Implement Windows Virtual Desktop using Azure AD Domain service and Azure file storage.

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay so let's get started thank you all for taking your time and joining the session today my name is Roshan I work as a solution architect with inner micro Australia based in Melbourne I am my email address displayed on the screen so if you have any questions on Azure or Windows virtual desktop and feel free to be in touch with me before we get into the details of the session if you are unable to hear me please let us know on the team teams chat John Sam can you confirm if you are able to hear me clearly yeah yep he directly rest of the folks I would request you to kindly would you mind on mute so that we don't need any background noises if you have any questions please use the team's chat as always I will go ahead and address most of the questions during the end of the session today we have a lot of content to cover a lot of demo to cover so today's session is on implementing Windows virtual desktop using Azure Active Directory domain services as the authentication source and we'll be using as your file storage as the storage for our user profile containers in the previous session we saw how we can use a traditional Active Directory running on a Windows virtual machine and a file server on a Windows virtual machine as a combination to implement Windows virtual desktop today we are using a lot of services which is in bed with in Azure or are available as a service within as well and we look how we can implement Windows virtual desktop using this these are two different options which we could use both of them have their own pros and cons will also look at those pros and cons today and before I go ahead let's look at the quick agenda so just to make sure everybody is on the same page will have a quick introduction of God Windows virtual desktop we look at Active Directory options and pros and cons of using Azure Active Directory domain services then we look at what is as your file storage its pros and cons I also want to quickly run through the promotion that England micro is running we have already got a very good response for this promotion so I wanted to make sure everybody is aware of it as it is limited and time bound so we'll go through the promotion and we'll also look at some pricing details then I'll show you the lab setup which have or a lab diagram which have used to set up my as you for this particular demonstration and also show you how you can set up on hybrid Active Directory using Azure Active Directory domain services and one of the questions that I got via email is we would like to know what is the next session about so I'll definitely let you know what the next session which is the next Wednesday that we are talking about and I'd appreciate if you could join to those sessions as well and and we look at question and answers so this is what the overall agenda looks like again at any point of time if you have any questions feel free to post them on the chat so Windows virtual desktop was introduced sometime around September last year it's a desktop as a service offering from Microsoft it is the only Windows 10 multi session offering available in today's market Citrix and VMware horizon-- actually are using Windows virtual desktop in the background to provide you multi-session Windows 10 experience it's not available on IBM flower it's not available on AWS it's only available on Azure as of today it's very much optimized for office 365 ProPlus what I mean by that is you can synchronize your onedrive you can synchronize your Outlook you can use all the Word Excel PowerPoint applications and all this data is not being stored on C Drive it gets stored on on another container or another location using their fist logics or technology so it's very much optimized for Outlook and onedrive we can sing you can do on-demand files and everything works very seamlessly for an end user for an end user it's it's as simple as he is logging on to a Windows 10 machine and doing his day to day job this is the only supported platform for Windows 7 if you want to continue and receive extended security updates so if you have customers who have proprietary software's which only run on Windows 7 after January 14th Windows 7 has stopped getting security updates which means your Windows 10 Windows 7 is not patched which may or may not result in a hacking attack so just to make sure your company saves your data safe I would definitely recommend going on to Windows virtual desktop or preferably upgrading to Windows 10 so that you can make use of all the technology and enhancement that Windows 10 has brought into itself it is very tightly integrated with Microsoft 365 now people who have attended previous session would know the license benefits that you get with Microsoft 365 but you can also use the advanced threat protection functionalities such as conditional access multi-factor authentication Active Directory auditing you can use other functionalities of email security and identity security such as a premium privileged Identity Management of sorry can use all those features and functionalities on top of Windows virtual desktop if you combine Microsoft 365 with Windows virtual desktop it gives you an option to deploy pool or personal desktops one of the questions that I got in the previous session was when do you use personal desktops one of the scenarios that I have seen with my experience is typically when we do a project as the CEO or the CIO gets a personal desktop and rest of the users get a desktop or if you have a scenario where you you have a customer who have very heavy applications that they use for example things like AutoCAD any design tools that use a lot of graphics or use a lot of resources we preferably give such users who use these applications of a personal desktop or a dedicated desktop and rest of the users poor desktop all the options to deploy Windows virtual desktop ava is available within a short 'l itself you don't need any third-party tools it is simple to deploy and easy to scale today talking about the licenses any customer who is using Microsoft 365 as of today is eligible to reuse the Windows license which he gets as part of his Microsoft 365 with Windows virtual desktop if you have a customers who's using office 365 then first they have to purchase a Windows 10 subscription license and then use Azure or or then use Windows virtual desktop so I would definitely encourage and recommend partners to help the customer transition from office 365 to Microsoft 365 and couple of weeks ago Microsoft actually renamed all the office 365 plans to Microsoft 365 it's more of a name change but I would definitely encourage everybody to move to Microsoft 365 III ePHI of business plan so that you get the best benefit of productivity and you can reuse the license with Windows virtual desktop if you come across a customer who still wants to use a server operating system as a session host on Windows virtual desktop he can still do that but with respect to RDS Cal's he will need to purchase RDS Cal's with Software Assurance even though he has an on IdeaScale for let's say 2016 or 2019 without Software Assurance he cannot reuse that with Windows virtual list of he has to have an ideas can with Software Assurance with an active Software Assurance well let's go into the details of today's session so for today's session what are the Windows virtual desktop requirement of course you need to have an active as a subscription you should be able to create resources within it one of the important resources the virtual network you definitely need to have an Active Directory infrastructure Windows virtual desktop does not work in a workgroup environment it always has to communicate with an Active Directory infrastructure and today the Active Directory infrastructure that we'll be using is act as your active area domain services or managed domain services the account permission for today's session is or if you want to set up the wavier we are looking at recession is he has to be a member of a specific group called a ad Azure Active Directory domain controller administration group he also needs to be global administrator role or owner what I found out from previous sessions some of you also suggested that a contributor of the subscription would also work the answer is yes you can also be a contributor of the subscription but you definitely have to be a global administrator while you're giving the consent so you need a Google admin permission you also need a tenant creator permission on Windows virtual desktop application I will go through all these roles and groups in the session in the demonstration so you get a more visual explanation of it and in today's session again we are not using a service account we are using a normal user account to configure Windows virtual desktop and the Accord which you use to configure Windows virtual desktop cannot be enabled for multi-factor authentication all right so the MFF for this particular account is disabled so let's look at Active Directory Options like I said earlier Windows virtual desktop definitely requires the users who log cannot be a workgroup cues that they have to be an Active Directory user so with respect to Active Directory we have two options right the one option is used traditional Windows Active Directory running on a virtual machine run an Active Directory sync sync the users to Azure Active Directory and then have the Windows virtual desktop communicate with the virtual machine and this is what we saw in the previous session in today's session we will be looking at Active Directory domain services so Active Directory domain services in a way is an extension of your traditional Active Directory as your Active Directory I'm sorry so Azure Active Directory domain services is an extension of your ad so this is you can call it as an add-on feature for your Azure Active Directory this feature has to be enabled and configured and once enabled and configured domain services will allow you to join machines it can be Windows 10 machines or Windows Server machines to join to your Azure Active Directory domain right so inter if you use a traditional Azure ad you cannot join your machines to the traditional Azure ad if you want to join the machines to traditional as your ad or if you want users of who are present in Azure ad to be able to log in to the virtual machines then you need to enable domain services this is a feature that is not enabled by default you have to enable it and you can have only one domain services per tenant right if you have let's say four or five domains registered in a tenant you can enable domain services only for one domain in that particular tenant or in that particular directory right so keeping that in mind so let's look at what are the pros and cons how does it compare with a traditional Active Directory which runs on a virtual machine or which is running on RAM so pros it is very very simple and easy to deployed it gives you a user in of wizard you just use that wizard fill in the information and it gets deployed very less human intervention when it comes to deployment of it it takes away a lot of management of your Active Directory like patching updating making sure it's highly available all of these things is managed and maintained by Microsoft because it's a managed directory service so you don't need to worry about making sure it is always up and running making sure it is there are schedules with in Azure itself which can back it up automatically you don't need to worry about Cyril ability so all of those things are taken care of one of the other very important benefit which I see for smaller customers would not have a very good firewall in place or do not have a very strong on Prem infrastructure is you do not need to have a site-to-site VPN or Express route configured in order to use Azure Active Directory domain services right all you need to do is have your users present in Azure Active Directory that's your good so once your users are present in Azure Active Directory then if you enable domain services they can start logging on to virtual machines Windows virtual desktop and start using it with the username and password which is available in naturally what are the disadvantages now there's a lot of rumor that says Azure Active Directory domain services does not support group policy the answer is no it definitely supports group policies but what it does not support is the replication from on-prem to Azure so if you have created group policies in your local Active Directory you cannot replicate that to domain services you will have to recreate those group policies and domain services right currently domain and forest trust is not supported this is already in the roadmap this development as I said earlier you can have only one domain services per tenant right so sometimes this becomes a limitation if you want to any build multiple domain services for multiple of your domains within a single tenant its as of today it's not possible so it becomes very tricky to to set up also if you would like to extend your domain services outside the virtual network it is configured it starts adding complexity you need to configure we need to be NIT peering and then make sure the authentication and the traffic is flowing through so it becomes a little complicated when you try to extend the virtual network or if you are if you have a scenario where you need to have multiple domain services as part of your tenant the other I won't say a drawback but this is by design has as your ad replication to domain services is a one-way replication right for example you you cannot have a replication where you create or you enable a feature in your domain services it right back to your ad and then again it right backs to your on from Active Directory that is not available as of today right it's a one-way application if you create a user in your Active Directory and have ad sync then it creates the user in Azure ad and that can be then given permissions yr domain services to virtual machines but the other way around is not possible so I hope it's not too confusing at a very high level what you need to remember is domain services is Active Directory as a service running in Azure right it's an Active Directory as a service running in Azure or using widgets you can join machines to the domain you don't need to manage and maintain your active directory within Azure if you run this all the passing and updating of your Active Directory is taken care by Microsoft so that is the authentication piece let's look at as your file storage within action there are broadly for different types of storages there is disks which is primarily used for a vh DS there is queues and tables which is primarily used for your SAS based applications and there is files files is a type of storage which can be accessed on the traditional SMB protocol right it is you can consider file storage as a big sand or a big mass that is available on a shirt and this San or nas can be accessed by multiple machines at the same time right it's a shared storage it's a fully managed file share that's available in cloud which can be accessed whether by on-prem virtual machine I'm sorry Bible by compromised machines or by other virtual machines right these shares these storage file storage can directly be mounted on a Windows Linux or a Mac OS without the need of creating a virtual machine attaching the storage to it and then accessing it this is a special type of storage where I just create the storage and directly mounted to my machine which has internet connection right so it acts as a shared storage available for us to use as you find storage has its again pros and cons it's a fully managed service similar to domain services the storage is managed and maintained by Microsoft you don't need any you don't carry any overhead in terms of availability it's a shared access which means it uses traditional SMB 2.0 and 3.0 protocol 2.0 can only be used within Azure 3.0 is what is available within and outside Azure if you have applications that need shared storage then as your file storage is the storage to use and redundancy it provides you nine nines redundancy so your data accidental deletion by by the system is very very minimal your data is is available for you to use there are some disadvantages that it carries if you are using as your backup to take backup of your actual file storage then the maximum number of times that you didn't take a backup of your file storage is four times unity right for small to medium customers this this might be sufficient but if you look at medium to large customers they would like to have more and more backup taken it may be ones 1/4 hour or six times a day or eight times a day these functionalities are still under development as of today the maximum number of backups that you can take per day is four four on for the azure file storage and this is with respect to as your backup I am not really aware if there are third-party tools that have already integrated with as your file storage I know they have integrated with blob storage but I don't really I'm not really sure if you have me more Veritas or combo that can take backup of agile file storage for more number of times than what as your backup can do deleting snapshots you have to be very very careful about it especially when you're taking backup on a ship backup there are times that a recovery would fail and deleting files shares that are protected by acid backup also might lead to data loss so when it comes to backup and restore of acid file storage you have to be very careful and very cautious but apart from that it's a beautiful service I'll show you how to create it how do you give permissions how do you access it and you can see how easy it is to configure so this is my lab setup for today as you can see I have I don't have a non-prime active directory in my lab set up directly created users on my acid active directory and I've just extended that to an azure active directory nervousness the domain services has its own network in inside this network you have as you find storage and as you have Windows virtual desktop session host I request all attendees to kindly be on mute alas can we avoid any background risers a hybrid deployment looks something like this so if you do have an on from Active Directory you can still use that with the setup that I had so all you need to do is extend your on traumatic effect referred to as your Active Directory you can sync the users using ad Connect and then extend it to domain services all right so let's say if you have a customer who still wants to continue to use is on from Active Directory for some of his applications right legacy applications on pram and all he wants to still maintain a simple acrobat Yantra the entire set up is still very much possible all you need to do is an extra step of just extending it to Azure Active Directory the promotion that we are running we are actually running a promotion we already have good three to four partners who qualified for this so we have $1,000 as your credit for any Windows virtual desktop opportunity can be used for POC or for production environment so if you have a customer who you think Windows virtual desktop is a good friend let's get on a call discuss let's have a conference call with the customer let's see when when does you want to implement it how soon does one implemented or during these times making sure you have a more working environment available for all your customers is very critical and Windows virtual desktop definitely fits well to that requirement it's available for the first ten partners who come with a natural with an active Windows virtual desktop opportunity we have about ten thousand dollars worth of credit available with this so I'd like to distribute it across ten partners so if you do have an opportunity please do get in touch with us now for the pricing information a lot of people asked in the previous session about can you give us pricing information now for pricing information I would request you to get in touch with your regional Account Managers so we have cloud mediums across Australia we have Sam in Queensland we have Susana for a city and New South Wales we have Kimberly for Victoria and we have Fabiano for Western Australia so I'll be sharing this light by the end of this session I'd put the slides on the chat so you can download the slides they have put in their email addresses and phone numbers for any pricing information any opportunity that you have these are your point of contact I very much appreciate if you get in touch with them they will help you smoothly transition and making sure our subscription is created and you get rates for your production or PC environment so with that in mind let these are the overall deployment steps are not to go through all of them in detail we will quickly jump onto the demonstration and go through each of these steps now in the demo there are a couple of there are multiple subscriptions that I'm using the reason as I said is I have already enabled domain services in one of my subscription or in one of my tenant and I cannot reenable it and in order to deploy domain services it takes roughly about 35 to 40 minutes so hence in one subscription I already have it running I have a brand new subscription in which I'll show you how to configure a domain services Sam Kim can you confirm if you are able to see the screen sharing yes okay so this is one of my subscriptions it's a brand new subscription I have created using my personal account and here too in order to enable domain services so it's it's available under services so if you just search for Active Directory domain services you will be able to direct right so here you find that option now of course before you actually go ahead and configure it what I would always recommend is a register your domain right if it is a no contoso calm what's your customer domain then register the domain first so that you can extend that domain into domain services since it's a testing environment what I have here is I have a domain by the name with dot on like so calm so I'll be using the same domain to extend it to domain services okay so this is my domain roshun yalla outlook dot on microsoft.com right so using the same domain I will go ahead and extend it let me go back to my home screen on domain services say add now this process what I'm showing you right now is already configured on another domain name in another subscription which I'll jump on to after showing you how to configure this I I want to cover as many steps as possible in the demonstration hence I'm using multiple subscriptions so I'll use an existing workgroup this might domain or DNS name so our DNS name has to be you can you can definitely give it a prefix right now do remember that once you've configured your domain services this DNS name cannot be changed it once configured if you want to change it you'll have to basically delete your domain services as a whole and then recreated using a different DNS name so it's very important that you give you give the right DNS name to begin with and you use the reason Southeast Asia select this few standard SKUs sufficient now the difference between standard premium and enterprises primarily the number of users that you can have a standard gives you approximately about 3,000 authentications so you don't need to worry if you have less than 3,000 users still standard I'll use user forest type for now click Next I definitely needs a network so this is the network into which you will add your virtual machines so that they can join your domain services right so make sure you choose the right network and add your machines into this network so that later they can authenticate and join to the domain which you are currently configured so one of the very important groups that get created is a ad DC administrator so think of it as the local administrators group in your Active Directory right so these are the this is this is the group that has the admin privileges in your domain services for example if you want to add a machine to the domain remove the machine from the domain this is the group or a member of this group can do that so Ward is doing right now is adding my existing group the the user which have logged into part of this particular group synchronized now as I said this is an extension of your as your ad right now in your Azure ad if you have created multiple groups if you have created multiple users and you want to scho or you want to make this domain services available only to certain groups off your Active Directory Azure Active Directory then you can scope it you can say scope and then select the groups if you want everybody who are part of your as ready to use domain services then just leave it default so then you just review and once I hit create this creation roughly takes about 30 to 35 minutes right so I've initiated the creation of it in my new subscription so hopefully by the end of the session this should be created and we come back and see what options it shows but keeping the time frame in mind what I have done is this is another subscription that I have and here I already have a domain for Less clout me dot life right and I have already gone ahead and configured the domain services so whatever you saw till now those steps have been run and this is the end result of it right so this is what it looks like you have your Active Directory up and running you can look at some of its properties it has a network this is the network and these are the IP addresses now these are the two IP addresses in which your DNS will also be running so think of it as an Active Directory but you do not have access to the windows level offered right you cannot log in to this domain services Active Directory right it gives you all the options to create manage right from the azure portal itself so this is the end result of it so I have a domain for it cloud may not live it has been configured with domain services all right so next what we'll do is we quickly jump on to making sure we have the right user permissions and then we will start off with Windows virtual desktop creation right so the authentication piece is taken care what I want to make sure is I go on to my Active Directory go to the groups and show you the new group that gets created ad DC administrators so this is the group that gets created a ad DC group and in this group I have a new member called as Ironman right so this is the user that I will be using today who would act as my administrator who's part of my DC administrators group if you also took it the roles assigned to it is also a global administrator and he also has owner permission on my subscription right so this is the user that we will be using and of course this user doesn't have multi-factor authentication configured for him I have a couple of other users as well I quickly want to show those users to you who will be part of this portrait demonstration I have created a group called as wvd uses and in this group I have two more users who would be acting as a normal user so that's Thorin time so iron man is the administrator Thorin tile normal users who are part of Avengers company would be part of our session today great so once the user permission is taken care what we need to do next is the same steps that we did last time the very first thing that we need to do in order to use Windows virtual desktop is give consent to the service saying that this is the subscription that will have Windows virtual desktop running so and for that you need active directory or tenant ID or directly ID so I'll use that go to this particular page enter it here submit the server app and I log in as Iron Man and say aloud so you can so the service can't read this my user details and login again this time has a client app and this is for the declined that we will be using like in login as Iron Man now you will be able to accept and get this information only if you are a domain administrator right else it will actually ask you to login back as an administrator who or who has the right permission so it's very important that you are in global admins traitor if you want to do this so once this is done the next step is to give Iron Man tenant creator permission so if I go back to my active directory go to my Windows virtual desktop and users and group you will see Iron Man already has the tenant creator permission right in your scenario if he doesn't have it then just click on add user select the user here say I don't mind or whoever is the administrator its select and hit assign now if I get assigned right now to throw an error saying this user already has this permission but in your scenario if he doesn't and make sure you do the step right this permission will give him rights to create new Windows virtual desktop tenants right so only a user who has permissions who has tenant created permissions on the Windows virtual desktop application can create new Windows virtual desktop - so in my scenario you already has that so not redo the step now once the tenant permission has been given and permissions are all in place we have to start running our partial commands right the first command is to install the module for our D infrastructure so let's go ahead and have this installed in our partial C yes to all I'll import the module and then I'll add the IDS account so here again which are going to be used we use Ironman so now the account has been added the very last thing that we need to do in PowerShell is to go ahead and create a new tenant so for this what I typically do is just search for new IDs tenant you will get this option to run it from a user interface-based option rather than typing out the entire gooood so I've already copied my directory ID I've already copied my subscription ID what I'll do here is I'll just give it another name I'll say wvd is to them okay so basically what I'm doing is creating a new tenant in the subscription in the tenant ID with the name wvd session to our s2 demo so I'll just run this now this command will typically throw an error if you have not assigned the tenant creator permission right so if you get an error here saying user is unable to query the management service that's the typical error go back and check if you have the tenant create function assigned to this particular Road so in my scenario I've taken care of it so the tenant gets created and now going back we start creating the Windows virtual desktop within our asset portal create we'll go ahead and use as your EDD swed the reason I'm using this is because this particular resource group actually has the agile act battery domain services configured in it right so it makes it easy for me to select the network so the reason things like this so Southeast Asia desktop cool name so we'll give a DDS desktop thank you but we still go ahead with pooled this is where you can select pooled or personal so we'll go ahead with pooled and default desktop users now here you will actually need to add individual users by their UPN right max of testers working on making sure that you can add groups here but as of now you will need to add the individual users one by one so given these three users I service metadata location as explained in the first session no PPI PII data goes on to the service metadata it is the only information that goes out as the service metadata is the subscription has Windows virtual desktop enabled right that's the only information that goes across how many will be set so for now I'll say no I go with user profile light because it's a demo I don't want to run on machines I'll totally uses a three and desktop suffix I will say use the same name so that it's easy for me to remember desktop session okay here I'll again use the same image there are different images available I typically use my tea session with Office ProPlus president just takes out the the work of installing office again on on the niche here I would use Ironman so one point to quickly note he is this password has to be a minimum of 12 characters right I had a sort of password previously when I reach the stage give me an error saying the password is not supported so make sure your administrator has the minimum of 12 as with combination of special characters and numbers and things like this I'll choose the tenant I'm sorry I'll choose the network so here I have the network configured under my as your active directory and my network is the first one so this network has my domain services conjugate which in the background will also have my dns configured so that I'll be able to join the Machine system a I click Next so the name which we created was w VD s to demo this name it has to be exactly the same as you will see an error so make sure whatever tenant you created it matches so validation is passed I if I go ahead and hit create this will go ahead and create a new pool Windows virtual desktop infrastructure so this particular phase of registering or giving a consent giving tenant creator creating a Windows virtual desktop session or host pool is the same steps that you do whether it is a traditional Active Directory or an azure active directory domain services right these are the same steps you don't change these steps so go ahead and hit create again this takes roughly about 15 to 20 minutes to create again keeping the time frame in mind what I have done is I've already created another host pool which we would use but before I jump on to the host pool what I want to show you is the find services of the file storage right now if you go to storage accounts if you just search for storage accounts you can go ahead and add a new storage around right so I'll just give it same tenant and give it a storage account named every VDS 2mo okay I choose the same region make sure everything is as part of the same region to not spread across different regions I'll use LRS I don't really have a need for read-only access and use all networks and I'll go ahead and create this so I'm going out and basically creating a new storage account within a storage account you can create either queues or fine queues or tables or disks or file storage right the first thing you have to do is create a storage account right then storage account gets created pretty quickly it doesn't take too much time hopefully also while it's getting created a quick update we did talk about the promotion the promotion is thousand dollars which is a higher credit plus we would be helping you deploy Windows virtual desktop for free so it will be me or one of my colleague you will jump onto the call help you set up the entire Windows virtual desktop so it's not just giving you credits and letting you deploy by yourself we will handhold you with respect to Windows virtual desktop deployment as well just want to make sure you're aware of so the storage account gets created if I go to the resource as you can see I can create file share stables fuse and containers right so in our scenario you want to choose file shares I create a new file share and I can give it a name saying WV ds2 demo and now the quota which should give this needs to be calculated you need to have an idea in terms of how much does your User Profile in total contribute to the storage right so if you have let's say 25 users each how much does each user store in his user profile right so let's say 10 GB or 15 GB or 20 GB so 20 GB 25 users that's the quota I would say give it 30 percent more than that so that you can have a little more flexibility in terms of the go Rider so in my demo I just do it 128 now the file share is created okay now one of the things to remember is you still this storage account though it is part of the same resource group how can a user get permissions for this particular file storage right because the end of the day he is storing his user profile data which means he needs to have permissions on this file share in order to do that now previously in order to give access to a file share permissions for the user you had to run partial commands and scripts Microsoft has now made it a little easier so go back to your storage account go to the configuration of it and here you have something called as identity based access for file shares right so here you see as your Active Directory domain services now very soon you will be able to give access to files share via a typical active directory you don't need to have domain services but this particular feature is still in preview right hopefully another three to six months this feature will be available but for our demo will enable this so that users who are part of our domain services can now access the file share I hit save and now if I go to access control you will see certain special roles that get any bit due to this right so I'll say add role assignments and the road which you will see here is this one storage file data SMB share elevated contributor if you if I hover over the information button you will see you will be able to read and modify NTFS permissions alright so this is what we need because you should have read and write access to full control on this file share so I'll select that and choose our actually administrator and I'll also use the PVD users because although users are part of this particular group right there is also another permission that you'll have to give which is contributor so we saw elevated contributor we also need to make sure that they have access as a contributor also so both these permissions have to be given for the users wonderful so once you have given permission at a storage account level this permission gets inherited onto the file share as well so if I go ahead into the file share and if I look at access control here you will see that the permissions if I go to role assignments the permissions are inherited right so give it at at the root the permissions get inherited here what I will do is I will click on connect number created a file share I should know how to connect to this file share right so if you click on connect it will actually give you options in terms of partial scripts if it's Windows if it's Linux it will give you a batch command if it's Mac OS also I think it will give you a bash power right so you just copy it and run it on the windows work machine on the session host in our scenario you need to run this on the session host so that it becomes available to all the users right so in our demo the session host is still getting provision so just keeping time frame in mind I have already created a session host called as a DDS desktop 0 right now when you create and host fool you cannot to log into the host pool directly because it doesn't get a public IP address right and this is one of the good features of Windows virtual desktop you do not need to open any public IP you don't need to expose it to the public in order to log in and make use of it right but that also gives a constraint for administrators in terms of ok how do they now login there are two options one you can put in a jump server or a dummy server into the same network and log in via that or you can use something called as Bastille right now again I'm not going to the details of Bastion it's a service that lets you log into machines which are not exposed to public Internet ok in my demo I have created a jump box that's just easy for me so this is the jump server which is part of the same network if I go to I click config you see it as part of 10016 and my host pool is running on 1001 7i I log in as Ironman again because he has the administrator permissions and what I've also done is I've gone ahead sorry this is mine I'll go ahead and mount the user profile data here the file storage right so let me copy I hope I'm not confusing everybody too much this definitely knows a lot of steps in terms of the demo so you go back copy the connect just copy this to my clipboard so it creates a shared drive with Drive letter Z so this is my Windows virtual desktop session I'll open partial here just paste it and just run lists so I should be able to see my drive as you can see it now I'm able to access it so this is as simple as as as a network share I can go ahead and create a new folder create a new file and this gets replicated back instantaneously so I've created a folder called test if I come back here hit refresh you will see the test folder also created all right so it's pretty seamless pretty straightforward I delete it it should also get deleted here as well so once this is done you'll have to be a permissions on the file share now so go into the permissions edit add now only if you have configured or only if you have enabled domain services for this file share you will be able to add users and give them permissions here right if you have not configured that steps you will not be able to go ahead and configure users and give them permissions over here I as you can see I am able to look into cloud me dot light which is my entire domain and here I can resolve my users right so I'll users I'll give them full control hit apply okay so now all my users who would use Windows virtual desktop part of my setup which is domain services and file share can start storing their use of profile data onto this file storage right the only next thing to remain remaining is go ahead and configure FS logic right I've already downloaded FS logic on this machine go to the release 64 and run your FS logic apps setup right it's a very simple straightforward setup accept the EULA and the application gets installed right now once it is installed what's the next thing have to update your registry settings so I open so I've already pre-configured some of the values here so really you only need two values one is so I'll just go back and show you where exactly you need to create this so go to your local machine go to software and go to FS logic now under this you'll need to first create a new key right you'll need to create a new key and the key name is profiles with an S right and P has to be capital right so you have to follow exact to the letter in terms of editing your registry settings once created the two keys is enabled and VHD locations right so under enable you make it as one and under VST locations I'll just change this value to WV the S to them and just reconfirm if it is correct I'll just reconfirm one more time just give me a second here because if I put in the wrong one the user profiles will not get saved and wvd a student okay I usually add this third one because during testing what I do is I log into the virtual machine a lot of times to check everything is in place and sometimes I login before FS logic gets configured right so what happens is the local profile gets created on the machine when you add this particular key delete local profile when VHD should apply the local profile gets deleted automatically and all the data goes on to my FS logic container so the third here the first one is is not required but I just add it as for my understanding okay so now everything is ready you have host you have storage you have all the bits and pieces ready with you the only next thing to do is log in using your client alright so again launch a client subscribe and let's log in as it's a holic you should be able to see one or two session boss if the session was created yeah so as you can see this is what I had set up earlier this is one that we actually set up now so the session host actually got created but we log in to the one where FS logic is configured so I'll go on to this Windows 10 desktop and here and if everything is correct I should be able to log in and my profile should get on to the idea file storage okay so as you can see it is actually loading my profile from FS logic app service so while it is loading I'll quickly show you the profile data in my storage all right so that we can be sure that it is actually coming out from the same storage meted I'm sorry I went on to the wrong one it's not yet created it's still loading up so once it loads up you should be able to log in and then start using the Windows 10 and you will see the user profile created so this pretty much brings us to the end of today's session all right so I am sure it was a very long lot of demo a lot of things to configure but with this setup you can serve this model you have directory as a service file storage as a service and you can potentially offer desktop as a service everything running out of actual a complete 100% cloud-based VDI infrastructure is what it can achieve with domain services and as a file storage so this pretty much brings me to the end of stress session what I want to do now is jump on to the questions if you have any and go through the questions if you do have anything feel free to post them on Q&A and we'll go through these questions one by one if you don't have thank you very much for your time for attending this session I hope it was informative and helpful if you do have any questions feel free to get in touch with the club mediums or with me and we'll be more than happy to assist you thank you very much and now we'll jump on to the questions and start answering them and share the presentation yes you will receive the presentation very soon thank you Robert for answering it needs to be yes trick the answer is yes you can join a standard laptop but the laptop has been toast and locked right you can only join a Windows 10 laptop to Azure Active Directory domain services does the hybrid as your ad set up right group falls into the cloud the answer is no it does not you have to recreate the user policies Alex does the thousand dollar offer replace the 30-day offer mentioned last week no it's the same offer what is the recurring cost of Azure Active Directory domain services so it's it's roughly what I remember is about hundred and ten dollars anywhere from 110 two hundred twenty dollars is what I remember so and and this cost covers about ten thousand users right so you don't need to worry about the number of users but yes it is a recurring cost month on month the client has III and II Phi they can start to use they can start to use that to configure Windows virtual desktop the answer is yes I'm assuming it as max of 365 III or if I so with this set up you don't need an ad or DC all you need to make sure is the users are created in hire ad right that's the end goal was the recording from last week sent out I'll double check with our marketing team and let you know how the recording will be published Thank You Dominic I'll definitely check if the presentation of the recording is not sent out if it is not sent out just drop me an email exposed the recording is published on YouTube so we'll show you the youtube link and I will share the presentation George I'll definitely send out send out all the details ok so that pretty much brings me to the end of the questions thank you ladies and gentlemen for attending the session again CoCoRaHS helpful and informative please do get in touch with us if you have any questions or if you want to make use of the promotion offer that we're running thank you and have a great week ahead

Info

Channel: Ingram Micro Cloud ANZ

Views: 9,840

Rating: undefined out of 5

Keywords:

Id: dILWfJSkTXc

Channel Id: undefined

Length: 63min 51sec (3831 seconds)

Published: Thu Apr 16 2020