Save to My DOJO
Unless in very specific use cases, every organization running a VMware infrastructure includes deploying virtual machines such as Windows Server 2022 as part of their operations in order to provide businesses with the resources they need. The easiest way to ensure both fast and efficient delivery is through the use of virtual machine templates. Instead of creating a new virtual machine, mount the ISO, install Windows Server 2022 and the usual software on top of it; deploying from a template will allow you to skip these steps and get ready in minutes.
In this article, we will demonstrate how to create a Windows Server 2022 template with a few best practices. Note that you can go further by leveraging tools such as vRealize Automation, Terraform and other automation solutions.
What VMware Admins Need to Know About Windows Server 2022
First and foremost, let us start by having a quick look at the main enhancements brought by Windows Server 2022 release date: September 2021.
- Secured-core server: Advanced protection achieved with Hardware TPM 2.0, protected firmware and Virtualization-based Security (VBS). Note that it requires certain OEM specifications and capabilities.
- System-Guard: Windows Defender feature that helps defend end-user PCs against the likes of rootkits and bootkits.
- Windows Admin Center replaces the old Server Management console (which still exists).
- Windows Server 2022 Azure Edition Hotpatching: A new way of installing Windows updates in Windows Server Azure Edition virtual machines that do not require a reboot after installation.
- Windows Server Azure Edition: A version of Windows Server 2022 that is designed to run as a VM within Microsoft Azure or on top of Azure Stack HCI on-prem.
- No more free Hyper-V Server: After 13 years, Microsoft declared the end of the free Hyper-V and Azure Stack HCI as the way forward. Not everyone was pleased with that.
- MsQuic: Microsoft’s QUIC implementation which will power HTTP/3 and improve SMB file transfers
Note that we only skimmed the surface of the main changes here, for more details on Windows Server 2022, check out our dedicated articles on the DOJO Hyper-V Section:
How to Download and Install Windows Server 2022
The first step in creating a template is to download the Windows server 2022 iso and install it on a new virtual machine.
Browse to the Windows Server 2022 download link, Check Download the ISO and click Continue. You don’t need an account or anything else to download the Windows Server 2022 ISO.
“Windows Server 2022 download to prepare the template VM”
Note that if English is not your preferred language, you can download the new Languages and Optional Features ISO to add language packs.
Windows Server 2022 still comes with an evaluation period that expires in 180 days like previous versions.
The installation process is similar to any other Windows Server. Create a new virtual machine, mount the ISO, boot on it and install Windows Server 2022. In this example, we install Desktop Experience.
Creating a Virtual Machine Template
To create a template, you first need to provision the virtual machine on which you will install Windows Server 2022. Here are a few things to consider when doing so:
- Disk types (thin or thick): What is your company policy when it comes to disk types? Thin provisioning is the go-to choice for many but you may have to configure this otherwise.
- SCSI Controller: LSI Logic
- vCPU and Memory allocation: Capacity planning and resource allocation has always been a tricky problem to tackle for vSphere Admins. It is recommended to provision your template with the minimum requirements. That way you ensure new VMs are not oversized when the resources aren’t tuned. 4GB of RAM and 2 vCPUs (2 sockets x 1 core) is usually the recommended choice for mixed workload setups.
- VMXNet3: Set the network card of the virtual machine to VMXNET3 which offers better performance than E1000.
“VMXNET3 network controllers offers better performance than E1000”
- VMware Hardware Level: Consider the compatibility level of the VM and using EVC to ensure compatibility. This will be an “it depends” type of thing but you usually want to use the level of the oldest host (across cluster or not, that’s for you to decide).
- Remove unused devices: It is recommended to remove virtual hardware devices that won’t be used by most VMs such as Floppy, Serial, parallel…
- IP address: It is best to configure the server with DHCP or put it in a non-production network to avoid the risk of an IP duplicate with a production VM.
Additionally, you can check our blog from a few years back about creating vSphere VM templates.
Considerations for Template Creation
How specific should the template be?
There are several approaches to maintaining VMware templates:
- Some prefer a limited number of templates that are as generic as possible with a configuration that is common to all workloads in the environment. Easier maintenance but more post-deployment tasks.
- Others have multiple templates tailored to different types of workloads. More overhead to maintain but less post-deployment tasks.
In this article, we will demonstrate the first choice as it is what will work for most readers.
Do not join the template to AD
This question pops up every so often on forums or Reddit. The answer is no, you shouldn’t join your template to Active Directory. This step should be performed when deploying new servers, in fact, it is part of the Customization Specifications.
You may need to temporarily join the template to AD to receive the updates from WSUS or SCCM but you should take it out once it is done.
Should I Sysprep my VMware template
There is no need to Sysprep your Windows Server 2022 installation as it can be done during the deployment process as part of the customization spec if you use it.
“Customization Specs can run Sysprep on deployed virtual machines automatically”
Preparation of the Windows Server 2022 Template
Once the OS is installed on the VM, we can start preparing it. Your mileage may vary here but the following steps should apply to most environments.
1 – VMware Tools
The first thing to do after you install Windows Server 2022 is to install the VMware Tools to ensure the best performance. VMware Tools include drivers for the virtual hardware (VMXNET3, paravirtual…) as well as memory reclamation mechanisms, tighter integration with vCenter, better mouse support and so on.
“Installing the VMware Tools is one of the first things to do for a new machine”
Installing the VMware Tools is very easy and requires a restart of the virtual machine. Find the procedure on how to install the tools in our complete guide on the topic.
You may also want to enable “Check and upgrade VMware Tools before each power on” to ensure they are automatically up to date.
“Check and upgrade VMware Tools before each power on keeps your VM Tools up to date”
2 – Windows Update
You will find this recommendation in every single blog and documentation out there because it is an important one.
Although your machines are most likely managed by WSUS or SCCM, keeping the Windows Update as recent as possible in your templates will minimize the post-deployment time overhead of downloading updates, installing them and rebooting Windows Server 2022 several times.
“Ensure that there are no available updates for Windows Server 2022 before you turn it into a template”
3 – Other Windows Settings
Note that some of these may very well be replaced by your organization’s policies but they may prove valuable.
You can go in Server Manager and disable IE enhanced Security Configuration for both administrators and users. You may also want to check that the correct Time Zone is configured.
You can also go in the Diagnostics & Feedback settings to disable everything and set the Feedback frequency to Never. While you’re at it you can also click on Inking & Typing personalization and disable it.
Then open the Control Panel by typing Control panel in the execute window (Win+R) and set the Power options to High Performance.
4 – vTPM and Secured-Core server (Optional)
We mentioned earlier that a new feature of Windows Server 2022 is a Secured-core server. Although this is not fully taken advantage of yet, you may want to prepare your VMs for it if you run a highly secured environment.
In order to do so, you will need to enable virtual Trusted Platform Module (vTPM) on your template. Note that several requirements exist to enable it.
5 – VMware OS Optimization Tool (Optional)
If you want to go as far as you can in the preparation and optimization of the OS you install in your template, you can have a look at VMware OS Optimization Tool. Although it is aimed at Horizon desktops, it can be leveraged regardless.
This used to be a Fling used to tune VMware Horizon golden images which made its way in the final product (productized). It even includes a companion Microsoft Deployment Toolkit plugin since June of 2021.
Keep in mind that many of the changes you make using the VMware OS Optimization Tool may be overridden by your organization’s GPO (Group Policy Object).
“VMware OS Optimization Tool is a great tool to optimize Windows Server 2022”
6 – Tools you may want to consider installing
This step is very much specific to everyone’s own environment as not all organizations use the same tools. Note that you should try and keep your templates as lean as possible and avoid cluttering them with the likes of 7-Zip, Notepad++ etc… These are fine for client OSes such as Windows 11 but shouldn’t really be installed on Servers.
The usual software that is found in templates must be common to all workloads, such as:
- Windows Admin Center
- Monitoring agents
- Antivirus agents
- Inventory agents
Automate Template Creation with Packer
Packer is an application distributed by Hashicorp that gives IT Pros the ability to automate their VM template builds in order to save time and enforce compliance. You can refer to our dedicated blog on the topic to learn more about it.
Organization is key
Whether you are the best in your field or a beginner, everyone will agree that documentation and organization is the key to smooth operations. You can make your life and your colleagues easier with a few simple steps.
Add notes to Template
It is best practice to keep notes of what was done by who on a specific template. For instance, you may want to add the date of the latest change, what was done, the user who performed the operation…
That way you will know when a template needs updating if it hasn’t been done in a long time.
“VM Notes help keep track of changes and improve teamwork”
Use the vSphere Content Library
Instead of keeping your templates and ISOs in VM specific folders with no version tracking, it is recommended to use vSphere Content Libraries. There are several benefits in leveraging the Content Library feature:
- Operators can deploy VMs from a single pane where all templates are maintained and consolidated.
- Other vCenter instance, either local or remote, can subscribe to a published library. That way the resources are kept up to date across the board.
- Better change tracking and versioning if the feature is used correctly.
“The vSphere Content Library is a great way to manage templates and ISO files”
You may also want to keep a windows server 2022 ISO in there for when you need to add features to a server.
Use customization specifications
Unless you use another mechanism to deploy you workloads, it is highly recommended to leverage Customization Specifications to configuration the new VM as part of the deployment process.
This will save you a lot of time and avoid errors down the line. You can also check out our blog on how to create a GUI tool to deploy VMs with PowerCLI.
To protect your VMware environment, Altaro offers the ultimate VMware backup service to secure backup quickly and replicate your virtual machines. We work hard perpetually to give our customers confidence in their backup strategy.
Plus, you can visit our VMware blog to keep up with the latest articles and news on VMware.
Are VMware Templates for Windows Server 2022 Worth it?
Windows Server 2022 brings a lot of value, especially to companies leveraging cloud services or hybrid cloud implementations. While the trend adopted by software vendors is to move their management plane to the cloud, IT departments will still be deploying virtual machines in their environment and Windows Server 2022 will be no exception.
While automation takes many forms in the current IT landscape with various self-provisioning tools getting more and more sophisticated, moderate size organizations cannot always afford to go to these lengths. In such instances, maintaining healthy IT hygiene requires ensuring that Windows Server 2022 templates are kept up to date and follow best practices. It can take a bit of time but it’s definitely worth it in the long run especially if you’re frequently spinning up new VMs.
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!