Important Notification for NFA Partners Only
Due to partner feedback, product demand, and Microsoft extending their ASM retirement deadline, Nerdio has moved the sunsetting of NFA to End of Year 2023. If you haven’t already, we highly recommend reviewing the current migration documentation here. As you review the documentation please submit any questions firstname.lastname@example.org
- NFA sunset occurs January 31st 2024
- New NFA account creation will be unavailable on November 30th 2021
- NFA will be fully supported until the official sunset - email@example.com
- We encourage all partners to watch this video, read all of our supporting KB's and consider preparing for migrations in 2022. The entire Nerdio team is here to support and guide all of our amazing partners during this transition.
NFA to NMM Migration Guidance is spread across multiple Help Center articles. We recommend reading in the order below.
- [Read First] - Planning for a Successful Migration
- MSP Considerations
- New to NMM?
- (DOMAIN TRUST ONLY!) Considerations for Hybrid AD "Domain Trust" Environments (HAD)
- Unsure if you have Hybrid AD(HAD) - You can confirm via the NAP
- Adding your customer's account
- Configuring NMM for NFA Resource Management
- Image Considerations
- (New) Creating a New Desktop Image (Recommended)
- (NFA) Importing NFA images
- (IMPORTANT) - Imported Image Cleanup
- Configuring Host Pools
- (Optional) Importing Personal Desktops
- Adding users to new host pools
- Cutover to NMM
- New to NMM - Common Errors and Guides
- Discuss Migrating with other MSP Partners in the Nerdio Community Forums
- [Read Last] - Post Migration Cleanup Guidance
- Review the discovery steps in NFA
This migration document follows the path of least change to ensure a simple and fast migration
Other modifications shouldn't be considered until after this migration is completed
- (Moving from FS01 to Azure Files) - Documentation coming Q1 2023
- (Moving from AD_DS to AAD_DS) - Documentation coming Q1 2023
New to NMM?
- Prerequisite - Provisioning NMM into your MSP tenant
Please watch this video first
Prerequisite - Provisioning NMM into your MSP tenant
NMM consists of an application that sits in your MSP tenant and connects from there to your customer's tenants. The first step is to install NMM into your Azure tenant. To do this, follow this written guide or this series of videos. Also review our guide regarding Azure Resource Provider Registration, prior to installing NMM.
Step 1 - Adding your customer's account
To manage your customer's account, you will need an Azure login with GA and subscription owner permissions. Follow the guide for adding an account. Since you're connecting to an existing NFA account, keep the following points in mind:
- In Step 1, tell NMM to Use existing Active Directory
- In Step 2, select the region of the existing NFA account, and the LAN subnet of the existing VNET. This will be the default subnet for new hosts.
We recommend creating a new resource group for the NMM host VMs to keep them separate from the NFA resources. but it is acceptable to select the existing RG here if you will not be creating a new one for the NMM resources.
- We will connect to the existing NFA resource group in a later step, but it is acceptable to select the existing RG here.
- In Step 3 provide your existing AD domain info
- In Step 4, you can specify the UNC path to the profiles share on the existing FS01, or you can create a new Azure Files share if you'd like to decommission FS01 eventually. Using an Azure Files share will require migrating existing profiles (or recreating as new profiles).
Step 2 - Configuring NMM for NFA Resource Management
Connecting to the NFA resource group and DMZ subnet
If you did not specify the existing NFA resource group when connecting to the NFA account, go to Settings -> Azure Environment in the left menu, and click Link under Linked resource groups.
Select your existing NFA resource group. This will allow you to see an manage the VMs in the NFA resource group from NMM.
Also in the Azure environment page, link to the existing DMZ subnet by clicking Link under Linked Networks
Select the DMZ subnet and click OK
Change FSLogix Volume Type if not VHDX
Note - Nerdio Manager(NMM) used VHDX by default. You will want to confirm the volume type in NFA and MATCH IT in NMM!
If your existing FSLogix profiles are using VHD as the volume type (as opposed to VHDX), you will need to configure NMM to use VHD as well.
To do so, navigate to Settings -> Integrations and click on the link under FSLogix Profiles storage to bring up the FSLogix configuration option.
Change the "VolumeType" key from "vhdx" to "vhd." Also, add %username% to the FSLogix profiles path.
Note: All new users and new VHD(x) files created post-NFA to NMM migration will not have their Desktop/Documents/Favorites redirected to \\FS01\Users. Their documents will be self-contained in the FSLogix profile container.
Step 3 - Desktop Images
*Note - If using NFA CORE, Step 3 and beyond won't apply unless you want to create new AVD resources
Create a new image (Nerdio Recommended Step!)
To create a brand new image for use with NMM, click the Add from Azure Library button and select an Azure image such as Windows 10 EVD.
Importing NFA images
Note that images imported from NFA should have FSLogix and the Azure AVD Agent uninstalled after importing them, as NMM will install FSLogix and the AVD Agent automatically when creating the hosts.
Important - Please also review SafeDNS section
Importing AVD Pool image
To import a pool image (e.g. "Pool-A00"), navigate to Desktop Images and click the Add from Azure Library button.
Give the new image a name and select your NFA image in the Azure Image dropdown menu. NOTE: check the "Do not create image object" option.
Importing WVDSH00 Image
To import the WVDSH00 image, you will need to export the OS disk using a SAS URL. Ensure the AVDSH00 VM is powered off, then find AVDSH00 in the Azure portal. Select Disks and open the OS disk.
Select Disk Export and click the Generate URL button
Copy the generated URL:
In NMM, navigate to AVD -> Desktop Images and click the Add from Azure VM button.
Give the new image a name, and paste the generated URL into the SAS URL field. Check the "Do not create image object" option. You may wish to provide custom credentials for a local administrator user on the VM.
Note: we do not suggest using the "Uninstall FSLogix app" option at this stage, because it is advisable to confirm and copy your FSLogix configuration before uninstalling the app.
Step 3b - (Important!) - Imported Image Cleanup
Uninstall AVD Agent
Completely uninstall all traces of AVD agent. Remove it from Control Panel>Programs and Features (make sure all components are gone after a reboot) and remove all traces from registry
Microsoft Guidance - [External Link]
Once the new image VM has been created in NMM, you will need to start it up, login to it, and uninstall FSLogix.
*You may wish to review any FSLogix registry settings under HKLM\Software\FSLogix in the Windows registry.
Microsoft Guidance - [External Link]
The FSLogix settings can then be re-created in NMM. To do so, navigate to Settings -> Integrations and click on the appropriate FSLogix Profile to bring up the FSLogix configuration option.
Once the FSLogix registry settings have been copied to NMM, proceed with uninstalling FSLogix from Windows. After uninstalling, ensure C:\Program Files\FSLogix and HKLM\Software\FSLogix are fully deleted.
Log out of the image VM. In NMM, navigate to Desktop Images and click Set as Image in the dropdown menu next to the image VM.
Remove SafeDNS Agent from Imported Image(s)
Step 4 - Configuring New AVD Host Pools
To create a host pool, follow the article on creating host pools in NMM. If you imported an image from NFA in the previous section, select that image when creating the new host pool. Add one or two users to the host pool to be able to verify the host pool has been created properly.
Once the host pool is created, set the Auto-scale settings to mirror the settings used in NFA. Note that there will be more options available in NMM than there were in NFA.
For more information on host pools in NMM, see the Overview of Host Pools.
(Optional) Importing Personal Desktops
Personal Desktops created in NFA will have to be moved to AVD ARM manually (or you may continue operating them in AVD Classic, though NMM will not be able to see or manage them).
To migrate the personal desktops, create a new Single User Desktop (personal) pool in NMM, and set the host count to 0.
Then register the existing VMs to the new host pool, following Microsoft's documentation.
Step 5 - Adding users to new host pools
Now that the new NMM host pool is ready, it's time to assign users and/or groups to the new host pool. Follow the Overview of Users and Overview of Groups articles to assign users and groups to the host pools.
At this point, users will have access to both the NFA desktops and the NMM desktops. When you are ready, you can un-assign them from their desktops in NFA so that they will only have the option of signing into the NMM desktops.
Step 6 - Testing and Cutover to NMM
Now that users have been migrated to the NMM environment, you can turn down the NFA environment. The steps to do so are
SafeDNS was an inclusive feature of NFA and isn't included in NMM. Partners will need modify current DNS settings and consider what DNS service they will use going forward.
Note: If you imported your desktop image from NFA you may need to uninstall the SafeDNS client from the image
Steps to remove SafeDNS
- From DC01, open up the DNS Manager and right-click "DC01", then select properties.
- From the "Forwarders" tab, click Edit and add an IP address to a public DNS server such as Google (184.108.40.206, 220.127.116.11) or CloudFlare (18.104.22.168)
- From your account in the Nerdio Admin Portal, expand the Network tab on the left and select Firewall.
- Click "Add Rule"
- Allow outbound traffic from any source using port 53 to the IP you used for the new forwarder.
- Ensure that the priority is above the existing system rule titled "Allow DNS to SafeDNS" (use a number lower than 501)
- Save the rule and confirm that DNS is functioning as expected.
- Obtain your SafeDNS password or set one: Setting up and gaining access to the SafeDNS portal
- Uninstall from your image after you import (the standard uninstall requires the username/password)
Disable auto-scale on NFA host pools
In NFA portal, navigate to Servers, find your host pool and select Manage Auto Scale from the drop down menu
- Shut down all old host pools in NFA portal
- Disable auto-scale on all servers / personal desktops (in NFA portal)
- Configure auto-scale on servers in NMM portal
New to NMM - Common Errors and Guides
|Prev <-- Planning for Migration||Next --> Post Migration Cleanup|
Comments (0 comments)