Before you import custom images to Alibaba Cloud or release custom images in the Alibaba Cloud Marketplace, the images must meet the image requirements and pass tests on compatibility with Elastic Compute Service (ECS) instance types. This helps improve the availability and import efficiency of custom images and facilitates the subsequent creation of ECS instances that meet various business requirements. This topic describes the requirements for Alibaba Cloud Windows images.
Disk partitions
When you partition disks for Alibaba Cloud images during image creation, make sure that the following requirements are met:
Disk size: The system disk size must be set to at least 20 GiB. The recommended disk size is 40 GiB.
Partitions: The following table describes the requirements for partitions.
Partition
BIOS boot mode
UEFI boot mode
System partition
This is a required partition.
The partition type is the primary partition.
The partition size must be at least 100 MiB.
The partition must be an active and non-read-only partition.
New Technology File System (NTFS) file systems are used.
This is a required partition.
The partition type is an Extensible Firmware Interface (EFI) partition.
The partition size must be at least 100 MiB.
32-bit File Allocation Table (FAT32) file systems are used.
Windows partition
This is a required partition.
The partition type is the primary partition.
The partition size must be at least 20 GiB.
The partition must be an active and non-read-only partition.
NTFS file systems are used.
ImportantThe system partition and Windows partition are required. The system partition and Windows partition can be different partitions.
The Windows partition must be the last partition. Otherwise, the system disk may fail to be resized.
This is a required partition.
The partition type is the primary partition.
The partition size must be at least 20 GiB.
The partition must be an active and non-read-only partition.
NTFS file systems are used.
ImportantYou must use separate system partitions and Windows partitions.
The Windows partition must be the last partition. Otherwise, the system disk may fail to be resized.
Other partitions
They include recovery partitions, reserved partitions, and data partitions. These partitions are not recommended.
They include recovery partitions, reserved partitions, and data partitions. These partitions are not recommended.
Required software and tools
Install Cloud Assistant
When you create Alibaba Cloud images, install Cloud Assistant. Cloud Assistant is a native automated O&M tool developed for ECS. Cloud Assistant allows you to batch run commands such as shell, PowerShell, and batch commands to execute various tasks on ECS instances in a password-free manner without the need to log on to the instances or use jump servers. You can use Cloud Assistant to perform automated O&M tasks, poll processes, install and uninstall software, start and stop services, and install patches or security updates. For more information, see Install Cloud Assistant Agent.
Use Security Center to protect the server
When you create Alibaba Cloud images, we recommend that you use Alibaba Cloud Security Center to protect your servers. Security Center provides security capabilities such as alert notifications, virus detection and removal, webshell detection and removal, client protection, and image scanning to protect your cloud assets and on-premises servers.
Install the virtio driver
When you create Alibaba Cloud images, install the virtio driver. The virtio driver ensures that the image can be properly used on ECS instances. For more information, see Install the virtio driver.
System configuration suggestions
When you create Alibaba Cloud images, we recommend that you perform the following system configurations:
Enable Remote Desktop
When you create Alibaba Cloud Marketplace images, we recommend that you enable Remote Desktop Connection.
Configure registry settings for Remote Desktop. The following table describes the registry settings.
Key
Item
Recommended value
Description
HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server
fDenyTSConnections
0
Enables the Remote Desktop Connection feature.
HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
UserAuthentication
1
Enables the Network Location Awareness (NLA) feature.
Allow inbound access to port 3389.
By default, Windows Remote Desktop Protocol (RDP) uses port 3389 for communication. When you enable Remote Desktop, you must configure firewall rules for the server to allow inbound access to port 3389.
Enable the automatic management of paging files
When you create Alibaba Cloud Marketplace images, we recommend that you run the
Wmic computersystem set AutomaticManagedPagefile=Truecommand to enable the automatic management of paging files. The system automatically selects the appropriate paging file sizes and directories based on the current system memory usage and configuration.NoteA paging file is a virtual memory mechanism in a Windows operating system that is used to transfer the data that is not commonly used in memory to a hard disk for temporary storage. This way, the operating system frees up memory space to store more commonly used data.
Disable power hibernation
When you create Alibaba Cloud Marketplace images, we recommend that you run the
powercfg.exe /h offcommand to disable the hibernation mode and delete the Hibernate.sys file to reduce the size of the image.NoteHibernation mode is a power saving mode in Windows operating systems, which allows computers to save data to a hibernation file on hard disks and then shuts down the computers. When the computer works in hibernation mode, the system state is saved so that you can quickly restore to the previous state when you resume.
System security recommendations
When you create Alibaba Cloud images, we recommend that you configure the following security settings.
Enable Microsoft Defender
We recommend that you enable Microsoft Defender and update the virus files. Microsoft Defender is an antivirus software provided by Microsoft that provides features such as anti-malware and web protection.
Start Microsoft Defender.
MpCmdRun.exe -wdenableUpdate the latest virus definition files to ensure that the system can detect and protect against the latest threats at the earliest opportunity.
MpCmdRun.exe -RemoveDefinitions -DynamicSignatures MpCmdRun.exe -SignatureUpdate
Install security patch updates.
We recommend that you install the latest security patches.
Install the Malicious Software Removal Tool (MSRT).
We recommend that you install the MSRT tool. MSRT helps protect Windows computers from prevalent malware attacks by finding and removing threats and reverting changes made by those threats. MSRT is usually released monthly as part of Windows Update or as a standalone tool. You can download the MSRT tool.
Clear image information
To improve system security, we recommend that you clear data such as logs, historical records, and residual files that are generated during image creation to minimize the size of the image. Remove log files that may contain sensitive information to impove the security of the image.
Clear browser records.
Clear the logs related to Windows Update.
Clear event records.
Clear system logs.
Clear temporary files.
Clear temporary files and log files generated by Windows Update.