What’s up, everyone!
Are you using Nerdio Manager to manage your AVD environment or Intune? If so, you probably want to think of ways to make sure that NME is available for your company. In this post I would like to highlight a pretty easy way to make sure that NME is protected against SQL outages by enabling database resilience. Enjoy!
Introducing Nerdio Manager database resilience
Nerdio Manager for Enterprise is an app that runs in Azure. It consist of a couple of moving parts, like:
- An App Service
- An App Service Plan
- A Log Analytics Workspace
- An automation account
- A key vault
- an SQL server that hosts an SQL database
Nerdio Manager database resilience aims to protect against Azure SQL outages by creating an Azure Database Failover Group with a secondary SQL server and database in a different Azure region. Depending on the failover policy Azure will automatically trigger a failover or you have to initiate a failover yourself.
Microsoft has a provided an excellent architecture diagram (link):
Configuring Nerdio Manager database resilience
It’s time to find out how to configure database resilience. From NME, select Settings, Nerdio environment, Nerdio Manager resilience, click on Show Configuration to get more information:
Once expanded, you will see something like this:
Click Create failover group. Select the desired subscription and Resource Group and select the Azure region for the second database and finish up by selecting the failover policy:
- Microsoft managed indicates that the Microsoft Azure SQL team will initiate an failover when it detects an outage in the affected region.
- Customer managed indicates that customers are responsible to initiate the failover in case of an outage.
Always make sure to check the logs if the task completed successfully. You could get a message that the Azure region does not accept creating the required resources:
Change the location to an Azure region that accepts the creation of a new SQL server and wait until the process completes. You will get more information about the failover group in the overview:
In this overview you can:
- See the name of the failover group.
- See the active instance.
- See and change the failover policy (Customer managed vs Microsoft Managed).
- See the endpoint. Make sure to copy the content because you will need it in the next step.
- See the name and Azure location of the secondary SQL server.
Next on our to do list is to edit the database connection string. We can do that in the Azure portal, search for Key vaults and select the key vault where the name starts with nmw-app-kv. Go to objects, Secrets. Open the Connectionstrings–DefaultConnection secret.
Edit the current version, scroll down to Secret Value. Click Show Secret Value and copy it twice to notepad. You can use one to create the new connection string and keep the second as a way of reverting the change.
Remember that I mentioned to copy the endpoint value in NME (Settings, Nerdio environment, Nerdio Manager resilience)?
Copy the Endpoint value in the connection string (example: Server=tcp:ENDPOINTVALUE,1433…etc…
Basically you just changed the connection from the primary server to the failover group.
Go back up one level to the connection strings. Click the + New version button.
Copy the newly created connection string into the secret value and click the Create button.
Make sure to restart the app service. From the Azure portal, search for App Services and select the App Service that NME uses (name start with nmw-app-) and click the Restart button in the ribbon.
Wait until the app services restarts (usually just a couple of seconds) and sign into NME again. You can check if the change is successful by navigating to Settings, Nerdio environment, Nerdio Manager resilience. The status should have changed to Active Replication + Failover.
That is all there is to it!
Resources
I used the following resources for this post:
Configure Nerdio Manager Database Resilience – Nerdio Manager for Enterprise
Failover groups overview & best practices – Azure SQL Database | Microsoft Learn
