Q: How can I easily maintain a virtual machine image that I can patch without having to do offline patching and using other tools for Hyper-V?
A: In a virtual environment, it's always desirable to have a template virtual machine (VM) image that can be deployed to newly created VMs. Initially this VM template will be created by installing the OS into a VM, patching it, customizing it and then running SYSPREP to enable the VM to be duplicated.
A month later, however, you will likely want to patch that template rather than deploying the VM template, and then have to apply 200MBs of patches. I've previously written FAQs about how to offline patch VM VHD and WIM files with the major one available at Windows IT Pro. I also created a video walking through the process.
People were still asking if there is a way to just maintain a VM live, which can then be used as an updated template.
The typical problem is that to use a VM as a template, you have to run SYSPREP--and you can only run SYSPREP three times typically (although there are rearm processes to extend this).
But we don't want to SYSPREP an image, then a month later start the image, patch it, then SYSPREP it again, and so on. It's very messy and won't work for very long.
Instead, there is actually a fairly simple process which I've outlined below. I also created a video that walks you through the entire process.
- Install your desired OS into a VM.
- Patch the VM, customize it, and so on, but don't join it to a domain or do any machine-specific customizations.
- Shut down the VM.
- Create a snapshot, then rename the snapshot to something like "Pre-SYSPREP."
- Start up the VM again.
- Run the SYSPREP process in the VM and select the option to shut down the VM after SYSPREP.
- Currently the VM will consist of two VHD/VHDX files (one is a differencing disk because of our earlier template), and we don't want our template to have a differencing disk, so we will create a post-SYSPREP snapshot. Once the VM has shut down, create a new snapshot and name it "Current."
Now export out the post-SYSPREP snapshot using PowerShell:
Export-VMSnapshot -VMName Srv2012DCTemplate -Name 'Current' -Path D:\VHDs\
- From that export folder, take your new, single VHD/VHDX file-- and that is your template!
- Now we just need to prepare the VM for the next set of updates in a month's time, so we need to roll back the SYSPREP action.
- Delete the "Current" snapshot.
Right-click the "Pre-SYSPREP" snapshot, and select Apply, which will now roll back the VM to the pre-SYSPREP state. You will be asked if you want to take a snapshot before applying the snapshot-- just click the Apply button again.
- Select the Pre SYSPREP snapshot and delete it. It is no longer needed.
Your VM template VM is now ready to be patched again in a month's time, as that SYSPREP operation essentially never happened. In a month's time you would repeat steps 2 to 13 and they would be repeated every time you make any change to the template. This way you save all the updates you make but never maintain that SYSPREP operation.