Important Notification for NFA Partners Only
Due to partner feedback, product demand, and Microsoft extending their ASM retirement deadline, Nerdio has moved the sunsetting of NFA to End of Year 2023. If you haven’t already, we highly recommend reviewing the current migration documentation here. As you review the documentation please submit any questions email@example.com
- NFA sunset occurs January 31st 2024
- New NFA account creation will be unavailable on November 30th 2021
- NFA will be fully supported until the official sunset - firstname.lastname@example.org
- We encourage all partners to watch this video, read all of our supporting KB's and consider preparing for migrations in 2022. The entire Nerdio team is here to support and guide all of our amazing partners during this transition.
This Guide will take you through the final steps of removing any remaining NFA assets, hosts and finally the account in NAP.
- Demo Users and Groups
- Federated Domains and PRX01
- Hosts and Pools
- Golden Image
- Destroy NFA (Stops Billing)
- Configure AD Connect on DC01
Now that users have been migrated to the NMM environment, you can turn down the NFA environment. The steps to do so are
SafeDNS was an inclusive feature of NFA and isn't included in NMM. Partners will need modify current DNS settings and consider what DNS service they will use going forward.
Note: If you imported your desktop image from NFA you may need to uninstall the SafeDNS client from the image
Steps to remove SafeDNS
- From DC01, open up the DNS Manager and right-click "DC01", then select properties.
- From the "Forwarders" tab, click Edit and add an IP address to a public DNS server such as Google (18.104.22.168, 22.214.171.124) or CloudFlare (126.96.36.199)
- From your account in the Nerdio Admin Portal, expand the Network tab on the left and select Firewall.
- Click "Add Rule"
- Allow outbound traffic from any source using port 53 to the IP you used for the new forwarder.
- Ensure that the priority is above the existing system rule titled "Allow DNS to SafeDNS" (use a number lower than 501)
- Save the rule and confirm that DNS is functioning as expected.
- Obtain your SafeDNS password or set one: Setting up and gaining access to the SafeDNS portal
- Uninstall from your image after you import (the standard uninstall requires the username/password)
Disable auto-scale on NFA host pools
In NFA portal, navigate to Servers, find your host pool and select Manage Auto Scale from the drop down menu
- Shut down all old host pools in NFA portal
- Disable auto-scale on all servers / personal desktops (in NFA portal)
- Configure auto-scale on servers in NMM portal
Demo Users and Groups
This is an opportunity to remove any UNUSED NFA Demo Users and Groups via NAP
- Accounting Department Group
- AVD Users
- Executive Group
- Finance Department Group
- HR Department Group
- IT Department Group
- Legal Department Group
- Marketing Department Group
- Sales Department Group
- Andy IT Admin
- Angie Accounting
- Chad CEO
- Sally Sales
*Please also review this guide of additional user objects that may exist from NFA provisioning
Federated Domains and PRX01
- Unsure what Federation is or how to remove it via Powershell?
- Not using Federation(common)
- Delete PRX01 from Servers in NMM
- Want to continue using Federation post migration?
- Configure PRX01 to federate your custom domain.
Hosts and Pools
If you did NOT migrate your pool's image delete remaining hosts and host pools via NAP (Ensures removal of Scale Set(s) and Load Balancer)
Locate your "Classic" pools in Nerdio and ensure no users are still logged in
Delete the Pool and Hosts
You won't be able to delete WVDSH00 in NFA, it must be done directly in Azure or in NMM via the Servers Blade
Destroy your NFA account
Note: Original Nerdio KB
Note: DO NOT CHECK "Empty out and delete"
- DO NOT CHECK this box - leave this box unchecked to preserve existing resources in Azure that have been migrated
- Type in AZURE to confirm your selection
- Select Keep for Office 365 resources - this will require a manual clean prior NFA service accounts used in NFA
- Type in O365 to confirm your selection
Configure AD Connect on DC01
During the initial provisioning process Nerdio configured AD Connect on DC01 and utilized the Express Settings Option.
During the Destroy process Nerdio removes all default users created during provisioning. This removal includes the Sync_DC01 directory sync account used with AD Connect.
Best practices following Destroying the NFA account is to reinstall AD Connect on DC01 and configure a new Sync account. Nerdio recommends using the "Express Settings" option unless you have customized AD Connect already. Examples of customization would include enabling Password Writeback
**If you're unsure of how to configure AD Connect we recommend opening a ticket with Microsoft or your CSP.**