Advanced Installation Methods
Traditional Nerdio Manager deployments should follow the steps and instructions provided in our Installation Guide. See Nerdio Manager Installation Guide for details. The advanced install methods outlined here should only be used for specific situations as warranted.
Warning: This is an advanced, custom, install of Nerdio Manager recommended only for special circumstances. Please use this with the advice and guidance of Nerdio Support. Please contact us with any questions at all: nme.support@getnerdio.com.
Nerdio Manager can now support the following methods of advanced installation, depending on the environment and requirements for the deployment:
Method 1: Customize the Entra ID Application Name
The default Entra ID application name created by Nerdio Manager can be changed from the default value of nerdio-nmw-app. This method should be used when installing multiple instances of Nerdio Manager to the same Entra ID tenant.
To customize the Entra ID application name:
Install Nerdio Manager from Azure Marketplace.
-
When the deployment finishes, visit the Nerdio Manager URL, retrieved from the newly created app service, and select Show advanced.
-
In the Advanced window, type the desired App registration name.
Note: The default application name used by Nerdio Manager is nerdio-nmw-app. It may be changed to any name you desire.
Select Download script (Az).
-
Open PowerShell and run the downloaded script to complete the Nerdio Manager installation.
Note: This method (using the deploy-az.ps1 script) cannot be completed using CloudShell in Azure.
Method 2: Split Identity Deployments
This feature is only available in the Nerdio Manager Premium edition.
This advanced install method can be enabled during the PowerShell deployment to support requirements where the user identities exist in a separate Entra ID tenant from where the VMs and session host resources are provisioned.
Prerequisites and requirements:
Nerdio Manager for WVD Azure deployment completed.
Global Admin and subscription Owner cloud-native user account in the deployment tenant (recommended to be *onmicrosoft.com).
Global Admin and subscription Owner cloud-native user account in the identity tenant (recommended to be *onmicrosoft.com).
-
The deployment user should be invited to the identity tenant as a guest user and granted Global Admin and subscription Owner.
Note: This is temporary and only for the initial deployment and configuration. Once completed, the guest user from the deployment tenant should be removed and rights revoked.
The identity tenant needs a funded Azure subscription for the AVD resources to be registered. This is a requirement of AVD and not Nerdio Manager.
See for Advanced Installation: Split Identity details.
Note: This method (using the deploy-az.ps1 script) cannot be completed using CloudShell in Azure.
Method 3: Create Entra ID Application for Nerdio Manager
Security policies may require that the Entra ID application used by Nerdio Manager is custom created separately from the deployment and installation process. Users completing the Azure Marketplace deployment may not have the access required to register and configure the applications used by Nerdio Manager in Entra ID. In these scenarios, the application must instead be created and configured separately by a user with global admin access rights.
Note: With this installation mode, an application for Nerdio's automation account is not created. Updates for Nerdio Manager require running Cloud Shell or PowerShell scripts. See Update the Nerdio Manager Application for details.
The following components are required to complete this advanced installation:
Azure Marketplace deployment: This must be completed by the subscription owner. This user must have Owner permissions on the Azure subscription where Nerdio Manager is deployed (Azure Admin), and where the AVD resources resides.
Entra ID Application Registration and Setup: This must be completed by the global admin with privileges in Entra ID (Entra ID Admin).
Azure Resource Configuration: This must be completed by the subscription owner. This user must have Owner permissions on the Azure subscription where Nerdio Manager is deployed (Azure Admin), and where the AVD resources reside.
To deploy Nerdio Manager:
In Azure Marketplace, the Azure Admin provisions Nerdio Manager.
After the deployment completes successfully, the Entra ID Admin is provided with the name of the app service (name of the resource in Azure) generated during deployment.
The Entra ID Admin then creates and configures an application in Entra ID for Nerdio Manager. The steps detailing this process, using either Entra ID Portal or PowerShell, are detailed in Advanced Installation: Create Entra ID Application.
-
After the application is prepared, the Entra ID Admin provides the following values to the Azure Admin to enter in the Advanced section of the Nerdio Manager page:
Application ID
Application Secret (Make sure this is the generated value of the secret, not the ID.)
Service Principal ID (The Object ID from Enterprise Applications.)
-
In the Nerdio Manager page, the Azure Admin selects Show Advanced,
-
Enter the following information:
Use existing AD app: Select this option.
App ID: Type the App ID.
App Secret: Type the App Secret.
Service Principal ID: Type the Service Principal ID (Object ID).
Once you have entered all the required information, select Download script (Az).
-
Open PowerShell and run the downloaded script to complete the Nerdio Manager installation.
Note: This method (using the deploy-az.ps1 script) cannot be completed using CloudShell in Azure.
Comments (0 comments)