FSLogix profile containers for Azure AD cloud only identities
Published Feb 10 2023 07:23 AM 14.2K Views
Microsoft

Over the past several weeks, the number of customers seeking this type of guidance has increased significantly. I am glad see that our customers continue to push the boundaries of our product and growing in their Azure based deployments of RDS, Azure Virtual Desktop, and other VDI solutions in Azure.

 

FSLogix does support non-traditional configurations for Azure AD only scenarios. We are working to add this to our public documentation, however due to the number of instances where I've been asked about these configurations, a blog post was more immediate.   Customers who have Azure AD cloud only identities can use FSLogix in one of two configurations.

 

Cloud Cache using Azure Page Blob storage account(s)

 

First, read this article on how to secure the Storage keys.  The document is planned for an update, but the concept is sound.  Next, review the list of recommendations below, before implementing this solution.

 

NOTE:  These are recommendations for an optimal experience. 

 

  1. Do not use standard tier storage for Azure page blobs for production workloads.
  2. Ensure the Azure page blob storage account is in the same region as the virtual machine(s) for optimal performance.
  3. The Azure page blob storage account should use zone-redundant storage (ZRS) if available.  If not available, use two (2) unique Azure page blob storage accounts using local-redundant storage (LRS)
  4. Ensure the OS volume allocation size matches Azure page blob and the container (VHDx).
  5. The virtual machine(s) should have high performaning local OS disks as Cloud Cache will create a local VHD for each profile as the source while keeping the blob versions up to date. Alternatively, the virtual machine could have a high-performance temp or data disk.
  6. Typical Azure based deployments recommend 1 user per 1 vCPU. Using Cloud Cache, you should start with 1 user per 2 vCPU and closely monitor CPU and disk I/O. Continue to increase user load on the virtual machine(s) to find the right mix for your workload.
  7. Do not use the CcdMaxCacheSizeInMBs setting.
  8. Do not use ProfileType 1, 2, or 3.
  9. Read all the Cloud Cache configuration settings on our public documentation page.

 

 

 

$fslBlob1ConnectString = (Get-AzStorageAccount -ResourceGroupName CONTOSO -Name fslstgacct001premblob).Context.ConnectionString

$fslBlob2ConnectString = (Get-AzStorageAccount -ResourceGroupName CONTOSO -Name fslstgacct002premblob).Context.ConnectionString

& "C:\Program Files\FSLogix\Apps\frx.exe" add-secure-key -key fslstgacct001-CS1 -value $fslBlob1ConnectString

& "C:\Program Files\FSLogix\Apps\frx.exe" add-secure-key -key fslstgacct002-CS1 -value $fslBlob2ConnectString

New-ItemProperty -Path HKLM:\SOFTWARE\FSLogix\Profiles\ -Name CCDLocations -PropertyType multistring -Value ('type=azure,name="AZURE PROVIDER 1",connectionString="|fslogix/fslstgacct001-CS1|";type=azure,name="AZURE PROVIDER 2",connectionString="|fslogix/fslstgacct002-CS1|"') -Force

 

 

Alternate options:

Spare the Share: AADJ AVD and FSLogix Cloud Cache 

Great article from a fellow AVD enthusiast and self-proclaimed, crusty old tech, focused on helping public sector entities leverage cloud technology.

 

Azure Files SMB with access-based credentials stored using cmdkey

If you've been in the EUC community or Azure Virtual Desktop space for any amount of time, Marcel Meurer is no doubt a recognizable name. He recently posted a blog article describing this solution.  Please give him a follow and read his walkthrough here.

 

Our team is invested in expanding our cloud-based solutions and hope that these two (2) configurations will meet the needs of most while we work on other ways to address these types of deployments.

 

Cheers,

Jason Parker

Sr. Product Manager, FSLogix

6 Comments
Co-Authors
Version history
Last update:
‎Mar 16 2023 09:24 AM
Updated by: