Andrew May, Vuzion Cloud Solutions Architect, writes…
Since it was released a few months ago, I’ve had many conversations with partners about Windows Virtual Desktop (WVD). Awareness of it, at least conceptually, has been good. What is less well known, is FSLogix and how this can be used to improve the user profile experience.
FSLogix was acquired by Microsoft in late 2018 and they now provide it to properly licensed WVD users for no additional cost. It is actually a collection of solutions, but the one I’m focussing on for this blog is the Profile Container: a replacement for roaming profiles (the bane of many a Windows Administrator’s life!) and User Profile Disks (UPDs) which were better, but still not perfect.
Profiles are still stored on a network share, but instead of being downloaded and attached to the WVD host when a user logs in, they are accessed directly over the network, which provides a much faster logon experience. The network redirection is hidden so it appears as if they were local profiles, eliminating compatibility issues.
Because user profiles and data are not stored on the desktop host, the hosts can be added, destroyed or replaced easily without worrying about user data being lost. And there are benefits for Office 365 apps too – the Outlook OST cache file, Outlook search, OneDrive for Business and other application data is stored in the container, so it follows users from WVD host to WVD host.
FSLogix Profile Containers aren’t just used with WVD, it is possible to configure local devices such as laptops and PCs to use them too, but extra licensing may be needed. When users switch from their local device desktop to a WVD desktop, their profile goes with them and their experience is kept consistent.
FSLogix requires a file share to store the Profile Containers and this can be a highly available pair of Azure VMs configured as a file server using Storage Spaces Direct or Azure NetApp Files. But a third option exists which often surprises people when I mention it – Azure Files.
Azure Files is a native Azure file share that is available in all Azure Regions, can be replicated to on-premises via Azure Files Sync and is quick and easy to setup with no VMs to manage. It does however require that Azure Active Directory Domain Services is used as the domain to which WVD hosts are joined.
If you want to know more about WVD or FSLogix, please get in touch.
Thank you for taking the time to read this blog. If you’re not technical or aren’t interested in how to configure Azure Files for FSLogix, I will bid you farewell here, but if you are interested, read on. I’ll try to keep it brief.
Configuring Azure Files for FSLogix Profile Containers
You will need to:
- deploy an Azure Storage Account and on the Configuration pane, set “Identity-based Directory Service for Azure File Authentication” to “Azure Active Directory Domain Services (Azure AD DS)”.
- create a Files share and via “Access Control (IAM)”, add the role assignment “Storage File Data SMB Share Contributor” to each WVD user – it is better to create an Azure AD group and assign this role to that, adding WVD users to the group.
- use the Storage Account Access Key to mount the share to a drive letter, go into its properties, choose the Security tab and select Advanced.Modify the permissions to the following:
When you set up FSlogix on the hosts, set the VHDLocations value to the full path of the Azure Files share.
It’s best to have the Storage Account in the same Region as the WVD Hosts. You should also be aware that if users already have a local profile on the WVD host, FSLogix won’t apply – the local profile will need converting or deleting.
If you need any support, contact the Vuzion team and we’ll be happy to help.