Using a Windows Image
To create a desktop pool using Windows, you must bring your own license.
- Oracle provides general purpose Windows base images that are pre-configured for use with Secure Desktops. Open a service request to request one of these images. For more information, see Supported Images.
- OCI does not provide images or licenses for Windows 10 or Windows 11. To use a Windows image, you must comply with your Microsoft license agreement. See Microsoft Licensing on Oracle Cloud Infrastructure.
Importing Custom Windows Images
The Compute service enables you to import Windows images that were created outside of Oracle Cloud Infrastructure. For example, you can import images running on your on-premises physical or virtual machines (VMs), or VMs running in Oracle Cloud Infrastructure Classic. You can then launch your imported images on compute virtual machines.
- Support from Oracle Cloud Infrastructure in launching an instance from a custom operating system does not ensure that the operating system vendor also supports the instance.
- Windows 10/11 requires you to bring your own license. You must specify a special operating system type (rdaasw) to enable this for Windows 10/11.
- By default, Windows desktops are provisioned on Dedicated Virtual Machine Hosts (DVH). If your license agreement allows virtualizing Windows 10/11 desktops in a cloud environment, you can disable DVH provisioning by adding the appropriate tag to the image used for creating the desktop pool. See Secure Desktops Tags.
Windows Source Image Requirements
Custom images must meet the following requirements:
- The maximum image size is 400 GB.
- The image must be set up for a supported boot type.
- For a Windows 10 image, use UEFI or legacy BIOS boot type.
- For a Windows 11 image, use only UEFI boot type.
- The boot process must not require additional data volumes to be present for a successful boot.
- The disk image cannot be encrypted.
- The disk image must be a VMDK or QCOW2 file.
- Create the image file by cloning the source volume, not by creating a snapshot.
- VMDK files must be either the "single growable" (monolithicSparse) type or the "stream optimized" (streamOptimized) type, both of which consist of a single VMDK file. All other VMDK formats, such as those that use multiple files, split volumes, or contain snapshots, are not supported.
- The network interface must use DHCP to discover the network settings. When you import a custom image, existing network interfaces are not recreated. Any existing network interfaces are replaced with a single NIC after the import process is complete. You can attach additional VNICs after you launch the imported instance.
- The network configuration must not hard code the MAC address for the network interface.
- For Windows 11 images, both Secure Boot and Trusted Platform Module (TPM) must be disabled for Windows during image creation if your virtualization platform does not support them (for example, VirtualBox). Before installation, use Registry Editor to add new registry keys:
- HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassRAMCheck DWORD (32-bit) value 1.
- HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassSecureBootCheck DWORD (32-bit) value 1.
- HKEY_LOCAL_MACHINE\SYSTEM\Setup\LabConfig\BypassTPMCheck DWORD (32-bit) value 1.
Preparing Windows VMs for Import
Before you can import a custom Windows image, you must prepare the image to ensure that instances launched from the image can boot correctly and that network connections will function properly.
You can perform the tasks described in this section on the running source system. If you have concerns about modifying the live source system, you can export the image as-is, import it into Oracle Cloud Infrastructure, and then launch an instance based on the custom image. You can then connect to the instance using the VNC console and perform the preparation steps.
The system drive where Windows is installed will be imported to Oracle Cloud Infrastructure. All partitions on the drive will follow through the imported image. Any other drives will not be imported and you must re-create them on the instance after import. You will then need to manually move the data on the non-system drives.
To prepare a Windows VM for import, use one of the following options:
Preparing a VM Using the Secure Desktops Image Builder
Use the Secure Desktops Image Builder to prepare a VM as an image for use with Secure Desktops.
This utility verifies requirements, performs an unattended installation, and configures an image (in VMDK format), that can be uploaded to Oracle Cloud Infrastructure.
- This utility creates images for Windows 11 (64-bit) Professional or Enterprise Editions. Evaluation versions are not supported. To create a Windows 10 image, follow the manual method to prepare the VM.
- This utility requires the use of Oracle VirtualBox. If you are using a different virtualization software solution, follow the manual method to prepare the VM.
- This utility automatically selects UEFI firmware for the Windows 11 image.
To use the Secure Desktops Image Builder:
- Refer to OCI Secure Desktops: How To Create a Windows Image For Use With OCI Secure Desktops Using the OCI Secure Desktops Image Builder (KB91837).
- Review the instructions and download all required packages to your local system.
- Download the application file (attached in the knowledge article) to your local system.
- Run the application file as Administrator and follow all prompts.
- Once the process completes, the utility displays the location of the VMDK image file that has been created.
- Import the VMDK image file to Oracle Cloud Infrastructure.
Preparing a VM Using the Manual Method
Use the manual method to prepare a VM as an image for use with Secure Desktops.
For guidance on manually preparing the VM using VirtualBox, refer to OCI Secure Desktops: Windows 10/11 for OCI preparation (KB60923).
To manually prepare a Windows VM:
Importing a Windows-Based VM
After you prepare a Windows image for import, upload the image file and import the image.
-
Upload the image file to an Object Storage bucket. Use the command line interface (CLI) to issue the following command:
oci --profile <profile in $HOME/.oci/config> --region <region> os object put\ -bn <name of bucket> \ -ns <name space> \ --name <The name of the object in the bucket> \ --file <path to the QCOW2 or VMDK image>
-
Create a custom image from the uploaded object in the bucket specifying the operating system
rdaasw
:oci --profile <profile in $HOME/.oci/config> --region <region> \ compute image import from-object \ -ns <name space> \ -bn <name of bucket> \ --name <The name of the object in the bucket> \ --compartment-id <The OCID of the compartment you want the custom image to be created in> \ --display-name <A user-friendly name for the new custom image> \ --operating-system rdaasw \ --operating-system-version <Windows10 or Windows11> \ --launch-mode PARAVIRTUALIZED \ --source-image-type QCOW2|VMDK
The imported image appears in the Custom images list for the compartment, with a state of Importing. When the import completes successfully, the state changes to Available.
If the state fails to change, or no entry appears in the Custom images list, then the import failed. Ensure that you have read access to the Object Storage object, and that the object contains a supported image.
-
Ensure that the custom image is set to the correct boot mode.
- For a Windows 10 image, use UEFI or legacy BIOS boot type.
- For a Windows 11 image, use only UEFI boot type.
Edit the image as follows:
- Open the navigation menu and click Compute. Under Compute, click Custom Images.
- Click the custom image that you're interested in.
- Click Actions and select Edit image capabilities. For Firmware, select the appropriate boot mode.
- Click Save changes.
-
If you’re using a Windows 11 image, you must configure the image for shielded instances.
Edit the image as follows:
- Open the navigation menu and click Compute. Under Compute, click Custom Images.
- Click the custom image that you're interested in.
- Click Actions and select Edit Image Capabilities. Set the following:
- For Firmware, ensure that only UEFI-64 is selected.
- Ensure that Secure Boot is enabled.
- Click Save changes.
- Before making your image available for use with Secure Desktops, it is recommended that you test the image by manually creating a compute instance with the image and establishing a console connection. See Troubleshooting Instances Using Instance Console Connections.
- Add required tags to make the image available for use with Secure Desktops. See Secure Desktops Tags.