Microsoft Azure Resource Manager virtualization environments

Follow this guidance when using Microsoft Azure Resource Manager to provision virtual machines in your XenApp or XenDesktop deployment.

You can configure XenApp or XenDesktop to provision resources in Azure Resource Manager either when you create the XenApp or XenDesktop Site (which includes creating a connection), or when you create a host connection later (after creating the Site).

You should be familiar with the following:

Azure Disk Encryption is not supported when using Machine Creation Services.

This version of XenApp and XenDesktop only supports an Azure unmanaged disk storage system. By default, Azure uses a managed disk storage system. For information about managed and unmanaged Azure storage solutions, refer to Azure managed disks.

Create a connection to Azure Resource Manager

See the Create a Site and Connections and resources articles for complete information about all pages in the wizards that create a Site or a connection. The following information covers only details specific to Azure Resource Manager connections.

There are two ways to establish a host connection to Azure Resource Manager:

  • Authenticate to Azure Resource Manager to create a service principal.
  • Use the details from a previously created service principal to connect to Azure Resource Manager.

Authenticate to Azure Resource Manager to create a service principal

Before you start, make sure:

  • You have a user account in your subscription’s Azure Active Directory tenant.
  • The Azure AD user account is also a co-administrator for the Azure subscription you want to use for provisioning resources.

In the Site Setup or Add Connection and Resources wizard:

  1. On the Connection page, select the Microsoft Azure connection type and your Azure environment.
  2. On the Connection Details page, enter your Azure subscription ID and a name for the connection. The connection name can contain 1–64 characters, and cannot contain only blank spaces or the characters \\/;:#.*?=<>|[]{}”’()’). After you enter the subscription ID and connection name, the Create new button is enabled.
  3. Enter the Azure Active Directory account user name and password.
  4. Click Sign in.
  5. Click Accept to give XenApp or XenDesktop the listed permissions. XenApp or XenDesktop creates a service principal that allows it to manage Azure Resource Manager resources on behalf of the specified user.
  6. After you click Accept, you are returned to the Connection page in Studio. Notice that when you successfully authenticate to Azure, the Create new and Use existing buttons are replaced with Connected, and a green check mark indicates the successful connection to your Azure subscription.
  7. Indicate which tools to use to create the virtual machines, and then click Next. (You cannot progress beyond this page in the wizard until you successfully authenticate with Azure and accept giving the required permissions.

Resources comprise the region and the network.

  • On the Region page, select a region.
  • On the Network page,
    • Type a 1–64 character resources name to help identify the region and network combination in Studio. A resource name cannot contain only blank spaces, and cannot contain the characters \/;:#.*?=<>|[]{}”’()’.
    • Select a virtual network and resource group pair. (Since you can have more than one virtual network with the same name, pairing the network name with the resource group provides unique combinations.) If you selected a region on the previous page that does not have any virtual networks, you need to return to that page and select a region that has virtual networks.

Complete the wizard.

Use the details from a previously created service principal to connect to Azure Resource Manager

To create a service principal manually, connect to your Azure Resource Manager subscription and use the PowerShell cmdlets provided below.

Prerequisites:

  • $SubscriptionId: Azure Resource Manager SubscriptionID for the subscription where you want to provision VDAs.
  • $AADUser: Azure AD user account for your subscription’s AD tenant.
  • Make the $AADUser the co-administrator for your subscription.
  • $ApplicationName: Name for the application to be created in Azure AD.
  • $ApplicationPassword: Password for the application. You use this password as the application secret when creating the host connection.

To create a service principal:

Step 1: Connect to your Azure Resource Manager subscription.

Login-AzureRmAccount.

Step 2: Select the Azure Resource Manager subscription where you want to create the service principal.

Select-AzureRmSubscription -SubscriptionID $SubscriptionId;

Step 3: Create the application in your AD tenant.

$AzureADApplication = New-AzureRmADApplication -DisplayName $ApplicationName -HomePage "https://localhost/$ApplicationName" -IdentifierUris https://$ApplicationName -Password $ApplicationPassword

Step 4: Create a service principal.

New-AzureRmADServicePrincipal -ApplicationId $AzureADApplication.ApplicationId

Step 5: Assign a role to the service principal.

New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $AzureADApplication.ApplicationId –scope /subscriptions/$SubscriptionId

Step 6: From the output window of the PowerShell console, note the ApplicationId. You provide that ID when creating the host connection.

In the Site Setup or Add Connection and Resources wizard:

  1. On the Connection page, select the Microsoft Azure connection type and your Azure environment.
  2. On the Connection Details page, enter your Azure subscription ID and a name for the connection. (The connection name can contain 1–64 characters, and cannot contain only blank spaces or the characters \/;:#.*?=<>|[]{}”’()’).
  3. Click Use existing. Provide the subscription ID, subscription name, authentication URL, management URL, storage suffix, Active Directory ID or tenant ID, application ID, and application secret for the existing service principal. After you enter the details, the OK button is enabled. Click OK.
  4. Indicate which tools to use to create the virtual machines, and then click Next. The service principal details you provided will be used to connect to your Azure subscription. (You cannot progress beyond this page in the wizard until you provide valid details for the Use existing option.)

Resources comprise the region and the network.

  • On the Region page, select a region.
  • On the Network page:
    • Type a 1–64 character resources name to help identify the region and network combination in Studio. A resource name cannot contain only blank spaces, and cannot contain the characters \/;:#.*?=<>|[]{}”’()’.
    • Select a virtual network and resource group pair. (Since you can have more than one virtual network with the same name, pairing the network name with the resource group provides unique combinations.) If you selected a region on the previous page that does not have any virtual networks, you need to return to that page and select a region that has virtual networks.

Complete the wizard.

Create a Machine Catalog using an Azure Resource Manager master image

This information is a supplement to the guidance in the Create Machine Catalogs article.

A master image is the template that will be used to create the VMs in a Machine Catalog. Before creating the Machine Catalog, create a master image in Azure Resource Manager. For information about master images in general, see the Create Machine Catalogs article.

When you create a Machine Catalog in Studio:

Virtual machine names cannot contain non-ASCII or special characters.

  • The Network Cards, Computer Accounts, and Summary pages do not contain Azure-specific information. Follow the guidance in the Create Machine Catalogs article.

Complete the wizard.