AVD Hybrid on Nutanix AHV

Avatar
Nerdio Product Support

AVD Hybrid on Nutanix AHV

Nerdio Manager supports Nutanix AHV on-premises infrastructure as a hybrid host type for AVD host pools, providing automated VM lifecycle and power management for session host VMs running on Nutanix clusters. Session host VMs are managed through Nutanix Prism Central and connected to Azure via Azure Arc. This article provides an overview of prerequisites and walks you through the initial configuration steps required to set up the integration in Prism Central and Nerdio Manager.

Note: This feature is in Public Preview.

Warning: During the Microsoft public preview phase, the Validation environment checkbox must be enabled when creating a host pool as outlined in later sections.

Prerequisites

       System and environment requirements

The following minimum Nutanix component versions have been tested and validated for use with Nerdio Manager:

Component

Minimum version

Nutanix API

v4.1

Nutanix AOS (Acropolis Operating System)

v7.3

Nutanix AHV (Acropolis Hypervisor)

v10.3

Prism Central

pc.7.3

       Network connectivity

Before configuring Nutanix integration in Nerdio Manager Enterprise, ensure that the Nerdio instance has network connectivity to the Nutanix Prism Element server or Nutanix Prism Central. This connectivity must be established over a secure network path such as a site-to-site VPN or Azure ExpressRoute. Direct public internet access to the Prism endpoint is not supported. Confirm the following before proceeding:

  • A VPN or ExpressRoute connection is active and stable between the Azure-hosted Nerdio instance and the network segment hosting Nutanix Prism Element or Prism Central.

  • The Nerdio instance can reach the Prism endpoint on the required port (default: TCP 9440).

  • Firewall rules permit inbound HTTPS traffic from the Nerdio instance to the Prism API endpoint.

       Active Directory and Microsoft Entra ID

  • A Domain Controller (DC) must be deployed and synchronized with Microsoft Entra ID. Nutanix Session Host VMs join this domain as part of the session host provisioning process.

  • A client secret for the App Registration is required as part of the configuration process outlined below. For guidance on generating a client secret, see the Add a client secret tab in the Add and manage application credentials in Microsoft Entra ID Microsoft documentation.

  • A Microsoft Entra ID App Registration is required for the Client App configuration. Guidance on creating the App Registration is provided in        Step 2: Configure Client App (App Registration) below.

       Generalized VM templates

VM templates in Nutanix Prism Central must be generalized (sysprepped). During provisioning, Nerdio Manager deploys a VM from a template and applies an unattend.xml during the Windows specialize pass to set the VM computer name and execute the Azure Arc onboarding script. More details on this process are provided in the next document, Create a VM Template in Nutanix Prism Central.

Warning: Templates that have not been generalized fail during the guest customization step.

       Nutanix service account

A Prism Central service account with the Prism Admin role is required for Nerdio Manager to interact with Nutanix Prism Central APIs. Service accounts are used for programmatic access (API, scripts) and are not intended for browser-based login to the web console.

Role-based access control (RBAC) and permissions

       Nerdio Manager roles

This procedure requires the Admin Nerdio role to carry out the tasks outlined below.

       Azure built-in roles

Role

Description

Purpose

Azure Connected Machine Onboarding

Allows an account to onboard Azure Arc-enabled servers

The administrator requires write access to the resource group where Arc machines are registered in order to onboard Nutanix session host VMs to Azure Arc.This role is assigned as part of the configuration process outlined below.

User Access Administrator

Allows management of user access to Azure resources

The administrator requires write access to the target resource group in order to assign the Reader role to the System Managed Identity created when a Nutanix host pool is created

       Additional permissions

A Prism Central service account with the Prism Admin role is required for Nerdio Manager to interact with Nutanix Prism Central APIs.

Procedure

             Create a Prism Central service account

Enter the following information:

  1. Sign in to Prism Central with an administrator account.

  2. Open the app switcher and select Admin Center.

  3. Navigate to IAM > Identities > Service Accounts.

  4. Select + Add New Service Account.

  5. Enter a Service Account Name and optionally a description and email.

  6. Select Save or Save and Create Keys.

  7. Immediately after creation (or via the Manage Keys button), generate an API key.

Important: Save the API key immediately. The secret access key cannot be viewed after closing the dialog.

             Assign the Prism Admin role

By default, a new service account has no permissions. An authorization policy must be created to grant access.

  1. In the IAM section, navigate to the Authorization Policies tab.

  2. Select + Create Authorization Policy.

  3. In Select Role, search for and select the built-in Prism Admin role, then select Next.

  4. In Define Scope, select Full Access: all entity type & instances, then select Next.

  5. In Assign Users, select Service Account from the drop-down list.

  6. Search for your service account, select it, and select Save.

The generated API key is used when linking Prism Central in Step 1 of the configuration below.

Configuration

       Step 1: Link Nutanix Prism Central

In Nerdio Manager, Navigate to Settings > Environment > Integrations > Nutanix > Prism Central Configuration and select Add to link a Nutanix Prism Central instance.

Enter the following information:

Field

Description

Name

A friendly display name for this Prism Central instance (max 256 characters)

Base URL

The hostname or IP address of the Prism Central instance (e.g. cluster.nutanix.com)

Port

The API port (default: 9440)

API Key

A Nutanix Prism Central API key used to authenticate all API requests

       Step 2: Configure Client App (App Registration)

Before configuring the Client App in Nerdio Manager, create a Microsoft Entra ID App Registration as follows:

  1. Sign in to the Entra ID portal as Subscription Owner into the Azure tenant that contains the subscription being linked.

    Note: In some environments, you may need Application Administrator or Global Administrator permissions to register a new application.

  2. Navigate to App registrations.

  3. Select + New registration.

  4. Enter the following information:

    • Name: Enter the user-facing display name for the application.

    • Supported Account Types: Select Accounts in this organizational directory only.

    • Redirect URI: No Redirect URI is required.

  5. Once you have entered the desired information, select Register.

  1. Copy the Application (client) ID and generate a client secret — both are required in the configuration fields below.

Next, navigate to Settings > Environment >Integrations > Nutanix > Client App and select Configure.

The Client App is a Microsoft Entra ID App Registration whose Service Principal is used to onboard Nutanix Session Host VMs to Azure Arc. During VM provisioning, the onboarding script runs inside the guest OS and uses the Service Principal credentials to register the VM as an Azure Arc-connected machine.

Enter the following information:

Field

Description

Name

A friendly display name (max 256 characters)

App ID

The Application (client) ID from the Entra ID App Registration

App Secret

A client secret for the App Registration (max 512 characters)

             Required role assignments

The Service Principal associated with this App Registration must have the Azure Connected Machine Onboarding role assigned at the resource group level. See the table in the Azure built-in roles section above. The procedure below outlines how to assign this role using the Azure portal or Azure CLI.

Via Azure portal

  1. Navigate to the Azure portal > Resource Group > Access Control (IAM).

  2. Select Add role assignment.

  3. Select Azure Connected Machine Onboarding.

  4. Assign it to the Service Principal of the App Registration.

Via Azure CLI
az role assignment create \
                --assignee "<SP_APP_ID>" \
                --role "Azure Connected Machine Onboarding" \
            --resource-group "<Arc_Servers_RG>"

       Step 3: Create a hybrid host pool

  1. Switch back to Nerdio Manager and navigate to Host Pools.

  2. Select the Hybrid Host Pools tab.

  3. Select New Host Pool and then Add Nutanix Host Pool.

Warning: During the Microsoft private and public preview phases of AVD Hybrid, the Validation environment checkboxmust be enabled in the Add Nutanix Host Pool dialog when creating a host pool.

             System managed identity and role assignment

When a Nutanix host pool is created, Nerdio Manager creates a System Managed Identity for the pool and assigns it the Reader role on the resource group where VMs are created.

Important: Either the Nerdio Manager application identity or the user creating the host pool must have sufficient permissions to assign roles (e.g., User Access Administrator or Owner) on the target resource group.

             VM configuration parameters

When creating session hosts, the following parameters are configured:

Parameter

Description

Constraints

VM Name Prefix

Prefix for auto-generated VM names

Standard Azure VM naming rules

Region

Azure region for the Arc resource

Must match deployment region

Resource Group

Azure resource group for Arc machines

Must have onboarding role assigned

Prism Central

The linked Prism Central instance

Must be configured in Settings

VM Template

Nutanix VM template (must be generalized)

From selected Prism Central

Subnet

Nutanix network subnet, grouped by cluster

From selected Prism Central

Sockets

Number of CPU sockets

1 - 32

vCPUs (Cores)

Total number of virtual CPU cores

1 - 128

Memory (GB)

RAM allocation in gigabytes

1 - 1024 GB

Disk Size (GB)

Additional data disk size

32 – 32,767 GB

Storage Container

Nutanix storage container for the additional disk above

From selected Prism Central

Categories

Nutanix categories to tag the VM

Optional, from selected Prism Central

Procedures

The following articles guide you through additional setup and management of AVD Hybrid on Nutanix AHV:

Troubleshooting

            VM Shutdown Commands May Fail on AHV

In some configurations, Guest Reboot or Guest Shutdown commands issued against Windows VMs running on AHV may fail silently — no error is shown in Prism or in logs, and subsequent attempts may succeed. This behavior is more common in VDI environments than in generic server virtualization scenarios. For a full description of known causes and recommended workarounds, refer to the Nutanix KB article on this topic.

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Related articles

Comments (0 comments)

Please sign in to leave a comment.