. UPDATE: Activated systems in a KMS environment are not affected by this limit.

Here is what happens when you exceed the Sysprep limit when attempting to create a template in SCVMM:

Looks like SCVMM administrators will either be maintaining master clones of all templates, or reinstalling VMs from scratch when updated templates are needed.  Kind of makes you think about the whole “managing physical plus virtual” thing, doesn’t it?

Citrix XenCenter Image Customization

Curious to know how Citrix handles Windows VM cloning and customization?  They just don’t bother — the documentation simply explains how to manually run Sysprep on a Windows VM before converting to a template.  All the disadvantages of the SCVMM model — without the automation.  Nice.

Summary

VMware vCenter Server is the only virtualization management platform that offers fully functional, non-destructive VM templates for both Windows and Linux guest operating systems.

What interesting VM/template strategies have you adopted?

With apologies to the “Don’t Taze Me, Bro!” guy.

Related posts:

1. SCVMM to VMware: You will be assimilated
2. Which guest operating systems can be customized by SCVMM?
3. Even GPL can’t make Hyper-V Linux VMs well
4. Finding thin-provisioned virtual disks with PowerShell
5. Managing VI3 with SCVMM considered harmful