Deployment Guide for OCI Secure Desktops

An OCI (Oracle Cloud Infrastructure) secure desktop image refers to a pre-configured virtual machine image that is designed to provide a secure and isolated desktop environment within the Oracle Cloud Infrastructure platform. This image is typically used for remote access and desktop virtualization scenarios where security and isolation are important considerations.

Prerequisites for OCI Secure Desktops :

• OCI Tenancy

• Compartment

• VCN & Subnet for Desktop connections

• Create Desktop User groups

• Setting up IAM policies

• Customized Desktop Image

Let's start with prerequisites :

To start with OCI you should have OCI Tenancy ready. For setting up OCI tenancy , please follow this link :

https://www.oracle.com/in/cloud/free/#free-cloud-trial

Next we need to setup OCI Compartment :

Set up the compartments required by Secure Desktops to control access to desktop pools. Work with the desktop administrator to understand which compartments are required. Use compartments to control access to desktops. For example, you are likely to need one compartment per desktop pool, and there will be multiple desktop pools.

My Compartment : "testvdi"

Let's Create VCN and Subnet :

Go to menu , select VCN in Networking :

In VCN i have created Desktop subnet :

Configure policies

Start with Dynamic Group creation , Go to Menu select Identity & Security , Choose Domains option in Identity

Select domain, in My case i have Default Domain :

After selecting Domain we need to create Static and Dynamic Group :

Desktop-Users : To access Desktop

Administrators : For Desktop pool or resource Creation

I have created Rule in which i have added Resource type 'Desktoppool' in my compartment:

Now we need to configure policies on Root compartment or Compartment above testvdi. In my case i have applied policies on root Compartment:

Now we are ready with all groups and policies.

Creation of Windows 10 Customised Image

In my Lab i have used Windows 10 Evaluation release.

1. Created windows 10 VM in VMware Workstation

2. Install OCI IO drivers. You can download drivers from this link :

https://docs.oracle.com/en/operating-systems/oracle-linux/kvm-virtio/kvm-virtio-DownloadingtheOracleVirtIODriversforMicrosoftWindows.html#kvm-virtio-download

3. Install Cloudbase-init. You can download from this link :

https://github.com/cloudbase/cloudbase-init

4. Then we need to perform OVA export.

5. Once OVA export completed we need to upload in OCI Object storage bucket.

6. Once upload finished we need to import this in Custom images

Image import completed.

Now we need to create Instance with this image , test all functionalities and then run sysprep to make it ready for Desktop instances.

Image ready with these softwares :

Download sysprep utility :

https://docs.oracle.com/en-us/iaas/Content/Compute/References/windowsimages.htm

I made few changes in unattend.xml so that it shouldn't ask for New User creation after sysprep.

Right-click Generalize.cmd, and then click Run as administrator.

Wait for few minutes to finish and create custom image again. Please specify following tags as well :

I have created this image which is ready for desktop deployment

Desktop Pool Deployment

Now i am going to deploy New Desktop pool :

Post Creation we need to set this pool state Active

For Launch desktop we need to use URL :

https://published.desktops.<Region>.oci.oraclecloud.com/client/

In My case :

https://published.desktops.us-ashburn-1.oci.oraclecloud.com/client/

Post login with you email ID and password :

Click on Open

You can download Policies and Unattend.xml from this git location :

https://github.com/vnikhil89/OCI-Secure-Desktop