Azure Blob

Azure Blob is Microsoft’s object storage solution for accessing data over the internet. The data is stored inside a resource called a “blob.” Each blob can hold as many objects as you want. Blobs are organized inside of “containers” within a storage account. Each container can hold an unlimited number of blobs. Administrators control access to their storage blobs and who can read, write, or delete data objects in that blob. For detailed information, visit the Microsoft Azure Blob Storage website.

Creating a Console Configuration Storage Account

The Configuration storage account holds the configuration files created in the ProfileUnity Management Console and the license file. The ProfileUnity Client reads these files to configure a user’s desktop.

  1. Log in to your Azure portal.
  2. In the column on the left, go to All Services and select Storage > Storage Accounts. Alternatively, you can type Storage Accounts in the Search bar.
  3. Click +Create to add the new storage account.
  4. Select your subscription. Either create a new Resource Group or use an existing one. Name the storage account. The name you select must be unique across all Azure storage accounts. The best practice is to use a format such as yourcompanynamepurpose, for example, lwprouconfigs. Below are additional naming requirements:
    • The name must be between 3 and 24 characters long.
    • The name can only use lowercase letters and numbers.
  5. Select Azure Blob Storage for the Primary service.
  6. Configure all other required settings according to personal preference.
  7. Click Create when done.

Creating a Configuration Container

  1. After the ProfileUnity Configuration Storage Account is created, the Azure portal will display information about the new storage account. Click the Blobs tile.
  2. Click +Container to add a container to the storage account.
  3. Name the container configurations and set the Public access level to Private. Then click OK.

Getting the Access Key for Configuration

The storage access key is used to authenticate access to the storage account. This permits full access to all containers and blobs in this account.

  1. In the Azure portal, navigate back to the ProfileUnity Configuration Storage Account.
  2. Under Security + networking, click Access Keys.
  3. Copy the Storage account name and the Key and save this information until you are ready to enter it into the ProfileUnity Management Console. In the ProfileUnity Management Console, the Account Name and Account Key credentials for Microsoft Azure can be entered as the Console Credentials either in the Cloud Storage section of Administration Settings or in the Guided Configuration Wizard when using a cloud storage template.

Creating a Client Portability Storage Account

The Portability storage account holds a user’s profile settings that the ProfileUnity Client writes back to it.

  1. Log in to your Azure portal.
  2. In the left column, go to All Services and select Storage > Storage Accounts. Alternatively, you can type Storage Accounts in the Search bar.
  3. Click +Create to add the new storage account.
  4. Name the storage account. The name you select must be unique across all Azure storage accounts. Therefore, best practice is to use a format such as yourcompanynamepurpose, for example, lwprouportability. Here are a few additional naming requirements:
    • The name must be between 3 and 24 characters long.
    • The name can only use lowercase letters and numbers.
  5. Select Azure Blob Storage for the Primary service.
  6. Configure all other required settings according to personal preference.
  7. Click Create when done.

Creating a Portability Container

  1. After the ProfileUnity Configuration Storage Account is created, the Azure portal will display information about the new storage account. Click the Blobs tile.
  2. Click +Container to add a container to the storage account.
  3. Name the container portability and set the Public access level to Private, then click OK.

Getting the Access Key for Portability

The storage access key is used to authenticate access to the storage account. This permits full access to all containers and blobs in this account.

  1. In the Azure portal, navigate back to the ProfileUnity Configuration Storage Account.
  2. Under Security + networking, click Access Keys.
  3. Copy the Storage account name and the Key and save this information until you are ready to enter it into the ProfileUnity Management Console. In the ProfileUnity Management Console, the Account Name and Account Key credentials for Microsoft Azure can be entered as the Client Credentials either in the Cloud Storage section of Administration Settings or in the Guided Configuration Wizard when using a cloud storage template.

Restricting ProfileUnity Client Access to Read-Only for Configs

The ProfileUnity Client needs read-only access to the configuration storage account to manage users’ desktops as they have been configured to deploy. Azure’s Shared Access Signature (SAS) is a Uniform Resource Identifier (URI) that combines permission settings in the form of a token.

  1. In the Azure portal, navigate back to the ProfileUnity Configuration Storage Account.
  2. Under Settings, click Shared access signature.
  3. Select the following checkboxes:
    • Allowed services: Blob
    • Allowed resource types: Service, Container, Object
    • Allowed permissions: Read, List
  4. Enter Start and End dates and times. We recommend your end date be 5 years or more from your start date.
  5. Click Generate SAS and connection string when done.
  6. Azure will create 3 items: a connection string, a SAS token, and a Blob service SAS URL.
  7. Copy the Blob service SAS URL and save this information until you are ready to enter it into the ProfileUnity Management Console. In the ProfileUnity Management Console, the Blob service SAS URL for Microsoft Azure can be entered along with the Client Credentials in the Guided Configuration Wizard when using a cloud storage template. Or this can be entered in the Cloud Storage section of the Administration Settings when you click Copy next to Azure Client credentials.

Putting This All Together

After completing all of these instructions to set up your Microsoft Azure Blob cloud storage for ProfileUnity, you can install and configure ProfileUnity to make use of your new cloud storage accounts.

When using a cloud storage template, ProfileUnity’s Guided Configuration Wizard prompts you for your ProfileUnity Console Configuration credentials, your ProfileUnity Client Portability credentials, and your Blob service SAS URL.

Note that when ProfileUnity refers to Azure Blob cloud storage paths, they begin with AZ://. Here are some examples where what is in brackets is replaced with the specified storage container name:

  • Deployment/Console Path: AZ://{configuration-storage-container}/ini
  • Portability/Client Path: AZ://{portability-storage-container}/%username%
  • FlexApp Packages Path: AZ://{configuration-storage-container}/flexapp
  • GPO Settings for INI, ProfileUnity as a Service, Client Settings XML Path:
    AZ://{configuration-storage-container}/startup

You can change your ProfileUnity Console or Client credentials at any time by going to the Cloud Storage Settings section of the Administration screen within the ProfileUnity Management Console.

For more instructions on how to adjust your Licensing and GPO configuration to utilize cloud storage, refer to the ProfileUnity Installation Guide.