Deploy Nerdio Manager for Enterprise
In this guide, Nerdio Manager for Enterprise is also referred to as NME.
The deployment of NME includes the following steps:
Step 1: Deploy NME from Microsoft Azure Marketplace (est. 5-10 minutes)
The Nerdio Manager for Enterprise application is provisioned to the Azure subscription from Azure Marketplace. The deployment automatically creates all the foundational resources that NME operates on (the app service, key vault, SQL Server, and other resources).
To provision NME from Azure Marketplace:
-
As an admin with the Global Admin and subscription Owner privileges, in the Azure portal search bar, enter Nerdio Manager for Enterprise, and then select the result under Marketplace.
Important: Make sure you do not select Billing Subscription for Nerdio Manager for Enterprise.
-
Select the Azure Subscription and an empty resource group (RG) that is required by the deployment.
Tip: This resource group may be created ahead of time, or you can define the name to create a new RG.
-
Define the region.
Tip: We recommend specifying the region that is geographically close to the admin team and the primary environment location.
-
Select Next or Review + Create.
Azure runs a validation and displays the deployment terms and agreement details. Azure fills in the deployment details for the user initiating the deployment. This process is not registration for NME, but rather a record-keeping process for the Azure subscription.
The deployment process creates the basic resources for NME. Primary and cost-incurring resources are the following:
App service
Managed SQL server
Log analytics
Storage accounts
Key vaults
Application insights
Step 2: Initialize NME (est. 5-10 minutes)
After the NME resources are provisioned to the Azure subscription, the next step is to initialize and customize the new deployment in the environment.
NME completes this process through a generated Azure CloudShell script. The script performs the following tasks:
Automatically creates an application and a service principal (NME uses these to perform tasks in Azure).
Prepares the key vault.
Configures the app service.
This step also ensures Nerdio Manager for Enterprise is up to date before advancing to the final setup step.
To initialize Nerdio Manager for Enterprise:
Navigate to the resource group for NME.
Within the resource group, select the App Service.
In the upper-right corner of the Overview > Essentials page, locate the NME management page URL. Save or bookmark this URL.
-
Launch the URL in a new tab.
The initial home page for NME displays a one-line script and instructions to copy and paste the script into Azure CloudShell.
-
In the upper-right corner of the script, select Copy, and then select Launch Azure CloudShell.
-
Alternatively, you can open CloudShell from the Azure portal.
Note:
If NME is not initialized, CloudShell requires a storage account for storing the session contents.
For this step, make sure you do not use the beta version of CloudShell that can run without the storage.
-
You can also run the local PowerShell script. However, this method is not recommended for quickest and easiest deployment.
Important: If running the local PowerShell install script, be sure to expand the Advanced section and download a copy of the non-CloudShell script.
-
-
Once initialized, paste the copied setup script into the CloudShell window, and then press Enter or Return to start the execution.
Tip: Right-click to paste the script. Ctrl+V does not work in CloudShell.
-
The configuration script proceeds and completes the initialization for all the newly deployed resources. Complete each of the following steps and actions.
This process should conclude by downloading and applying the latest NME code update. Once complete, it displays the sign-in URL.
Step 3: Register and Set up NME (est. 5-10 minutes)
After the marketplace deployment and resource initialization, the final step in the setup process is activating Nerdio Manager for Enterprise and completing the initial configuration.
This step's procedure is similar to a setup wizard, where each step needs to be filled out or completed. This requires filling in some prerequisite details, such as domain joiner credentials, network, and other. Options such as Windows 365, User Cost Attribution, or User Profile Storage are optional and can be disabled or skipped.
Note:
To complete a step, you must select the hyperlink. Selecting the circle indicator or a check box does not complete steps.
After the initialization script run has completed, the NME portal may take several minutes to come back online. The reason is that updating the application requires a reboot of the app service.
To register and set up Nerdio Manager for Enterprise:
Reload the NME page after the restart has completed.
-
The Azure portal automatically redirects to an Admin Consent Approval page that requests permission to authenticate signed-in users. This means that NME can act in Azure on behalf of the authenticated user privileges.
Note:
Ensure Consent on behalf of my organization is selected. If not selected, future users signing in to NME may be prompted for the same request.
If the user completing the NME setup does not have the Global Admin privileges to grant consent, another Global Admin may locate the NME application, named nerdio-nmw-app, in Entra ID > Applications, and select the app to grant consent instead.
-
Once the consent has been granted, the sign in should redirect to a set-up wizard prompting for the required information. Define each of the fields by selecting the hyperlinks and completing the required information.
Disable the optional configuration for Intune + Windows 365.
Registration redirects to NME’s licensing service, and requests information about the company, contact name, email address, and optional phone number.
-
Create a directory profile. Specify if the environment is Entra-joined (no domains), Active Directory (AD), or Entra Domain Services (Entra DS).
Note: Active Directory and Entra Domain Services require domain credentials and an optional organization unit (OU) path.
-
Select the network for use with Azure Virtual Desktop.
For Active Directory and Entra Domain Services, this network requires connectivity to reach the domain successfully. Entra-joined environments may use any Azure network without special DNS or external resource configuration.
Note: For details on the default outbound access in Azure, see Default outbound access for VMs in Azure will be retired—transition to a new method of internet access.
The resource group where NME was provisioned is set as default. If a separate RG is required, link to that group instead.
In the Storage Account step, select Skip for now. No FSLogix profile storage is required.
Disable the User Cost Attribution setup. This may be deployed later (if needed).
-
Select Done to complete the configuration.
A new dialog box requesting consent is displayed. Ensure you select the hyperlink to grant Admin Consent to the full list of NME’s permissions.
Warning:
Selecting OK in NME does not grant consent to Entra ID.
This step is required: setup cannot advance without granting consent.
Once the consent is granted, and the page displays Access is granted, close the new tab and select OK to complete the setup.
Comments (0 comments)