Windows Virtual Desktop (and Citrix) with FSLogix

Overview of Windows Virtual Desktop with ANF providing FSLogix container and file share storage

Now that Windows Virtual Desktop (WVD) is now generally available (GA) since 30th September 2019 you may be wondering what the best practices are for deploying highly available, performant and scalable storage to support your users. In addition, that storage must natively support Active Directory and NTFS permissions.

Microsoft offer enterprise shared file services with their latest storage service called Azure NetApp Files, which allows you to deploy SMB (Windows Files Shares) directly into your private VNET (no internet facing IP) that can easily support FSLogix profile containers and shared files for WVD with ease.

In fact, it’s a recommended deployment methodologyšŸ˜¦https://docs.microsoft.com/azure/virtual-desktop/create-fslogix-profile-container)

So how do you get started? Well first, let’s start with the why.

Why

FSLogix profile disk (VHDX) is the single source of truth for a users data, configuration and settings. Therefore it is important to protect this against failure, corruption and other source of data loss / outage. If you lose this disk, you will lose all of your user(s) data too.

One of our partners here in the UK tried it out for themselves and with help from Andi Kelcher from Fujitsu the results became very clear:

“By moving from our previous configuration of BLOB storage with FSLogix, to Azure NetApp Files with FSLogix, initial testing shows a dramatic performance increase when looking at login times, shown below:

Azure HSD Server 2019 – 69% decrease

Azure VDI – 38% decrease

Azure WVD – 29% decrease

Andi Kelcher – Fujitsu
Reduced Login Times using Azure NetApp Files – Note – MVD = WVD (small typo!)

Via the use of Citrix Performance Analytics, and during early testing we have noticed that the occurrence of fair ā€œsession logon durationsā€ have disappeared  and been replaced the excellent UX score. As per below

Andi Kelcher – Fujitsu

Another design consideration to take into account is that your AppData is also stored within your FSLogix profile disk, and the performance of your applications is therefore tied to the performance of the underlying storage of this disk.

In summary, ANF offers a simple to deploy, Azure native shared filed storage (it’s from Microsoft) that is guaranteed to offer your users a consistently performant experience whilst protecting their data via in-built data management capabilities.

Getting Started

Over this post we will perform the following steps in order to successfully deploy Window Virtual Desktop:

  • Prerequisites
    • Create a tenant in Windows Virtual Desktop
    • Create service principal and role assignments
    • Install Windows Desktop Client
  • Part 1: Deploy Windows Virtual Desktop Host Pools.
  • Part 2: Deploy storage for our user profiles (Note: you must have requested whitelisting to the ANF service beforehand. If you haven’t simply select the Azure NetApp Files service from the Azure storage services and select register. This typically takes no more than 24h).
  • Part 3: Install FSLogix onto the WVD hosts and configure Azure storage for optimal performance and reliability of user profile and O365 data.

Prerequisites

Create a tenant in Windows Virtual Desktop

https://docs.microsoft.com/en-gb/azure/virtual-desktop/tenant-setup-azure-active-directory

So, let’s start with the basics and clarify some of the terms used by WVD. Firstly, what is a tenant? It’s a group of one or more host pools.

And each of these host pools contains one or more session hosts (VMs) that are registered to the Virtual Desktop service. In order to create a tenant there are a number of steps that must be completed to allow the service to interact correctly with your Azure AD.

Rather than re-write the excellent deployment documentation provided by Microsoft, simply follow the steps outlined here: https://docs.microsoft.com/en-gb/azure/virtual-desktop/tenant-setup-azure-active-directory

Create Service Principals and Role Assignments

https://docs.microsoft.com/en-gb/azure/virtual-desktop/create-service-principal-role-powershell

Once you have successfully completed the previous step to create an tenant, you must then create the service principal and role assignments for Windows Virtual Desktop. Again, Microsoft provide excellent documentation covering this step here: https://docs.microsoft.com/en-gb/azure/virtual-desktop/create-service-principal-role-powershell

Once the above step is complete, you are now ready to deploy your host pools.

Install Windows Desktop Client

Finishing the installation of Remote Desktop

One final important snippet of information – be sure to install the Windows Remote Desktop Client (confusingly – this is not the same as your remote desktop connection built into Windows (mstsc).

This is not the same as the Windows Desktop Client

You can grab the latest download from here: https://docs.microsoft.com/en-gb/azure/virtual-desktop/connect-windows-7-and-10

Part 1: Deploy Windows Virtual Desktop Host Pools

How-to deploy Windows Host Pools for WVD

In order to deploy Windows Virtual Desktop, you must provision a host pool (a collection of one or more session hosts) which provide(s) the desktop sessions for your users. There are two deployment types that you can chose from:

  1. Pooled – Enable multi-session virtual desktop – Multiple users share the underlying host resources (many to one mapping of users to resources).
  2. Personal – Each user receives their own persistent host (one-to-one mapping of users to resources).

Part 2: Deploy Storage for FSLogix Containers (User Profile VHDX) & for Shared Data

Learn how to deploy SMB storage in Azure for FSLogix

Windows Virtual Desktop users can make use of FSLogix, a powerful and simple to deploy user profile and O365 container technology that makes handling remote user profile data simpler than ever whilst offering the following benefits:

Source: https://docs.microsoft.com/en-gb/azure/virtual-desktop/fslogix-containers-azure-files

Part 3: Deploy & Configure FSLogix

I have built upon the excellent work by Senior Microsoft FastTrack engineer Dean Cefola and modified his automated deployment script which will automatically download and configure FSLogix into your session host for you. This is available at this GitHub repo: https://github.com/kirkryan/Azure-WVD/blob/master/PowerShell/New-WVDSessionHost.ps1

Once you have downloaded the above PowerShell script, simply add/edit the mount path for Azure NetApp Files to the variable called $ANFSMBPath (shown below):

Copy the path shown in the mount instructions of the Azure NetApp File volume
Paste the Azure NetApp Files SMB mount path into the $ANFSMBPath variable in the PowerShell script

Alternative Configuration Method:

If you have issues running the PowerShell script provided above, you can simply install the FSlogix agent from here: https://aka.ms/fslogix_download

Once installed, open the registry editor (regedit.msc) and create a new entry called VHDLocations (Type: REG_MULTI_SZ). Simply set the value to the mount path of the ANF volume and reboot the session host (VM). You’ll need to do this once per session host and can easily automated this step via GPO or other alternative methods.

Create VHDLocations in HKLM /SOFTWARE/FSLogix/Profiles

Appendix/ Assumptions

  • You have deployed an AD/DNS server that is reachable over IP from the parent VNET containing the ANF volume. Please note that UDR is not supported therefore a natively supported route must exist between the volume and the AD/DNS. If you have a complex network setup i.e. virtual firewall appliances, then simply deploy a read-only AD server within the ANF VNET or a locally peered VNET.
  • You have whitelisted your subscription for Azure NetApp Files. It is a fully GA service but must be requested (similar to CPU count increase or SAP HANA large instances for example).

A big thanks to Andi Kelcher from Fujitsu for sharing their performance testing, Christiaan Brinkhoff & Jim Moyle who are Microsoft Global Black Belts for Windows Virtual Desktop, and Geert Van Teylingen GBB for ANF for their assistance in setting up my environment and understanding of the solution.

Published by Kirk

I'm a technical lead working for NetApp & Microsoft on advanced data capabilities in Azure, primarily the Azure NetApp Files solution and use cases. I like to share everything I've learnt along the way in the hope that somewhere along the line, someone will find it useful.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: