It’s been a while since I last wrote an article so I thought I would take the time to talk about something topical that we are asked about on a daily basis and that is “how do you effectively integrate Microsoft Office 365 within a virtual desktop environment”? Before I can answer this, you first have to understand the problem.
Virtual desktops brings many advantages to any organisation including cost savings, increased security and manageability , see my success guide for a more in depth view: https://www.linkedin.com/pulse/success-guide-how-implement-desktop-virtualisation-any-brett-loveday
One of the immediate benefits that a virtual desktop can bring is application performance improvements, especially in distributed networks because a virtual desktop typically runs on the same core network alongside your applications and back end data. This is much more efficient, than say, a fat client desktop that has to pull all that data down to the local machine to process. When I am designing virtual desktops, I like to keep the user and the data as close together as I can possibly get them and sometimes that even means moving core file servers to the same VLAN as the virtual desktop session.
The challenge that Office 365 brings is that once you embrace OneDrive and Hosted Exchange you have introduced an extensive lag by separating the users from their data across one of the slowest and unreliable networks (the Internet) which undermines one of the major benefits that virtual desktops bring.
When moving to Office 365 a fat client Windows PC is less affected by this lag because you can run outlook in cache mode so your inbox opens immediately and you can use the OneDrive client to cache file data, although this can be flaky, but it is usable. All this get stored in your local profile on your laptop so is always available until you change machines or you have to recreate your profile, that is. Caching in your profile, it seems, is the saving grace for Office 365 right? Well yes, but not on a virtual desktop. Let me explain.
The local profile on a fat client PC running outlook in cache mode and OneDrive offline sync will bloat the size of your profile to massive size, mine is over 10GB and it’s not unusual to see profiles 30-40GB in size. On a virtual desktop, you cannot use local profiles because almost all are based on non-persistent solutions where a desktop either comes from a pool of resources or a mixture of RDSH session and local profiles are deleted at log off, so you have to use a profile solution that copies the users profile from a network location at logon and if the profiles size is in the 10’s of gigabytes it will take an age to log on and multiple simultaneous logons will clog up your network. Finally, the OneDrive sync client is not available or supported on Microsoft RDSH. For a more in-depth look at managing profiles, see my Dummies Guide on managing user profiles in a virtual desktop here: https://www.linkedin.com/pulse/dummies-guide-managing-profiles-citrix-environment-brett-loveday
It doesn’t read too well does it? It feels at times like trying to mix oil with water and that needs an emulsifier, It’s one of the biggest challenges we have had to overcome over the last twelve months but thankfully we have a solution which revolves around putting the right profile management solution and it doesn’t need to cost you anything providing you have the right infrastructure in place.
In a nutshell we have to recreate the same solution that is relevant to a fat client Windows PC on a virtual desktop, but doing that in a way that does not impact too greatly on the logon time and allows effective caching without killing your network.
Before I start, there is an important point to make from the outset, these changes will have a dramatic impact on disk performance so this needs to be considered as before doing this. When you run a virtual desktop on an RDSH session server the average disk load is around 5 IOPS (Inputs/Outputs per second) but budget in a contingency overhead and for sizing I suggest 7 IOPS per session. The moment you enable Outlook caching, this figure goes up to a whopping 98 IOPS per session, so budget 100 IOPS. I have personally verified these figure myself by isolating a single user’s session then using Microsoft MAPS, measured the IOP load.
Golden rules when using Office 365 in a virtual desktop:
- Run outlook in cache mode with no more than 7 days of cached emails (GPO Settings)
- Allow for a minimum 100 disk IOPS per user session/desktop
- Move your VDI & RDSH VM’s on to SSD Storage, ideally on local disks on the hypervisor.
- Use a profile management solution that allows you to hive off and compress the outlook cached OST file, compression is the essential element which gives a 10-fold improvement on storage needs and logon performance. See the TPPM section which is our free tool to anyone that asks me nicely. TPMM version 3.5 now fully supports Office 365
- Recognise that there is no effective solution to date to run OneDrive client, look to using a drive mapping tool or script. I recommend the brilliant script written by Jos Lieben available here: https://gallery.technet.microsoft.com/office/OneDriveMapper-automaticall-d7d498b0. Citrix customers should use the Sharefile client on the desktop and setup a connector to OneDrive, See: https://www.citrix.com/blogs/2016/07/12/how-to-get-the-most-out-of-your-microsoft-office-365-subscription-using-citrix-sharefile/
- Enable shared computer activation for Office 365 and install the full version of Office using the Office Deployment tool and combine the following settings:
- <Display Level=”None” AcceptEULA=”True” />
- <Property Name=”SharedComputerLicensing” Value=”1″ />
- Don’t waste money on licensing, if you plan to keep Exchange on premise, purchase Office 365 Pro Plus, this represents around £4 a month saving per user over E3 and supports RDS/VDI deployments
- Set up Office 365 for Single Sign On (SSO), there are various ways to achieve this which goes beyond the scope of this document, here is a good guide to explore the options that are right for you: https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-user-signin. Citrix customers can take advantage of the Federated Authentication Service, see: https://www.citrix.com/blogs/2016/05/31/its-here-the-federated-authentication-service-for-xenapp-xendesktop/
- Install HDX RealTime Optimization Pack for Skype for Business on Citrix XenApp and XenDesktop VDI deployments and choose an end point that support Real Time Media Engine (RTME) like Dell Wyse 3040 and H.264 Video decoding if you plan to make video calls.
- You should be good to go if you do all this.
What is TPMM?
TPMM is our own profile management solution that overcomes most profile related issues and to date has around 60,000 users. We are currently at version 3.5 and now fully supports the caching of Office 365 and it is completely free. I created TPMM many years back after having a need to overcome some complex profile challenges, especially on larger deployments where users could be logged on to many systems at the same time and often on different operating systems. It has evolved today to be completely agnostic to the underlying Windows OS version and has done away with profiles. If you want a sure way to fix your profile problems, how about having a “No Profile” solution. That’s impossible to break.
How TPMM Works
TPMM is actually on one level is quite simple, we don’t install anything, we simply put an Executable File (TPMM.EXE) in your NetLogon share, along with a tiny INI that has all the settings.
When a user logon using TPMM, they get a new default profile every time, but we clean up all the unnecessary stub paths to speed the logon times e.g. Setting Up Internet Explorer messages. This will be a local profile on that server which allows for IE Passwords to saved, IE cache, personal SSL Certs etc. TPMM also comes shipped with our own custom StubPath that we add which calls TPMM.EXE at logon and restores all the user’s personalisation including any caching we recorded from their last logoff.
When a user logs off, TPMM is called via a logoff script and records only the items we want it to. This looks up an IN File which lists all the items that we want to record. This INI is stored on the NetLogon Share and you can use multiple INI for more complex needs. The log off process creates temporary local files that we bundle up in to standard Office Profile Settings (OPS) files and then copies this to the users Home Drive, negating the need to have any profiles at all. We finally change the registry flag of your currently logged profile so that Windows thinks it’s a temporary which automatically get deleted once you’ve logged out.
In version 3.5 we have added a few extra’s that copies the Outlook OST file and compresses it before copying it to the user Home Drive
Finally, I could not do an article on Office 365 without mentioning these guys. I like what they do and If I come across as a bit anti them, trust me I’m not. What they do is clever I just think it’s not needed.
For those that don’t know how FsLogix works, it creates a VHD for each user to store all the Office 365 caching data. This VHD is mounted when you log on and boom, it just works, it’s simple to use and actually quite simple in what it does. My issue with it is that it costs money that you don’t need to spend. You also need to place the user VHD’s on a very fast SAN, which also adds to the cost.
Apart from the occasional reference to Citrix , this guide is relevant no matter virtual desktop broker you choose to use, even just straight Microsoft RDSH solutions. I wanted to keep this guide generic to emphasise this is an industry wide problem and not tied to a particular vender.
I hope you find this guide useful, we’ve been working on trying to solve this issue for over twelve months’ now and the core pieces of our solution revolves around free profile management tool, I call it the emulsifier, it allows us to mix oil with water [Office 365 on a virtual desktop]
Tell me what you think, do you have any batter ideas? I’m all ears. Let the community know, lets share knowledge guys.