Underneath though, a simple SMB location is required for storing the virtual disks that contain the Profile and Office containers. To secure the share that hosts the FSLogix containers, we can draw from existing permissions recommendations for user home directories and folder redirection.
To secure the share, here are my recommendations for NTFS permissions. Share permissions are straight-forward — users will need to write access; however, also ensure that the target desktop computer accounts have read-only access. Recommended NTFS permissions are below. In this case, read-only access is the minimum permissions required. By [Samer Haque]. By [Lee Foster]. Quick recap — What is MapOne? If you have read my Architect as a Service MapOne Blog and are back here to understand more about the deliverable roadmap provided at the end of an MapOne engagement, welcome to part 2.
Train Story. Aaron Parker - The screenshot here shows this in action: To secure the share that hosts the FSLogix containers, we can draw from existing permissions recommendations for user home directories and folder redirection. Join the Insentra Community with the Insentragram Newsletter.FSLogix is designed to roam profiles in remote computing environments, such as Windows Virtual Desktop.
It stores a complete user profile in a single container. The user profile is immediately available and appears in the system exactly like a native user profile. A user profile contains data elements about an individual, including configuration information like desktop settings, persistent network connections, and application settings.
By default, Windows creates a local user profile that is tightly integrated with the operating system. A remote user profile provides a partition between user data and the operating system. It allows the operating system to be replaced or changed without affecting the user data. Microsoft products operate with several technologies for remote user profiles, including these technologies:.
Existing and legacy Microsoft solutions for user profiles came with various challenges. It copies the profile to the VM in which the user is being logged. While S2D clusters achieve the necessary performance, the cost is expensive for enterprise customers, but especially expensive for small and medium business SMB customers.
For this solution, businesses pay for storage disks, along with the cost of the VMs that use the disks for a share. S2D clusters require an operating system that is patched, updated, and maintained in a secure state. These processes and the complexity of setting up S2D disaster recovery make S2D feasible only for enterprises with a dedicated IT staff. FSLogix addresses many profile container challenges. Key among them are:. FSLogix profile containers' performance and features take advantage of the cloud.
Windows Virtual Desktop offers full control over size, type, and count of VMs that are being used by customers. For more information, see What is Windows Virtual Desktop?
What is FSLogix?
Skip to main content. Contents Exit focus mode. Is this page helpful? Yes No. Any additional feedback? Skip Submit. Submit and view feedback for This product This page. View all page feedback. Not tested on server SKU. Back-end storage on Azure depends on sync client. Back-end storage on-prem needs a sync client.Profile containers have gone mainstream with the Microsoft acquisition of FSLogixmaking Profile Container and Office Container available to practically everyone.
This article sets out approaches and considerations for keeping profile sizes in check to help avoid storage capacity headaches. This enhances user experience by improving performance and enables applications or features that are challenging with traditional approaches. This is a different approach to traditional profile management. Consider Citrix Profile Management where we attempt to manage the smallest profile possible to strive for consistent login speeds by redirecting user folders to the network and set a complex set of include and exclude locations to simulate a persistent desktop experience.
Additionally, we may have implementing specific configurations to keep profile sizes small, most of which involve redirecting folders to the network. The role of the FSLogix agent and the container is to be transparent to applications running in the user session. The agent makes no changes to those applications and instead ensures those applications operate just as they do on a physical PC. This means that you must use application features or other external approaches to reduce their impact on the size of profile.
Take a look at your own profile size on a physical Windows 10 PC and it will provide an indication as to how large containers can be. The container will then grow as it is used, but it does not actively reduce in size unless the disk is compacted.
It may be tempting to set a lower maximum size of the container; however, I recommend against this as this approach will only artificially restrict the size of the profile. If the container fills, applications will not handle the lack of available space gracefully. This will cause a support call and potentially data loss. Profile Container supports concurrent access and multiple sessions with the ability to merge changes back into the primary container.
While you still have to deal with last-write-wins, you will need to take into account additional storage capacity while multiple concurrent sessions are running. Office Container also supports concurrent access and multiple sessions ; however, once Outlook cached-mode is enabled, merging a read-write copy back into the primary container is not supported. You must then configure concurrent access per-session containers, where a container is created for each session.
VHD X where sessionnumber is an integer from 0 - 9.
FSLogix profile containers and Azure files
NumSessionVHDsToKeep defines the number of session containers to keep default is 2which can result in, for example, keeping two Office Containers while discarding the third at logoff. If concurrent access per-session containers are enabled, plan for storage capacity to handle multiple Office Containers taking into account the number of containers that will be kept and those to be discarded. You likely have a list of folders that can be added as additional exclusions.
Add these to the redirections. Folders to add to redirections. Those containers will need to be edited offline by mounting them and removing the target data. Details on how to use the script are documented in this article - Crowd Sourced Redirections. Implementing redirections can adversley affect basic Windows operations.
Not all profile locations are candidates for adding to the redirections. Consider history and cookie folders that would negatively impact user experience if they were not maintained across sessions. In this case, we can run regular maintenance on additional folder locations inside the profile to keep the size in check. The script reads an XML file that defines a list of files and folders to remove from the profile.FSLogix is a set of solutions that enhance, enable, and simplify non-persistent Windows computing environments.
FSLogix solutions are appropriate for Virtual environments in both public and private clouds. FSLogix solutions may also be used to create more portable computing sessions when using physical devices. FSLogix solutions may be used in any public or private data center, as long as a user is properly licensed.
FSLogix tools operate on all operating systems newer than, and including:. FSLogix solutions may have unique integration and advantages when used in conjunction with Windows Virtual Desktop. To get started, you'll need to download and install FSLogix then configure your environment for the desired solution s :.
Configure Profile Container. Implement Application Masking. Skip to main content. Contents Exit focus mode. What is FSLogix? Simplify the management of applications and 'Gold Images' Specify the version of Java to be utilized by specific URL and applications Key capabilities Redirect user profiles to a network location using Profile Container. Profiles are placed in VHD X files and mounted at run time.
It's common to copy a profile to and from the network, when a user signs in and out of a remote environment. Because user profiles can often be large, sign in and sign out times often became unacceptable. Mounting and using the profile on the network eliminates delays often associated with solutions that copy files. Redirect only the portion of the profile that contains Office data by using Office Container. Office Container allows an organization already using an alternate profile solution to enhance Office in a non-persistent environment.
This functionality is useful with the Outlook. OST file. Applications use the profile as if it were on the local drive. Because the FSLogix solutions use a Filter Driver to redirect the profile, applications don't recognize that the profile is on the network.
Obscuring the redirection is important because many applications won't work properly with a profile stored on remote storage. Profile Container is used with Cloud Cache to create resilient and highly available environments. Cloud Cache places a portion of the profile VHD on the local hard drive. Cloud Cache also allows an administrator to specify multiple remote profile locations.
The Local Cache, with multiple remote profile containers, insulates users from network and storage failures. Application Masking manages access to an application, font, printer, or other items. Access can be controlled by user, IP Address range, and other criteria. Application Masking significantly decreases the complexity of managing large numbers of gold images.
Profile Container and Office Container do not provide any profile conversion functionality. Operating systems that share a profile version should be able to share a single user profile. FSLogix tools operate on all operating systems newer than, and including: Desktop - Windows 7 Server - R2 FSLogix solutions support both 32 bit and 64 bit where applicable In no instance are FSLogix solutions supported in an environment that is not supported by Microsoft, or the original software or equipment vendor FSLogix solutions may have unique integration and advantages when used in conjunction with Windows Virtual Desktop Provide feedback Visit the FSLogix forum to interact with the product team, support, and community participants.
Yes No.User hosting solutions in the Microsoft Azure Cloud platform are the latest in a long trend of workloads to now be at the forefront of conversations, specifically those that benefit from leveraging FSLogix Containers. This post aims to address the current options available for hosting FSLogix Containers in Microsoft Azure, with some pros and cons associated with each option based on experiences to date.
Configure storage permissions for use with Profile Containers and Office Containers
There are a few key architectural considerations that will ultimately lead to the best fit solution for your environment, some examples outlined below:. Security: Security teams and requirements will often trump any other preference or direction.
Understanding security concerns and drivers along with any specific requirements for your organization is key. Your options may well be limited from the word go and your path chosen for you by the security directives. This is very different than a file-based solution where we may be able to leverage streaming or similar technologies. Backend file service sizing is now critical as any negative performance will directly impact the user experience.
Availability: Key to any service, and no different when dealing with FSLogix Containers, is the conversation around the availability of file services.
Container technology is unforgiving when there are availability challenges — anyone who has lost a file server with mounted disks will understand what this pain looks like and how nasty bring the environment back to life can be. Any decision around file services designed and implemented needs to capture availability requirements and associated considerations. Cost: Cost is, of course, going to play a significant part in any decision that is made. Not unexpectedly, the better the performance tier you want and need, the higher the dollar figure.
However, investing in Storage is one of the best things you can do. Data is everything, reliable, performant and available storage is key to everything we do and consume.
Strategic Direction: Existing strategies and architectural patterns will often govern which technology and solution you select for file services. For example, on a project with a number of Azure regions and a number of data centres with different underlying infrastructure technologies in each location, there was a strategic directive and requirement that the storage solution for containers in each location must be the same.
This was an understandable requirement from a standards perspective, but severely limits what type of services you can consume, the decision was an easy one as there was only one clear path we will touch on this later. Backup and Replication: Data being key to everything, obviously leads to backup and replication capability of this data being a key consideration.
How do you access your backups, how do you access replicas in a disaster recovery or BCP scenario, how do you retain and govern the data sets? Do you even need to? All questions that have different answers depending on the solution, and all that will be specific to your organization. Hybrid Environments: Not all environments are cloud-only. Many organizations strategically leverage Azure and other Cloud services as part of a burst strategy, or a needs basis.
The Cloud platform may not be the primary location for hosting user workloads with the vast majority of workloads being leveraged on-premises.Azure offers multiple storage solutions that you can use to store your FSLogix profile container. FSLogix is designed to roam profiles in remote computing environments, such as Windows Virtual Desktop. The user profile is immediately available and appears in the system exactly like a native user profile. Once you've chosen your storage method, check out Windows Virtual Desktop pricing for information about our pricing plans.
To learn more about FSLogix profile containers, user profile disks, and other user profile technologies, see the table in FSLogix profile containers and Azure files.
If you're ready to create your own FSLogix profile containers, get started with one of these tutorials:. You can also start from the very beginning and set up your own Windows Virtual Desktop solution at Create a tenant in Windows Virtual Desktop.
Skip to main content. Contents Exit focus mode. Next steps To learn more about FSLogix profile containers, user profile disks, and other user profile technologies, see the table in FSLogix profile containers and Azure files. Is this page helpful? Yes No. Any additional feedback? Skip Submit. Submit and view feedback for This product This page. View all page feedback.
Select regions. All Azure supported certificates.Storage Recommendations for FSLogix. You will need high availability to protect the Fileserver where your containers are stored. Example: Showing you don't have enough disks. Example: Showing you have enough disks.
If you do not have Exchange installed but want to plan for impending storage needs that result from an Exchange deployment, you can use data that has already been collected. This data is in the form of mailbox profiles, which describe general usage patterns for Exchange mailboxes. The following table lists mailbox profiles that can be used as a guideline for capacity planning of Exchange mailbox servers. User profiles and corresponding usage patterns.
A Practical Guide to FSLogix Containers Capacity Planning and Maintenance
User Type. Mailbox Size. For a mail system consisting of 2, heavily used mailboxes, a total of 1, IOPS is generated on the database volume.FSLogix S2E1 Configuring FSLogix Profiles and Office Containers for the enterprise
The formula to calculate this is:. In this example. Every write request is first written to the transaction log file and then written to the database. These estimated profiles are for an Exchange server that has no other components installed beyond the base operating system. In these cases, you must also factor in the additional reads and writes that are requested by these applications. Additional information about performance metrics:.
We can then make some assumptions. Based on round robin, these concurrent User numbers would double. Additional information about calculation IO:. Calculating IOPS requirements. To determine the IOPS requirements for a database, look at the number of users hosted on the database and consider the guidance provided in the following table to compute total required IOPS when the database is active or passive.
Messages sent or received per mailbox per day. It is also an option on other storage, both Microsoft and other vendors as well. Helpful links. We need to use Active Directory.
While we are extending the S2S tunnel with Azure. I have Following Queries. Ask a question. Quick access. Search related threads. Remove From My Forums. Asked by:. Windows Server. Sign in to vote.