What will happen if you combine two great Automation Tools like Ivanti Automation and Chocolatey for your golden image deployment?

The answer is quit simple; Fast and consistent golden image deployment with the latest software included.

In this blog I will try to explain what the products are and how they can be used.

What is a Golden Image?

A Golden Image is a pre-configured template for a Server Based Computing (SBC), Virtual Desktop infrastructure (VDI) or Desktop-as-a-Service in the cloud (DaaS) environment. That template basically consists of a operating system, applications and settings. A golden image may also be referred to as a clone image, master image, or base image. A big advantage of using Golden Images is that it can save time and provides consistency. When performing manual installations, inconsistencies between workplaces will occur over time.

Another benefit is that new versions of the operating system can easily be tested for compactibility.

What is Ivanti Automation?

Ivanti Automation streamlines the management of complex hybrid IT environments by automating infrastructure, cloud and workplace processes. In addition to the Identity Management portfolio, Ivanti Automation now also integrates with the entire Ivanti IT product portfolio for operational security, unified endpoint management, IT asset management, service management and third-party technologies.

With Ivanti Automation, organizations can:

  • Automate routine configurations, provision and upgrade with over 300 built-in automation tasks.
  • Significantly reduce the time it takes to fulfill requests and resolve incidents by eliminating the need to wait for human availability and decide to take necessary actions.
  • Simplify management of complex hybrid environments by quickly creating powerful, sequential runbooks.
  • Mitigate risk and improve security through predictable and audit-friendly processes that enforce policies and help prevent human error.

What is Chocolatey?

Chocolatey is a software management automation solution for Windows that wraps installers, executables, zips, and scripts into compiled packages.

Chocolatey works with over 20+ installer technologies for Windows, but it also gives you the flexibility to manages files and folders you would normally (x)copy (like runtime binaries and zip files) as part of your software packages, registry settings and configurations.

Chocolatey builds on these familiar technologies:

  • PowerShell
  • Unattended installations

Let’s combine

In this case Ivanti Automation will be used to automate and simplify the creation of the Golden Image for a Citrix Virtual Apps (XenApp) environment. During the build of the Golden Image, the best practices for both Citrix and Microsoft will be used, including the optimization of the operating system,for optimizing performance and user experience.

Chocolatey will be used to simplify the automated installation of the applications in the Golden Image. Chocolatey wil install a set of applications and will be on the latest stable possible version. Because Chocolatey is built on top of the NuGet infrastructure, that means you can install packages from Chocolatey.org, NuGet.org, MyGet.org, file shares, directories, custom feeds and from private feeds. That way you can set up your own (private) server with more company specific packages.

For publicly available packages, copyright ensures that there are no binaries embedded in packages, so Chocolatey can download from distribution points and check these binaries.

Here we go

Quick overview of my lab environment:

  • Citrix Hypervisor 8.2 CU1
  • Citrix Virtual Apps and Desktops (CVAD) 2203 LTSR
  • Ivanti Automation 2022.1 (10.18.0.0)
  • Image management for the Citrix environment is Machine Creation Services (MCS)
  • Operating System Golden Image VM is Windows Server 2022 Standard

First let’s create the Modules for Chocoletey in Ivanti Automation. I’m not going to discuss the other Modules I use for this Golden Image because that’s that is not relevant to this blog. I’ve imported some building blocks that I’ve created and saved in my personal archive.

 
PowerShell Script – Install Chocolatey Agent  

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iwr https://community.chocolatey.org/install.ps1 -UseBasicParsing | iex		PowerShell Script – Allow Global Confirmation  

choco feature enable -n allowGlobalConfirmation

The AllowGlobalConfirmation feature ensure to not be bothered with confirmation prompts when instaling a package, it’s wise to set this option globally.

choco install fslogix
choco install jre8
choco install adobereader
choco install microsoft-edge choco
choco install 7zip
choco install notepadplusplus
choco install citrix-workspace –params ‘/noreboot /silent ALLOWSAVEPWD=N ALLOWADDSTORE=N /AutoUpdateCheck=Disabled EnableCEIP=false’ choco install winscp.install
choco install filezilla
choco install vlc
choco install slack
choco install irfanview

Wrap some Modules together in Projects. Installing Windows Updates with a PowerShell script takes place as a final step in the Project “2. Golden Image Build”.

The next step is creating a Run Book from those Projects.

The final step is running this Run Book and check if everything went well and Windows Updates en applicaties are installed.

🗸Check Windows Updates are Installed

🗸Check Applications are Installed

Conclusion

Patching can be a challenge and difficult to manage but combining Ivanti Automation with Chocolatey, your Golden Image is optimized, fully patched with Windows updates and is provided with the latest applications versions. Automation is not the solution to tackle all patching risks but it will reduces it and provides consistency. Last but not least for an IT admin it makes life so much easier!