Starting with update v2.10, Nerdio Manager can now support three methods of advanced installation, depending on the environment and requirements for the deployment:
Traditional Nerdio Manager deployments should follow the steps and instructions provided in our Install guide - the advanced install methods outlined here should only be used for specific situations as warranted.
Method 1: Custom AzureAD application name
Introduced in Nerdio Manager v2.10, the default AzureAD application name created by Nerdio Manager can be changed from the default value of nerdio-nmw-app. This method should be used when installing multiple instances of Nerdio Manager to the same AzureAD tenant.
After the Azure Marketplace deployment finishes successfully, when visiting the Nerdio Manager URL (retrieved from the newly created app service), select the 'Show advanced' button:
The default application name used by Nerdio Manager is 'nerdio-nmw-app' - if a different name is desired, replace this name with the new value:
Click the 'Download script (Az)' button and execute the provided script in PowerShell to complete the Nerdio Manager installation. This method (using the deploy-az.ps1 script) cannot be completed using CloudShell in Azure.
Method 2: 'Split-Identity' Deployments
Beginning in Nerdio Manager v2.3.0, this advanced install method could be enabled during the PowerShell deployment, to support requirements where the user identities exist in a separate AzureAD tenant from where the VMs & session host resources are provisioned.
Starting in update v2.10, this method is now enabled within in the post-deployment Nerdio Manager UI (previously an option enabled during script execution). This option can be now enabled by selecting Show Advanced on the post-deployment setup screen:
And select 'Split Identity':
- Nerdio Manager for WVD Azure deployment completed
- Global Admin and subscription Owner cloud-native user account in the deployment tenant (recommended to be *onmicrosoft.com).
- Global Admin and subscription Owner cloud-native user account in the identity tenant (recommended to be *onmicrosoft.com).
- The deployment user should be invited to the identity tenant as a guest user and granted Global Admin and subscription Owner.
- This is temporary and only for the initial deployment and configuration - once completed, the guest user from the deployment tenant should be removed and rights revoked.
- The identity tenant needs an Azure subscription for the WVD resources to be registered (this is a requirement of WVD, not Nerdio Manager).
For installations following this method, please follow the steps provided in Advanced Install: Split-Identity.
Method 3: Creating AzureAD application for NMW
Added as a new feature in Nerdio Manager v2.10, security policies may require that the AzureAD application used by Nerdio Manager is custom created separately from the deployment & installation process. Users completing the marketplace deployment may not have the access required to register and configure the applications used by Nerdio Manager in AzureAD - in these scenarios, the application must instead be created and configured separately by a user with global admin access rights.
Note: With this installation mode, an application for Nerdio's automation account will not be created; updates for Nerdio Manager will require running Cloud Shell or PowerShell scripts.
There are three components to completing this advanced install:
- Azure Marketplace deployment (Completed by subscription owner)
- AzureAD application registration & setup (Completed by global admin)
- Azure resource configuration (Completed by subscription owner)
Steps #1 and #3 are completed by a user with Owner permissions on the Azure subscription where Nerdio Manager is deployed (Azure Admin), and where the WVD resources will reside. Step #2 is completed by a user with Global Admin privileges in AzureAD (AzureAD Admin).
- The Azure Admin will provision Nerdio Manager from Azure Marketplace.
- After the deployment completes successfully, the AzureAD Admin is provided with the name of the app service (name of the resource in Azure) generated during deployment.
- The AzureAD Admin will then create & configure an application in AzureAD for Nerdio Manager - steps detailing this proceess (using either AzureAD Portal or PowerShell) are detailed in this guide: Advanced Install: Creating AzureAD application for NMW
- After the application is prepared, the AzureAD Admin will provide the following values to the Azure Admin to enter in the Advanced section of the Nerdio Manager page:
- Application ID
- Application Secret (ensure this is the generated VALUE of the secret, not the ID)
- Service Principal ID
- The Advanced section is displayed by clicking 'Show Advanced' on the Nerdio Manager page (by Azure Admin):
- The Azure Admin will put the provided values on the above screen, then select 'Download script (Az)' and execute the provided script to complete the installation.