Requirements and considerations for using Aurora Protect Desktop on virtual machines

Item

Requirements or considerations

Supported enterprise virtualization technologies
  • Azure Virtual Desktop multi-session environment (validated with Aurora Protect Desktop 3.3.x and Aurora Focus 3.3.x)
  • Microsoft Hyper-V
  • Windows 11 Enterprise multi-session
  • Windows 10 Enterprise multi-session
  • Citrix XenDesktop
  • Citrix VDI (validated with Aurora Protect Desktop 3.2.x and Aurora Focus 3.3.x)
  • VMware Horizon/View
  • VMware Workstation
  • VMware Fusion

Non-persistent virtual machines

A non-persistent VM is deleted when the session ends and is replaced with the same gold image. When a new VM is created, the Aurora Protect Desktop agent registers the VM with the management console, resulting in duplicate devices registered for what should be the same endpoint (older registrations are treated as offline duplicate device records that never come back online).

Use one of the following installation parameters when you install the Aurora Protect Desktop agent on the gold image to prevent the duplicate registration of the same VM device:
  • VDI=1: The value of 1 determines the virtual machine should use VDI fingerprinting instead of the default agent fingerprinting mechanism. Duplicate devices are not registered when the agent uses VDI fingerprinting.
  • AD=1: This parameter works the same as VDI=1. The agent will use VDI fingerprinting on the gold image and for any images that you create from the gold image.

We recommend that you enable the DLCM feature to avoid having many offline devices that never come online.

Memory protection and script control features
Consider the following before you enable memory protection and script control features in a VDI environment:
  • Both features use process injection to identify and block unwanted or unauthorized code. Plug-ins, tools, or DLLs in virtualized environments may cause adverse effects, so you should test memory protection and script control options before you deploy them to production workstations.
  • It is a best practice to test memory protection options in alert only mode and make more stringent device policy changes from there. If the system becomes unstable, you can turn off memory protection.
  • If system conflicts or instabilities occur, as a failsafe option, you can enable compatibility mode for memory protection.
  • See KB 42221149807387 to review known incompatibilities for memory protection and script control for Aurora Protect Desktop 1580 and later.

Device lifecycle management (DLCM) and Gold Image templates for virtual machines

When the DLCM feature is enabled, devices that remain inactive for a specified period are automatically removed from the console and de-registered. This could present an issue for devices used as Gold Image templates, which are typically used to create new virtual machines (VMs). If a device that is used as a Gold Image template is removed due to inactivity, it is not listed in the Devices screen and any newly created VM that uses this template is de-registered when it comes online. This prompts the new VM to request an installation token, potentially disrupting its provisioning process.

These are some important considerations when using Gold Image templates:

  • Gold Image template devices must be excluded from the DLCM process to prevent them from being automatically removed from the console and de-registered. This ensures that the templates remain available for use to create VMs and successfully provision them as soon as they come online.

  • If a Gold Image template device is accidentally removed from the console, it will need to be recreated and re-registered to restore its availability and purpose for provisioning new VMs.

Option to disable the agent UI

You have the option to disable the Aurora Protect Desktop agent UI to conserve overall system resources. For more information, see Windows installation parameters.

Known issues

To review the issues reported when running the Aurora Protect Desktop agent in a virtual environment, see KB 42221188865819.