Configuring the Perfect VM

By CIOReview | Thursday, August 24, 2017

With all organizations deploying virtual machines at an ever-increasing rate, the use of image-based VM deployments has become common. This helps in quick, consistent, and efficient creation of new VMs. It is necessary to consider the anatomy of a VM image as any VMs that are created from it will be the perfect clones of the image. So, it is important for the VM image to meet the organizational needs. However, practically, it is a difficult task to accomplish.

Often, the created image is used by the IT staff to generate new VMs. The improper VM configurations can be confirmed once those VMs are put into production. Therefore, the IT staff keeps on creating a new VM image for generating new VMs until the correct VM image is formed.

Although this trial and error approach for creating the VM images is time consuming, organizations must spend some time to note down the requirements of the image. This can increase their odds of creating a good VM. Even though every organization will have unique needs for their VM images, one of the most overlooked processes of the VM creation is to enable VMs which are generated from remote management images.

Settings for Windows Firewall

One of the primary considerations to be done is checking the windows firewall settings. Depending on organization to organization, there are many firewall ports that need to be unblocked or opened for a proper functioning of the VMs.

According to Microsoft’s recommendation, configuration of firewall settings must be carried out at the group policy level. Although group policies must be used to control firewall settings, it has proven to be equally important to practice in-depth defense and therefore organizations must take time for local security policy configuration which will ensure the effectiveness of the firewall settings before even the security policies are downloaded from the Active Directory. Alternating, organizations can choose to manually configure the firewall before creating the image.

Patch Management Technique

It is highly recommended to fully patch the referenced computer before generating a VM image during the process of image creation. This step will help organizations in saving time and also reduce the number of patches that need to be applied to the created VMs. It will also prevent containing gaping security holes in new VMs when they are brought up online. Although patch management might not correspond to the workings of remote VM management, but some security patches may improvise in the security of remote management sessions—depending on the patches that are current present in it.

Working with PowerShell Remoting

Like patch management, PowerShell remoting is also used by many organizations to manage their VMs. If an organization plans to use this alternative with their VMs, they can enable the WinRM service. They can then enter the Enable-PSRemoting –force command by opening a PowerShell window.

Enabling Enhanced Session Mode

Using Enhanced Session Mode can be beneficial in a Hyper-V environment while getting connected to VMs. This is because it allows the IT teams to make use of local resources during VM interactions. VMs cannot be preconfigured for using Enhanced Session Mode as most of the configurations are done at the Hyper-V level. Hence, the VMs must be running a supported operating system like Windows Server 2012, Windows Server 2012 R2, Windows 8, and Windows 8.1 if the organization plans to use Remote Session Mode. Also, within the guest OS, Remote Session Mode must be enabled as well.

VM is creation is one of the trickiest aspects in the virtual environment. Hence, there are certain processes to be followed to improve the odds of the VM images to meet the needs of the organization. One such possibility is to configure the image that will allow for the eventual remote management of VMs.