The following are some of the more frequently asked questions when it comes to deploying a group Virtual Machines sharing common configuration.
- After updating the VHD and VMC, how to re-deploy the changes out to the group of physical machines
- After deploying the duplicate VHD and VMC, how to make the Windows OS in each Virtual Machine have unique name, SID, and MIC address
- After deploying, how to lock down the virtual and physical machine to prevent tampering
- And do all this with as much automation as possible...
Well, here are my thoughts...
I'm considering the use of Virtual PC in a school environment. The idea is that I'll be gradually adding software and configuration options to one machine and, after making and testing each addition, copying the virtual machine to each of the other PCs.
In addition to being able to access software and resources bundled with the virtual machine, each machine should be able to access resources stored on a server. A domain login is not required at this stage.
There is no requirement that any changes made by students be saved.
As to the ongoing management and updating of the system I am hoping to be able to copy the new image to the hosts after hours using a batch file.
I have already learnt from various sources that the requirements for this configuration will be that each virtual machine must have a unique name, unique SID and unique mac address. Therefore I would like to find the most efficient way of changing these automatically, on the fly. Is there a utility which I could call from a batch file which would update these details for each instance? Ideally I would like to develop a single batch file which would update all the machines
Another issue is that, when the student sits at the computer, I need as much lockdown as possible, preferably preventing them from shutting down, or modifying the configuration of the virtual machine. Is there a way of doing this?
Further complicating matters I would like to close the virtual machine down automatically after hours so that any updating could take place.
Thanks for any suggestions.
How to make the Windows OS in the Duplicated VMC/VHD Unique
- Change SID: http://www.sysinternals.com/Utilities/NewSid.html
- Change ComputerName: http://download.microsoft.com/download/8/7/6/876af3ca-070a-4846-9b19-bd0389b575fa/Virtual%20PC%202004%20Deployment.doc
- Change MAC address: Modify the VMC file and change the <ethernet_card_address> element
How to Lockdown the Environment
I suggest locking down both:
- the Guest OS - Group Policy or 3rd party software - your pick
- the VPC host - http://blogs.msdn.com/virtual_pc_guy/archive/2005/08/03/447572.aspx
How to re-deploy Changes:
Closing VM after-hours to propagate changes is trivial to do with Virtual Server since it has a scriptable automation interface. See this blog entry for code on how to remotely stop/start a VM for the purposes of backing up the VHD (you would deploy the new VHD instead of backing up the existing VHD). Virtual PC does not have such provisions since it is meant for interactive and NOT automated use - see this blog entry for details.
In terms of making each duplicate VHD/VMC unique, the main challenge is to automatically launch the Change SID and Change Computer Name commands INSIDE the Guest OS when you only have control outside. This is easy to do with Virtual Server's scriptable automation interface, to pass in keystrokes, etc from the outside in.
Personally, I would run Virtual Server 2005 R2 instead of Virtual PC 2004. It's completely free, has the scriptable automation interface to do everything you ask for and more, and though I don't know of a lockdown switch, its UI is pretty spartan and locked down already. You simply have more options with VS2005R2, even if you may have to program some of them. It all depends on if you are ok with "not possible with VPC 2004" or "requires programming with VS2005R2"...