Now that Windows Virtual Desktop (WVD) is now generally available (GA) since 30th September 2019 you may be wondering what the best practices are for deploying highly available, performant and scalable storage to support your users. In addition, that storage must natively support Active Directory and NTFS permissions.
Microsoft offer enterprise shared file services with their latest storage service called Azure NetApp Files, which allows you to deploy SMB (Windows Files Shares) directly into your private VNET (no internet facing IP) that can easily support FSLogix profile containers and shared files for WVD with ease.
In fact, it’s a recommended deployment methodology😦https://docs.microsoft.com/azure/virtual-desktop/create-fslogix-profile-container)
So how do you get started? Well first, let’s start with the why.
FSLogix profile disk (VHDX) is the single source of truth for a users data, configuration and settings. Therefore it is important to protect this against failure, corruption and other source of data loss / outage. If you lose this disk, you will lose all of your user(s) data too.
One of our partners here in the UK tried it out for themselves and with help from Andi Kelcher from Fujitsu the results became very clear:
“By moving from our previous configuration of BLOB storage with FSLogix, to Azure NetApp Files with FSLogix, initial testing shows a dramatic performance increase when looking at login times, shown below:
Azure HSD Server 2019 – 69% decrease
Azure VDI – 38% decrease
Azure WVD – 29% decreaseAndi Kelcher – Fujitsu
Via the use of Citrix Performance Analytics, and during early testing we have noticed that the occurrence of fair “session logon durations” have disappeared and been replaced the excellent UX score. As per belowAndi Kelcher – Fujitsu
Another design consideration to take into account is that your AppData is also stored within your FSLogix profile disk, and the performance of your applications is therefore tied to the performance of the underlying storage of this disk.
In summary, ANF offers a simple to deploy, Azure native shared filed storage (it’s from Microsoft) that is guaranteed to offer your users a consistently performant experience whilst protecting their data via in-built data management capabilities.
Over this post we will perform the following steps in order to successfully deploy Window Virtual Desktop:
- Create a tenant in Windows Virtual Desktop
- Create service principal and role assignments
- Install Windows Desktop Client
- Part 1: Deploy Windows Virtual Desktop Host Pools.
- Part 2: Deploy storage for our user profiles (Note: you must have requested whitelisting to the ANF service beforehand. If you haven’t simply select the Azure NetApp Files service from the Azure storage services and select register. This typically takes no more than 24h).
- Part 3: Install FSLogix onto the WVD hosts and configure Azure storage for optimal performance and reliability of user profile and O365 data.
Create a tenant in Windows Virtual Desktop
So, let’s start with the basics and clarify some of the terms used by WVD. Firstly, what is a tenant? It’s a group of one or more host pools.
And each of these host pools contains one or more session hosts (VMs) that are registered to the Virtual Desktop service. In order to create a tenant there are a number of steps that must be completed to allow the service to interact correctly with your Azure AD.
Rather than re-write the excellent deployment documentation provided by Microsoft, simply follow the steps outlined here: https://docs.microsoft.com/en-gb/azure/virtual-desktop/tenant-setup-azure-active-directory
Create Service Principals and Role Assignments
Once you have successfully completed the previous step to create an tenant, you must then create the service principal and role assignments for Windows Virtual Desktop. Again, Microsoft provide excellent documentation covering this step here: https://docs.microsoft.com/en-gb/azure/virtual-desktop/create-service-principal-role-powershell
Once the above step is complete, you are now ready to deploy your host pools.
Install Windows Desktop Client
One final important snippet of information – be sure to install the Windows Remote Desktop Client (confusingly – this is not the same as your remote desktop connection built into Windows (mstsc).
You can grab the latest download from here: https://docs.microsoft.com/en-gb/azure/virtual-desktop/connect-windows-7-and-10
Part 1: Deploy Windows Virtual Desktop Host Pools
In order to deploy Windows Virtual Desktop, you must provision a host pool (a collection of one or more session hosts) which provide(s) the desktop sessions for your users. There are two deployment types that you can chose from:
- Pooled – Enable multi-session virtual desktop – Multiple users share the underlying host resources (many to one mapping of users to resources).
- Personal – Each user receives their own persistent host (one-to-one mapping of users to resources).
Part 2: Deploy Storage for FSLogix Containers (User Profile VHDX) & for Shared Data
Windows Virtual Desktop users can make use of FSLogix, a powerful and simple to deploy user profile and O365 container technology that makes handling remote user profile data simpler than ever whilst offering the following benefits:
- Performance: The FSLogix profile containers are high performance and resolve performance issues that have historically blocked cached exchange mode.
- OneDrive: Without FSLogix profile containers, OneDrive for Business is not supported in non-persistent RDSH or VDI environments. OneDrive for Business and FSLogix best practices describes how they interact. For more information, see Use the sync client on virtual desktops.
- Additional folders: FSLogix provides the ability to extend user profiles to include additional folders.
Part 3: Deploy & Configure FSLogix
I have built upon the excellent work by Senior Microsoft FastTrack engineer Dean Cefola and modified his automated deployment script which will automatically download and configure FSLogix into your session host for you. This is available at this GitHub repo: https://github.com/kirkryan/Azure-WVD/blob/master/PowerShell/New-WVDSessionHost.ps1
Once you have downloaded the above PowerShell script, simply add/edit the mount path for Azure NetApp Files to the variable called $ANFSMBPath (shown below):
Alternative Configuration Method:
If you have issues running the PowerShell script provided above, you can simply install the FSlogix agent from here: https://aka.ms/fslogix_download
Once installed, open the registry editor (regedit.msc) and create a new entry called VHDLocations (Type: REG_MULTI_SZ). Simply set the value to the mount path of the ANF volume and reboot the session host (VM). You’ll need to do this once per session host and can easily automated this step via GPO or other alternative methods.
- You have deployed an AD/DNS server that is reachable over IP from the parent VNET containing the ANF volume. Please note that UDR is not supported therefore a natively supported route must exist between the volume and the AD/DNS. If you have a complex network setup i.e. virtual firewall appliances, then simply deploy a read-only AD server within the ANF VNET or a locally peered VNET.
- You have whitelisted your subscription for Azure NetApp Files. It is a fully GA service but must be requested (similar to CPU count increase or SAP HANA large instances for example).
A big thanks to Andi Kelcher from Fujitsu for sharing their performance testing, Christiaan Brinkhoff & Jim Moyle who are Microsoft Global Black Belts for Windows Virtual Desktop, and Geert Van Teylingen GBB for ANF for their assistance in setting up my environment and understanding of the solution.