Prepare Azure

For smooth integration of Azure platform with the HyWorks Controller use the following guidance:

• Supported Feature Matrix

• Pre-requisites

• Add URLs to whitelist in Firewall or Proxy server

• Configure Controller for Domain Account Authentication in Proxy server

• Desktop Operation Support

• Limitation with Azure handler

Supported Feature Matrix

Feature	Sub Feature Category	Sub Feature	Azure
Deploy pool with existing VMs	-	-	Yes
Desktop VM Provisioning	Clone Type	Linked Clone	Not Applicable
		Full Clone	Yes
	Clone from Snapshot	-	No
	Disk persistence	Persistent VM Deployment	Yes
		Non-persistent VM Deployment	No
		Enable DVM Reset	No
		Deployment Setting	Only resource group, not Location
		Customization	Both (Sysprep and Hyprep)
		IP Address Filter	Yes
		Shared hosted desktop provisioning and automated deployment	Yes
		Automated power management and scaling	Yes
Desktop Power Operations	-	-	Yes
Operating Systems Support on Provider	Windows Desktops	Windows 7	Yes
		Windows 8.1	Yes
		Windows 10	Yes
	Windows Servers	Windows Server 2008 R2	Yes
		Windows Server 2012 R2	Yes
		Windows Server 2016	Yes
		Windows Server 2019	Yes
	Linux Desktops	CentOS 7	Yes
		Ubuntu 16	Yes
		Ubuntu 16	Yes

Pre-requisites

1. Application ID: Application Id is unique identifier (GUID) of application which created and granted under tenant.

2. Secret: A client secret is a secret known only to your application and the authorization server. It protects your resources by only granting tokens to authorized requestors.

3. Tenant ID: tenant ID is a globally unique identifier (GUID) that is different than your tenant name or domain

4. Subscription ID: The subscription ID is a GUID that uniquely identifies your subscription to use Azure services

Configure Azure App

1. Sign in to your Azure Account through the Azure portal https://portal.azure.com/.

2. Select Azure Active Directory:https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview

3. Select App Registrations followed by New registration.

4. After setting the values, select Register.

5. Select your registered application followed by Certificates and secretc and create new secret and copy it.

6. Go to app overview and copy application ID, tenant Id, secret key and subscription ID.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

Create Secret

Follow the below given steps to create secret for the configured app:

1. Select Azure Active Directory

2. From App registrations in Azure AD, select your application

3. Select Certificates & secret

4. Select Client secret > New client secrete

5. Provide description, check expiry and click Add.

After saving the client secret, the value of the client secret is displayed. Copy this value because you will not be able to retrieve the key later. Make copy (Save) of auto generated client secret key in personal vault.

Configure Access Control

To access resources in your subscription, you must assign a role to the application.

1. Select your Subscription on the Home page.

2. Select Access Control (IAM)

3. Go to Role Assignment and click Add. Select Role assignment.

4. Select Role as Contributor and set Assign access to as Azure Ad user, group and Service principle

5. Select your app

6. Select Save to finish assigning the role.

Note

It may take around 30 minutes for the above application Id to become active. If we configure application in HyWorks before it gets active, it will give Invalid credentials error in HyWorks.

Add URLs to whitelist in Firewall or Proxy server

If Firewall is used to control internet access and HyWorks is deployed behind an Firewall or proxy server, HyWorks controller will not have internet access. In this case you will have to whitelist following URLs in your firewall or allow access via proxy server:

1. https://login.microsoftonline.com
2. https://management.azure.com

Following URL to integrate with Azure automation

1. https://<workspaceId>.agentsvc.azure-automation.net
2. *.azure-automation.net
3. Port: Only TCP 443 required for outbound internet access

Configure Controller for Domain Account Authentication in Proxy server

Following configurations is required in Controller when proxy server is configured on the Controller and Azure-based Desktop Provider is used:

• Install controller service using this account (not Local system account)
  • The account should configure as "Logon as Service"
  • Configuration can be done while installation or later
  • Specified account will be used to authenticate in proxy server
  • Whitelist URLs mentioned above.

Fig : Configuration post installation

<system.net>
    <defaultProxy> 
    <proxy usesystemdefault="true" /> 
    </defaultProxy> 
</system.net>

• Verify above configuration in HyWorks controller
  x:\Program Files (x86)\Accops\HyWorks\Service\EDC.Service.exe.config

Fig : Configuration file change

Note

You need to re-login to apply above changes.

Desktop Operation Support

Operation	Support	Status on Azure	Status on HyWorks
Power On	Yes	Powered On	Powered On
Power Off	Yes (Deallocated)	Deallocated	powered Off
Shutdown	Yes (Deallocated)	Deallocated	powered Off
Restart	Yes	Restart	Restart
De-allocate	Yes (Use power off)	Deallocated	powered Off
Reset	No	-	-
Refresh (Desktop Information on HyWorks)	Yes	-	Update VM details, call DVM agent
Re-Create (single VM from Desktop VMs page)	No	-	-

Limitation with Azure Handler

• Non-deallocated Shutdown VM is shown as Power Off. There is no difference between Non-deallocated vs Deallocated VM.

• Change Location (current VM will be cloned in source VM location)

• Gold Master Disk should be Managed disk.