Windows Virtual Desktop and FSLogix – What you need to know?

Featured

Expanding on my last post on Windows Virtual Desktop,  let’s talk about FSLogix.  So, let start at the beginning, FSLogix was founded by Randy Cook and Kevin Goodman, VDI industry veterans, tackling user experience problems with virtual desktops.

FSLogix was one of the first along with Liquidware to use virtual hard disks as a way to migrate the user’s profile data between virtual desktops and sessions.

Giving users local admin rights on Windows desktops has become a thing of the past.  More and more apps (for example, Modern Apps) install themselves and their caches directly into the user profile (because the user always has permissions to write there).  While there are proven solutions for using only the required parts of the user profile and ignoring things like app installs some administrators prefer the approach of just roaming everything and not trying to manage the contents of the profile.

In the last couple of years, the attention has shifted from user profile roaming to solving the problem of roaming Office 365 caches in virtual desktops, so that they perform and feel as fast as a physical desktop. Microsoft’s early attempt using this approach – User Profile Disks, as introduced in Windows Server 2012 – was a step in the right direction but was lacking, and the acquisition of FSLogix allows them to accelerate their support for this capability.

When a user logs on to their Windows session, the Windows User Profile is loaded. The profile includes everything from the user’s download folder to their mouse scrolling speed preference and everything in between. So you can imagine that profiles can get big.  Check out my blog post on Windows Users Profiles – The Untold Mysteries to learn more.

There are also some programs that create massive profile data like AutoCAD – which – due to Nvidia GRID, works great in a VDI environment but easily generates GB’s of profile data. If the user’s profile grows this big, a roaming profile solution won’t work. Logon will take minutes or in some extreme cases hours to complete because the FileServer will copy all the profile data to the endpoint. Even “just in time” profile technology like Zero Profiling isn’t able to handle the big application data quick enough for a good user experience because it also just copies the data from a FileServer to the endpoint but not in one big chunk like roaming profiles.

So, how does FSLogix Profile Containers help?

FSLogix Profile Containers creates a Virtual Hard Drive (VHD) file on a FileServer and stores the user profile including registry in the VHD file. Sounds relatively simple, right? Although, why does this improve speed? Well, during login the only thing that is happening is that the endpoint mounts the VHD file as a Virtual Hard Drive and then the profile is just accessible. So there is NO data copy! This results in lighting fast logons. And eliminates FileServer and network bottlenecks from login storms.

FSLogix Profile Containers also has additional benefits for the end user native support for Office 365 products, such as Outlook, Search, OneDrive for business, SharePoint folder synchronization, Teams, and Skype for Business GAL

Profile Containers Cloud support

It’s worth mentioning that FSLogix has a cool tech called Cloud Cache. This functionality adds the possibility to add multiple storage repositories to the existing products to provide high availability to on-premises and cloud environments.

Imagine a workspace scenario where you are running a VDI\WVD environment in Microsoft Azure. Typically, you store your profile data on a Windows file share in Azure Infrastructure-as-a-Service. The Cloud Cache Driver makes it possible to provide the store of the Containers directly on much less expensive Azure Blob Storage. This is just one of the significant use-cases which FSLogix is solving with this tremendous new Cloud technology.

Other uses of Cloud Cache include high availability in the event of storage or network interruptions, profile storage server migrations, cloud migrations, offline access to FSLogix containers, and more.

So, how do you setup FSLogix Profile containers?

As always first, download the software here.

Next, you need to push the installer to your endpoints.  To make your life easier, use these silent install parameters:

“FSLogixAppsSetup.exe /install /quiet /norestart ProductKey=YOURPRODUCTKEY”. 

With the install, you also get a FSLogix.ADML and ADMX file. You need to copy these to your PolicyDefinitions folder in \YOURDOMAIN\SYSVOL\Policies. Next, you need  to create a new GPO object and set the following options:

Make sure you don’t forget to disable roaming profiles and enable local profiles on the endpoint. You can monitor if the Profile Container is working correctly with the easy FSLogix Tray application located in: “C:\Program Files\FSLogix\Apps\frxtray.exe”.

And that’s it. 🙂  Your users can now log in with the speed of Flash Gordon and you never have to worry about profile issues again. It’s a win\win!

FSLogix technology will be available to Microsoft customers with the following licenses vs just WVD as they had originally stated:

    • M365 E3, E5, F1  – These are subscriptions that include the Windows OS which also includes everything in the Office 365 license and additional tools and security software.
    • Windows E3, E5 – These are subscription licenses of the Windows OS
    • Any Microsoft RDS Server Cal holder  (For example, Citrix XenApp users and this is the newly added part that makes it more available)

Now that we understand how it works, a basic understanding of the setup and licensing.  My next blog post in this series will be a video walkthrough on the setup and usage.

Until next time,

Rob

Microsoft Ignite 2017 Summary and Announcements

Ignite 2017 Key takeaways

This was the first year I have not attended Microsoft Ignite, due to unforeseen circumstances. But this didn’t stop me from covering Ignite 2017. So here we go…

Ignite 2017 this year has about 25k attendees. During the same time as Ignite, they are also running Microsoft Envision. This is more focused to business leaders across industries.  Its main focus is to have Business Leaders understand and manage their organizations in the Digital Age.

Ignite 2017 Attendee Breakout

  • 47 % ITI/IT Pros
  • 34% Developers
  • 19% ITDM.

Top Industries Attended

  • 34% IT and Software (flat YoY)
  • 20% Education
  • 9% Healthcare
  • 9% Manufacturing
  • 9% Professional & Business Services

Ignite Keynotes Summary and Links

ignite2017

Modern Workplace

Key Takeaways – Modern Workplace

Expanding Microsoft 365

  • Microsoft 365 Firstline offering and Microsoft 365 Education
  • New Windows 10 S devices from HP, Lenovo, Acer and Fujitsu starting at $275 USD

Intelligent personalized search power by Microsoft Graph

  • Bing for business
  • LinkedIn data integrated with Office 365 profile card
  • Office 365 search & discovery improvements
  • Windows 10 taskbar search

Intelligent Communications vision

  • Bring voice and video + new cognitive and data services into Micro Teams

Advances in Intelligent Security

  • Integrated Adminced threat Protection using Intelligent Security Graph
  • Better data protection and access control across Microsoft 365
  • New Compliance Manager, a single GDPR dashboard

Modernizing Business Process with Cloud and AI

Key Takeaways – Business Applications

New Microsoft Dynamics 365 AI Solutions

  • First solutions for customer care includes a virtual agent for customers, an intelligent assistant for support staff and conversational AI management tools, power by Microsoft AI
  • HP, Macy’s, and Microsoft already using this technology to improve customer satisfaction and handle more requests, more quickly

Modular apps for Dynamics 365

  • New modular apps are lightweight SaS services designed to transform one business process at a time
  • Work with Dynamics 3 business apps or can be used independently
  • Extend existing systems of record, integrate with Office 365 and augment with LinkedIn insights.
  • First to allow talent leaders and hiring managers to address a company’s most important asset, people
  • Attract: focused on recruiting | Onboard: helps you make new employees successful – Available later this year.

Deeper integration for PowerApps and Microsoft Flow + Office 365 and Dynamics 365

  • Rapidly build apps, automate tasks, simplify workflows and solve unique business problems.
  • Allow any business user familiar with InfoPath forms, Access databases or SharePoint list. This allows customers to build apps that help them achieve more, on a single no-code/low code platform.

Apps and Infra/Data and AI

  • Every customer is an AI customer

The Enterprise Cloud

Key Takeaways – Hybrid

Delivering true hybrid consistency

  • Azure Stack shipping through OEM partners including Dell EMC, HPE, and Lenovo
  • Database Migration Service (DMS)

Empowering customer to optimize costs

  • Azure Hybrid Benefit for SQL server
  • Azure Cost Management by CFloudyn – free to all Azure subscriptions

Key Takeaways – Intelligence

Any data, any place

  • SQL Server on Linux Windows and Docker availability with SQL Server 2017 GA’

One convenient workbench for data scientists and AI developers

  • Azure Machine Learning Updates

Build intelligent apps at global scale

  • Azure Cosmos DB and Azure Functions integration

Performance and Scale for mission-critical analytic apps

  • Azure SQL Data Warehouse preview release of new “optimized for compute” performance tier

Cloud for Good – Key takeaways

To empower nonprofits, Microsoft Philanthropies will:

  • Microsoft has announced they met their 2016 commitment to donate $1 billion in cloud computing resources to nonprofits
  • Continue the cloud donations program, and triple the number of nonprofits Microsoft serves over the next three years
  • Launch a new Tech for Social Impact group, and the first offers, announced this week include:
    • Microsoft 365 for Nonprofits
    • Nonprofit Surface discounts for the first time ever

To get more detailed information about these announcements, please see links below or check out the Ignite2017 Site.

Official Microsoft Blog
Office Blogs
EMS Blog
Dynamics Blog
Azure Blog
Hybrid Cloud Blog
Data Platform Blogs


Until next time, Rob.

Deploying ADFS on Nutanix – Installing and Configuring – Part 2

Deploying and configuring Active Directory Federation Services (ADFS) 2012 R2 for Office 365 can be broken down into 4 blog posts:

  1. Install and Configuring ADFS (this post)
  2. Configuring Name Resolution and additional nodes
  3. Install ADFS Proxy (Coming Soon)
  4. Leverage ADFS with Office 365 (Coming Soon)
  5. New automated methods of setting up ADFS with Office 365 (Coming Soon)

Continue reading

Understanding Identity with ADFS – Part 1

Identity is always something of a taboo subject and is still not clearly understood out there and the IT security landscape keeps evolving.

One of the recent changes past few years is a move away from (Access Control Lists) ACLs on files in the NTFS file system to an access control system that is based on claims.

Claims based authentication is an industry standard security protocol to authenticate users. This is the underlying WS-* standards that describe the usage of Security Assertion Mark-up Language (SAML) tokens. Claims based auth requires these tokens, and by extension an entity that can issue the token.

This is the Secure Token Service (STS). The STS server can be based on Active Directory Federation Services (ADFS) or other platforms that provide this service. This is where ADFS comes in and the highlight of this series.

Continue reading

Surface 3 – First Impressions…

Hi everyone….to start, I don’t normally write product reviews, but had to share my thoughts and experiences on the new Surface 3 (not the existing Surface Pro 3, which was released last year) as I love it as my new mobile computing device. This surface was released during the week of Microsoft Ignite 2015 (May 4th-8th) of which I received my that week have had 2 months to play with it.
Surface 3

Continue reading