App Volumes for Azure Virtual Desktop and Windows 365 Cloud PC

In recent news, VMware has released Apps on Demand, an Azure Marketplace offering that allows users to deploy virtual machines with Windows Server 2022 and App Volumes Manager pre-installed. This new offering simplifies application management and enhances the user experience in virtualized desktop scenarios. As a follower of Microsoft best practices, I have made deliberate choices to keep my Azure environment modern and secure, including using Active Directory (AD) Domain Controllers. However, I recognize that not all organizations may have AD infrastructure in place, so I will also cover the configuration of App Volumes in “No AD” mode.

In this blog post, I will provide an overview of App Volumes and its benefits, as well as step-by-step instructions for deploying App Volumes in Azure Virtual Desktop and Windows 365 Cloud PC environments. I will also discuss some of the limitations and challenges of using App Volumes in these environments, and outline some potential enhancements that could be made in future updates.

What are App Volumes?

App Volumes is a virtual container technology from VMware that allows organizations to dynamically deliver applications to users in virtual desktop environments such as Azure Virtual Desktop and Windows 365 Cloud PCs. An AppStack in App Volumes is a virtual container that contains a set of applications packaged together. This approach simplifies application management, allowing for easy updates and maintenance without impacting the underlying system.

Benefits of App Volumes

————————-

Using App Volumes in Azure Virtual Desktop and Windows 365 Cloud PC environments offers several benefits, including:

### Efficient Application Management

App Volumes allows organizations to manage applications more efficiently by delivering them as read-only virtual containers. This approach eliminates the need for manual updates and maintenance, reducing administrative overhead and improving user productivity.

### Enhanced User Experience

App Volumes provides a seamless user experience by allowing applications to be delivered transparently and natively installed. This means that users can access their applications without any noticeable delay or interruption in their workflow.

### Simplified Application Lifecycle Management

App Volumes simplifies application lifecycle management by providing a centralized platform for managing applications. This allows organizations to easily update and maintain their applications, reducing the risk of errors and downtime.

Deploying App Volumes in Azure Virtual Desktop and Windows 365 Cloud PC Environments

———————————————————————————–

To deploy App Volumes in Azure Virtual Desktop and Windows 365 Cloud PC environments, follow these steps:

### Step 1: Create an Azure Resource Group

Create a new Azure Resource Group to host your App Volumes resources. This will include the virtual machines that will run Windows Server 2022 with App Volumes Manager pre-installed.

### Step 2: Deploy Virtual Machines with App Volumes Manager

Deploy virtual machines running Windows Server 2022 with App Volumes Manager pre-installed. You can use Azure Virtual Machine templates to streamline this process.

### Step 3: Configure Azure File Share and Database Configuration

Configure an Azure file share for storing AppStacks, as well as database configuration for storing application data.

### Step 4: Deploy AppStacks

Deploy AppStacks to the Azure file share, using the App Volumes Manager interface. This will create virtual containers that contain the set of applications packaged together.

### Step 5: Attach AppStacks to User Sessions

Attach the AppStacks to user sessions transparently, allowing users to access their applications without any noticeable delay or interruption in their workflow.

Limitations and Challenges of Using App Volumes in Azure Virtual Desktop and Windows 365 Cloud PC Environments

—————————————————————————————————————

While App Volumes offers several benefits for application management in virtualized desktop environments, there are also some limitations and challenges to consider:

### Limited Support for GPU-Accelerated Applications

App Volumes does not currently support GPU-accelerated applications, which can limit its use in certain scenarios.

### Limited Integration with Azure AD

While App Volumes can be integrated with Azure Active Directory (AD), there are limitations to this integration. For example, App Volumes does not currently support multi-factor authentication (MFA) or conditional access policies.

### Limited Support for Non-Windows Applications

App Volumes is primarily designed for Windows applications, and may not be suitable for non-Windows applications.

Potential Enhancements for App Volumes in Azure Virtual Desktop and Windows 365 Cloud PC Environments

————————————————————————————————————–

To further enhance the use of App Volumes in Azure Virtual Desktop and Windows 365 Cloud PC environments, some potential enhancements could include:

### Support for GPU-Accelerated Applications

Support for GPU-accelerated applications would expand the range of applications that can be delivered using App Volumes.

### Integration with Azure AD

Improved integration with Azure AD, including support for MFA and conditional access policies, would enhance security and simplify identity management.

### Support for Non-Windows Applications

Support for non-Windows applications would expand the range of applications that can be delivered using App Volumes, making it more versatile and useful in a wider range of scenarios.

Conclusion

———-

App Volumes is a powerful tool for managing applications in virtualized desktop environments such as Azure Virtual Desktop and Windows 365 Cloud PCs. By deploying App Volumes in these environments, organizations can simplify application management, enhance the user experience, and improve overall efficiency and productivity. While there are some limitations and challenges to consider, potential enhancements could further expand the capabilities of App Volumes and make it an even more valuable tool for managing applications in virtualized desktop environments.

Windows 365 Cloud PC Audit Logs with Azure Log Analytics & Graph API using PowerShell

Are you looking to keep a vigilant eye on your Windows 365 environment? Good news! You can now send Windows 365 audit events to Azure Log Analytics, Splunk, or any other SIEM system that supports it. When it comes to monitoring your Cloud PC environment, Windows 365 audit logs are an indispensable resource. These logs provide a comprehensive chronicle of significant activities that result in modifications within your Cloud PC setup (https://intune.microsoft.com/).

Here’s what gets captured:

* These audit events encompass most actions executed via the Microsoft Graph API, ensuring that administrators have visibility into the operations that affect their Cloud PC infrastructure.

It’s important to note that audit logging is an always-on feature for Windows 365 customers. This means that from the moment you start using Cloud PCs, every eligible action is automatically logged without any additional configuration.

Windows 365 has made it easier than ever to integrate with Azure Log Analytics. With a few simple PowerShell commands, you can create a diagnostic setting to send your logs directly to your Azure Log Analytics workspace. Once your logs are safely stored in Azure Log Analytics, retrieving them is a breeze. You can use Kusto Query Language (KQL) to extract and analyze the data.

Here’s a basic example of how you might query the logs:

Step 1 – Install the MS Graph Powershell Module

* Connect to scopes and specify which API you wish to authenticate to. If you are only doing read-only operations, I suggest you connect to “CloudPC.Read.All” in our case, we are creating the policy, so we need to change the scope to “CloudPC.ReadWrite.All”.

Step 2 – Check the User account by running the following beta command:

* To get the entire list of audit events including the actor (person who performed the action), use the following command:

* To get a list of audit events without the audit actor, use the following command:

Integrating Windows 365 with Azure Log Analytics is a smart move for any organization looking to bolster its security and compliance posture. With the added flexibility of forwarding to multiple endpoints, you’re well-equipped to handle whatever audit challenges come your way.

I hope you will find this helpful information for enabling and querying Windows 365 Audit Logs in Azure Log Analytics or using Graph API with PowerShell. Please let me know if I have missed any steps or details, and I will be happy to update the post. Thanks,

Aresh Sarkari

Tags: Azure Log Analytics, Cloud PC, Microsoft, Microsoft Intune, MS Graph API, MSIntune, W365, Windows 365 Cloud PC

Azure Virtual Desktop (AVD) Scaling Plans: A Terraform Guide (Part 4)

In this blog post, we will explore how to create an Azure Virtual Desktop (AVD) scaling plan for pooled host pools using Terraform. This is part four of a series on deploying AVD solutions with Terraform. In the previous posts, we covered the basics of AVD and the differences between personal desktop, pooled desktop, and remote app configurations.

Before we begin, it’s essential to understand the pre-requisites for creating an AVD scaling plan. These include:

1. Azure subscription and credentials

2. Terraform installed on your system

3. Understanding of Azure Virtual Desktop (AVD) concepts and configurations

Creating an AVD Scaling Plan with Terraform

—————————————

To create an AVD scaling plan using Terraform, follow these steps:

### Step 1: Create a Directory for the Terraform Code

Create a directory for the Terraform code, including the following files:

* providers.tf

* main.tf

* variables.tf

* output.tf

### Step 2: Define the Providers

In the providers.tf file, define the Azure provider as follows:

“`bash

provider “azurerm” {

version = “2.34.0”

}

“`

### Step 3: Create the Main Terraform File

In the main.tf file, create a resource block for the AVD scaling plan as follows:

“`hcl

resource “azurerm/virtual_desktop_scaling_plan” {

name = “my-scaling-plan”

resource_group_name = “my-resource-group”

location = “eastus”

host_pool_assignment {

host_pool_name = “my-host-pool”

}

schedule {

days = [“Monday”, “Tuesday”, “Wednesday”, “Thursday”, “Friday”]

start_time = “09:00”

end_time = “17:00”

}

}

“`

### Step 4: Define the Variables

In the variables.tf file, define any existing or new variables as follows:

“`hcl

variable “resource_group_name” {

type = string

default = “my-resource-group”

}

variable “location” {

type = string

default = “eastus”

}

variable “host_pool_name” {

type = string

default = “my-host-pool”

}

“`

### Step 5: Create the Output File

In the output.tf file, specify the output values as follows:

“`hcl

output “scaling_plan” {

value = azurerm/virtual_desktop_scaling_plan.my-scaling-plan

}

“`

### Step 6: Initialize Terraform

Run the command `terraform init` to initialize the Terraform deployment and download the required Azure provider.

### Step 7: Create the Scaling Plan

Run the command `terraform plan` to create an execution plan, and then run `terraform apply` to apply the execution plan to your cloud infrastructure.

### Step 8: Validate the Scaling Plan

Go to the Azure portal, select Azure Virtual Desktop, and validate the scaling plan details such as host pool assignment and schedule.

### Step 9: Destroy Resources (Optional)

To destroy all the resources created in this example, run the following commands:

“`bash

terraform plan -destroy

terraform apply -destroy

“`

Conclusion

———-

In this blog post, we explored how to create an Azure Virtual Desktop (AVD) scaling plan for pooled host pools using Terraform. We covered the pre-requisites, creating the Terraform code, and deploying the scaling plan to your Azure infrastructure. This is just one of the many possible configurations you can create with Terraform and AVD.

I hope this guide has been helpful in getting started with Terraform on Azure Virtual Desktop solutions. Please let me know if I have missed any steps or details, and I will be happy to update the post. Thanks for reading!

In this blog post, we will explore the new Connected Frontline Cloud PCs report in Microsoft Intune, which provides valuable insights into the usage patterns of frontline workers using Windows 365 Cloud PCs. This report is crucial for businesses and IT admins to understand their usage patterns and ensure they have the correct number of licenses.

Accessing the Connected Frontline Cloud PCs Report

To view the report in the Microsoft Intune portal, follow these steps:

1. Log in to your Microsoft Intune account and navigate to the Reports tab.

2. Click on the Cloud PC Size report.

3. The report will aggregate data for the last 28 days and showcase the following information:

* Maximum concurrent connections

* Average concurrent connections

* Peak usage hours

Understanding the Report

The Connected Frontline Cloud PCs report is tailored for Windows 365 Frontline and provides insights into the usage patterns of frontline workers. If a business hasn’t purchased any Windows 365 Frontline licenses, the report will remain empty.

The report shows the maximum concurrent connections for each frontline Cloud PC, which is crucial for businesses and IT admins to understand their usage patterns and ensure they have the correct number of licenses. By analyzing the maximum concurrent connections, you can determine if there’s a need to acquire more licenses. This ensures that end users have uninterrupted access to their Frontline Cloud PCs.

The report also shows the average concurrent connections, which helps businesses and IT admins understand the typical usage patterns of frontline workers. This information can be used to plan resource allocation and ensure that the organization has enough licenses to meet the demands of its frontline workers.

In the Dec 2023 release, a new filter was introduced that shows hourly data for the consumption of Frontline Worker desktops. This provides even more precise planning and ensures that resources and licenses are allocated efficiently.

Using the Report to Make Decisions

The Connected Frontline Cloud PCs report is an essential tool for businesses and IT admins to make informed decisions about resource allocation and license management. By analyzing the usage patterns of frontline workers, you can:

1. Determine if there’s a need to acquire more licenses based on maximum concurrent connections.

2. Plan resource allocation based on typical usage patterns.

3. Ensure that end users have uninterrupted access to their Frontline Cloud PCs.

4. Make decisions about the allocation of resources and licenses based on hourly data.

Conclusion

The Connected Frontline Cloud PCs report in Microsoft Intune provides valuable insights into the usage patterns of frontline workers using Windows 365 Cloud PCs. By analyzing this report, businesses and IT admins can ensure that they have the correct number of licenses and plan resource allocation efficiently. With this information, you can make informed decisions about license management and resource allocation to meet the demands of your frontline workers.

Watermarking and Session Capture Protection in Azure Virtual Desktop using Microsoft Intune and Azure Active Directory

In the latest release of Azure Virtual Desktop (AVD) in July 2023, two exciting features have become generally available: Watermarking and Session Capture protection. These features provide an additional layer of security for your virtual desktops and help protect sensitive data from being leaked or misused. In this blog post, we will explore how to enable these features using Microsoft Intune for session host virtual machines that are Azure Active Directory (AAD) joined.

Requirements

————

Before you can roll out Watermarking and Session Capture protection, you will need the following:

* Supported client devices: To use these features, your clients must be running Azure Virtual Desktop Client or Remote Desktop Client versions 1.2.x. The features are not supported on RemoteApps.

* AAD-joined session host virtual machines: Your session host virtual machines must be joined to your Azure Active Directory (AAD) tenant.

Enabling Watermarking and Session Capture Protection using Microsoft Intune

————————————————————————

To enable Watermarking and Session Capture protection, you can use Microsoft Intune configuration profiles. Here are the steps to follow:

1. Connect to a remote session with a supported client (Azure Virtual Desktop Client or Remote Desktop Client versions 1.2.x). When you open a remote session, you should see QR codes appear. The QR code only works for Windows 11 Multi-sessionWindows 11 Enterprise (pooled or personal desktops).

2. Take a screenshot of the remote session using your mobile device. When you try to take a screenshot, the screen will be completely blank, as shown in the example below.


3. The QR code will pop up on your mobile device with the Connection ID. You can match this Connection ID in Azure Insights to find out the session information.

How to Find Session Information from QR Code using Azure Virtual Desktop Insights

—————————————————————————–

To find out the session information from the QR code, you can follow these steps:

1. Open Azure Virtual Desktop Insights and navigate to the Sessions tab.

2. Click on the “Filter” button and select “Connection ID” from the dropdown menu.

3. Enter the Connection ID you obtained from the QR code in the search bar and click “Apply”.

4. You will now see all the sessions associated with the specified Connection ID.

Benefits of Watermarking and Session Capture Protection

—————————————————

Watermarking and Session Capture protection offer several benefits, including:

* Enhanced security: These features provide an additional layer of security for your virtual desktops, helping to protect sensitive data from being leaked or misused.

* Improved compliance: By enabling these features, you can demonstrate compliance with regulatory requirements and industry standards, such as GDPR and HIPAA.

* Better user experience: Watermarking and Session Capture protection can help to prevent unauthorized access to your virtual desktops, providing a better user experience and reducing the risk of data breaches.

Conclusion

———-

In this blog post, we have explored how to enable Watermarking and Session Capture protection using Microsoft Intune for session host virtual machines that are Azure Active Directory joined. We have also discussed the benefits of these features, including enhanced security, improved compliance, and better user experience. By implementing these features, you can provide an additional layer of security for your virtual desktops and help protect sensitive data from being leaked or misused.

Adding Additional DNS Client Servers via Microsoft Intune using PowerShell

In my previous blog post, I discussed how to add additional DNS client servers using Group Policy Objects (GPOs) and PowerShell. In this blog post, we will explore the same process for all of your managed devices using Microsoft Intune.

As mentioned earlier, the best method of assigning DNS servers is through the DHCP server. However, if you do not have a DHCP server or want to use a more centralized approach, Microsoft Intune provides a solution using scripts and PowerShell.

To begin with, we will need to create a script that adds the additional DNS client servers to the managed devices. The script should be saved as “AddDNSClient.ps1” and placed on the desktop. We will then upload this script to the Microsoft Intune portal.

Once the policy is uploaded, it may take approximately 15-20 minutes for the policy to apply to the managed devices. To validate that the settings have been applied correctly, we can check the log files. To do this, go to the path “C:ProgramDataMicrosoftIntuneManagementExtensionLogs” and open the file “IntuneManagementExtension.txt.”

From here, you can search for the policy ID “cf09649b-78b7-4d98-8bcc-b122c29e5527” that we copied from the Intune portal hyperlink. This will show us if the policy has been applied successfully or not.

To apply additional DNS client servers using Microsoft Intune, follow these steps:

Step 1: Create a script called “AddDNSClient.ps1” and place it on your desktop.

Step 2: Upload the script to the Microsoft Intune portal.

Step 3: Wait for approximately 15-20 minutes for the policy to apply to the managed devices.

Step 4: Validate that the settings have been applied correctly by checking the log files in “C:ProgramDataMicrosoftIntuneManagementExtensionLogs” and searching for the policy ID “cf09649b-78b7-4d98-8bcc-b122c29e5527.”

In conclusion, adding additional DNS client servers using Microsoft Intune is a straightforward process that can be accomplished using PowerShell scripts. This centralized approach provides an easy way to manage all of your managed devices from one location. If you have any questions or need further assistance, please leave a comment below. Thank you for reading!

Applying Exclusions in VMware App Volumes: A Guide to Troubleshooting Intermittent Black Screen Issues

As a seasoned IT professional, I’ve encountered my fair share of intermittent black screen issues when using VMware App Volumes. These issues can be frustrating and difficult to troubleshoot, but thankfully, there are exclusions that can help with the smooth functioning of VMware App Volumes – Writable Volumes. In this blog post, I’ll share the list of exclusions I’ve discovered over the years, which can help you identify and resolve these issues in your environment.

Before we dive into the exclusions, it’s essential to understand that each environment is unique, and what works for one environment may not work for another. Therefore, I recommend testing these exclusions in your development or test environment before implementing them in production.

With that said, let’s get started with the list of exclusions:

1. VPN – Cisco AnyConnect Secure Mobility Client v4.x

The Cisco AnyConnect Secure Mobility Client v4.x can cause intermittent black screen issues in VMware App Volumes. To resolve this issue, you can exclude the VPN client from the writable volumes using the following command:

ExcludeVmwareAnyConnect

2. Cisco Falcon Agent

The Cisco Falcon Agent can also cause black screen issues in VMware App Volumes. To resolve this issue, you can exclude the Cisco Falcon Agent from the writable volumes using the following command:

ExcludeCiscoFalconAgent

3. Antivirus Software – Trellix | Revolutionary Threat Detection and Response

Some antivirus software, such as Trellix, can cause black screen issues in VMware App Volumes. To resolve this issue, you can exclude the antivirus software from the writable volumes using the following command:

ExcludeTrellix

4. Zero trust client – Zscaler Client Connector

The Zscaler Client Connector can also cause black screen issues in VMware App Volumes. To resolve this issue, you can exclude the Zscaler Client Connector from the writable volumes using the following command:

ExcludeZscalerClientConnector

5. Popular supply chain applications – Blue Yonder | World’s Leading Supply Chain Management Solutions

Some popular supply chain applications, such as Blue Yonder, can cause black screen issues in VMware App Volumes. To resolve this issue, you can exclude the supply chain applications from the writable volumes using the following command:

ExcludeBlueYonder

6. VMware Dynamic Environment Manager – Dynamic Environment Manager | Profile Management | VMware | AU

The VMware Dynamic Environment Manager can also cause black screen issues in VMware App Volumes. To resolve this issue, you can exclude the Dynamic Environment Manager from the writable volumes using the following command:

ExcludeVMwareDynamicEnvironmentManager

These exclusions can help troubleshoot intermittent black screen issues in VMware App Volumes – Writable Volumes. However, keep in mind that each environment is unique, and what works for one environment may not work for another. Therefore, it’s essential to test these exclusions in your development or test environment before implementing them in production.

If you have any questions or comments, please feel free to leave them in the comment section below. I’ll gladly add more exclusions if you want to share them, and I’ll update the post accordingly. Thank you for reading, and I hope you find this information helpful in resolving your black screen issues in VMware App Volumes.

Playing with PartyRock: A Fun and Educational Generative AI Experience

Last week, AWS introduced PartyRock, a revolutionary Amazon Bedrock Playground interface that lets you build fun applications using Generative AI without coding knowledge. This innovative tool not only makes it easy to create engaging applications but also provides an opportunity to learn about Prompt Engineering and Large Language Models in an enjoyable way.

Inspired by the weekend and my love for food, I decided to create an application that would help me decide what to have for dinner. With PartyRock’s ease of use, it only took me about 5 minutes to develop the “Cheeky and Chatty Dinner Decider.” This app lets me ask a few questions about the dish before deciding to make it, and even better, the food answers my questions!

My chat with “Fish and Chips” was hilarious, and I enjoyed my conversation with “Smoked Salmon and Avocado Sushi” very much. Not only did I get the recipe information, but I also received tips on variations, the dish’s origin/history, and more. The “chats” with “Jacket Potatoes” and “Hawaiian Pizza” were also entertaining and informative.

The best part about PartyRock is that it’s so easy to use. With just a few clicks, you can have an application up and running in no time. Jeff Barr has written an introductory blog post that goes through the basics, and the guidance on the page is clear and concise.

So, what are you waiting for? Go ahead and give PartyRock a try. You can use the accompanying examples to get started, and don’t forget to “Remix” my app and enhance it to suit your taste. With this amazing tool at your disposal, the possibilities are endless.

In conclusion, PartyRock is an incredible opportunity for anyone interested in Generative AI and Amazon Bedrock to have fun while learning. It’s easy to use, and the potential for creativity and exploration is immense. Don’t hesitate to give it a try and see what amazing applications you can create!

NSX+: The Future of Security and Networking for Hybrid Cloud Environments

In today’s digital age, organizations are increasingly adopting hybrid cloud strategies to stay agile, flexible, and competitive. However, this shift towards hybrid cloud environments also introduces new security challenges, as legacy security tools struggle to keep pace with the rapidly evolving threat landscape. To address these challenges, VMware has been working behind the scenes to develop NSX+, a Software as a Service (SaaS) deployment that aims to provide five “as-a-service” services for consistent security and networking policies across all locations.

The five services offered by NSX+ are:

1. Policy Management: Customers can define and deploy consistent security and network policies across all locations, ensuring that their organization has one dashboard to rule them all when it comes to security.

2. Application Visibility: Network flow recommendations for applications allow organizations to create more efficient and accurate application mappings, essentially enabling the creation of a zero-trust micro-segmentation environment.

3. Network Detection & Response: The ability to triage and block/isolate incoming threats in the environment, providing an additional layer of security.

4. AVI Controller Capability: The capability to deploy and run AVI controllers from the cloud, allowing organizations to migrate virtual machines between whichever cloud deployment they might have.

5. Hybrid Cloud Extension Service: The ability to extend the hybrid cloud environment to any location, allowing organizations to seamlessly move workloads between environments.

Multi-Tenant Self-Service Policy Management

One of the most exciting capabilities of NSX+ is its multi-tenancy for self-service cloud consumption. This feature allows different lines of business areas to have their own project administrators, who can configure their part independently without affecting each other or involving the Enterprise Administrators. This feature is similar to federation capabilities in NSX, but on steroids, allowing organizations to manage all their locations from a single management console.

Virtual Private Clouds

Another key capability of NSX+ is the ability to create virtual private clouds (VPCs). Public clouds have had this capability for a while, but providing it in NSX will simplify and accelerate the deployment of standard configurations inside projects. Defining a VPC will be similar to how you do it in the public cloud today, with the interface asking the project admin about the subnet needs with connectivity configuration, and NSX creating that isolated environment for consumption by that project.

Enhanced Security and Networking for Hybrid Cloud Environments

NSX+ offers several enhancements to security and networking for hybrid cloud environments. The application visibility feature provides network flow recommendations for applications, allowing organizations to create more efficient and accurate application mappings. The network detection & response capability allows organizations to triage and block/isolate incoming threats in the environment, providing an additional layer of security.

The Future of Security and Networking

With NSX+, VMware is taking a significant step towards addressing the security challenges faced by hybrid cloud environments. The platform’s ability to provide consistent policy management, application visibility, network detection & response, AVI controller capability, and hybrid cloud extension service will help organizations improve their security posture and simplify their networking operations.

As more and more organizations adopt hybrid cloud strategies, the need for robust security and networking solutions will only continue to grow. With NSX+, VMware is poised to play a leading role in shaping the future of security and networking for hybrid cloud environments.

In conclusion, NSX+ offers a range of exciting features that can help organizations simplify their security and networking operations while improving their overall security posture. With its multi-tenancy for self-service cloud consumption, virtual private clouds, and enhanced security and networking capabilities, NSX+ is set to revolutionize the way organizations approach hybrid cloud security. Stay tuned for more information on these exciting new features and how they can help your organization thrive in today’s digital age.

VMware Cloud on AWS: Enhancing Storage Capabilities with Amazon FSx for NetApp ONTAP

Since its release, VMware Cloud on AWS has continued to evolve and innovate, keeping ahead of the curve in terms of flexibility, architecture, and design choices. One area that has seen significant enhancements is storage, with a focus on capability, performance, and cost. In this blog post, we’ll explore the latest developments in storage for VMware Cloud on AWS, specifically with Amazon FSx for NetApp ONTAP, and how it can benefit your organization.

Enhancements in Storage for VMware Cloud on AWS

Amazon FSx for NetApp ONTAP provides a flexible, scalable, and performant storage option for VMware Cloud on AWS, suitable for both multi and single-availability zone configurations. This external storage option offers several benefits, including the ability to scale your storage requirements based on your compute and memory needs.

In the latest version of VMware Cloud on AWS (SDDC 1.22), an enhancement has been introduced that allows the vSphere NFS client to open multiple network connections to each datastore mount. These connections are used on a round-robin basis, allowing each vSphere host to increase the per datastore throughput. Currently, two connections are supported in this configuration, resulting in up to 1000 MB/s going towards each host. This capability may see further enhancements in the future, so it’s essential to keep an eye on future developments.

VPC Peering: The Game-Changer for Amazon FSx on NetApp ONTAP

One of the most exciting announcements for VMware Cloud on AWS customers is the introduction of VPC peering for connectivity between VMware Cloud on AWS and Amazon FSx on NetApp ONTAP. This new capability will significantly reduce egress data charges, making the solution far more cost-effective for users.

To understand the impact of this announcement, let’s consider the current scenario where connectivity between VMware Cloud on AWS and Amazon FSx on NetApp ONTAP is through a VMware Transit Connect Gateway. While this setup works well from a connectivity and performance perspective, it can lead to significant data transfer charges when there’s a lot of activity between the two VPCs.

With VPC peering, customers can now establish direct connectivity between their VMware Cloud on AWS SDDC and Amazon FSx on NetApp ONTAP without relying on the Transit Connect Gateway. This will not only reduce egress data charges but also simplify the setup and management of the storage solution.

Technical Considerations and Next Steps

While VPC peering is an exciting development, there are a few technical considerations to keep in mind:

1. Currently, this connectivity option is only available by raising a ticket with VMware Cloud on AWS Support. Once the feature is released, it will become a self-serve option.

2. Existing deployments can benefit from VPC peering by contacting VMware Cloud on AWS Support to configure the connectivity.

3. Traffic will automatically switch to the new route once VPC peering is established, and you should see a reduction in data transfer activity on the relevant VMware Transit Connect attachments.

Conclusion

The latest enhancements in storage for VMware Cloud on AWS, particularly with Amazon FSx for NetApp ONTAP, offer significant benefits to customers looking to scale their storage requirements based on their compute and memory needs. With VPC peering, customers can now reduce egress data charges and simplify the setup and management of this brilliant storage solution.

If you’re already using VMware Cloud on AWS with Amazon FSx on NetApp ONTAP, be sure to explore VPC peering to take advantage of the cost savings and simplified connectivity. If you’re new to VMware Cloud on AWS, consider these enhancements as a compelling reason to give it a try.

Remember to keep an eye on future developments in this area, as VMware Cloud on AWS continues to innovate and push the boundaries of what’s possible with cloud computing.