Windows 10 under KVM

Windows 10 Professional in a VM

These are my notes on installing Windows 10 Professional (English International) in a VM on a KVM libvirt hypervisor running on CentOS 7.

These notes also apply to Fedora and Red Hat Enterprise Linux 7 (RHEL7)

Obtain Windows license

First of all you will need to legally obtain a Windows license. Speak to your procurement department or buy it yourself. I simply bought a Microsoft Windows 10 Pro EN and waited for the DVD and product key to arrive in the mail.

Obtain Windows installation ISO

Even though you might have a physical medium, I find it easier to bind an ISO to a VM than to find an optical drive to attach. So I downloaded the ISO matching my product key from Microsoft.

Obtain the VirtIO driver VFD

VirtIO is well documented for Fedora and for Red Hat Enterprise Linux.

I used virtio-win-1.9.4.

Create the VM

I want Windows to use virtIO drivers already during installation, so the below command ties in a CD-ROM and a floppy;

  • CD-ROM: with the Windows install medium
  • Floppy: VFD for Windows 10 installer to find the storage and network VirtIO drivers.

While I did test with a second CD, --disk ${WIN_ISO},device=cdrom,bus=ide, Windows 10 did not pick up drivers. Although I could navigate to E:\vioscsi\w10\amd64 and Windows would accept the storage driver. No idea why the floppy works better but I prefer the solution with less clicking.

While I could have defined the VM interactively in virt-manager, I used the following small shell script;

#!/bin/bash

# NOTES:
#
# 1) I only got a prepopulated driver list when using the floppy image,
#    with the CD-ROM ISO I had to manually navigate.
#
# 2) if you have an SSD, then add discard=unmap to the
#    --disk line using ${WIN_VDA_FILE}
#
# 3) the CPU choice core2duo works on my EPYC Server
#    and should be able to migrate to my Xeon based hypervisor.
#    you may want something more moderni, like westmere
#
# 4) if you do not run this scrip locally on your Linux hypervisor,
#    you may want to add --noautoconsole
#    and attacht `virt-viewer` or `virt-manager` to see the install GUI.

# debug?
#set -x

###
### adjustable variables
###
WIN_VDA_FILE="/var/lib/libvirt/images/on_HDD/Win10-Citrix-VM-vda.qcow2"
WIN_VDA_SIZE="30"
WIN_ISO="/var/lib/libvirt/images/ISOs/Win10_1803_EnglishInternational_x64.iso"
VIRTIO_VFD="/usr/share/virtio-win/virtio-win-1.9.4_w10_amd64.vfd"

###
### the installation command
###
virt-install \
  --name Win10-Citrix-VM \
  --metadata title="Windows 10 Pro English Intl for Citrix to customer" \
  --os-variant win10 \
  --cpu core2duo \
  --vcpus 2 \
  --ram 4096 \
  --graphics spice \
  --rng /dev/urandom \
  --network network=default,model=virtio \
  --controller type=scsi,model=virtio-scsi \
  --disk path=${WIN_VDA_FILE},size=${WIN_VDA_SIZE},format=qcow2,bus=scsi \
  --disk ${WIN_ISO},device=cdrom,bus=ide \
  --disk ${VIRTIO_VFD},device=floppy

Click through the Windows installer

You will only have to load the storage driver by clicking OK (since the medium is already ‘inserted’). While you’re in the driver selection dialog, you might as well select the network VirtIO driver too. So select both

  • Red Hat VirtIO Ethernet Adapter (A:\amd64\Win10\netkvm.inf)
  • Red Hat VirtIO SCSI pass-through controller (A:\amd64\Win10\virtioscsi.inf)

After loading the drivers you can select your drive VDA as installation target.

Note that I only add the network driver at this stage to have it available ASAP once install is completed.

After the virt-install command completes, reconnect to your VM’s Spice display. (When the VM rebooted after installing from the ISO, mine turned purple and did no further updates to the display, but on reconnecting I saw the post install GUI)

Initial setup of Windows

On first log in of a user, you have to complete an initial setup routine. Being a Linux specialist, I am not the right source for most setup options. Choose yours as you see fit.

Two notes though;

  • there is no need to make a Microsoft account, select Offline account in the screen Sign in with Microsoft.
  • Windows works fine for my use-case (open Citrix Workspace app and connect to a remote desktop) with all the data access questions answered with No (well except for diagnostic data sending, where Basic is the least invasive option offered).

Apply Windows updates

Like with any OS, you will want to apply the vendor’s latest security updates.

Open the Windows Update Control Panel and let it do it’s updates. This will probably take a while.

Tweaking the install

Install the guest-agent

Go to the SPICE download page and retrieve the Windows guest tools.

Run spice-guest-tools-latest.exe to install all missing drivers (video driver being the most important but it’s also nice to have balloon device, entropy source device, etc) and the guest tools. This allows, amongst others, resizing the VM display window and copy paste between your workstation and the VM.

create a regular user

For security reasons you should create a user without admin privileges and use that day to day. Only switch to the admin user (the first user you created was automatically given admin rights) to do administrative tasks.