AZ-140 Windows Virtual Desktop on Microsoft Azure – *NEW* – Manage User Environments and Apps part 2
- MSIX app attach – Deployment Part 2
In this lecture, we will create the MSI X image that will contain our MSI X packages or applications. For that we need three things. First, to have a machine where you have the admin permissions, so you can create the Msix image. I’m going to use my personal machine for that. It doesn’t have to be a virtual machine machine on Azure. It can be your laptop PC or whatever you have. But you need to be the admin on that, because the outcome of this lecture is going to be the VHDX file and that you will need them to upload to your file share on Azure. So that will be on Azure. But for now you can do that on any machine. So we can produce this VHDX file.
The second thing we will need to download the Msix Manager tool. So this is going to help us to run a command so we can produce the VHD file. And to do the testing, you will need MSI X package application. For our example, I have this. I found it on the internet. Notepad plus Msix. You can search Google for such packaging for applications, or you can also use your use this tool, MSI X packaging tool. I will put this link in the resources section of this lecture for you. So you can use this tool to convert some of the applications that you may already have to Msix packages. And also yes, so these are actually the requirements for this lecture, a machine where you are the admin to download this tool.
So let’s download it right now and to have something to convert. And we have the Notepad Plus for that. So let’s download the tool. You use this link, I will also include it in the Resources section of this lecture, so you can download it and let me copy it. And then go to here and let me use this tab just to paste it and to get this downloaded. And you can see it is being downloaded here. And now you will need to unzip this file so you can use it. I have done that already to save the time. And you will get these two folders where you have the file of the MSI X Manager to be used. So right now we are ready to use the command line to convert or to expand this Msix package into a VHD file.
So then it can be uploaded to Azure and can be used. As we have seen in the previous lecture. The way to do this is you open CMD or the command prompt. As an administrator, you can see I’ve already moved to this directory where I have the application. So as you have seen, I have it under CMsix Manager and this is the architecture pattern I’m going with. So I use the CD command to move to this directory. And the command I’m going to use to produce the VHD file, VHDX file is this one. I will also include this in the resources section of this lecture. So you will have the command ready to be used but you will have of course to change the package path where you have the MSI x package.
So I have my Notepad plus application under this address or this path and the destination. So I will have the destination in the same directory but we will have a VHDX file. So if I show you the directory again you will notice I have the Msix. And once this command is done properly and is completed we will find the VHDX file containing this package. These are the main things. Feel free to also check. Like this is going to be the complete command. You are using the exe program so you can unpack this and to this destination you have some properties for the file size and so on or VHD or VHDX you can also specify. So let’s copy this one, this application, sorry this command and then let’s go here and just do a paste. So this is the command we are going to run and let’s hit enter. So what this command has done is it expanded the MSI x app into a VHD file. So we shall now be able to see this VHD file. So if we go to our directory and yes you can see we have the VHDX file and this is the file that you can now upload to your file share into Azure. The previous lecture about how to deploy applications using the Msix advertise technology.
- Universal Print for Azure Virtual Desktop
In this lecture, I will introduce you to an interesting service that is important for remote working environments and is tightly relative to the Azure Virtual Desktop environments. And that is the Universal Print Service. So what is the Universal print? Universal Print is a modern print solution that organizations can use to manage their print infrastructure through cloud services from Microsoft. So basically, this cloud based print solution enables simple, rich and secure printing experience while reducing time and effort for the It teams. The Universal print runs entirely on Microsoft Azure. So it is fully integrated with the Azure Active Directory.
And this means it supports the single sign on scenarios. When the Universal Print is deployed with the Universal Print compatible printers from Microsoft partners, hardware partners and software partners, it doesn’t require any on premises infrastructure, which means if you have a printer that you purchase that is already Universal Print compatible, then there are no onpremises infrastructure needed. Also, the Universal Print can also be deployed with noncompatible printers by using something that we call Universal Print Connector software. So even if the printer is not compatible with the universal Print, you can use the connectors.
Universal Print is a Microsoft 365 subscription based service, which means your users will need to have some kind of subscription in order to be able to use the universal print subscriptions, such as Microsoft 365 Enterprise Subscription and Microsoft 365 Business Premium and Windows Ten Enterprise Subscriptions as well. In order to understand how the Universal Print service works, we have this diagram. So you can see in the diagram at the bottom, we have the Client and we have the Universal print ready printers or printers that do not natively support the universal print support. All these connect to the Universal Print service which is integrated with the Azure Active Directory at the top.
And you can notice there are different components as well. So let me explain them one by one. For you, the Office data storage service and this is the Print Queue data storage service. Also you have the Microsoft Endpoint Manager. And this one is the client device printer provisioning Policy service. You have the Microsoft Craft which is the API for the printer management. And we have explained the Universal Print 3D printers which is a printer that has built in support for communicating with Universal Print. We have the connector for the ones that are not compatible with the universal print. So this is a component that handles communication between printers and the Universal Print service and of course the printer without the native universal print support.
And this is a printer that needs to be registered using the Universal Print connector to communicate with the universal print. So this is how the universally print service from Microsoft, which is Azure based works. Thank you.
- Manage Session Hosts using Azure Bastion
Sometimes you may want to access your session host VMs and maybe do some maintaining or management. So if you go to host poles and then select your host pool and you scroll down to session hosts and you can see we have one session host here. So if you also go to the VMs virtual machines you can see this is the VM which is the session host and you can connect to that VM using RDB, SSH or Passion. However, if you want to use RDP normally to connect you would need a public IP and for security reason this is not recommended. The session hosts created by the Azure Virtual Desktop will not have a public IP. So if you go to networking and you see actually what kind of IP is, you will find there is a private IP correct? But there is no public IP.
Even if you go to the network interface and then you go to the IP configuration and you go here and click to see what are the properties, you can see the public IP address is disassociated and this is not recommended to associate one because you will open it to public access. So what would be the way to remote desktop into this virtual machine? Of course, this would not have any problem for your end users who are using their Virtual Desktops because they are using the Virtual Desktop clients which connect this VM using a technology called Reverse Connect which doesn’t use the public IP address because it is using the gateway services and the broker services of the Azure Virtual Desktop. So it’s not a problem for them.
But in case you want to RDB to the machine not using those clients. So you can have full administration, management access maybe or whatever you want to do. As a local admin user, you would like to have RDP access. So you have three options. First you have point to site or side to side VBN connection to the virtual network where this session host is. So you can do an RDP using the private IP. The second option would be to use a management VM placed in the same virtual network and that management VM has a public IP so you can RDB to that management VM. And from the management VM you can RDB to the session host using the private IP. And the third option is called Azure Passion which is the topic of this lecture.
So what is Azure Passion and how to use it? Azure Passion, as the Microsoft definition is a service you deploy that lets you connect to virtual machines using your browser and the Azure Portal only securely and privately. There’s no need for public IPS.So if we go back here, let’s see how we can create Azure Passion service. So let me go. You go here and search for Passion, click on this one and you can create your passions here. Right now we have nothing. Let’s create one. So in the creation process, you would need to specify the subscription and the resource group. So let’s name it fashion Resource Group. Okay, give it a name. So let’s call it demo. Fashion Service. And let’s place it in the same region where I have my session host.
So it is in West US. Also it will need to connect to the Virtual Network, the same virtual network. And it needs its own subnet. So dedicated subnet. So let’s select the virtual network we are using for the session host which is in the same region. Of course, this is why you need to select the same region. And you can see, I have already created a subnet there called Azure Passion Subnet. So you must create that beforehand with this name azure Passion Subnet. So the Azure Passion service can connect to this one. This is needed and public IP address create a new I will leave it as it is and let’s review and create. It will validate that everything is good. So then we can create the service. Validation passed. Let’s create the service. So now the Azure Passion service has been created.
We can use it to access the session hosts. So let’s go to the Virtual machines to our session host VM and let’s connect using Passion. And it asks you to the option. If you want to open a new window, you need to give it the username and password and then you click Connect. So let’s give it the username and password. And I’m copying the password as well. And connect. It says the poplocker is you will need to allow always allows from Portal Azure done. And then click connect again. And it is opening the session for us. So you can see it is connecting. Allow it to copy the paste and then it is connecting to the Virtual Machine. And as you can see, I’m in the VM right now. I have the access, I’m in the session host and I can do whatever I want.