VMware Horizon Community
epa80
Hot Shot
Hot Shot
‎12-28-2022 10:48 AM

Managing Edge Version on Instant Clones

As it stands today, we control our Edge version on instant clones via GPO that disables auto update. On our gold image we settled on Edge 98, and as it gets the policy it stays there, and this stays that way on the deployed VMs.

 

Prior to using this policy, we used to just let Edge auto update. It was working fine until we actually hit this issue on Edge 94:
1167343 - Chromium breaks VMware Horizon Client USB Redirection - chromium

 

The fix was eventually in 98, but out higher ups didn't want to take any risks, so they had us disable updates going forward.

 

Fast forward to recently, we're still on 98, and I believe 108 is the latest now. We have a request to update Edge though, as one of our apps requires at least 107. So now we're where we suspected we'd be eventually, stuck in between too old/wanting to be agile and update.

 

Our instant clones do not use App Volumes so we can't just snap in/out new versions. I'd like to avoid republishing to a new snap if I could, so I'm curious if anyone is doing any Edge update/version controlling, perhaps with DEM? The auto updating seems to be controlled via HKLM, so DEM is a bit tricky to use. Our thought was let the gold snap have Edge 98 (for argument's sake) but then on DEM have a Horizon smart policy that re-enabled auto updating on user login, and thus Edge will update just out in the wild as time goes by. Then, down the road, if Edge breaks anything again, we simply disable the DEM task/policy and on logoff, the VMs will just revert to 98 on the snap while we troubleshoot.

 

Just a 1st thought. Would love to hear how others are doing it. Thanks in advance.

0 Kudos
4 Replies
BenTrojahn
Enthusiast
Enthusiast
‎12-28-2022 12:05 PM

Avoiding browser updates is good way to exchange one type of 'risk" for another IMO way worse one 😉

looks like you can specify specific versions via policy "Target Version override": Microsoft Edge Update Policy Documentation | Microsoft Learn

IMO embrace the update cycle and get on a regular image cadence.

0 Kudos
epa80
Hot Shot
Hot Shot
‎12-29-2022 07:27 AM

Yeah, we hear you. We're a Hospital/University and a LOT (all) of our update cycle is determined by our main healthcare software vendor, and sometimes security. They don't always line up. IE the vendor, doesn't want many changes going on to ripple into their app, and instead asks that updates for the REST of the OS, only go out to coincide with THEIR own updates. After testing of course. Needless to say, their schedule isn't always "regular", so it doesn't leave a lot of room for updating routinely.

 

We'll take a look at the document you sent though. Specify version might be a thing that could work by the sound of it.

0 Kudos
JasonP76
Enthusiast
Enthusiast
‎01-03-2023 08:40 AM

Just curious how do you manage the windows updates on the images? because surely you keep the images up to date with them at least? 

So if you do base image updates then you can also do Edge updates as they are incorporated within WSUS (to be as simple as you can make it).

We just set a GPO to disable updates on clones when they are pushed out, but we have a policy for the gold image, which is in a separate OU, to have updates enabled. 

So when Patch Tuesday roles round everything gets updated. I run my finalize powershell script that runs through the whole process cleans up the image and shuts it down. Then I just clone a version of the gold image (Which I call the Master Gold base image) to another to be the clone image, and snapshot it and push it out for a weekend (I actually wrote a script to do that all, create the clones, replicate them around all sites and create the schedule to push them out for the weekend role out), but even manually it is not that cumbersome.

Separating out the Master from the clone images controls the amount of snapshots needed (in this case there is only 1 snapshot ever on the cloned image and none on the master) and it also prevents screwing around with the Master image to much.

0 Kudos
bjohn
Hot Shot
Hot Shot
‎01-03-2023 07:09 PM

>>Separating out the Master from the clone images controls the amount of snapshots needed (in this case there is only 1 snapshot ever on the cloned image and none on the master)

Curious, how does this help or hurt?

 

 

0 Kudos