How to Create a Windows Image for VPS Deployment, using a DigitalOcean Droplet

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in the past I have made a video where I deployed a pre-built windows image to a VPS however following comments I received asking how such an image could be built from scratch using the Microsoft isos whether it be Windows 10 11 or one of the numerous server versions and how it could be deployed to a VPS afterwards I decided to make this educational video showing you such and finally how it could be built using only web-based facilities so all you will need is a web browser and simple viewing utilities to see the results of your efforts these minimal requirements mean you can do this from a PC be it Windows Mac OS or Linux and potentially even devices like iPads iPhones or an Android phone or tablet making it available to all so after this short introduction I'll get cracking I the method I am about to explain in this video should work with all versions of Windows should you have the appropriate license however I will be using just an evaluation version of Windows Server 2019 to demonstrate the process if I first show you a quick overview of the process that will give you a clearer understanding of how it all fits together in step one I get a new Boon tube based VPS from digitalocean as it is one of the very few VPS providers that supports the installation of a virtualization product like virtualbox or qemu to install 64-bit Windows operating systems on in Step 2 I will show you the commands that I use to install the Linux lightweight xfce desktop an rdp-based remote control package and the qemu virtualization packages I will be using to build the windows image all from the Ubuntu repositories I had previously installed and then used virtualbox but found problems with some versions of windows so now have switched to use qemu in step 3 I will connect to the Linux VPS desktop via RDP so I can use its web browser to find and download both the version of window ISO I want and the required Windows vert i o drivers that I need in Step 4 I'm going to start the qemu virtualization program on the digitalocean VPS with the downloaded isos attached using only their provided web-based console and transmit the Windows installation pictures using qemus built-in VNC server in step 5 I am going to connect to the VPS by using a simple VNC client so I can see the pictures it's transmitting and then install Windows with the required vert i o drivers I will also configure it to allow remote control and Harden its already significant security the aim being when it's deployed later it is both fully ready and well secured in Step 6 I will zip up the windows hard disk ready for deployment across the internet in Step 7 although not really part of the build process I will show you how it can be deployed to a VPS there are a number of VPS providers that allow you to import a pre-existing windows image but it will depend both on your windows license type and any agreement you have with the VPS provider as each situation is specific to you this video cannot cover that topic instead it will focus on the mechanics involved and show you how you can deploy it now let's start step one was to get a Ubuntu 22.04 VPS from digitalocean so let's do that there are a lot of different VPS providers that I have used over the years but out the 12 or so that are on screen I know Google Cloud instances can be altered to allow virtualization but I have found them both expensive and slow out the remaining 11 I am only aware of only one digital ocean that supports both installing and running a virtualization product that enables 64-bit operating systems if you know of any other please let me know in the comments in case you would like to follow along to Aid your understanding of the steps involved I have put a link to the digitalocean website offers page which with their current offer makes it free for new users to do so however as an existing user I will simply log in regardless of whether you are an existing or new user you will be taken to this page I now create an Ubuntu 22.04 instance on which I will run the qemu virtualization product and so build the Windows machine when it comes to picking an instant size I need one with at least four gigabytes of memory to run a virtualization product on so I chose the 24 option don't worry though it won't be expensive as I only need it for a few hours because after the video I will save it as a cheap snapshot so I can always easily get it back then delete the VPS itself [Music] for authentication I need to pick password authentication because I will need to log in Via RDP later on that only works with password login I just ensure that it is at least 10 characters long complex and most importantly not in a dictionary like the example on screen so this Ubuntu server is not particularly susceptible to Brute Force attack [Music] after creation I go to the droplets main control panel [Music] two was to install the xfce desktop the xrdp remote control packages and qemu the virtualization software so I will demonstrate that I open their web-based console this First Command which like all commands are in the YouTube description in case you are following along it updates all repository indexes then upgrades all packages on this server to their latest versions to ensure they include all known bug fixes and security patches I have sped up this bit [Applause] at this screen I simply hit tab then the enter key second command installs the xfce lightweight desktop the Firefox web browser the xrdp remote control package and finally gzip which I will be using later again I have sped up the installation process and again when this screen appears I simply hit Tab and then enter to proceed [Music] I now install the various qemu virtualization packages that I need [Music] finally I put a small hidden file under the home directory so the system knows for this user that it should start the xfce graphical desktop when I log in Via RDP thank you to ensure all packages are running in the correct dependency order the easy way I just reboot step 3 was to connect via RDP and download both the windows and vert i o drivers so I will demonstrate that I start the remote desktop connection software that comes pre-installed on all windows PCS I enter the droplets IP address off the digitalocean website and the user root [Music] on the local resources tab I ensure only clipboard is checked [Music] before connecting I checked the box to allow me to save credentials [Music] when prompted I can paste in the complex password [Applause] [Music] the desktop may take 10 to 15 seconds to appear as this is the very first time I have connected to it I open a web browser again this may take 10 or 15 seconds this first time which feels like an eternity but I just give it time [Music] rather than use a specific web address for any ISO as they keep moving location I enter into Google the words Windows download vert i o drivers to find them and follow the web links that appear on screen thank you foreign I then download the latest stable version of the drivers I now key the words Windows iso download and in this case add server 2019 into Google search [Music] after a couple of web pages I am asked to complete a form however as I have already done so only five minutes ago when testing the steps in this video it just starts downloading [Music] foreign downloading I fill in a copy of the template qemu command which you will also find in the YouTube description with the names of the downloaded ISO files as I am going to run it in a minute [Music] I then just reboot to ensure all memory that is used by this desktop and web browser is freed up and so available to qemu in the next step [Music] step four was to using the web-based console to start the windows install process within a qemu virtual machine so I will demonstrate that back in the digital ocean control panel for this droplet I open the console this First Command again from the YouTube description creates an empty 24 gigabyte hard drive the reason it's as big as 24 gigabytes is as I found some versions of windows can take almost 20 gigabytes of space before the two or three gigabyte swap file they write out as well therefore I found out when researching this video that it's best to allocate this size to start with before copying and running the main qemu command where I filled in the iso names to in the previous step I will quickly explain this command further it is asking for 3 000 megabytes of memory the CPU it is asked to emulate will just be whatever the host machine is it enables KVM which increases speed dramatically as that is the kernel based virtualization technology that most Linux machines have nowadays it is told to boot from the windows ISO and not the empty hard disk the USB tablet command just tells it to follow my local Windows machines Mouse accurately it is asked to use the file I just created as the machine hard disk and to treat it as a vert IO device I then specify where it can find the windows ISO I downloaded earlier and then the vert i o Windows drivers and finally it's asked to transmit any resultant graphical pictures using its built-in VNC server on display number 55555 most people specify display number zero but as the VNC server adds 5900 to the display number it therefore transmits over the default VNC Port of 5900 but if found by an internet-based bot it will be attacked automatically and by using the default Port of 5900 this will happen in seconds by specifying display number 555555 it transmits pictures over 5900 plus 555555 meaning port number 61455 the use of this random High port number significantly reduces such attacks in testing I had no attacks on that port at all for the full six hours the test ran I now copy the command then run it in the next step I will be connecting to the graphical pictures it's sending out step five was to install and then configure Windows using a VNC viewer so it'll demonstrate that I download the real VNC viewer importantly from the official realvnc and install it on my local Windows PC once it has been started I copy in the IP address of my digital ocean droplet followed by a colon and then the port number it should listen for VNC pictures on which in this case is number six one four five five it then connects to the VNC pictures the qemu virtual machine is transmitting [Music] I will Fast Forward bits of the install process [Music] I have paused here to explain there are five vert i o drivers I need to load at this point so although not all presently used when the machine has been moved and is booting up on a new provider's VPS it needs access to these five vert i o drivers out of its built-in driver store the Five drivers I need are shown on screen which I will now install foreign [Music] [Music] thank you [Music] thank you [Music] thank you [Music] [Music] foreign [Music] [Music] thank you foreign [Music] at this point on some versions of Windows it may ask what type of account it should set up if it does I would need to select a local or domain account here rather than a Microsoft account as that user ID will be part of this windows image however it does not in this version of Windows and just indicates its default user ID is already a local account called administrator so I just provide a password here as this is VNC out of the box cut and paste doesn't work so I have to key the complex password [Music] [Music] thank you [Music] now I am on the desktop there are a number of configuration changes that I need to make a list of which are on screen now okay the first thing I need to enable is to allow remote desktop or RDP connection to this machine [Music] thank you the second thing I need to do is to change the default RDP Port this machine is using for RDP from 3389 to something random and over 15000 in this case I use 19529 when I left it at the default of 3389 I could see 1400 log on attempts probably by internet bots in a six hour period following the change to just use port 19529 that dropped to 1 in 6 hours [Music] thank you foreign [Music] [Music] foreign [Music] [Applause] [Music] [Applause] the Third change I make is to only allow access to this machine via Port 19529 by creating a rule allowing such after I have disabled all other ports allowed through the firewall please [Music] thank you thank you again to improve security I rename the default administrator account that internet Bots know about and attack to a name like win admin that they don't know about and so don't attack it [Music] thank you [Music] [Music] I now reboot to make sure the new account is fully in use otherwise various errors are reported I now run Windows update to close any known vulnerabilities in Windows since this version was first issued in some versions of Windows like server 2016 this updates remote desktop services or RDP to close some found vulnerabilities and the desktop Windows client which I will be using later won't even connect to this VPS unless it detects its RDP service has been patched [Music] thank you foreign [Music] s have been installed I restart [Music] finally I log on and clean up the C drive so before deployment across the internet the image is as small as possible [Music] thank you [Music] foreign [Music] [Music] and when finished as all configuration has now been applied to this machine I shut it down cleanly [Music] step six was to zip up the windows hard disk we just built in qemu so I will demonstrate that like I did in the last step I will be using the web-based console for these commands foreign [Music] I first list out all the files and confirm I can see the file hard disk dot Raw I then use the Linux DF command to show the disk free space to prove I still have say 10 GB of free disk space to hold the resultant compressed file I then copy the gzip command out of the YouTube description and fill in the bracketed bit with the name I wish to call the output file and then run it foreign [Music] I list out the files again and as I can see the gz file I have just produced successfully I removed the raw hard disk then finally although not really necessary I reboot to ensure all traces of qmu is removed from memory and to provide a nice clean start [Music] now we have finished building the windows image although not the main part of this video I will however demonstrate how I can deploy it to a VPS provider I just remind you at this point what you can do will very much depend on the license and agreements you have but as that is beyond the scope of this video I am just going to focus on the deployment process the first step is to start the recipient VPS in rescue mode which ensures that the vps's hard disk is not used by the boot process and so no file on it is locked or in use meaning it is available to receive the windows image the First Command I run is the Linux command LS block which lists out all available block devices that this rescue image can see and determine how it refers to the machine's hard disk this is usually something like SDA or vda and in this case I can see it's the former I now type out the main deployment command then insert the specific values that I need for this deployment firstly the hard disk reference it needs to use followed by the name of the gz file it is to deploy and finally the IP address of the digital ocean droplet that it should connect that is holding the gz file [Music] [Applause] as I'm getting the file from my own digital ocean droplet I use the SSH command when run it will first ask me if I'm sure I want to connect to the digital ocean droplet which I do and then I ask for the root user's password on the droplet so it can connect after a couple of attempts I finally get the password right and it starts to write out the image to this machine's hard disk after it's finished for this VPS provider I just reboot and it will boot up from the hard disk other VPS providers can be more specific and may require me to say in their VPS control panel how the instance should boot after a few seconds the windows image is up and running on the VPS there may be some changes for example expanding disk space that I need to do so the 24 gigabyte disk image is expanded to use all the hard disk space on this VPS but those are beyond the scope of this video if you have found this video interesting or informative please press the like button as that means it gets shown to others via scoring well on the YouTube algorithm also I would really appreciate your suggestions in the comments of what topics you would like to see me cover in future videos thanks on screen you can see the video that YouTube has selected especially for you based on your viewing history and if you want to see more instructional videos like this one in the future click on the cloud Tech logo thanks for watching [Music]

Info

Channel: Cloud Tech

Views: 10,886

Rating: undefined out of 5

Keywords: Windows VPS, QEMU, Windows Server vps, Windows 10 vps, windows 11 vps, windows server 2019 vps, windows server 2022 vps, windows server 2016 vps, Windows, Windows Server, Windows 10, windows 11, windows server 2019, windows server 2022, how to Create a Windows Image, Create a Windows Image, Windows Image, windows iso, Microsoft ISO, VPS Deployment, DigitalOcean Droplet, digitaloption, droplet, step-by-step

Id: S7dA6bEYz5E

Channel Id: undefined

Length: 30min 40sec (1840 seconds)

Published: Sat Jul 08 2023