Provisioning Services (PVS) solves many of the existing problems of datacenter and desktop administrators by reducing the number of unique images that need to be managed. Rather than dealing with application installs, conflicts, patches and errors on hundreds of different servers and/or desktops, they can deal with a single streamed golden image that remains pristine regardless of the changes made by users. 

However, even though this new approach solves many of the issues that have been plaguing IT administrators for years, a new concern comes up. In my role on the Consulting Solutions team, I’ve been asked the same question by clients and coworkers alike: “If I have a pristine, unchangeable image, how do I deal with antivirus updates and patching?”

The admin guide (page 109) gives detailed instructions on how to do exactly that. It goes, on a high level, something like this:

  • Load a machine with a copy of the production vDisk in private mode
  • Make your updates
  • Shut it down and put it into standard mode
  • Finally, increment the version number

It’s simple, and the process is easy to do manually – if you only have to add updates to a single vDisk every once in a while, then there’s no problem. However, Microsoft comes up with security updates on an almost weekly basis, and new anti-virus definitions come out nightly – most companies aren’t comfortable leaving machines unprotected for extended periods of time, and IT administrators don’t want to spend time doing a manual, repetitive task on a daily basis. Add in a few different vDisks for different workloads, and this can quickly grow into a time consuming process. How do we reduce the time-cost of keeping vDisks fully updated?

Enter Workflow Studio. Workflow Studio (WFS) is designed to reduce repetitive tasks into easy-to-manage workflows that can be run either on-demand or on a scheduled basis. Using Workflow Studio and PVS’s built-in CLI, we’re able to create a script that automates the entire process of updating vDisks, allowing for easy nightly or weekly scheduling with less chance for human error.

In order to be device/hypervisor agnostic, the script utilizes an always-on machine designated as an “update” machine, which allows PVS to use its own functionally to restart the machine when necessary. Updates can come in and automatically be implemented during the course of the day or week, and applications can be added or removed by any vDisk admin. Then, at the scheduled point or on a manual call, the script shuts down the server, makes a copy for future updates, and switches out the disks using the Auto-Update feature. After the next reboot, desktops will switch to the newest disk, no additional manual intervention required.

Additionally, the “update” machine can be given a “personality” that then executes scripts inside the image that aren’t run on other machines – such as perhaps automatically copying files from a share, or enabling Microsoft’s Auto-Update, or any number of other actions. Workflow Studio is a component of making the script function appropriately, and it has the added benefit of allowing role-based access to the Workflow, as well as built-in scheduling. However, if Workflow Studio cannot be deployed, then the components of the script can be broken apart and used solely with Windows Scheduler.

Grab the script at the Citrix Developer Network. If you have questions, comments, or ideas for improvement, leave me a comment or ping me on Twitter @mcbogo.

Michael Bogobowicz
Senior Consultant @ Citrix Consulting Solutions