Azure-docs: Where is the guidance and best practices for line of business apps and office

Thanks for the question. We are currently investigating and will update you shortly.

@ChristianMontoya Can you please check on this and add your comments.

Forwarded internally. Will try and respond in the next few days once I get some more information.

@tlamming please let me try addressing you questions in order
1) Updating office: that is via the office's standard channel or via updating the master image
2) Updating 3rd party apps: use the same (Microsoft) technology you already invested in to manage physical devices running Windows 10 client ConfigMgr/WSUS or Windows Update for Business
3) Handling licenses/activation for 3rd art apps: it really depends on the app. Generally the ISV behind the app have a mechanism to enforce licensing via many different mechanism. What I have seen is people script activation/licensing via scripts (chocolaty, PS, etc.)
4) Updating windows: (same answer as above): use the same (Microsoft) technology you already invested in to manage physical devices running Windows 10 client ConfigMgr/WSUS or Windows Update for Business

@stgeorgi Thank you. It sounds like its recommended to disable these things in the gold image so that you can "push" the updates yourself via WSUS, etc? Since WSUS would "take over" updates, what is the reasoning?

1. Office update via standard channel - Isn't this recommended to be disabled? Updating the master image creates an issue where the entire "machine" is brand new, via Sysprep. Do you mean that you should be doing this manually on each WVD pool?
2. Unless it's done to the gold image, does this not create divergent configs with multiple pools, as time goes on? This leads us back to updating the gold image and the issues with Sysprep for licensing.
3. This seems like a catch-all and cumbersome, coming up with unique solutions for licensing each product. For an MSP, you could be dealing with 100's of different 3rd party apps. Is this why Microsoft is developing app attach?
4. What advantage (other than choosing what patches are pushed) does WSUS give over having windows update enabled/disabled if you are not updating the gold image?

I hope this makes sense, it just seems like provisioning the system is much quicker than RDS and less work not having to maintain the broker and gateway, but then day to day updates become much more hands-on and less automatic with wvd.

Microsoft is saying treat it just like an endpoint, but endpoints do not get re-imaged and Sysprep as often as keeping a gold image up to date (since you would then be pushing this to your pools

@tlamming to clarify the recommended way is via updating the master image (and our documentation references this model) that is however not the only option and I list options. Diverging configuration is always an issue in VDI/RDS environments and why master image pushing the updates is common.

Thank you. I feel like we are going in circles because updating via the
master image creates all of the problems I listed, that require
tedious scripting. For smaller shops with small deployments the workload
gets multiplied. Hopefully, we have some easier solutions as WVD becomes
more popular. Thank you for discussion.

--Travis

On Wed, Jan 22, 2020 at 2:32 PM Stefan Georgiev notifications@github.com
wrote:

@tlamming https://github.com/tlamming to clarify the recommended way is
via updating the master image (and our documentation references this model)
that is however not the only option and I list options. Diverging
configuration is always an issue in VDI/RDS environments and why master
image pushing the updates is common.

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/MicrosoftDocs/azure-docs/issues/46294?email_source=notifications&email_token=ACF46CLI3HJD6KY42H6PPK3Q7CNOPA5CNFSM4KHXBH6KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJU2HFY#issuecomment-577348503,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/ACF46CJVSLQ7XMDMBACZ5TLQ7CNOPANCNFSM4KHXBH6A
.

@stgeorgi (and @Karishma-Tiwari-MSFT) - you mention that the documentation references the model of updating the master image, however I've been unable to find any documentation specifying the process for updating the master image and updating the hosts to use the new image at this time. We've been trying to work out this process on our own to limited success and would love to have firmer guidance on what the process should be. If documentation for updating the master image and applying the updates to the existing hosts exists, can you share the link, and if not, can you provide that information?

The process of updating the master image is the same as the process for preparing a master image. It is documented under WVD in docs.microsoft.com. Quick Bing search shows it in top 5.

@gabrieljtaylor Here is the link: https://docs.microsoft.com/en-us/azure/virtual-desktop/set-up-customize-master-image
Hope that helps.

We will now close this issue. If there are further questions regarding this matter, please tag me in a comment. I will reopen it and we will gladly continue the discussion.

@Karishma-Tiwari-MSFT, @stgeorgi - Thanks for the link, but that documentation is not what I am referring to. While that documentation does show the process for _creating_ the initial image, it has several shortcomings, which are from where my question stems. Specifically:

• There is no information on the process to update a managed image after it has been initially created
  
  
  
  • I assume the instructions are to simply generate a new VM from the existing managed image then repeat the process to convert the disk back to an image after the fact, but the documentation offers no insight into or confirmation of that process.
  
  
• There is no information on how to update existing VM hosts to use the new image
  
  
  
  • In my testing, when we attempt to redeploy the template (from the marketplace) but change the VM host image to point to the new image, the deployment fails, citing that the VM resources failed to be updated as the image ID property couldn't be changed.
  
  
  • We have also tried deleting the VMs and redeploying the template in order to have new VMs generated from the updated image, but that has resulted in the new hosts failing to register with the WVD service, resulting in more work.
  
  
  • There needs to be a simple mechanism for applying an updated master image to the VM hosts without needing to unregister and delete every VM host, then redeploy the template. That results in a significant amount of downtime that surely can't be the expected solution.
  
  
  • If there is a supported, simple way to redeploy and change the image used for the VM hosts, it is not documented anywhere I can find it, and I have searched extensively.
  
  

I commented here as my question seemed to be in line with the initial post for this discussion, and also because the process of updating and redeploying seemed out of scope for the "Prepare a custom VHD image" page. If it makes more sense to move this specific discussion to that page, I have no problem with re-submitting the question and details there - just let me know to do so.

I should also add that, in general, all of the WVD documentation is tailored specifically to the initial deployment and not to ongoing maintenance. While there are references to the need to update configuration (namely, the reference on this page to the need to update the image to maintain Office and on the "Expand an existing host pool" page to adding new hosts), there are no actual pages nor instructions specifically addressing any other updates (or even how to do the Office updates, as this question points out). If you're looking for general suggestions on how to improve the documentation overall, I'd say addressing the need for documentation focused on update and maintenance would have the biggest potential benefit.

Your observations are correct. We are not investing (for now) in documentation on how to do change management for WVD as this is highly divergent across customers. The statement that the WVD team has been making around update management, app management and image management has been (paraphrased and shorten) "use any process that your organization already uses, with the distinction that the image has to be uploaded to azure. For the moment we recommend doing all management via golden image rollout (hence why I shared a link to the article)"

Management via golden image rollout is definitely preferred and the route we want to go with, but as mentioned above, we've experienced issues when trying to deploy an updated image to an existing host pool via the Marketplace template. Can you assist by providing semi-official guidance on deploying an updated golden image to existing hosts? Is there a way to do this without requiring the destruction and de-registration of the hosts before redeploying the template? Do we need to ensure that new versions of the image overwrite the existing Image resource in Azure rather than creating a new Image resource? I'm very interested in what your process is today; I'm just trying to figure out the optimal method of managing image updates moving forward.

@stgeorgi I will second that request from @GJTaylor I am happy enough with the actual image management processes for the gold image, of “do it how you usually would, were not going to prescriptive around that” however the existing guidance linked to appears be concentrated around deployment of your prepared new host pool rather than the updating the gold image (or more having updated and uploaded it then deploying it) of an existing host pool.

From: GJTaylor notifications@github.com
Sent: Thursday, April 23, 2020 22:49
To: MicrosoftDocs/azure-docs
Cc: Chris Haydon; Manual
Subject: Re: [MicrosoftDocs/azure-docs] Where is the guidance and best practices for line of business apps and office (#46294)

Management via golden image rollout is definitely preferred and the route we want to go with, but as mentioned above, we've experienced issues when trying to deploy and updated image to an existing host pool via the Marketplace template. Can you assist by providing semi-official guidance on deploying an updated golden image to existing hosts? Is there a way to do this without requiring the destruction and de-registration of the hosts before redeploying the template? Do we need to ensure that new versions of the image overwrite the existing Image resource in Azure rather than creating a new Image resource? I'm very interested in what your process is today; I'm just trying to figure out the optimal method of managing image updates moving forward.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHubhttps://github.com/MicrosoftDocs/azure-docs/issues/46294#issuecomment-618689602, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ANYPIINJ55USDKGDPJPNHE3ROCZUFANCNFSM4KHXBH6A.

Disclaimer

The information contained in this communication from the sender is confidential. It is intended solely for use by the recipient and others authorized to receive it. If you are not the recipient, you are hereby notified that any disclosure, copying, distribution or taking action in relation of the contents of this information is strictly prohibited and may be unlawful.

This email has been scanned for viruses and malware, and may have been automatically archived by Mimecast Ltd, an innovator in Software as a Service (SaaS) for business. Providing a safer and more useful place for your human generated data. Specializing in; Security, archiving and compliance. To find out more visit the Mimecast website.

To summarize the ask is to have a this is how you update your WVD environment once you have a new image?

@stgeorgi Yes, I have just reviewed the documentation again an can't see how to update an existing host pool with a new gold image. It would be useful to have the Microsoft supported/recommended/documented/best practice way of doing it.

Using a search engine not called Bing brings back a number of "approaches" some of which refer to the preview offering before WVD GA'd. I guess the ideal would be if you could simply run something to the effect of a Powershell command "Set-WVDHostPoolMaster -HostPoolName -ImageName" or select a disk image from dropdown in a WebUI and reboot but some of the instructions I have read seem to be more akin to completely deleting and recreate the host pool afresh which doesn't sound ideal particularly as I assume that will break existing clients and need all the users readded to the host group which isn't idea without group support.

I have to say the original question is not a new issue, it's one that we have battled for years with RDS images and to a greater extent non persistent VDI images - in my mind WVD doesn't really change matters in this regard. In my experience the reality is generally ISV licencing activation has never been the issue you imagine it will be and I have yet to find an ISV that hasn't come up with a "solution" when offered with the option of losing the business instead such as unlocked licences on a trust basis; I've had ISVs spend 5+ years telling me they're going to "fix" their legacy device based licencing mechanisms and then eventually admit basically the development time and cost isn't worth it and it always sits near the bottom of the queue. The only totally insurmountable one I think was dependency on a parallel port dongle and that was more a virtualisation issue - a physical RDS server was supported! My advise would be talk to the ISV... chances are you're not the first person to do so... nor will you be the last.

@Karishma-Tiwari-MSFT perhaps this can be reopened?

@ChrisH82 and @gabrieljtaylor May I rephrase y question and actually ask few more:
1) Is the ask to write an article that explains how a new master image is rolled out to existing WVD environment?
2) Is the question to describe how one updates and existing golden image? and how to automate this?

Also (this is not aimed to be the permanent solution but I will like your feedback) have you looked at this https://github.com/Azure/RDS-Templates/tree/master/wvd-templates/Update%20existing%20WVD%20host%20pool

@stgeorgi :

1. Yes, an article explaining how a new master image is rolled out to an existing WVD environment is exactly what I'm looking for.
2. I know how to update the existing image already, but I am unsure of whether the updated image should be captured to a new Image resource or if it should overwrite the existing Image. A simple clarification would be nice, but it is likely that this would be answered in the article explaining how a new master image is rolled out.

The only template I've used is the one on the Marketplace. If there is a different one out there that is better or intended for a different purpose, that would be good to have official direction about as well.