Introduction

If you are new to Windows 365 Cloud PC‘s please check out our series about Getting Started with Windows 365. Microsoft recently blogged about the ability to use alternate ANCs (Azure Network Connection) when Provisioning Cloud PCs so that if one ANC goes down it can fall over to the next in line according to priority. You can read that blog post here. Lets look at the new feature in detail.

But first, what is a provisioning policy. This policy defines what settings you will apply to new Cloud PCs when they are provisioned for your users. When creating a new provisioning policy you have to enter some details, such as join type, network type, and so on. In this case we are interested in the type of network we’ll use, it can be

Microsoft hosted network
Azure network connection

as you can see here

The reason there are two types of network depends entirely on your needs. If you want minimum fuss and minimum requirements when creating the policy choose the Microsoft hosted network, that way you don’t have to create a virtual network or have an Azure subscription tied to your Cloud PCs connectivity. If on the other hand you want to have more control over the type of network settings such as specifying individual DNS servers, IP ranges or address spaces then you need to choose Azure network connection and create those separate virtual networks (vnet) in your Azure subscription.

Once you’ve decided which network join type to use, you are shown active working ANCs in your environment at the time you started creating the provisioning policy.

Those ANC’s listed are based on the list of healthy ANC’s you have at time of creation of the provisioning policy, so at the time I created this provisioning policy, the following ANCs were healthy. Note that it will only list those ANCs based on the join type you select.

Note: You should only add an alternate ANC if you fully understand the implications of provisioning Cloud PCs in a different ANC.

If any of the above are unhealthy, they won’t appear in the drop down list. Select those that you want included in this provisioning policy. You’ll notice that a new Network prioritization UI appears behind your choices.

Clicking away from the drop down menu allows you to sort your ANCs by your chosen priority. You can click and drag the ANC from one priority to another within your list.

After sorting your ANCs by priority your new list is shown

UI note: It would be nice if all the information in each of the columns for each ANC was shown, right now you need to scroll right to see what’s what.

Continue through the wizard to complete your Alternate ANC provisioning policy.

The policy is listed below, note how the Azure network connection column shows a +

What about existing provisioning policies ?

You can also edit existing provisioning policies to add alternate ANCs, however it’s not that intuative. To do so, open the properties of an existing policy and click Edit at the General settings.

in the Azure network connection section, click the drop down menu to show other healthy ANC’s

next, make your selection and change priority as shown earlier

Verifying alternate ANCs in your provisioning policy

Now that I’ve created an Alternate ANC provisioning policy with three healthy ANCs (listed below), I decided it was time to see this working in a lab.

W365Demo1_anc
W365Demo2_anc
W365 North Europe HAAD ANC

For this test I forced one of the three Routing and Remote Access Service (RRAS) servers which host services used in the hybrid azure network connections into an unhealthy state by shutting down the corresponding on premises server.

By doing this I basically forced the following ANC offline.

W365Demo1_anc

Once that ANC was offline I retried the network tests in each respective ANC and then refreshed to see the latest status. You can clearly see that W365Demo1_anc is listed with a status of Checks failed.

The next logical step is to provision a Cloud PC for a user targeted with the Alternate networks in windows 365 provisioning policy. I then added a user to the group targeted with the this provisioning policy and waited for it to provision.

The provisioning started after a few minutes, but strangely it listed the very ANC that i took offline in the Azure network connection status column.

This was not what I expected, but maybe just a UI glitch. According to the priority I specified in my alternate ANC list, I expected W365Demo2_anc to be the ANC used during provisioning as W365Demo1_anc was already offline and marked unhealthy. I’ve made the Product Group aware of this. I’ll update this blog post once they reply back.

After completing the provisioning process I could see that it correctly listed the second of three available ANC’s from my list (as the first was offline).

That’s a result ! Great job Microsoft !

Summary

Providing the ability to use multiple/alternate ANC’s during provisioning of a new Windows 365 Cloud PC is an important step forward in reducing downtime when provisioning new Cloud PC’s. The recommended actions in Matt’s blog post do point out that you should keep an eye on the health of your ANC’s and while that is nice in theory, the existing methods of doing that are to look at the ANC health in the Azure Network Connections view directly, or read the emails generated by the alerting feature. I’d like to see a report that shows the reliability/health of your ANC’s over time, so that it’s easy for the admin to pinpoint problem locations (during specific time periods) and fix them. This new feature only applies to the actual provisioning of the new Cloud PC. It does not apply to existing Cloud PC’s that may be affected if an ANC goes unhealthy.

Using alternate ANCs in your Windows 365 provisioning policy

Introduction

What about existing provisioning policies ?

Verifying alternate ANCs in your provisioning policy

Recommended reading

Summary

Leave a Reply Cancel reply

Archives

Categories

Recent Posts

Recent Comments

Meta