Based on the https://www.microsoft.com/en-ca/windows/windows-11-specifications?r=1#:~:text=System%20firmware-,UEFI,-%2C%20Secure%20Boot%20capable , we have gathered the following checklist and how-to to help deploying a new virtual machine running Microsoft Windows 11 with the ITS Private Cloud Command Line Interface aka vss-cli
:
Checklist
- CPU: at least 2 CPUs:
--cpu 2
- Memory: at least 8GB:
--memory 8
- Disk: at least 64GB:
--disk 64
- UEFI and Secure Boot:
--firmware efi
- Guest Operating System:
--os windows9_64Guest
- vTPM. vTrusted Platform Module (TPM) should be added to virtual instance.
--tpm
- VBS. Virtualization-Based Security enabled.
--vbs
Command Line Commands
Raw cli
With the following command you will be deploying a Windows 11 virtual machine with the parameters listed above.
vss-cli --wait compute vm mk shell \ --description 'Windows 11 VM' --os windows9_64Guest \ --memory 8 --cpu 2 --folder MyFolder --disk 64 \ --net CGN --iso Microsoft_Windows_11_Enterprise_version_21H2_64-bit_English \ --tpm --vbs --firmware efi --client Client \ --power-on Windows11VM
Another approach would be to use the vss-cli
deployment specification.
vss-cli
deployment specification
Create the following file:
built: os_install # Required: Do not remove. machine: name: Windows11VM # Required: Target virtual machine name. os: windows9_64Guest # Required: Guest Operating System name or Id. cpu: 2 # Optional: CPU count (Default: 1). memory: 8 # Optional: Memory in GB (Default: 1GB). folder: MyFolder # Required: Folder name, path or ID. storage-type: hdd # Optional: Storage Type to use for this VM. ssd or hdd disks: - capacity_gb: 64 # Disk capacity in GB (Default: 40GB). iso: dae52f28-4ae9-4492-8ca2-691809006867 # Optional: ISO name or path to mount upon creation. firmware: efi # Optional: Firmware to use: Either bios or efi (Default: bios). # Additional (Uncomment to enable) power_on: true # Optional: Power on after successful deployment. tpm: true # Optional: Enable vTrusted Platform Module Device. vbs: true # Optional: Enable Virtualization Based Security. # template: false # Optional: Mark resulting vm as template. # domain: # Optional: Domain name or ID to deploy (Default: provided by API). # VM extra configuration (Uncomment to enable) # extra-config: # - disk.EnableUUID="TRUE" networking: interfaces: - network: CGN # Required: Network name or network ID. type: vmxnet3 # Optional: Defaults to vmxnet3 # metadata required metadata: client: Client # Required: Client department # Required: Description of virtual machine description: Testing windows 11 deployment usage: Test # Optional: Usage between Prod | Dev | QA | Test (default: Test) inform: # Optional: list of additional contact email addresses (default: user account) - user@utoronto.ca # admin: # Optional: VM Administrator (Default: user submitting request) # name: # (Admin) Required: VM Administrator full name # email: # (Admin) Required: VM Administrator email i.e. user@utoronto.ca # phone: # (Admin) Required: VM Administrator phone i.e. 416-123-2341 # Recommended Metadata (Uncomment to enable) # notes: # Optional: list of key-value items to be set in Key: value form. # - BillingCode: 12345 # - Documentation: https://uoft.me/service-docs # vss_service: N/A # Optional: VSS Service name or service id # vss_options: # Optional: VSS options reset_on_restore, reboot_on_restore # - reset_on_restore # - reboot_on_restore
Save the file as
win11.yaml
and deploy it as follows:vss-cli --wait compute vm mk from-file win11.yaml
By using this method, you could replicate this deployment in the future.
Troubleshooting
If a step was missed, the Windows 11 installation process may display an error:
Please review all the steps outlined in the Checklist. Below are suggested steps to verify your virtual machine configuration using the vss-cli commands:
Verify the CPU cores (cpu) are 2 or more:
vss-cli compute vm get <VM_ID> cpu
Verify the memory (memory_gb) is 8GB or more:
vss-cli compute vm get <VM_ID> memory
Verify the disk space (capacity_gib) is 64GB or more:
vss-cli compute vm get <VM_ID> disk
Verify the firmware selected is efi
vss-cli compute vm get <VM_ID> firmware
Verify the Guest Operating System (guest.guest_id) is windows9_64Guest
vss-cli compute vm get <VM_ID> os
Verify there is a Trusted Platform Module (vTPM) configured with label, summary and key.
vss-cli compute vm get <VM_ID> tpm
Verify the Virtualization-Based Security (vbs_enabled) is enabled (True).
vss-cli compute vm get <VM_ID> vbs
Frequently, users overlook creating a Trusted Platform Module or enabling the Virtualization-Based Security setting. Here are steps to create them using vss-cli commands:
Create a Trusted Platform Module (vTPM)
vss-cli compute vm set <VM_ID> tpm mk
Enable Virtualization-Based Security setting
vss-cli compute vm set <VM_ID> vbs on
After completing the virtual machine update, please proceed to reboot the system..
References:
https://www.microsoft.com/en-in/windows/windows-11-specifications#table3