No doubt in your virtual environment, you may be thinking about getting your Windows Server 2022 template configured for use now that Windows Server 2022 is GA. Windows Server 2019 still has mainstream support until 2024. However, using the latest and greatest not only extends your support lifecycle, it allows you to have access to all the latest and greatest features and functionality available. In this post, we will take a look at VMware Windows Server 2022 Template Best Practices and see what new tasks you should include in your Windows Server 2022 templates.
Automated Windows deployment benefits
You may wonder why you should spend the time to build a Windows Server template. Well, templates provide many benefits to your organization’s Windows Server deployment process. These include:
- It saves time – There is nothing worse than having to install a Windows Server by hand and remember all the snowflake settings that are needed for your particular environment. Templates allow baking all of these things into a cookie cutter image and deploying automatically.
- It provides consistency – Manual steps are very prone to human error. Automated processes are performed the same way, every time. Consistency helps to support many required principles in the enterprise
- It helps to support IT governance – Controlling how things are performed is extremely important. IT governance provides the framework to ensure processes and procedures align with your businesses way of doing things and even regulatory requirements.
- It can be used in vRA blueprints and provided to developers – Templates can be used in your vRA self-service portals, allowing developers to easily deploy their own servers if needed for development purposes.
VMware Windows Server 2022 Template Best Practices
You may have read my VMware Windows Server 2019 template best practices post. If not, you can take a look at it here:
There are a few new additions to the Windows Server 2022 Template best practices to note. Let’s consider the following best practices with Windows Server 2022 templates:
- Include Windows Admin Center installation
- Add vTPM and enable virtualization-based security
- Turn on secured-core components
- Install all current Windows updates
- Install any configuration management agents
- Deploy Azure Arc and other agents with customization spec
- Use folders to organize your templates
- Make use of the notes field for your VMware templates
- Decide what configuration will be included in your customization specification
- Use Content Library VM Template Versioning
1. Include Windows Admin Center installation
There is no question that Windows Admin Center is the modern way forward for managing Windows Server. However, ironically, it is still not included out-of-the box with Windows Server 2022. It is a separate download. Including Windows Admin Center as part of your Windows Server 2022 template is a great way to have the tool built into your Windows Server 2022 deployments, along with the extensions your organizations wants to have available.
Yes, you can use Windows Admin Center in Gateway Server Mode, where you have a main WAC server that connects to all of the other managed servers. This is great. However, you never know when you may have something wrong with connectivity to the server you want to manage. Having the tools locally is always a good idea. You can still manage a Windows Server 2022 server from your WAC gateway and still have the tool installed locally on the server itself.
2. Add vTPM and enable virtualization-based security
As part of your template VM, you can go ahead and add your vTPM (virtual Trusted Platform Module) to your Windows Server 2022 template. This will allow being a step ahead on enabling Secured Core Server. Also, you can enable virtualization-based security which is another security mechanism required for much of the secured-core server functionality.
3. Turn on secured-core components
In your Windows Server 2022 template, following along with point #2, you can go ahead and turn on/enable secured-core server components using Windows Admin Center. Doing this is part of the consistency and uniformity we hope to gain by using VMware templates. By including this as part of your VMware template, you can be sure all subsequent Windows Server 2022 servers have these modern security features enabled.
4. Install all current Windows Updates
If you are going to have an updated template that you keep fresh for deploying Windows Server 2022, you will want to have the latest Windows Updates available at the time, installed. Images quickly get out-of-date from an updates standpoint. However, installing the latest available when creating the template ensures you will have fewer updates for installation after the fact.
Also, if you have a pipeline process for keeping Windows templates up-to-date, this will be a continual process that if you have baked into your template creation, will continue to provide the benefits of minimizing the number of Windows Updates that need installing.
5. Install any configuration management agents
If you have any configuration management agents or other tools you want to install in Windows Server 2022, be sure to get this into the VMware template. This ensures you have those tools consistently installed in future Windows Server deployments.
6. Deploy Azure Arc and other agents via customization spec
You can use the customization spec commands to install your Azure Arc and other cloud agents. Windows Server 2022 is the most hybrid cloud-centric Windows Server operating system to date. It provides great integration with Azure services. These cloud-connected services require agents to be installed. You can pull down the onboarding scripts and have these run during the customization of your operating system.
7. Use folders to organize your templates
Using folders to organize your templates is a great way to manage and maintain your VMware templates. Remember, folders and not resource pools! You can separate your templates in any way that aligns with your business, technical, and governance needs.
8. Make use of the notes field for your VMware templates
Use the notes field in the properties of the template to record details relevant to the template. Notes may include software and versions, agents installed, and the date of patches pulled down.
9. Decide configuration included in your customization specification
Customization specifications can be used to finish out the automated process of deploying a template. You can decide how you want to configure the Windows Server in the customization specification. The possibilities include Windows domain join, network configuration, and one-off commands.
10. Use content library for VM template versioning
New with vSphere 7 is the functionality to version VM templates using the content library. Be sure to leverage this functionality with your templates as it allows checking these in and out for versioning purposes. You can learn more about this feature in my blog post here:
Hopefully these VMware Windows Server 2022 Template Best Practices will help to provide a few general best practices that can be used to successfully create a Windows Server 2022 template in a VMware vSphere environment. Windows Server 2022 contains many great new features and enhancements. Coupled with the newest vSphere features, your Windows Server 2022 templates can be more powerful than ever.