piszczynski>Aleks |
m (6 revisions imported) |
||
| (3 intermediate revisions by one other user not shown) | |||
| Line 55: | Line 55: | ||
10.Set up NTFS permissions for the user accounts. You'll need an operating unit (OU) sourced from the AD DS that the accounts in the VM belong to. | 10.Set up NTFS permissions for the user accounts. You'll need an operating unit (OU) sourced from the AD DS that the accounts in the VM belong to. | ||
== Setup Azure NetApp Files == | |||
To start using Azure NetApp Files: | |||
1.Set up your Azure NetApp Files account by following the instructions in Set up your Azure NetApp Files account.https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/virtual-desktop/create-fslogix-profile-container.md#set-up-your-azure-netapp-files-account | |||
2.Create a capacity pool by following the instructions in Set up a capacity pool.[https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/azure-netapp-files/azure-netapp-files-set-up-capacity-pool.md capacity pool] | |||
3.Join an Azure Active Directory (Azure AD) connection by following the instructions in Join an [https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/virtual-desktop/create-fslogix-profile-container.md#join-an-active-directory-connection Active Directory connection]. | |||
4.Create a new volume by following the instructions in [https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/virtual-desktop/create-fslogix-profile-container.md#create-a-new-volume Create a new volume] and [https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/virtual-desktop/create-fslogix-profile-container.md#configure-volume-access-parameters Configure volume access parameters]. | |||
5.Make sure your connection to the Azure NetApp Files share works by following the instructions in [https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/virtual-desktop/create-fslogix-profile-container.md#make-sure-users-can-access-the-azure-netapp-file-share Make sure users can access the Azure NetApp Files share]. | |||
Upload an MSIX image to the Azure NetApp file share: | |||
With Azure NetApp Files share setup, you can start uploading images to it. | |||
To upload an MSIX image to your Azure NetApp Files share: | |||
1.In each session host, install the certificate that you signed the MSIX package with. Make sure to store the certificates in the folder named Trusted People. | |||
2.Copy the MSIX image you want to add to the Azure NetApps Files share. | |||
3.Go to File Explorer and enter the mount path, then paste the MSIX image into the mount path folder. | |||
Your MSIX image should now be accessible to your session hosts when they add an MSIX package using the Azure portal or PowerShell. | |||
Latest revision as of 22:32, 15 November 2023
MSIX
Overview
All MSIX images must be stored on a network share that can be accessed by users in a host pool with read-only permissions.
MSIX app attach doesn't have any dependencies on the type of storage fabric the file share uses. The considerations for the MSIX app attach share are same for an FSLogix share.
Azure offers multiple storage options that can be used for MISX app attach. We recommend using Azure Files or Azure NetApp Files as those options offer the best value between cost and management overhead.
Here are some other things we recommend you do to optimize MSIX app attach performance:
- The storage solution you use for MSIX app attach should be in the same datacenter location as the session hosts.
- To avoid performance bottlenecks, exclude the following VHD, VHDX, and CIM files from antivirus scans:
- <MSIXAppAttachFileShare\>\*.VHD
- <MSIXAppAttachFileShare\>\*.VHDX
- \\storageaccount.file.core.windows.net\share*.VHD
- \\storageaccount.file.core.windows.net\share*.VHDX
- <MSIXAppAttachFileShare>.CIM
- \\storageaccount.file.core.windows.net\share**.CIM
- All VM system accounts and user accounts must have read-only permissions to access the file share.
- Any disaster recovery plans for Azure Virtual Desktop must include replicating the MSIX app attach file share in your secondary failover location.
The setup process for MSIX app attach file share is largely the same as the setup process for FSLogix profile file shares. However, you'll need to assign users different permissions. MSIX app attach requires read-only permissions to access the file share.
If you're storing your MSIX applications in Azure Files, then for your session hosts, you'll need to assign all session host VMs both storage account role-based access control (RBAC) and file share New Technology File System (NTFS) permissions on the share.
Azure object Required role Role function Session host (VM computer objects) Storage File Data SMB Share Contributor Read and Execute, Read, List folder contents. Admins on File Share Storage File Data SMB Share Elevated Contributor Full control. Users on File Share Storage File Data SMB Share Contributor Read and Execute, Read, List folder contents. To assign session host VMs permissions for the storage account and file share:
1.Create an Active Directory Domain Services (AD DS) security group.
2.Add the computer accounts for all session host VMs as members of the group.
3.Sync the AD DS group to Azure Active Directory (Azure AD).
4.Create a storage account.
5.Create a file share under the storage account by following the instructions in https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/files/storage-how-to-create-file-share.md.
6.Join the storage account to AD DS by following the instructions in enable AD DS authentication for your Azure file shares.https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/files/storage-files-identity-ad-ds-enable.md
7.Assign the synced AD DS group to Azure AD, and assign the storage account the Storage File Data SMB Share Contributor role.
8.Mount the file share to any session host by following the instructions in assign share-level permissions to an identity.https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/storage/files/storage-files-identity-ad-ds-assign-permissions.md
9.Grant NTFS permissions on the file share to the AD DS group.
10.Set up NTFS permissions for the user accounts. You'll need an operating unit (OU) sourced from the AD DS that the accounts in the VM belong to.
Setup Azure NetApp Files
To start using Azure NetApp Files:
1.Set up your Azure NetApp Files account by following the instructions in Set up your Azure NetApp Files account.https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/virtual-desktop/create-fslogix-profile-container.md#set-up-your-azure-netapp-files-account
2.Create a capacity pool by following the instructions in Set up a capacity pool.capacity pool
3.Join an Azure Active Directory (Azure AD) connection by following the instructions in Join an Active Directory connection.
4.Create a new volume by following the instructions in Create a new volume and Configure volume access parameters.
5.Make sure your connection to the Azure NetApp Files share works by following the instructions in Make sure users can access the Azure NetApp Files share.
Upload an MSIX image to the Azure NetApp file share:
With Azure NetApp Files share setup, you can start uploading images to it.
To upload an MSIX image to your Azure NetApp Files share:
1.In each session host, install the certificate that you signed the MSIX package with. Make sure to store the certificates in the folder named Trusted People.
2.Copy the MSIX image you want to add to the Azure NetApps Files share.
3.Go to File Explorer and enter the mount path, then paste the MSIX image into the mount path folder.
Your MSIX image should now be accessible to your session hosts when they add an MSIX package using the Azure portal or PowerShell.