Updating Clones with Crowdstrike installed

I created a post for Sensor deployment in a Desktop Clone scenario, now, I wanted to cover the 2^nd aspect of desktop pools, updating them and keeping them current with the Crowdstrike sensors.

A quick overview of Virtual Desktop

Here are a few terms related to VDI. Blog from VMware. If you need more information on Instant Clones, Google is your friend…

Sensor update

When dealing with Desktop Virtualization, there are 2 scenarios where you should recommend controlling the Sensor version, i.e. build sensor update policies specifically for those. When a user logs off a Desktop Clone, any information that changed during that session is lost (outside of the user profile, if they use a profile management solution). So, a sensor version change or a channel file pushed, will be lost when the user logs off. That is also the reason you don’t want to have those desktop clones with a sensor update policy of N-1 or N-2, to avoid any potential sensor update that will end up being reverted back as soon as the user logs off.

You should also have specific groups for your Gold Master images (some call them reference images) and a different group for your Linked Clones or Instant Clones.

Of course, after setting these 2 group up, your customer will need to make sure they have good operational process in place to have a cadence of manually updating the sensor version for each of those group, making sure to update the Gold Master image group first.

In my environment, I created 2 groups.

1. Gold Master Images ß this contains all my master VMs for the environment, 3 in my case
2. VDI Instant Clones ß This contains all my clones

From a desktop virtualization perspective, for a production customer, there’s a strong chance you will need multiple groups for your Desktop clones, as they will most likely require different configurations or update sequence, based on the desktop type. I have seen customer being able to regroup a lot of their desktop types but rarely being able to do this within only 1 group, just because of the differences in the desktops config (i.e. software deployed on it, cadence of OS update and OS type).

A desktop pool of clones built in VMware Horizon or Citrix XenDesktop, will almost always follow a naming pattern, i.e. hostname will have a fix part and a number, in my lab, I used “Win10T-” + a number. This makes the group assignment dynamic and easy to setup. Customer should use dynamic assignment for their VDI groups.

Then, the Gold Master image group should be a manual assignment.

Example of a sensor update policy for my VDI Clones. Again here, the only thing the customer needs to make sure is to put in place a proper cadence update and make sure the sensor does not fall out of support. Making sure to update the sensor version on the master image group first, then the VDI clones and running through a recompose operation (which I cover later in this post).

Updating the master image

The Gold Master images are Virtual Machines that are usually shutdown and only booted when you need to update those images. So, in a lot of cases, these machines will be booted once a month, for Microsoft Patch Tuesday or shortly after that day to update the Operating System and potentially updating other software in that reference image.

I’m going to describe the ideal scenario and what we should encourage our customer to do. In some cases, you might not be able to get them to do the recommended steps and I’ll explain the drawbacks as well if they choose not to follow the recommended steps.

Updating Master image and launching a desktop pool recompose

1. Power On the Master image. Since this is an existing pool we want to update, the sensor will already be installed. Ideally, we want to recommend uninstalling the sensor. This will make sure that there are no duplicates in the UI, as even with the VDI Switch used, since this is a machine that has the sensor but on 2^nd or subsequent boot, it receives a new AID, you will get duplicates. Uninstalling the sensor will make sure you avoid this.
2. Install any Microsoft Patch or software you need to install or update at this point, including any reboot necessary.
3. Once all updates are done, Install the Crowdstrike sensor, whatever version the customer is up to deploying at this point and please be sure to make it match the version chosen in the Sensor Update policy for the Gold Master Image group. Also, please make sure to use the correct install switch, i.e. VDI=1. This is not a new pool but a recompose of an existing pool, so it is important to NOT USE the NO_START switch!!
4. We also want to tell the customer to leave the Gold Master image running for a bit, to make sure it checks-in properly and also receives all the channel files from the Crowdstrike cloud.
5. Shutdown the gold master image and take a new Snapshot

This is an example of what this will look like in VMware vSphere

6. Now, have them go in VMware Horizon or Citrix XenDesktop and complete the Recompose operation, based on the new snapshot taken.

This is an example of what it looks like in VMware Horizon (pool name is Win10Test), you schedule a maintenance operation

Here is the example of the recompose wizard in VMware Horizon, where you choose the new snapshot to use for the desktop pool

Once the customer has finished the wizard, the VMs will recompose, come back online and everything will be up to date!

Hope you found the above useful, both technologies work well together and it’s good to keep your VM’s up to date and secure 😉

• Crowdstrike
• desktop virtualization
• Instant-Clones
• VDI
• VMware