Provisioning for VDI systems
TA 4.8.0 and later introduced the ability to install TA in
Virtual Desktop Infrastructure (VDI) mode for solutions such as Citrix VDI, Microsoft VDI, and VMware VDI.
Installing the Agent in VDI mode on virtual images avoids the potential duplication of the
Globally Unique Identifier (GUID) each time a non‑persistent VM instance is started.
TA deprovisions the VM instance each time it's shut down. In addition, the ePO server stores the properties of the deprovisioned Agents in the database.
TA deployment methods
To deploy TA 5.x in VDI mode, use the following command (or add these switches to a deployment task that upgrades the agent):
framepkg.exe /Install=agent /enableVDImode
To install TA 5.0.x using a URL, the command is as follows:
TrellixSmartInstall.exe -v
IMPORTANT:
- Install switches aren't used during the TA deployment unless it's being upgraded. You can't convert TA to VDI using an Assigned Client Task if the version installed is the same as the version being deployed. The framepkg.exe and TrellixSmartInstall.exe methods listed above can be used to convert an installed agent to VDI mode (5.x and later).
- Frminst.exe doesn't convert an installed agent to VDIMode.
- If you upgrade TA using either the framepkg.exe file or an ePO task with no switches, VDI mode is removed from the agent.
Overview of TA deployment flow on VDI systems
The following is a brief overview of the TA deployment flow on VDI systems:
- Make sure that there's no reference to the VDI system (Computer name or fully qualified domain name [FQDN]) listed in the ePO System Tree.
- Start the VDI system.
- Install TA using the command lines referenced above.
The VDI system connects to ePO for the first time.
- ePO creates a record for the system in the ePO database with VDI mode enabled.
- When the VDI system shuts down, the Agent sends a specific event to ePO (AgentUninstResponse).
When ePO receives this event, it deprovisions this node by updating the record in the database appropriately and sets the public key to NULL. Deprovisioned nodes remain in the System Tree permanently.
- Start the VDI system again.
The agent generates a new AgentGUID if it was removed in the primary image.
- If the AgentGUID isn't removed on the primary image, the agent regenerates the AgentGUID anyway because it detects a hardware change (image mounted to new virtual machine).
- The agent communicates with ePO, and ePO searches for a record with the Computer name / FQDN in the database.
- ePO requests the public key from the agent. It does so because it's set to NULL in the database as part of deprovisioning.
- TA sends the public key as requested.
- ePO sends back the old AgentGUID (reported by the agent when it communicates with ePO for the first time).
- The agent changes the AgentGUID from the original value to a new value sent by ePO.
The TA now communicates with ePO using the old AgentGUID.
- ePO updates the existing record for the system in the database.
For a related article, see
KB88533 - Trellix Agent deployment flow to VDI-mode systems.