Configure Storage for FSLogix Components – Implement and Manage Storage for Azure Virtual Desktop
Configure Storage for FSLogix Components
FSLogix is the tool used to manage user profiles for pooled desktops since pooled desktops are not persistent desktops. FSLogix allows you to configure the user profile location on the desktop, and the user profile gets attached to the desktop whenever the user logs in to the desktop. Pooled desktops can have multiple session hosts, so you must make sure the FSLogix configuration is the same on all session hosts under the same host pool.
There are multiple ways to implement the FSLogix configuration on the session host, but the easiest and preferred way is to configure the FSLogix configuration in the image itself and create different images for each host pool so that each image will have host pool–specific FSLogix and application configuration.
You have to provide the user profile storage account details as part of the FSLogix configuration, so you must create a storage account with the required configuration before you can capture an image for each pooled host pool.
The following are a few recommendations for storage accounts for the FSLogix user profile:
•\ Keep a separate storage account for each pooled host pool’s user profile in each region.
•\ Use a high IOPS/premium storage account for the user profile.
•\ Join the storage account to an AD DS domain.
•\ Always create an AD security group for each host pool and assign it to the Storage File Data SMB Share Contributor role so that authorized users can read/write profile data from a storage account.
•\ Restrict user profile storage access to a specific VNet/subnet.
•\ Enable storage account access over private endpoints to a specific VNet.
•\ The same type of host pool in the same region (i.e., belongs to the same BU) can use the same storage account for the user profile as far as there is no compliance/InfoSec requirement.
•\ Consider GEO replication to a DR region if you’re planning to enable DR for the pooled host pool. Premium file storage does not support GEO replication, so if you want to implement DR, then you have to select the standard storage account tier or use the FSLogix cloud cache to store the user profile on multiple storage accounts in different regions.
Follow these steps to create a user profile storage account:
\ 1.\ Log in to the Azure portal and select the correct directory and subscription where you want to create the AVD host pool and desktops. Make sure you have the correct permission (contributor or owner) to create the storage account. See Figure 5-1.
Figure 5-1. Azure Virtual Desktop, selecting a subscription
\ 2.\ Search for storage account in the top search bar. See Figure 5-2.
Figure 5-2. Azure Virtual Desktop, storage account search
\ 3.\ Click the Create option to create a new storage account. See Figure 5-3.
Figure 5-3. Azure Virtual Desktop user profile storage account creation
\ 4.\ Select the correct subscription and resource group names from the drop-down where you want to create the AVD desktops. If the
resource group does not exist, then you can create a new resource group by clicking the Create new option. See Figure 5-4.
Figure 5-4. AVD user profile storage account creation page
\ 5.\ Scroll down and provide the storage account details such as the name, region, performance (SKU), account type, and redundancy. The following are the recommended values for each field:
Name: As per your organization’s standards, but Azure accepts only 24 lowercase characters and numbers.
Region: This is the same as the AVD host pool.
Performance (SKU): Premium (no GEO replication supported).
Premium account type: File share.
Redundancy: Zone redundant (ZRS).
Click the Next button once you have filled in all the details.
See Figure 5-5.
Figure 5-5. AVD user profile storage account creation, Basic tab
\ 6.\ You can verify the options available on the Advanced tab and make sure they align with your organization’s requirements. Click the Next button once you have filled in all the details. See Figure 5-6.
Figure 5-6. AVD user profile storage account creation, Advanced tab
Note By default, Azure encrypts the storage account data at rest. Infrastructure encryption adds a second layer of encryption to your storage account data.
\ 7.\ Select “Private endpoint” on the Networking tab and click the “Add private endpoint” option. See Figure 5-7.
Figure 5-7. AVD user profile storage account creation, Networking tab
\ 8.\ Select the subscription, resource group, region, endpoint name, storage sub resource (must be a file), and VNet/subnet in the private endpoint pop-up.
Endpoint name: As per your organization’s naming standards.
Storage subresource: This must be a file.
VNet/subnet: This is the same VNet where you want to create a pooled host pool.
Click OK and the Next button once you have filled in all the details.
See Figure 5-8.
Figure 5-8. AVD user profile storage account creation, Private endpoint creation
\ 9.\ Select “Enable soft delete for file shares” if you want to keep the deleted files for specific days. Click Next and add the tag details as per your organization’s standards. Click the “Review + create” button once you have entered all the required information. See Figure 5-9.
Figure 5-9. AVD user profile storage account creation, Data protection tab
\ 10.\ Click Create once the validation is completed. See Figure 5-10.
Figure 5-10. AVD user profile storage account creation, creating and reviewing
\ 11.\ Click “Go to resource” to open the storage account’s Overview page. See Figure 5-11.
Figure 5-11. AVD user profile storage account creation, deployment status
\ 12.\ Verify all the information on the Overview page such as the name, storage account SKU, and region. See Figure 5-12.
Figure 5-12. AVD user profile storage account, Overview page