Skip to main content

Illumio Administration Guide 25.4

Safeguard VENs from accidental unpairing

Note

The acronym GIDV is used in this topic to mean Golden Image-designated VEN.

This feature primarily protects Golden Image VENs from accidental unpairing or deactivation. In an Illumio context, a Golden Image is a standardized template for cloning multiple pre-configured workloads with a specific operating system, VEN version, labels, enforcement state, security patches, applications, settings, and/or hardware specifications.

After a Golden Image is cloned, it's typically inactive for extended periods, and the associated VEN doesn't send heartbeats to the PCE. This inactivity may make the VEN seem unnecessary and lead some users to unpair or deactivate it mistakenly. This feature is designed to prevent that.

Key benefits

  • Protects Golden Image-designated VENs (GIDVs) from accidental unpairing or deactivation. A GIDV must first be undesignated before it can be unpaired or deactivated.

  • Applies a unique icon to GIDVs so they're easily identifiable in the PCE.

  • Suppresses events that are generated when a GIDV is cloned. This prevents clogging up the PCE's event stream with events unnecessarily. (However, an event is generated when a VEN is designated as a Golden Image.)

  • Allows you to filter the VEN List page for GIDVs.

Keep in mind

  • Designed primarily for Windows domain-joined VDI images, but works for non-VDI images too.

  • Works with VEN releases 24.2.20 or later

  • If you select multiple VENs on the VEN List page to perform a bulk unpair and your selection includes a mixture of GIDVs and non-GIDVs, only the non-GIDVs are unpaired.

  • Designating a VEN as a Golden Image only prevents it from being unpaired through the PCE UI. It doesn't prevent it from being unpaired through a command line initiated from the VEN.

  • Beginning with PCE release 25.4, the prepare script is no longer necessary to install VENs on a Windows Golden Image workload if the VEN is a GIDV.

Designate a VEN as a Golden Image

  1. Go to the Servers & Endpoints > Workloads > VENs tab in the PCE Web Console.

  2. On the VEN List page, click the VEN you want to designate as a Golden Image.

  3. In the VEN's Detail page, move the Golden Image toggle to the right (Yes).

  4. Click Save.

    • On the List page, a yellow icon appears next to the Golden Image-designated VEN.

    • On the Details page > Status section, Yes appears next to Golden Image.

  5. To remove the Golden Image designation from a VEN, go to the VEN's Details page, click Edit, toggle the setting to No, and then click Save.