Solution

  • Horizon

Type

  • Document

Level

  • Intermediate

Category

  • Deployment Considerations
  • Operational Tutorial

Product

  • Dynamic Environment Manager
  • Horizon Cloud Service

Phase

  • Design
  • Deploy

Use-Case

  • App & Access Management
  • Modern Management
  • Windows Delivery

Integrating FSLogix Profile Containers with VMware Horizon Cloud Service on Microsoft Azure

VMware Horizon Cloud Service on Microsoft Azure VMware Dynamic Environment Manager 9.9 and later

Overview

VMware Horizon® Cloud Service™ on Microsoft Azure accommodates a number of assignment types such as session, dedicated, and floating, as well as application models. With a floating VDI desktop assignment, at each login, a user receives a nonpersistent virtual machine (VM) or a different VM with a different machine name. Although floating desktop assignments provide management flexibility, the user data, settings, and profiles are not persisted between sessions.

Microsoft recently acquired FSLogix and has made the software available to many of its customers. FSLogix integrates with VMware technologies to complement Horizon desktop models. FSLogix Profile Container can persist user data and user configuration data between nonpersistent desktop sessions. See What is FSLogix? for an overview and requirements of the software.

Purpose of This Tutorial

This tutorial demonstrates a step-by-step method to integrate Microsoft FSLogix with Horizon Cloud Service on Microsoft Azure to build a nonpersistent desktop service while providing a persistent user experience.

Note: Horizon 7 customers should review Integrating FSLogix Profile Containers with the VMware Horizon Just-in-Time Management Platform (JMP).

Disclaimer

FSLogix is one of many third-party solutions that work with VMware Horizon. While this tutorial shows example models for integration, VMware assumes no responsibility to provide support for the use of FSLogix software with VMware products. As with any profile management technology, proper design, component redundancy, backup, and other management practices are imperative to ensure a good user experience and to prevent loss of user data. VMware provides this tutorial to demonstrate functional compatibility of FSLogix Profile Container with Horizon Cloud Service on Microsoft Azure components.

For design guidance regardingVMware Horizon, see the VMware Workspace ONE and Horizon Reference Architecture. For guidance on sizing, scaling, and maintaining the FSLogix components, consult Microsoft documentation.

Horizon and FSLogix Profile Container

In this tutorial, you will integrate the FSLogix Profile Container with your VMware Horizon implementation.

  • FSLogix Profile Container is used to persist user data and user configuration data between nonpersistent desktop sessions.
  • Horizon Cloud Service on Microsoft Azure floating desktops deliver a new Windows 10 image with each user session.
  • VMware Dynamic Environment Manager™ (formerly known as User Environment Manager) provides privilege elevation and other customized user environment settings, along with personalization and predefined settings as needed.

Figure 1: Horizon Cloud Service on Microsoft Azure Traditional Clone with FSLogix Profile Container

Each exercise in this tutorial addresses one or more components of the model described in this figure. Some exercises include steps that are prerequisites for a later exercise. It is recommended that you complete the exercises in this tutorial in the order in which they are presented.

Audience

This tutorial is intended for IT administrators and product evaluators who are familiar with Horizon Cloud Service on Microsoft Azure and Dynamic Environment Manager. You should have a working Horizon Cloud Service on Microsoft Azure environment available for testing in order to complete this tutorial.

Prerequisites

Before beginning the exercises in this guide, verify that you have the following software and user accounts, and that you have created the necessary master image, which is used in a later exercise.

VMware Horizon Technologies

The following components of Horizon are used in the exercises in this guide. Links are included to quick-start guides, should you need to add any of these components to your environment before continuing.

Master Image for Traditional Clone Floating Desktop Assignment

The master image described in this operational tutorial was created according to the following instructions:

User Accounts

The following accounts and their associated roles are used throughout this tutorial. Simply substitute your own accounts from your environment to conduct the exercises in this tutorial.

  • Active Directory user account for end-user access: eterple.betavmweuc.com

    Note: eterple has standard account privileges to the Windows 10 desktops.

  • Office 365 account: virtualspence@joshspencer.onmicrosoft.com

Administrator Account

  • An account with permissions to create file shares is required.

  • An account with the ability to import ADMX templates and configure group policy objects is recommended, though not required.

Microsoft FSLogix

Before you perform the procedures in the next chapter, obtain the FSLogix download bundle from Download and Install FSLogix.

Installing FSLogix

Installing FSLogix involves configuring network shares, creating and configuring a group policy object (GPO) or registry settings, and installing the FSLogix agent.

Configuring Network Shares

Network shares are used to store VHD(X) files and to centralize logging information. For more information, see the Microsoft document Configure storage permissions for use with Profile Containers and Office Containers.

  1. Configure the Containers share, which will store the FSLogix Profile Containers:
    Note: This share will be referred to as the Containers share throughout this tutorial.
    1. Create a folder at the following location \\fs1\FSLogix\Containers
    2. Share the folder and configure the following share permissions:
      Authenticated UsersChange and Read

    3. Configure the following NTFS permissions:
      • Domain UsersModify - This folder only
      • CREATOR OWNERModify - Subfolders and files only
      • Desktop AdminsFull control - This folder, subfolders and files

  2. Configure the Logs share:
    Note: This share will be referred to as the Logs share throughout this tutorial.
    1. Create a folder at the following location: \\fs1\FSLogix\Logs
    2. Share the folder and configure the following share permissions:

      Authenticated UsersChange and Read

    3. Configure the following NTFS permissions:
      • Domain ComputersModify - This folder, subfolders and files
      • Desktop AdminsFull control - This folder, subfolders and files

Now that the network shares are set up, you can configure a GPO so that all clones in a particular organizational unit (OU) will store their profile containers and logs in these shares.

Note: If you prefer not to use GPOs to configure FSLogix, you can modify Windows Registry values directly on the master image. See the Microsoft document Profile Container registry configuration reference and Logging and diagnostics for registry configuration options.

Configuring a Group Policy Object for FSLogix

FSLogix can be configured using direct Windows Registry key manipulation or group policy. This tutorial uses the ADMX template provided with the FSLogix download bundle to configure a GPO and apply it to many computer objects at once.

This environment uses a Central Store. For more information, see the Microsoft document How to create and manage the Central Store for Group Policy Administrative Templates in Windows.

  1. From an administrator's machine, copy the ADMX and ADML files to the PolicyDefinitions folder:

    1. Navigate to the FSLogix download bundle.

    2. Copy fslogix.admx to
      \\DomainController\sysvol\domain\policies\policydefinitions

    3. Copy fslogix.adml to
      \\DomainController\sysvol\domain\policies\policydefinitions\en-US
  2. Create and configure the GPO:
    1.  
    2. Open the Group Policy Management console from an administrative PC.
    3. Navigate to the OU where the cloned VMs will reside.
    4. Create and link a GPO: FSLogixHC.

  • Edit the FSLogixHC GPO:
    1. Navigate to Computer Configuration > Administrative Templates > FSLogix > Profile Containers.

    2. Configure the following settings:
      • EnabledEnabled
      • VHD locationEnabled, with the path set to \\Fs1\Containers

      Note: See the Microsoft document Profile Container registry configuration reference for a list of default settings to be used for all options left not configured.

Now that the policies have been configured, you can install the agent on the master image from which your virtual desktops will be created.

Installing the FSLogix Agent

Installing the agent on the master desktop image is a simple matter of running the FSLogixAppsSetup.exe file.

Note: Administrative privileges are required to install the agent.

  1. Log in to the machine you will use as your Windows 10 master image.

  2. Copy the installer file to the system where it will run or to a location accessible to the system.

  3. Navigate to the FSLogix installer package.

  4. Run FSLogixAppsSetup.exe to install the FSLogix agent.
  5. Verify that Microsoft FSLogix Apps appears in the list of installed applications.

Creating and Using an FSLogix Profile Container

In this exercise, you will verify an FSLogix Profile Container VHD (virtual hard disk) is created and working properly.

Prerequisites

Before you perform the exercises in this chapter, verify that you have performed the following tasks:

  • (Required) Create a master image from which you will create a Horizon floating desktop assignment. At a minimum, the image should include Windows 10, agents for VMware Horizon and Dynamic Environment Manager, and the FSLogix agent.

  • (Recommended) Install Microsoft Office or other applications in the master image.
    Note: Microsoft Office is used in this tutorial to demonstrate how files, activation, and credential data can persist from VM to VM. If Office is not available, you may substitute one or more other applications.

Provisioning a Floating Desktop Assignment

  1. Create a Horizon desktop assignment using the following specifications:
    • Assignment - Desktop
    • Type - Floating
    • Display name - HorizonFSL
    • AD container - OU=HorizonCloud,OU=Horizon_JS,DC=betavmweuc,DC=com
    • Number of machines - 5

    Important:This desktop assignment is required for all exercises in this tutorial.

  2. Verify the VMs are created in the OU where the FSLogix GPO is applied.

Verifying Profile Container Creation

Use the VMware Horizon® Client to log in to a Horizon Cloud desktop assignment.

  1. On the Horizon Client, authenticate to Horizon Cloud server with user eterple (that is, with the end-user account you have set up for this tutorial).
  2. Connect to the desktop assignment with the display name HorizonFSL.

    During the logon process, the FSLogix Profile Container is automatically created on the Containers share.

  3. Navigate to the Containers share and verify the virtual hard disk (VHD file) was created.

  4. Navigate to the Logs share and verify the logs are being written.

    If the profile container was created, changes to the user profile on the VM will be written to and persisted in the VHD file.

  5. Run CMD.EXE and type hostname. Make note of the VM name you are connected to. 

    Note: Because you are using a floating desktop assignment, the VM you connect to will be random and may have a different name than the name displayed in this screenshot.

  6. Modify the user profile:
    1. Open one of the Office 365 applications and sign in to activate Office. In this tutorial PowerPoint was used to activate Office.

    2. Sign in to OneDrive using the same Office 365 credentials.

      After signing in, you see the application file (for this example, PowerPoint) appear in the OneDrive folder.

       
    3. Use Excel to create and save a spreadsheet to the Desktop.

  7. Once you are done modifying the user profile, select Options > Disconnect and Log Off to disconnect and log off of the VM so it will be reset.

  8. On Horizon Client, authenticate to the Horizon server with the end-user account; for our example, eterple.
  9. Connect again to the desktop pool with the display name HorizonFSL.

  10. Run CMD.EXE and type hostname.
    Note: You are connected to a different VM than the last time you used this command.  

  11. Verify that the changes you made have been persisted to the new desktop.
    • PowerPoint is activated and authenticated.
    • OneDrive is activated and authenticated.
    • The Excel spreadsheet remains on the Desktop.
  12. Disconnect and log off the VM.

Integrations for Dynamic Environment Manager with FSLogix Profile Containers

Dynamic Environment Manager provides a variety of capabilities for Windows-based virtual, physical, and cloud-hosted computers. The features provided by the User Environment tab are recommended to simplify desktop administration and provide added functionality when using FSLogix Profile Containers with VMware Horizon Cloud Service on Microsoft Azure.

Figure 2: Features Listed on the User Environment Tab of the Dynamic Environment Manager Console

As you have seen in this tutorial, FSLogix Profile Containers persist the entire user profile between nonpersistent desktop sessions, ensuring custom application settings are always available to the end user. Dynamic Environment Manager provides this capability through a feature called personalization. Although there is an overlap in capabilities here, enabling personalization for an application with Dynamic Environment Manager introduces additional functionality.

 

Figure 3: Predefined Settings for Notepad++ on the Personalization Tab of the Console

Dynamic Environment Manager Self-Support

Self-support enables end users to restore application settings from a backup, or reset them to defaults, without having to contact IT for assistance. See Using VMware Dynamic Environment Manager Self-Support for more information.

Dynamic Environment Manager Predefined Settings

Predefined settings provide IT administrators with the ability to distribute custom application settings based on a variety of conditions. With a single application configuration in the base image, predefined settings dynamically evaluate dozens of conditions and apply custom settings for end users. Whether setting app defaults and allowing end users to make changes or enforcing settings so the application works consistently with every use, the predefined settings feature adds a level of control not possible with FSLogix Profile Container alone.

Recommended Practices for Personalization with FSLogix Profile Container

Enable personalization for those applications that would benefit from predefined settings or self-support. Leverage the DirectFlex option so custom settings are read from and written to the network share at application start and stop. Any remaining application customizations will be persisted by the Profile Container.

Figure 4: DirectFlex Settings for Notepad++ on the Personalization Tab of the Console

Summary and Additional Resources

This tutorial demonstrated just how quickly and easily you can integrate Microsoft FSLogix Profile Container with VMware Horizon Cloud Service on Microsoft Azure.

  • TheFSLogix Profile Container persists user data and user configuration data for applications.
  • Dynamic Environment Manager personalization features can be used in conjunction with FSLogix Profile Container. Use Dynamic Environment Manager when you want to offer self-support to users, or when you need to enforce predefined settings for certain applications, which can be applied either at login or at application launch. Use Profile Container for any remaining application customizations you want to persist.

Additional Resources

Besides the documents previously referenced in this tutorial, be sure to check out these learning paths, available on Digital Workspace Tech Zone:

Author and Contributors

Author

Josh Spencer is an EUC Staff Architect in End-User-Computing Technical Marketing, VMware

Contributors

  • Jim Yanik, Senior Manager in End-User-Computing Technical Marketing, VMware
  • Chris Halstead, EUC Staff Architect, End-User-Computing Technical Marketing, VMware

Reviewers

  • Jerrid Cunniff, Product Line Manager, Horizon Infrastructure, End-User Computing, VMware

  • Rick Terlep, Senior Technical Marketing Architect, End-User-Computing Technical Marketing, VMware

To comment on this paper, contact VMware End-User-Computing Technical Marketing at euc_tech_content_feedback@vmware.com.

Filter Tags

  • Horizon
  • Intermediate
  • Deployment Considerations
  • Operational Tutorial
  • Document
  • Dynamic Environment Manager
  • Horizon Cloud Service
  • Design
  • Deploy
  • App & Access Management
  • Modern Management
  • Windows Delivery