FSLogix profile containers for Azure AD cloud only identities

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.

Over the past several weeks, the number of customers seeking this type of guidance has increased significantly. I am glad see that our customers continue to push the boundaries of our product and growing in their Azure based deployments of RDS, Azure Virtual Desktop, and other VDI solutions in Azure.

 

FSLogix does support non-traditional configurations for Azure AD only scenarios. We are working to add this to our public documentation, however due to the number of instances where I've been asked about these configurations, a blog post was more immediate.   Customers who have Azure AD cloud only identities can use FSLogix in one of two configurations.

 

Cloud Cache using two (2) or more unique Azure Page Blob storage account(s)

 

First, read this article on how to secure the Storage keys.  The document is planned for an update, but the concept is sound.  Next, review the list of recommendations below, before implementing this solution.

 

  1. Ensure the Azure Page Blob storage accounts are in the same region as the virtual machine(s) for optimal performance.
  2. Format the OS disk into a 4k allocation block size to match the Azure Page Blob block size.
  3. The virtual machine(s) should have high performance local OS disks as Cloud Cache will create a local VHD for each profile as the source while keeping the Blob versions up to date.
  4. Typical Azure based deployments recommend 1 user per 1 vCPU. Using Cloud Cache, you should start with 1 user per 2 vCPU and closely monitor CPU and disk I/O.
  5. Do not use the CcdMaxCacheSizeInMBs setting.
  6. Do not change ProfileType from the default setting of 0.
  7. Read all the Cloud Cache configuration settings on our public documentation page.

 

$fslBlob1ConnectString = (Get-AzStorageAccount -ResourceGroupName CONTOSO -Name fslstgacct001premblob).Context.ConnectionString $fslBlob2ConnectString = (Get-AzStorageAccount -ResourceGroupName CONTOSO -Name fslstgacct002premblob).Context.ConnectionString & "C:\Program Files\FSLogix\Apps\frx.exe" add-secure-key -key fslstgacct001-CS1 -value $fslBlob1ConnectString & "C:\Program Files\FSLogix\Apps\frx.exe" add-secure-key -key fslstgacct002-CS1 -value $fslBlob2ConnectString New-ItemProperty -Path HKLM:\SOFTWARE\FSLogix\Profiles\ -Name CCDLocations -PropertyType multistring -Value ('type=azure,name="AZURE PROVIDER 1",connectionString="|fslogix/fslstgacct001-CS1|";type=azure,name="AZURE PROVIDER 2",connectionString="|fslogix/fslstgacct002-CS1|"') -Force

 

 

Azure Files SMB with access-based credentials stored using cmdkey

 

If you've been in the EUC community or Azure Virtual Desktop space for any amount of time, Marcel Meurer is no doubt a recognizable name. He recently posted a blog article describing this solution.  Please give him a follow and read his walkthrough here.

 

Our team is invested in expanding our cloud based solutions and hope that these two (2) configurations will meet the needs of most while we work on other ways to address these types of deployments.

 

Cheers,

Jason Parker

Sr. Product Manager, FSLogix

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.