P2V for end-user scenarios?

I am definitely far from gadgets fan, and new things reach me last;) But finally I decided to upgrade my laptop from Vista to Win7. Vista is a disaster of an OS, but since I do not like reinstallations, I managed to tune it so it worked. A notebook is my tool, just like a hammer:0 so I didn’t bother until I had to: I simply had to run a VM from Windows Virtual PC (which runs only on Win7 and is not backwards compatible with VPC2007).

Since I work in DELL, and to have access to mail (except OWA) I need a domain joined laptop I had figured out such configuration: I will install physical machine from corporate DELL image, P2V this to a VM, and run my corporate VM on  Win7 x64 workgroup computer (I don’t like all these agents, scripts and policies;))

I had to install on physical first, because DELL does not allow joining to domain non-corporate images, and moreover has a strict policy on hardware – to user binding via the service tag. Its not possible to install the image directly in a VM – it will attempt to read a service tag. All this is performed by SCCM Task sequences (looking at it from end-user perspective it must be huuge..).

Anyway the process looked easier then it was in fact, but I finally managed. This is how it went – in case you ever stumble upon such issues it may be handy:

  1. Install Win7 on physical machine. Lengthy but easy process, Dell IT automated.
  2. Disconnect the machine as soon as possible from the network so that the safeboot agent does not have enough time to get pushed and encrypt the drive.
  3. P2V using a great sysinternals tool disk2vhd:Disk2vhd. I love their tools for their simplicity.
  4. The VHD created is a dynamically expanding VHD with max size that of original physical disk.
  5. Attempting to start the VM in Windows Virtual PC failed. The IDE bus implemented there supports disks only up to 127 GB (mine was 136). That limitation is not present in Hyper-V.
  6. I tried using VHDResizer. No luck. Again this seemed not to support such large files.
  7. So I mounted the VHD under Win7 – YES, you can do that now out of the box in Win7. And shrunk the LOGICAL partition below 127GB.
  8. I still could not start the VM in Windows Virtual PC, but I managed to use VHDResizer to resize the VHD to the amount I specified when shrinking the logical partition.
  9. Now I could start the VM, but… “OS boot could not be found”.
  10. A Windows repair (insert Win7 DVD iso, boot VM, do a repair) finally helped (I think shrinking the logical volume caused deletion of some boot information – which is fixed with bcdedit by the repair action automatically).
  11. Finally clean up physical devices from devmgmt.msc so that the VM boots faster: VMware KB Article.
  12. Ta..da.. in the end I can have my desired setup: separated VM for corporate stuff, boots much faster, encrypt all with BitLocker.

I am longing to see a day when IT will really be easier than THAT. However I sense that soon we will have bare metal hyper-visors on desktops, so that your WORK, HOME vms do not interfere and you can use one HW for many purposes. That is a solid security boundary, however I am in doubt when I see that I can save a report in IE to PDF on my HOST, without having Acrobat Reader installed there (by using the instance in my VM). This is a fascinating approach, but gives me some security shivers (imagine a virus – how easy can it then spread from your VMs to host…)

Advertisements

~ by alipka on October 14, 2009.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: