Category: microsoft

RDP ShortPath for Azure Virtual Desktop

By

On November 5, 2023

In Azure

What is RDP Shortpath?

Remote Desktop Protocol (RDP) by default uses a TCP-based reverse connect transport as it provides the best compatibility with various networking configurations and has a high success rate for establishing RDP connections. However, if RDP Shortpath can be used instead, this UDP-based transport offers better connection reliability and more consistent latency.

Shortpath over Public networks Overview

Overview

UDP is enabeled by default. Client and AVD Host must be allowed to use udp.

Network configuration

Details can be found here: https://learn.microsoft.com/en-us/azure/virtual-desktop/rdp-shortpath?tabs=public-networks#session-host-virtual-network#

Session host virtual network

NameSourceSource PortDestinationDestination PortProtocolAction
RDP Shortpath Server EndpointVM subnetAnyAny1024-65535
(default 49152-65535)		UDPAllow
STUN/TURN UDPVM subnetAny20.202.0.0/163478UDPAllow
STUN/TURN TCPVM subnetAny20.202.0.0/16443TCPAllow

Client network

NameSourceSource PortDestinationDestination PortProtocolAction
RDP Shortpath Server EndpointClient networkAnyPublic IP addresses assigned to NAT Gateway or Azure Firewall (provided by the STUN endpoint)1024-65535
(default 49152-65535)		UDPAllow
STUN/TURN UDPClient networkAny20.202.0.0/163478UDPAllow
STUN/TURN TCPClient networkAny20.202.0.0/16443TCPAllow

Result

Shortpath Managed networks

For managed networks you can also establish an direct connection from your enddevice to the session host via Express Route or a Site-2-Site VPN.

To enable this you need to do the following:

  1. enable shortpath on session host

admx files can be downloaded here: https://aka.ms/avdgpo

  1. Windows Firewall – allow port 3390
New-NetFirewallRule -DisplayName 'Remote Desktop - RDP Shortpath (UDP-In)' -Action Allow -Description 'Inbound rule for the Remote Desktop service to allow RDP Shortpath traffic. [UDP 3390]' -Group '@FirewallAPI.dll,-28752' -Name 'RemoteDesktop-UserMode-In-RDPShortpath-UDP' -PolicyStore PersistentStore -Profile Domain, Private -Service TermService -Protocol UDP -LocalPort 3390 -Program '%SystemRoot%\system32\svchost.exe' -Enabled:True
  1. Set group policy setting on clients

Result

Deploy Azure Virtual Desktop (AVD) on Azure Stack HCI

By

On January 3, 2023

In Azure, HCI, microsoft

This post will be a short guide through all steps without HCI Setup.

Requirements

After you have deployed your HCI Cluster successfully you will have your cluster resources within the azure portal. Once you click on that cluster you will find the following overview.

As you can see as well all prerequisites are met. These prerequisites are:

Deployment

Now you can click on “DEPLOY” to start a custom deployment:

most of the informations are clear, but these 3 were a bit tricky for me 😉

LOCATION

The location you will find within your Azure ARC resources. (Azure Portal > Azure Arc > Custom Location > Properties > ID

IMAGE

To finde the Image id it is required to add at least one image to azure stack.

You have three options to add an image:

The easiest way to get started is to add an azure marketplace image. I have already added “Windows 11” and “Windows Server” to my list. After adding an image go to azure portal > azure stack hci > vm image > “windows11” now copy the url from your browser – that must look like this:

https://portal.azure.com/#DOMAIN/resource/subscriptions/SUB_ID/resourceGroups/RG-NAME/providers/microsoft.azurestackhci/marketplaceGalleryImages/IMAGE-NAME/overview

remove /overview at the end und copy that url to your custom deployment.

NETWORK

Go to Azure Stack HCI > Your HCI Stack > virtual networks > and copy the browser URL that must look like this: https://portal.azure.com/#@DOMAIN/resource/subscriptions/SUB_ID/resourceGroups/RG-NAME/providers/Microsoft.AzureStackHCI/clusters/CLUSTERNAME/virtualnetworks

and add your virtual network name to the end like this:

https://portal.azure.com/#@DOMAIN/resource/subscriptions/SUB_ID/resourceGroups/RG-NAME/providers/Microsoft.AzureStackHCI/clusters/CLUSTERNAME/virtualnetworks/NETWORKNAME

Issues during deployment

My first deployments failed and I wasn’t sure why. After I checked the deployments within my resource group and checked my inputs to the last failed one

I found that my VM tries to get access to the following URL. That was blocked so I copied that script and created my own https url as a workarround.

To change that URL only “redeploy” of one of the last deployments gives you the option to change that URL

After Deployment

After that deployment I had my VM up and running on my azure stack hci. It was domain joined but the avd agent was mising. I installed that avd agent manually. Now I was able to see that host within the azure portal.

Successful Connection

and here we go I was able to get a connection

Azure Backup – App Consistent

By

On September 22, 2021

In microsoft

Diagram showing Linux application-consistent snapshot by Azure Backup.
https://docs.microsoft.com/en-us/azure/backup/backup-azure-linux-database-consistent-enhanced-pre-post

Recently I migrated some Linux Systems with Azure Migrate from a VMWare environment to Azure. We also used Azure Backup to have a daily backup of all VMs and of all Databases as well, but we had not application consistent one. I needed some troubleshooting time to figure out how it works. This step by step guide shows an example how I did it and how to prepare a test environment. This includes how to installs MySQL, creating a Database and how to configure Azure Backup to have an app consistent Backup.

  1. Install MySQL
  2. Create a Database
  3. Configure Azure Backup

Install MySQL

Prerequisites

To follow this guide you need to use (because I did 😉 ):
– Ubuntu 20.04

$ sysop@linux01:/$ sudo apt update

output:

$ sysop@linux01:/$ sudo apt install mysql-server

$ systemctl status mysql.service

output:

Create Test DB

$ sudo mysql
mysql> create database techguysdb;

mysql> show databases;

output:

Configure Azure Backup

To configure Azure Backup you need to do the following:

  1. Download and prepare VMSnapshotPluginConfig.json
  2. prepare pre and post script
  3. enable Azure Backup for your Linux VM
  4. shutdown Linux VM and do a backup
  5. start Machine and do a second backup

VMSnapshotPluginConfig

I followed the Microsoft documentation https://docs.microsoft.com/en-us/azure/backup/backup-azure-linux-app-consistent

First we need to download the VMSnapshotPluginConfig.json file here: https://github.com/MicrosoftAzureBackup/VMSnapshotPluginConfig.

{
“pluginName” : “ScriptRunner”,
“preScriptLocation” : “”,
“postScriptLocation” : “”,
“preScriptParams” : [“”, “”],
“postScriptParams” : [“”, “”],
“preScriptNoOfRetries” : 0,
“postScriptNoOfRetries” : 0,
“timeoutInSeconds” : 30,
“continueBackupOnFailure” : true,
“fsFreezeEnabled” : true
}

This file contains different values that need to be changed to fit to the current environment. My file look like this:

{
“pluginName” : “ScriptRunner”,
“preScriptLocation” : “/scripts/pre.sh”,
“postScriptLocation” : “/scripts/post.sh”,
“preScriptParams” : [“”, “”],
“postScriptParams” : [“”, “”],
“preScriptNoOfRetries” : 2,
“postScriptNoOfRetries” : 2,
“timeoutInSeconds” : 30,
“continueBackupOnFailure” : false,
“fsFreezeEnabled” : true
}

I changed “script location” and “continueBackupOnFailure” (this change helped me to see an error message within azure backup jobs, if one script fails)

VMSnapshotPluginConfig.json need to be copied to “/etc/azure”. If this do not exit, simply create. After that we need to change the permission to that file that only “root” has read and write permissions.

sysop@linux01:/etc/azure$ sudo chmod 600 VMSnapshotPluginConfig.json

Output of ls -l:

Pre and PostScript

To have a pre and a post script I used the examples from veeam https://bp.veeam.com/vbr/VBP/4_Operations/O_Application/mysql.html

my pre-script looks like this:

my post script looks like this:

both scripts must be copied to the Linux system. I copied it to /scripts. Next important task is to set permissions to 600 to both files otherwise azure backup will fail.

sysop@linux01:/scripts$ sudo chmod 600 pre.sh
sysop@linux01:/scripts$ sudo chmod 600 post.sh

Backup

enable Backup for a Virtual Maschine

if the backup is enabled it looks like this. It is only configured but has never been executed. Restore points overview shows no backup.

1st Backup

Very important is that the first Backup needs to be done when the virtual machine is deallocated!

then run backup-job as configured

The Backup includes two steps. 1st take a snapshot, second is to copy data to the vault.

When the snapshot task is done the linux-system can be started and our vault shows a crash consistent backup

2nd backup

if the VM is up and running all scripts and config files are in place we can trigger the second backup. now the service should use all configuration and the result should be an app consistent backup 🙂

and here we go…

Hope that step by step guide helps to get this working.

Powered by WordPress & Theme by Anders Norén