View Source

Based on the https://www.microsoft.com/en-ca/windows/windows-11-specifications?r=1#:~:text=System%20firmware-,UEFI,-%2C%20Secure%20Boot%20capable , we have gathered the following checklist and how-to to help deploying a new virtual machine running Microsoft Windows 11 with the ITS Private Cloud Command Line Interface aka vss-cli:

Checklist

CPU: at least 2 CPUs: --cpu 2
Memory: at least 8GB: --memory 8
Disk: at least 64GB: --disk 64
UEFI and Secure Boot: --firmware efi
Guest Operating System: --os windows9_64Guest
vTPM. vTrusted Platform Module (TPM) should be added to virtual instance. --tpm
VBS. Virtualization-Based Security enabled. --vbs

Command Line Commands

Raw cli

With the following command you will be deploying a Windows 11 virtual machine with the parameters listed above.

vss-cli --wait compute vm mk shell \
--description 'Windows 11 VM' --os windows9_64Guest \
--memory 8 --cpu 2 --folder MyFolder --disk 64 \
--net CGN --iso Microsoft_Windows_11_Enterprise_version_21H2_64-bit_English \
--tpm --vbs --firmware efi --client Client \
--power-on Windows11VM

Another approach would be to use the vss-cli deployment specification.

`vss-cli` deployment specification

Create the following file:

built: os_install         # Required: Do not remove.
machine:
    name: Windows11VM         # Required: Target virtual machine name.
    os: windows9_64Guest           # Required: Guest Operating System name or Id.
    cpu: 2                # Optional: CPU count (Default: 1).
    memory: 8             # Optional: Memory in GB (Default: 1GB).
    folder: MyFolder      # Required: Folder name, path or ID.
    storage-type: hdd     # Optional: Storage Type to use for this VM. ssd or hdd
    disks:
       -  capacity_gb: 64          # Disk capacity in GB (Default: 40GB).
    iso: dae52f28-4ae9-4492-8ca2-691809006867           # Optional: ISO name or path to mount upon creation.
    firmware: efi         # Optional: Firmware to use: Either bios or efi (Default: bios).
# Additional (Uncomment to enable)
    power_on: true         # Optional: Power on after successful deployment.
    tpm: true              # Optional: Enable vTrusted Platform Module Device.
    vbs: true              # Optional: Enable Virtualization Based Security.
#   template: false        # Optional: Mark resulting vm as template.
#   domain:                # Optional: Domain name or ID to deploy (Default: provided by API).
# VM extra configuration (Uncomment to enable)
# extra-config:
#  - disk.EnableUUID="TRUE"
networking:
    interfaces:
       -  network: CGN    # Required: Network name or network ID.
          type: vmxnet3   # Optional: Defaults to vmxnet3
# metadata required
metadata:
    client: Client       # Required: Client department
  # Required: Description of virtual machine
    description: Testing windows 11 deployment
    usage: Test           # Optional: Usage between Prod | Dev | QA | Test (default: Test)
    inform:               # Optional: list of additional contact email addresses (default: user account)
       -  user@utoronto.ca
#  admin:                  # Optional: VM Administrator (Default: user submitting request)
#    name:                 # (Admin) Required: VM Administrator full name
#    email:                # (Admin) Required: VM Administrator email i.e. user@utoronto.ca
#    phone:                # (Admin) Required: VM Administrator phone i.e. 416-123-2341
# Recommended Metadata (Uncomment to enable)
# notes:                  # Optional: list of key-value items to be set in Key: value form.
#   - BillingCode: 12345
#   - Documentation: https://uoft.me/service-docs
#    vss_service: N/A        # Optional: VSS Service name or service id
# vss_options:            # Optional: VSS options reset_on_restore, reboot_on_restore
#   - reset_on_restore
#   - reboot_on_restore

Save the file as win11.yaml and deploy it as follows:
vss-cli --wait compute vm mk from-file win11.yaml
By using this method, you could replicate this deployment in the future.

Cloud Portal UI

Starting from version 1.10.2, Cloud Portal introduces the capability to create virtual machines equipped with Windows 11. It's crucial to ensure you carefully select the appropriate operating system, ISO image, and activate both Trusted Platform Module and Virtualization-based Security for optimal performance and security.

CleanShot 2024-03-21 at 11.53.01-20240321-155500.png

Troubleshooting

If a step was missed, the Windows 11 installation process may display an error:

Please review all the steps outlined in the Checklist. Below are suggested steps to verify your virtual machine configuration using the vss-cli commands:

Verify the CPU cores (cpu) are 2 or more:
vss-cli compute vm get <VM_ID> cpu
Verify the memory (memory_gb) is 8GB or more:
vss-cli compute vm get <VM_ID> memory
Verify the disk space (capacity_gib) is 64GB or more:
vss-cli compute vm get <VM_ID> disk
Verify the firmware selected is efi
vss-cli compute vm get <VM_ID> firmware
Verify the Guest Operating System (guest.guest_id) is windows9_64Guest
vss-cli compute vm get <VM_ID> os
Verify there is a Trusted Platform Module (vTPM) configured with label, summary and key.
vss-cli compute vm get <VM_ID> tpm
Verify the Virtualization-Based Security (vbs_enabled) is enabled (True).
vss-cli compute vm get <VM_ID> vbs

Frequently, users overlook creating a Trusted Platform Module or enabling the Virtualization-Based Security setting. Here are steps to create them using vss-cli commands:

Create a Trusted Platform Module (vTPM)
vss-cli compute vm set <VM_ID> tpm mk
Enable Virtualization-Based Security setting
vss-cli compute vm set <VM_ID> vbs on

After completing the virtual machine update, please proceed to reboot the system..

References:

https://www.microsoft.com/en-in/windows/windows-11-specifications#table3

https://kb.vmware.com/s/article/86207