Provisioning with Nerdio is an exciting experience. A whole new virtual environment is created and ready to be explored, configured, tested, and deploy. However, we find that partners often jump ahead and don’t set themselves up for success. This article discusses the first 7 things to do in a newly provisioned NFA environment to allow for a smooth and seamless deployment.
- Linking Your Domain
- Turning On Backups
- Syncing AD
- Importing Users
- Configuring the Golden Image (GI) and Pool Template
- Configuring VM Series Size for Use Case
- Cleanup The Environment
This list is in sequential order, so following along from point 1-7 is best practice.
By default Nerdio provisions with a Federated domain that looks something like XXXX.nerdio.net where XXXX is the four digit ID associated with your account. This domain is assigned as the default domain and all users get the Nerdio.net UPN applied upon import and creation. Understandably, this can create conflicts when importing users from the existing environment, or creating new ones. To avoid this we recommend linking your primary domain and setting it as default.
To link your primary domain login to the Nerdio Admin Portal (NAP), then navigate to the “Onboard” section and select “Domains” from the drop down. Once there select “Add Domain” and go through the process of verifying the domain. After the domain is verified select “Set as default”
This section goes without saying, and I know is best practice. However, amidst the excitement of getting everything configured in a new environment this step often gets put on the back burner until it is too late.
The process for tuning backups on is very simple. First login to the NAP, go to the “Backup & DR” section and select “In-region backup.” It will take a few seconds to load, but once it’s loaded turn the switch to “ON” and then manually force a backup on each of the servers. This provides a fresh image of the environment to fall back on if something goes awry during the initial configuration.
Importing users is a pretty straight forward process, however the instructions below only apply to standard deployments where you have on-prem AD and intend to move users to Azure AD. If you plan to configure a Hybrid AD setup you'll need to follow THIS article. If you don't have on-prem AD and intend to create users from scratch, you can do this via the Nerdio Admin Portal (NAP) either manually, or using the bulk add/update tool.
To Migrate Users From On-Prem AD to Azure AD:
- Follow THIS article to ensure the correct PowerShell modules are installed.
- Follow THIS article to stop the current on premise AD sync, clearing the immutable ID’s, and re-syncing with Azure AD
- After the steps above have been completed THIS article walks through the Import process
- When importing users, a password reset is necessary. This is a Microsoft limitation and is part of the user import process. We recommend gathering a list of the user's current passwords, and then leveraging Nerdio's Bulk Add/Update tool to reassign the old passwords post import.
This step will take the most time, and it’s better when broken into phases.
Phase 1 – Configure/Install environment-wide settings/applications on the GI. This is the standard image for your environment. All pool template VMs & individual users’ virtual desktop sessions will get created based on the GI. We encourage admins not to make very specific user customizations to the GI. It should contain applications that are common to all, or most, users in the deployment.
An example of this would be the Office365 suite. Given the diversity in Microsoft Office offerings, we do not install Office by default on the Golden Image or Pool Templates. For complete installation instructions simply follow THIS article.
For more information on configuring the GI checkout THIS article.
Phase 2 – Configure/install user specific settings/applications on the Pool Template. The template is where most of the customizations begin. It’s the standard for every session host within that specific pool. This is where you set things like the VM series size (CPU and RAM), drive capacity (OS disk size and performance), unique applications and settings specific to the members in that pool.
Phase 3 – Assign users to the pools and configure the scale settings on the pools. Scale settings should be set specific to the user count and use case.
For further details on pool logic and configuration see THIS article.
We find that partners tend to be a bit hesitant when it comes to modifying the VM series size in their environment. As a reminder, we like to assure our partners that we are here to empower them, not limit them.
We provision a new environment with the minimum requirements for testing. We do not provision based on the recommendations for a production deployment. We do this to limit the initial cost associated with the environment and the understanding that most partners don't "Go Live" in their first week in a new environment. As a result, we help manage cost on the front end. All servers in a new deployment will be either A or B series VM’s.
With that, our recommendation is to, at the minimum, run FS01 on a D2sv3, DC01 on B2ms, & the pools on a D2sv3’s. Something we do like to point out, don’t assign a B-series VM to a server with an SSD drive. Due to the limitations of the B-series it won’t actually leverage the added IOPS and performance of the SSD drive. This means you’ll be paying extra for the solid state when the B-series VM could never actually utilize the added capabilities of the SSD.
At the end of the day we cannot anticipate the needs of each environment and monitoring/tracking will need to take place to determine the best resource allocation (tracking can be done via an RMM tool, or by logging into each session host and monitoring Task Manager). This is especially true in the first 1-2 weeks. In that timeframe we recommend waiting to implement scale settings in order to keep things in the environment controlled. Once the VM series sizes have been appropriately adjusted, and usage patterns have been tracked, scale settings can be implemented to help optimize cost savings.
- If your domain is "Managed" you won't need the PRX01 server. In that case the drive size can be reduced to an HDD (S10) and the VM can be powered off to save on cost.
- You can check if your domain is "Managed" by going to the Nerdio Admin Portal, Onboard>Domains and checking for "Managed" or "Federated" in parentheses at the end of the domain suffix.
In the initial provisioning, Nerdio assigns 4 test users. Those users are designed to help navigate the environment, and provide parity to a live deployment. They can be modified and adjusted at your discretion. We do recommend having one "Admin" account that's been granted "Domain Admin" rights (follow this article for instructions) and is part of the IT Department AD Group. That user can then be leveraged to login to DC01 & FS01.
During the provisioning phase of a deployment Nerdio leverages one M365 license. Post provisioning that license is assigned to the AndyIT user, along with a dedicated desktop. To cut on cost, and recover the license, you can remove the dedicated desktop from Andy IT, and also strip the license.
In relation to VM series size and scale settings, we recommend in the first week or so to turn off scale settings on the pools and overcompensate with the resources. The last thing you want is for the client to be unhappy in their new environment due to slow performance. Just make sure that during the initial week or two you have an RMM tool installed and monitoring performance. Once you’ve gathered consistent usage patterns from your client you can then implement scale rules and Reserved Instances.
So that’s it guys. The first 7 things to configure in your new AVD deployment. If you get these all dialed in you’ll be set for a smooth migration, deployment, and end user experience.