Overview of Host Pools VM Deployment
Nerdio Manager enables you to customize the way session host VMs are deployed in a host pool. This is a feature-rich facility that is detailed below.
To configure host pool VM deployment:
At the Account level, navigate to AVD > Host Pools.
Locate the host pool you wish to work with
From the action menu, select Properties > VM Deployment.
Enter the following information:.
Set time zone: Select this option, and from the drop-down list select the time zone, to set the time zone on the VM when it is provisioned.
Enable time zone redirection: Select this option to allow users to see their local device's time zone inside of their session.
Enable Accelerated Networking for VMs that support it: Select this option to enable Accelerated Networking, if available.
Note: The Azure VM accelerated networking feature is available in some of the larger Azure VMs. This feature is useful for enterprise organizations and IT professionals who need to deploy, manage, and optimize large amounts of Azure Virtual Desktops. It speeds up networking performance of individual VMs.
If this feature is not supported on your Azure VM, it is not enabled. See this Microsoft document for more information.
Note: GPU drivers can be installed on N-series VMs.
Distribute VMs across Availability Zones: Select this option to automatically distribute newly created or re-imaged session host VMs across Availability Zones in the selected Azure region.
Note: See this Microsoft article for more details about Azure Regions and Availability Zones.
Enable Proximity placement group: Select this option to place the session host VMs in a proximity group.
Note: The means the session host VMs are located physically close to each other in an Azure data center, which ensures the lowest possible network latency among the session host VMs.
Deallocate powered off but not deallocated VMs: Select this option to have a periodic task check if any session host VMs are in a powered off (but not deallocated) state and automatically deallocate them to save on Azure compute costs.
Install MSIX app attach certificates: Select this option to install all stored certificates if the MSIX App Attach packages are added to this host pool.
Always prompt for password: Select this option to always prompt the user for a password.
Note: This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users signing in to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client.
By default, Remote Desktop Services allows users to automatically sign in by entering a password in the Remote Desktop Connection client.
If you select this option, users cannot automatically sign in to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to sign in.
If you do not select this option, users can always sign in to Remote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client.
Trusted Launch: Toggle on this option to enable Trusted Launch.
Note: Azure offers Trusted Launch as a seamless way to improve the security of Generation 2 VMs. Trusted Launch protects against advanced and persistent attack techniques. Trusted Launch is composed of several coordinated infrastructure technologies that can be enabled independently. Each technology provides another layer of defense against sophisticated threats. See this Microsoft document for more information.
Be sure that the desktop image used for this host pool supports Trusted Launch. It must meet the following criteria:
The selected OS must be Gen2.
The Create image VM as Gen2 option must be selected.
An Azure Compute Gallery must be selected.
See Overview of Desktop Images for details.
Secure Boot: Select this option to enable Secure Boot, which helps protect your VMs against boot kits, rootkits, and kernel-level malware.
vTPM: Select this option to enable Virtual Trusted Platform Module (vTPM), which is TPM 2.0 compliant and validates your VM boot integrity apart from securely storing keys and secrets.
Allow non-admin users to shadow sessions: Toggle on this option to enable selected non-admin users or groups to shadow sessions.
Note: Session shadowing is only available with multi-session versions of Windows OS. This feature does not work with Windows 10 Enterprise (single session).
User or Group Name: From the drop-down list, select the users or groups to allow to shadow sessions.
Run scripted actions when...: Toggle on the desired run script options.
For each option, enter the following information:
Windows scripts and Azure runbooks: From the drop-down lists, select the Windows scripts and Azure Runbooks to execute.
Note: You can select both Windows scripts and Azure Runbooks. In addition, you can drag and drop the scripts to change the order in which they are run.
Pass AD credentials: Select this option to pass AD credentials.
AD Credentials: From the drop-down list, select the AD credentials to pass.
Once you have entered all the desired information, select Save or Save & close.