RDS 2016 on Azure laaS Technical Guidance Document · Web viewEnterprises would like to...
Transcript of RDS 2016 on Azure laaS Technical Guidance Document · Web viewEnterprises would like to...
RDS 2016 on Azure IaaS
Technical guidance for CSP partners
Remote Desktop Services 2016 On Azure IaaS
RDS 2016 on Azure IaaS
Contents1 Overview.............................................................................................................................................1
2 Scenario & Offer..................................................................................................................................1
2.1 Scenario from Customer Point of View........................................................................................1
2.2 Scenario from Service Provider Point of View.............................................................................1
2.3 RDS 2016 hosted on Azure IaaS Offer..........................................................................................2
3 Reference Architecture........................................................................................................................3
4 Setup new tenant................................................................................................................................4
4.1 Create new tenant account.........................................................................................................4
4.2 Create a resource group..............................................................................................................7
4.3 Setup customer domain environment.........................................................................................8
4.4 Remote Desktop Services..........................................................................................................11
5 Setup Scale Out File Server Cluster....................................................................................................15
6 Deploy Remote Desktop Services......................................................................................................16
6.1 Create the Deployment.............................................................................................................16
6.2 Add additional session host servers...........................................................................................21
6.3 Configure RD Web Access for High Availability..........................................................................23
6.4 Configure RD Licensing..............................................................................................................28
6.5 Configure RD Gateway Servers..................................................................................................38
6.6 Configure RD Connection Broker for High Availability...............................................................40
6.7 SSL Certificates...........................................................................................................................50
6.8 Personal Session Desktop Session collection.............................................................................55
6.9 Pooled Session Desktop Session collection................................................................................56
7 Administration...................................................................................................................................61
7.1 Management with PowerShell...................................................................................................61
7.2 Registering VMs with Microsoft Operations Management Suite...............................................67
7.3 Disaster Recovery using Azure Recovery Services.....................................................................72
8 Appendix............................................................................................................................................75
8.1 Scale Out File Server Cluster Reference Information.................................................................76
-
RDS 2016 on Azure IaaS
1 OverviewOver the last few years, there has been a growing workplace trend towards employees working remotely and enterprises increasingly implementing BYOD (Bring Your Own Device) programs. Enterprises would like to provide a remote and accessible workplace environment while at the same time ensure security without any business disruption. This has led to increasing interest in providing remote desktop workspaces to employees. With Remote Desktop Services 2016 1 (RDS2016) on Windows Server 2016, Microsoft has brought several innovations to the market like Improved Connection Broker performance, High Compute desktops for remoting graphics intensive applications and a reduced Virtual Machine (VM) footprint for hosting RDS deployments through role consolidation. Microsoft Azure is one of the most manageable and extensible public cloud services with a world-wide datacenter footprint. It provides unparalleled capabilities for scaling up/down OR scaling out/in, security 2 and compliance 3 with high availability SLAs 4 . RDS 2016 hosted on Azure Infrastructure as a Service (IaaS) provides a unique opportunity for service providers to offer remote desktop services to address the growing market needs. The rest of the document explains the reference architecture, implementation steps for hosting RDS 2016 on Azure IaaS in the context of a customer scenario.
2 Scenario & Offer2.1 Scenario from Customer Point of View
An Oil & Gas Exploration and Production (E&P) contractor “Contoso” has a geo-distributed workforce with personnel operating from national, regional and remote exploration and production locations on-site
Administrative personnel need to access their productivity and Line of Business (LoB) applications at work, at home while management personnel need a personalized desktop experience
Field personnel need to access applications through a variety of mobile devices on site or during travel
Contoso also has a division of geo scientists that use graphics intensive 2D/3D seismic data visualization software during initial exploration and on-going maintenance
During major E&P projects, Contoso temporarily hires thousands of personnel who also need to access its productivity and LoB applications
Contoso would like to provide its geo-distributed and elastic workforce with different roles a flexible, secure and seamless desktop experience
Contoso would like to get Desktop-as-a-Service (DaaS) from a service provider rather than build the solution in-house
2.2 Scenario from Service Provider Point of View Fabrikam which specializes in providing DaaS to several industry verticals has been contracted to
provide DaaS to Contoso
1 https://technet.microsoft.com/en-us/windows-server-docs/compute/remote-desktop-services/host-desktops-and-apps-in-remote-desktop-services
2 https://www.microsoft.com/en-us/TrustCenter/Security/default.aspx 3 https://www.microsoft.com/en-us/trustcenter/Compliance/default.aspx4 https://azure.microsoft.com/en-us/support/legal/sla/
1 | P a g e
RDS 2016 on Azure IaaS
Fabrikam needs a remote desktop services infrastructure that can provide a variety of desktop experiences to various departments of Contoso
These include session based desktops to administrative personnel, personalized desktops to management and desktops capable of streaming graphics intensive applications to the geo scientists
Additionally, Fabrikam needs an ability to scale up or down the infrastructure according to Contoso’s staffing levels during the year
Fabrikam, would like to expand its remote desktop service offering world-wide to other customers in the Oil and Gas and increase its footprint in other verticals without investing in expensive capex
Fabrikam is a Microsoft’s Cloud Solution Provider (CSP) program partner and a Service Provider Licensing Agreement (SPLA) hosting partner
Fabrikam decides to provide its remote desktop services offering using Azure Infrastructure-as-a-Service (IaaS) leveraging its SPLA
2.3 RDS 2016 hosted on Azure IaaS Offer Fabrikam is a CSP (Cloud Solution provider) and SPLA (Service Provider Licensing Agreement)
Partner and offers a hosted Remote Desktop Services infrastructure with managed services offering to Contoso that contains
o A CSP tenant Azure subscription consisting of: A High-Availability (HA) deployment of RDS Infrastructure on Azure IaaS capable
of supporting the following types of Sessions Pooled Sessions Personalized Sessions High-Compute pooled or personalized Sessions. These sessions are
hosted on N-Series VM Session hosts that enable remoting of graphics intensive applications
o Three Managed Services tiers: Essentials, Advanced, Premium that can be bundled with the RDS infrastructure
Fabrikam Operations team manages multiple tenants using PowerShell from a central azure subscription
Fabrikam Operations team monitors multiple tenants centrally using System Center Operations Manager (SCOM) & Azure Operations Management Suite (OMS) and provides Disaster Recovery using Azure Site Recovery Services (ASR).
Fabrikam Billing team accesses the tenant’s Azure consumption via CSP Partner Center Portal and is able to bill them accordingly for the Azure Consumption along with managed services
2 | P a g e
RDS 2016 on Azure IaaS
3 Reference ArchitectureThis section details the reference architecture that can be used as a guidance to implement the offer.
A High Availability (HA) deployment can be created as follows:
CSP Service Provider will setup each customer as a CSP tenant and provision an Azure Subscription under each tenant for hosting the RDS Infrastructure. This can be done from the CSP Partner Center Portal (https://partnercenter.microsoft.com/en-us/partner/home)
In the Azure subscription the RDS Roles will be configured in the following consolidated HA deployment:
o Availability set of 2 VMs Connection Broker (in round robin DNS) License Server
o Scale-Out File Server Clustero Availability set of 2 VMs
Gateway and Web Access, each behind an external load balancero Availability set of 2 VMs
Domain Controllero Session hosts on availability sets of two VMs each for the following session types
Pooled Sessions Personal Sessions High Compute Sessions (where session hosts are on N-Series VMs)
3 | P a g e
RDS 2016 on Azure IaaS
4 Setup new tenant4.1 Create new tenant account1 In the partner center customer list, click ‘Add customer’.
2 Fill in the company and contact information, then click ‘Next: Subscriptions’.
4 | P a g e
RDS 2016 on Azure IaaS
3 Select Microsoft Azure and click ‘Next: Review’.
4 Confirm the details, the click ‘Submit’.
5 | P a g e
RDS 2016 on Azure IaaS
5 Click Done.
6 In the customer list, expand the new customer, then click on ‘Microsoft Azure Management Portal’.
6 | P a g e
RDS 2016 on Azure IaaS
4.2 Create a resource group1 Create a resource group
2 Create storage accounts
7 | P a g e
RDS 2016 on Azure IaaS
3 Create a virtual network. If using a site to site VPN make sure the address spaces do not overlap.
A virtual machine that is not created in an availability set cannot be added to an availability set after creation.
4.3 Setup customer domain environmentYou can tailor the deployment to the customer’s need. If the customer wants to integrate the RDS 2016 deployment with an on premise Active Directory environment a VPN connection should be created and configured. Creating a VM for an Azure DC replica wall reduce data egress costs. If the deployment is Azure only, at least two domain controllers should be created in an availability set.
8 | P a g e
RDS 2016 on Azure IaaS
4.3.1 Azure only domain environment1 Create 2 domain controller VMs in an availability set. Only one VM needs a public
IP address.
2 After the domain controller promotion, be sure to update the virtual network’s DNS setting to refer to the internal IP address of the Azure based domain controller(s).
9 | P a g e
RDS 2016 on Azure IaaS
4.3.2 Hybrid domain environment1 Add network gateways for the virtual network and on premise network.
2 Add a connection between the gateways.
Consult the product documentation for instructions on connecting the on premises VPN software or device.
10 | P a g e
RDS 2016 on Azure IaaS
3 Optionally, create a VM to host an Azure based replica of the customer’s Active Directory. To enable scaling, place the VM in an availability set.
4 After the domain controller promotion, be sure to update the virtual network’s DNS setting to refer to the internal IP address of the Azure based domain controller(s). If not using an Azure based replica, set the DNS settings to refer to an on premises domain controller.
11 | P a g e
RDS 2016 on Azure IaaS
4.4 Remote Desktop Services4.4.1 RD Gateway and RD Web Access roles1 Create 2 VMs in an availability set
2 Add an external load balancer
Type Protocol Port Session PersistenceProbe TCP 443 Not ApplicableRule TCP 443 Client IPRule UDP 3391 None
12 | P a g e
RDS 2016 on Azure IaaS
4.4.2 RD Session Host (Pooled)1 Create 2 or more VMs in an availability set
4.4.3 RD Session Host (Personal)1 Create 1 or more VMs
13 | P a g e
RDS 2016 on Azure IaaS
4.4.4 RD Connection Broker and RD Licensing roles1 Create 2 VMs in an availability set
2 Add an external load balancer
Type Protocol Port Session PersistenceProbe TCP 5986 Not ApplicableRule TCP 5985 Client IPRule TCP 5986 Client IP
14 | P a g e
RDS 2016 on Azure IaaS
3 Create an Azure SQL database
15 | P a g e
RDS 2016 on Azure IaaS
5 Setup Scale Out File Server Cluster1 Create 3 virtual machines in an availability set. Each VM needs at least 2 data
disks.
2 Add an internal load balancer.
Type Protocol Port Session PersistenceProbe TCP 445 Not ApplicableRule TCP 445 Client IP
16 | P a g e
RDS 2016 on Azure IaaS
6 Deploy Remote Desktop Services6.1 Create the Deployment1 After adding the initial servers to Server Manager, open the Add Roles and
Features Wizard.
2 Click Next.
17 | P a g e
RDS 2016 on Azure IaaS
3 Choose ‘Remote Desktop Services installation’ and click Next.
4 Choose ‘Standard deployment’ and Click Next.
18 | P a g e
RDS 2016 on Azure IaaS
5 Choose ‘Session-based desktop deployment’ and click Next.
6 Click Next.
19 | P a g e
RDS 2016 on Azure IaaS
7 Add your connection broker to the selected computer list and click Next.
8 Ensure that the option to install RD Web on the connection broker is not checked. Add the gateway/web server to the selected computer list and click Next.
20 | P a g e
RDS 2016 on Azure IaaS
9 Add the session hosts to the selected computer list and click Next.
10 Check the check box to allow the servers to be rebooted and click Deploy.
21 | P a g e
RDS 2016 on Azure IaaS
11 After the deployment is completed, click Close. Add additional servers for high availability and click Remote Desktop Services.
6.2 Add additional session host servers
1 In the TASKS menu click ‘Add RD Session Host Servers’.
22 | P a g e
RDS 2016 on Azure IaaS
2 Add additional servers to the selected computer list, then click Next.
3 Check the check box to restart computers as needed, then click Add.
23 | P a g e
RDS 2016 on Azure IaaS
4 Click Close.
6.3 Configure RD Web Access for High Availability
1 In the TASKS menu click ‘Add RD Web Access Servers’
24 | P a g e
RDS 2016 on Azure IaaS
2 Add additional servers to the selected computer list, then click Next.
3 Click Add.
25 | P a g e
RDS 2016 on Azure IaaS
4 Click Close.
5 Login to one of the Web Access servers and open IIS Manager. Click on the server in the Connections tree.
26 | P a g e
RDS 2016 on Azure IaaS
6 Double click ‘Machine Key’.
7 Uncheck both checkboxes, then click ‘Generate Keys’.
8 Copy the generated keys and click ‘Apply’.
27 | P a g e
RDS 2016 on Azure IaaS
9 Log off then log into another Web Access server. Open the Machine Keys page in IIS Manager.
10 Uncheck the checkboxes, paste the keys copied from the first Web Access Server. Click Apply.
28 | P a g e
RDS 2016 on Azure IaaS
6.4 Configure RD Licensing
1 In the TASKS menu click ‘Add RD Licensing Servers’
2 Add servers to the selected computer list, then click Next.
29 | P a g e
RDS 2016 on Azure IaaS
3 Click Add.
4 Click Close.
30 | P a g e
RDS 2016 on Azure IaaS
5 In the TASKS menu click ‘Edit Deployment Properties’.
6 Click on ‘RD Licensing’, choose ‘Per User’, then click OK.
31 | P a g e
RDS 2016 on Azure IaaS
7 Open the Tools menu, open the ‘Remote Desktop Services’ sub menu, then click ‘Remote Desktop Licensing Manager’.
8 Right click ‘All Servers’, then click Connect.
32 | P a g e
RDS 2016 on Azure IaaS
9 Type in the name of another Licensing Server and click Connect.
10 After all Licensing servers have been added right click the first and click ‘Activate Server’.
33 | P a g e
RDS 2016 on Azure IaaS
11 Click Next.
34 | P a g e
RDS 2016 on Azure IaaS
12 Click Next.
35 | P a g e
RDS 2016 on Azure IaaS
13 Fill in the required information, then click Next.
36 | P a g e
RDS 2016 on Azure IaaS
14 Fill in the optional information as desired, then click Next.
37 | P a g e
RDS 2016 on Azure IaaS
15 Uncheck ‘Start Install Licenses Wizard now’ and click Finish.
16 Activate the remaining Licensing Servers.The default license will work for testing purposes, but for production environments the license installation wizard will need to be used to install valid licenses.
38 | P a g e
RDS 2016 on Azure IaaS
6.5 Configure RD Gateway Servers1 In the TASKS menu click ‘Add RD Gateway Servers’
2 Add servers to the selected computer list, then click Next.
39 | P a g e
RDS 2016 on Azure IaaS
3 Type in the fully qualified domain name associated with the external load balancer’s external IP address, then click Next.
4 Click Add.
40 | P a g e
RDS 2016 on Azure IaaS
5 Click Close.
6.6 Configure RD Connection Broker for High Availability
1 Download the Microsoft® ODBC Driver on the current connection brokerhttps://www.microsoft.com/en-us/download/details.aspx?id=53339
41 | P a g e
RDS 2016 on Azure IaaS
2 Run the installer. Click Next.
3 Accept the license terms and click Next.
42 | P a g e
RDS 2016 on Azure IaaS
4 Click Next.
5 Click Install.
43 | P a g e
RDS 2016 on Azure IaaS
6 Click Finish. Install the driver on the new connection broker server.
7 On a Domain Controller machine, open DNS Manager. Navigate to the domain.
44 | P a g e
RDS 2016 on Azure IaaS
8 Add two A records for the connection broker cluster DNS name, one pointing to each of the connection brokers.
9 In the RD Deployment Overview right click ‘RD Connection Broker’ and click ‘Configure High Availability’.
45 | P a g e
RDS 2016 on Azure IaaS
10 Click Next.
11 Select ‘Shared database server’, then click Next.
46 | P a g e
RDS 2016 on Azure IaaS
12 Type in the fully qualified DNS name for the cluster and provide the connection string for the Azure SQL database. Click Next.
13 Click Configure.
47 | P a g e
RDS 2016 on Azure IaaS
14 After the configuration is completed, click Close.
15 In the RD Deployment Overview right click ‘RD Connection Broker’ and click ‘Add RD Connection Broker Server’.
48 | P a g e
RDS 2016 on Azure IaaS
16 Click Next.
17 Add the new server to the selected computer list, then click Next.
49 | P a g e
RDS 2016 on Azure IaaS
18 Click Add.
19 After the installation is completed, click Close.
50 | P a g e
RDS 2016 on Azure IaaS
6.7 SSL Certificates6.7.1 Certificate best practicesSelf-signed certificates are recommended for testing and demo purposes only. Production environments should use SSL certificates purchased from a trusted certificate vendor.
The RD ‘Connection Broker – Enable Single Sign On’ and RD ‘Connection Broker – Publishing’ role service should use the same SSL certificate.
If the ‘RD Web Access’ and ‘RD Gateway’ role services are on the same server as is the case in this procedure, they should be assigned the same certificate.
The following table summarizes the role services and their certificate names.
Role Service Certificate NameRD Connection Broker – Enable Single Sign On Fully qualified DNS name for the connection
broker clusterRD Connection Broker – Publishing RD Web Access Fully qualified DNS name associated with the
external load balancer’s external IP address as below<dnsname>.<Azurelocation>.cloudapp.net
RD Gateway
6.7.2 Apply the Self-Signed Certificates1 In the TASKS menu click ‘Edit Deployment Properties’.
51 | P a g e
RDS 2016 on Azure IaaS
2 Click the Certificates section. Select a role service to which to apply a certificate.
3 Click ‘Create new certificate…’.
52 | P a g e
RDS 2016 on Azure IaaS
4 Type in the certificate name as per the chart below.
5 Provide a password for the certificate.
53 | P a g e
RDS 2016 on Azure IaaS
6 Check both checkboxes and specify a location to save the certificate. This will enable reuse of the certificate and allow the certificate to be imported into client machines. Click OK.
7 Click Apply or OK to apply the certificate.
54 | P a g e
RDS 2016 on Azure IaaS
6.7.3 Apply an Existing Certificate1 Select a role service to which to apply a certificate. Click ‘Select existing
certificate…’.
2 Make sure ‘Choose a different certificate’ is selected. Enter the path to the certificate file. This can be a trusted SSL certificate or a self-signed certificate.
55 | P a g e
RDS 2016 on Azure IaaS
3 Type in the password, check the check box, then click OK.
4 Click Apply or OK to apply the certificate.
6.8 Personal Session Desktop Session collectionAt the time of preparation of this guidance, the Windows Server 2016 TP5 server manager UI does not support personal session desktops. Managing personal session collections can only be done via PowerShell. Sample commands to perform common actions are shared below for reference.
6.8.1 Create a session collectionNew-RDSessionCollection -CollectionName 'Personal' ` -CollectionDescription 'Personal Desktops' `
56 | P a g e
RDS 2016 on Azure IaaS
-SessionHost 'sh-per1.rds.local' ` -ConnectionBroker 'cb1.rds.local' ` -PersonalUnmanaged ` -GrantAdministrativePrivilege
Note: Omit the GrantAdministrativePrivilege switch if you do not want users to be granted administrator access to the session host to which the user has been assigned.
6.8.2 Add a user assignmentSet-RDPersonalSessionDesktopAssignment -CollectionName 'Personal' ` -User 'rds\user' ` -Name 'sh-per1.rds.local' ` -ConnectionBroker 'cb1.rds.local'
6.8.3 Get a list of user assignmentsGet-RDPersonalSessionDesktopAssignment -CollectionName 'Personal' ` -ConnectionBroker 'cb1.rds.local'
6.8.4 Remove a user assignmentRemove-RDPersonalSessionDesktopAssignment -CollectionName 'Personal' ` -User 'rds\user' ` -ConnectionBroker 'cb1.rds.local'
6.8.5 Remove a session collectionRemove-RDSessionCollection -CollectionName 'Personal' ` -ConnectionBroker 'cb1.rds.local' ` -Force
6.9 Pooled Session Desktop Session collection1 In the Collections list open the TASKS menu and click ‘Create Session Collection’.
57 | P a g e
RDS 2016 on Azure IaaS
2 Click Next.
3 Type in a name and if desired, a description. Click Next.
58 | P a g e
RDS 2016 on Azure IaaS
4 Add servers to use as session hosts to the selected computer list, then click Next.
5 Specify which users should be able to log into the session collection session hosts, then click Next.
59 | P a g e
RDS 2016 on Azure IaaS
6 Specify the file share for user profile disks. The session computer accounts need write permission to the file share. Click Next.
7 Click Create
60 | P a g e
RDS 2016 on Azure IaaS
8 Click Close after the session collection has been created.
61 | P a g e
RDS 2016 on Azure IaaS
7 Administration7.1 Management with PowerShellAt the time of preparation of this guidance, the Remote Desktop PowerShell cmdlets cannot be executed from a computer outside of the cluster’s local domain environment. Cmdlets such as Get-RDServer use a cluster validation that fails when executed via remote PowerShell from a computer outside the domain or domain trust.
A CSP Administrator can utilize any of the following options for managing the tenant subscription from a central subscription.
Management via RDP only using a domain joined jump box. Execute PowerShell commands using SSH. Execute PowerShell commands via a Scheduled Task.
In this document we are going to demonstrate the scheduled task method.
7.1.1 Create the scheduled task.1 Create a script run directory.
62 | P a g e
RDS 2016 on Azure IaaS
2 Create a task that runs regardless if the user is logged on with the highest privileges.
63 | P a g e
RDS 2016 on Azure IaaS
3 Set the task trigger to repeat every 1 minute, indefinitely.
64 | P a g e
RDS 2016 on Azure IaaS
4 Add an action to run PowerShell
Program/script C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeArguments -ExecutionPolicy Bypass -Command "$s = (ls C:\ScriptRunDir *.ps1).FullName;
$s | % {&$_;rm -Path $_}"
Here is what the command looks expanded and commented.
65 | P a g e
RDS 2016 on Azure IaaS
5 In the task options uncheck the option to all on demand execution is not checked. New instances of the task should not be started if an instance is already running. Click OK.
6 Enter the password for the user account specified under security options, then click OK.
66 | P a g e
RDS 2016 on Azure IaaS
7.1.2 Add the public IP address or DNS name to the client’s TrustedHosts list.1 Run this script with administrator permissions. Be sure to replace <Server> with
the public IP address or fully qualified DNS name of the target server.$server = '<Server>'if ((Get-Service -Name WinRM).Status -ne 'Running') { Start-Service -Name WinRM}$thosts = Get-Item -Path WSMan:\localhost\Client\TrustedHosts[String[]]$list = $thosts.Value.Split(',')if ($list -notcontains $server) { $list += $server Set-Item -Path WSMan:\localhost\Client\TrustedHosts ` -Value ([String]::Join(',',$list)) ` -Force}
2 Verify remote PowerShell connectivity with the following command after replacing <Server> placeholder. When prompted enter credentials for the target server.
Invoke-Command -ComputerName <Server> ` -Credential (Get-Credential) ` -ScriptBlock {Get-Date}
7.1.3 How to execute RemoteDesktop commands Run a remote PowerShell command to save a script to the scripts directory Start-Sleep -Seconds 60 Run a remote PowerShell command to read any output files Delete output files
7.1.4 Example script[CmdletBinding()]Param([Parameter(Mandatory=$true)] [System.String] $Server, [Parameter(Mandatory=$true)] [System.Management.Automation.PSCredential] $Credential)$runid = "getrdserver_$(Get-Date -UFormat "%Y%m%d%H%m%S")"
Invoke-Command -ComputerName $Server ` -Credential $Credential ` -ScriptBlock { $filepath = "C:\ScriptRunDir\${Using:runid}" @"`$ha = Get-RDConnectionBrokerHighAvailability`$servers = Get-RDServer -ConnectionBroker `$ha.ActiveManagementServer | ForEach-Object -Process { [PSCustomObject] @{ Server = `$_.Server; Roles = [String]::Join(",",`$_.Roles) } }`$servers | Export-Csv -Path "${filepath}.csv" -NoTypeInformation
67 | P a g e
RDS 2016 on Azure IaaS
"@ | Out-File -FilePath "${filepath}.ps1"
while (-not (Test-Path -Path "${filepath}.csv")) { Start-Sleep -Seconds 15 } Start-Sleep -Seconds 15 Get-Content -Path "${filepath}.csv" Remove-Item -Path "${filepath}.csv" -Force
} | ConvertFrom-Csv | Out-GridView -Wait
7.2 Registering VMs with Microsoft Operations Management Suite7.2.1 Prepare the OMS Workspace1 Log into a central Azure subscription. Create a Log Analytics workspace.
2 Select the new workspace, then click the OMS Portal link to open the portal.
68 | P a g e
RDS 2016 on Azure IaaS
3 Click On Settings.
4 Click on ‘Connected Sources’ then click on ‘Windows Servers’.
69 | P a g e
RDS 2016 on Azure IaaS
5 Download the agent, then copy the workspace ID and primary key.
7.2.2 Install the agent if not already installed1 Log onto a VM to register with OMS. If the agent is already installed skip to
section 6.2.3.2 Download and launch the installer. On the ‘Agent Setup Options’ check the
option to ‘Connect the agent to Azure Log Analytics (OMS)’. Click Next.
70 | P a g e
RDS 2016 on Azure IaaS
3 Paste in the Workspace ID and Key copied in section 6.2.1. Finish the installation.
71 | P a g e
RDS 2016 on Azure IaaS
7.2.3 Add a workspace to an agent already installed1 Log onto a VM to register with OMS. If the agent is not installed go back to
section 6.2.2.2 Open the control panel in large or small icon view. Click on ‘Microsoft Monitoring
Agent’.
72 | P a g e
RDS 2016 on Azure IaaS
3 Click on the ‘Azure Log Analytics (OMS)’ tab, then click Add…
4 Paste in the Workspace ID and Key copied in section 6.2.1, then click OK.
The agent can also be used with System Center Operations Manager for monitoring.
73 | P a g e
RDS 2016 on Azure IaaS
7.2.4 Verify1 Log into the OMS portal and check Connected Windows Servers. The number
should have increased.
7.3 Disaster Recovery using Azure Recovery ServicesAzure storage is redundant by default, however with mission critical workloads having an additional layer of protection can be a wise decision. With an Azure Recovery Services vault, backups are created of the protected virtual machines which can be used to restore the virtual machine in the event of a disaster or simple user error.
7.3.1 Deploy the Recovery Services vault1 Log into a tenant’s Azure subscription and create a Recovery Service Vault.
74 | P a g e
RDS 2016 on Azure IaaS
2 Create one or more backup policies.
75 | P a g e
RDS 2016 on Azure IaaS
7.3.2 Protect virtual machines1 Click ‘Backup items’ then click Add.
2 Choose ‘Virtual machine’ running in Azure then click OK.
76 | P a g e
RDS 2016 on Azure IaaS
3 Choose a policy then click OK.
4 Select the VMs to backup then click Select. Click ‘Enable Backup’.
8 Appendix
77 | P a g e
RDS 2016 on Azure IaaS
8.1 Scale Out File Server Cluster Reference InformationThis section shares details on setting up the Scale Out file server cluster.
8.1.1 Recommendations At least 3 servers with 2 data disks each For best performance attach SSD data disks
8.1.2 References Deploy Scale-Out File Server
o https://technet.microsoft.com/en-us/library/hh831359(v=ws.11).aspx Storage Spaces Direct in Windows Server 2016
o https://technet.microsoft.com/en-us/windows-server-docs/storage/storage-spaces/ storage-spaces-direct-overview
78 | P a g e
RDS 2016 on Azure IaaS
79 | P a g e