With linked clones we can put a VM into maintenance mode to preserve that VM from being recomposed after logoff and we can vmotion linked clones between esx hosts. It appears we can't to this with instant clones? Is it a planned feature?
We have used these two techniques for esx maintenance and to preserve evidence on linked clones that have indications of compromise.
If these aren't planned features how should one go about accomplishing those two tasks?
Will this accomplish what you are looking on doing?
VMware Horizon 7: Instant Clone Pools Delete VMs on Restart
If you find that you have to reserve the VM,you may want to clone it to perform your investigation.
Please review this article. You should be able to vmotion as long as the parent VM is running on the host you are moving to. If you are under version 7.1, you have to perform some manual steps.
Thanks techguy129 ,
Our instant clone pool is set to delete immediately upon logoff. How would one go about preventing Horizon from deleting a clone after logoff so that forensic examination can be done on the running image without modifying the pool setting for all users? We were using the linked clone maintenance mode feature when using linked clones.
Our instant clone pool allows only one login per pool. If the above feature does not exist, how could we leave that user logged in while allowing them to get a second different instant clone from the same pool so that examination could take place on the original clone?
Instant clones can only be deleted on logoff, which is why a maintenance mode really doesn't work. What types of evidence where you gathering? A lot of this can be pushed to external resources with syslog servers for the event logs or something log vrealize log insight to gather logs into a central resource.
Will this accomplish what you are looking on doing?
VMware Horizon 7: Instant Clone Pools Delete VMs on Restart
If you find that you have to reserve the VM,you may want to clone it to perform your investigation.