Prepare Azure

For smooth integration of the Azure platform with the HyWorks Controller, use the following guides:

• Supported Feature Matrix

• Prerequisites

• Add URLs to whitelist in the Firewall or Proxy server

• Configure Controller for Domain Account Authentication in Proxy server

• Desktop Operation Support

• Limitation with Azure handler

Supported Feature Matrix

Feature	Sub Feature	Sub Feature	Cloud Azure
Fetch Configured/ Deployed VM Details from Connector	OS Information	-	Yes
	Network Adapters/ IP Addresses	-	Yes
	Hostname	-	No
Deploy pool with existing VMs	-	-	Yes
Desktop VM Provisioning	Clone Type: Linked/Full	-	Full Clone
	Clone from Snapshot/ Image	Feature Supported or not	Yes
		Cloned VM Spec (Disk+Prop, Network, CPU, RAM)	Yes (From Gold Master VM)
		Create Image/Snapshot on provider from Management Console	Yes (Image gallery: v3.6-SP1)
	Bulk/Batch Cloning	Multiple Clone in Parallel	Yes (Image based cloning is compulsory)
	Disk persistence: Persistent	-	Yes
	Disk persistence: Non-persistent	Create/ Restore restore points on user logoff	No
	Deployment Profile & Desktop Profile[v3.6-SP1]	Hardware Specifications (CPU/RAM/Storage etc.)	No
	Copy tag from GM	-	Yes (Azure Specific)
	Disk Encryption	-	Yes (Azure Specific)
	Recompose	Preserve Network/ MAC Address	Yes, Preserve Network
		Graceful (Selective) Recompose	Yes
	SHD Provisioning	Automatic Deployment of Session Teams	Yes
	Capacity Planning (Automatic Deployment and Power management)	Multi-session/ Share Hosted Desktops	Yes
		Single Session Desktops	Yes
		Scheduled Actions	Yes
Desktop Power Operations	Shutdown/Power off/ Power on etc.	-	Yes
	Hibernate	-	Yes
OS Support on Provider	Windows Desktops: Windows 7,8.1, 10, 11	-	Yes
	Windows Servers: Windows Server 2003 / 2008	-	No
	Windows Servers: Windows Server 2008 R2/ 2012R2/2016 /2019/2022/2025	-	Yes
	Linux Desktops: CentOS 7	-	No
	Linux Desktops: Ubuntu/ xUbuntu 16/18/20/22	-	Yes
	Linux Desktops: RHEL 7.9/9	-	Yes
	Linux Desktops: BOSS v8	-	No
HyLabs support	Scheduled Provisioning and Delivery	-	Yes
Virtual IP	Adding an IP Address to a network adapter	-	No

Click here to view the Supported Feature Matrix Comparison between all Accops-supported Cloud Connectors.

Prerequisites

1. Application ID:  Application ID is a unique identifier (GUID) of an application created and granted under a tenant.

2. Secret:  A client secret is known only to your application and the authorization server. It protects your resources by only granting tokens to authorized requestors.

3. Tenant ID:  Tenant ID is a Globally Unique Identifier (GUID) different from the tenant name or domain.

4. Subscription ID:  The subscription ID is a GUID that uniquely identifies your subscription to use Azure services.

Configure Azure App

1. Sign in to your Azure Account through the Azure portal: https://portal.azure.com/.

2. Select Azure Active Directory: https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview

3. Select App Registrations followed by New Registration.

4. After setting the values, select Register.

5. Select your registered application followed by Certificates and Secret, then create and copy a new Secret.

6. Navigate to app Overview and copy the application ID, tenant ID, secret key, and subscription ID.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

Create Secret

Follow the steps to create a Secret for the configured app:

1. Select Azure Active Directory.

2. From App registrations in Azure AD, select your application.

3. Select Certificates & Secret.

4. Select Client Secret > New Client Secret.

5. Provide a description, check expiry, and click Add.

The value of the Client Secret is displayed upon saving it. Make sure to copy this value, as it won’t be able to retrieve the key later. Make a copy (Save) of the auto-generated Client Secret key in the personal vault.

Configure Access Control

To access resources in your Subscription, you must assign a role to the application.

1. Select your Subscription on the Home page.

2. Select Access Control (IAM).

3. Navigate to Role Assignments and click Add. Select Role assignment.

4. Select Role as Contributor for HyWorks based delivery and Role as Owner for AVD delivery via HyLabs.

   1. Set Assign access to as Azure Ad user, group, or Service principal.

      Note

      If Azure is being configured for AVD delivery via HyLabs the role must be Owner and not contributor.

5. Select your app.

6. Click Save to finish assigning the role.

Important

The above Application ID may take around 30 minutes to become active. Configuring the application in HyWorks before it becomes active will give an error message as: Invalid credentials.

Add URLs to whitelist in the Firewall or Proxy server

If a Firewall is used to control internet access and HyWorks is deployed behind a Firewall or proxy server, then the HyWorks controller will not have internet access. In such case, you will have to whitelist the following URLs in your Firewall or allow access via the proxy server:

1. https://login.microsoftonline.com

2. https://management.azure.com

Following the URL to integrate with Azure automation

1. https://<workspaceId>.agentsvc.azure-automation.net

2. *.azure-automation.net

3. Port: Only TCP 443 is required for outbound internet access

Important

If it's a multi-node active-active deployment, the configurations must be made on all controller management and session nodes.

Configure Controller for Domain Account Authentication in Proxy server

The following configurations are required to be done in the Controller when a proxy server is configured on the Controller, and an Azure-based Desktop Provider is used:

• Install HyWorks Controller Service using this account (not the Local System account)

  • The account should be configured as Logon as Service.

  • Configuration can be done at the time of installation or later.

  • A specified account will be used to authenticate in the proxy server.

  • Whitelist URLs mentioned above.

    

Fig: Configuration post installation

<system.net>
  <defaultProxy> 
  <proxy usesystemdefault="true" /> 
  </defaultProxy> 
</system.net>

or alternate configuration

<system.net>
  <defaultProxy useDefaultCredentials="true" >
  </defaultProxy>
</system.net>

• Verify the above configuration in the HyWorks controller.

  x:\Program Files (x86)\Accops\HyWorks\Service\EDC.Service.exe.config

Fig: Configuration file change

Note

• You need to re-login to apply the above changes.

• If it's a multi-node active-active deployment, the configurations must be made on all controller management and session nodes.

Desktop Operation Support

Operation	Support	Status on Azure	Status on HyWorks
Power On	Yes	Powered On	Powered On
Power Off	Yes (De-allocated)	De-allocated	powered Off
Shutdown	Yes (De-allocated)	De-allocated	powered Off
Restart	Yes	Restart	Restart
De-allocate	Yes (Use power off)	De-allocated	powered Off
Reset	No	-	-
Refresh (Desktop Information on HyWorks)	Yes	-	Update the VM details and call the DVM agent.
Re-Create (single VM from Desktop VMs page)	Yes	-	-

Limitations with Azure Handler

• The non-deallocated shutdown VM is shown as being Powered Off. There is no difference between a Non-deallocated and a De-allocated VM.

• Change Location (current VM will be cloned in the source VM location).

• The Gold Master Disk should be a Managed disk.