Tutorial: Configure Cloud Cache to redirect profile containers or office container to multiple Providers

Cloud Cache is an optional add on to Profile Container and Office Container, understand Cloud Cache. Full Configuration Settings for Cloud Cache are Here. For a full description of the purpose and use of Cloud Cache, visit this page.

In this tutorial, learn how to:

  • Configure Cloud Cache for SMB
  • Configure Cloud Cache for Azure Page Blobs
  • Protect Azure Keys with Credential Manager

Prerequisites

Configure Cloud Cache for SMB

Configuring Cloud Cache for Profile Container

All settings are applied here: HKLM\SOFTWARE\FSLogix\Profiles

Remove any setting for VHDLocations

Add (or verify)

Registry Value Type Value
CCDLocations REG_SZ / MULTI_SZ type=smb,connectionString=<\Location1\Folder1>;type=smb,connectionString=<\Location2\folder2>
Enabled DWORD 1
  • <Location for Cloud Cache Provider>
  • Each Provider is separated by a ;
  • The sample value above is for two SMB Providers

Configuring Cloud Cache for Office Container

All settings are applied here: HKLM\SOFTWARE\Policies\FSLogix\ODFC

Remove any setting for VHDLocations

Add (or verify)

Registry Value Type Value
CCDLocations REG_SZ / MULTI_SZ type=smb,connectionString=<\Location1\Folder1>;type=smb,connectionString=<\Location2\folder2>
Enabled DWORD 1
  • <Location for Cloud Cache Provider>
  • Each provider is separated by a ;
  • The sample value above is for two SMB Providers

Configure Cloud Cache for Azure Page Blobs

Configuring Cloud Cache for Profile Container

All settings are applied here: HKLM\SOFTWARE\FSLogix\Profiles

Remove any setting for VHDLocations

Add (or verify)

Registry Value Type Value
CCDLocations REG_SZ / MULTI_SZ type=smb,connectionString=<\FILESERVER\SharedFolder>;type=azure,connectionString=<"DefaultEndpointsProtocol=https;AccountName=myAccountName;AccountKey=myAccountKey;EndpointSuffix=mySuffix">
Enabled DWORD 1
  • <Location for Cloud Cache Provider>
  • Each provider is separated by a ;
  • The sample value above is for one SMB Provider and one Azure Page Blob provider
  • Page Blob connection string should be enclosed in "" (see sample above)
  • These settings are used to create the Azure Connection String:
  • DefaultEndpointsProtocol=[http or https]
  • AccountName=myAccountName
  • AccountKey=myAccountKey
  • EndpointSuffix=mySuffix

More about Azure Connection Strings can be found here and here

Azure Account Keys are sensitive and may be protected using Credential Manager

Configuring Cloud Cache for Office Container

All settings are applied here: HKLM\SOFTWARE\Policies\FSLogix\ODFC

- Remove any setting for VHDLocations

Add (or verify)

Registry Value Type Value
CCDLocations REG_SZ / MULTI_SZ type=smb,connectionString=<\FILESERVER\SharedFolder>;type=azure,connectionString=<"DefaultEndpointsProtocol=https;AccountName=myAccountName;AccountKey=myAccountKey;EndpointSuffix=mySuffix">
Enabled DWORD 1
  • <Location for Cloud Cache Provider>
  • Each provider is separated by a ;
  • The sample value above is for one SMB Provider and one Azure Page Blob provider
  • Page Blob connection string should be enclosed in "" (see sample above)
  • These settings are used to create the Azure Connection String:
  • DefaultEndpointsProtocol=[http or https]
  • AccountName=myAccountName
  • AccountKey=myAccountKey
  • EndpointSuffix=mySuffix

More about Azure Connection Strings can be found here and here

Azure Account Keys are sensitive and may be protected using Credential Manager

Protect Azure Key with Credential Manager

FSLogix will read system credentials, from Windows Credential Manager, if they're saved with fslogix/ as a prefix. To use credential manager to protect your Azure Account Key, with a credential named 'myAccountKey' a SYSTEM key should be added as fslogix/myAccountKey. Protected keys are accessed within the connection string using |key|.

The samples in the two Page Blob sections above would be updated using the sample below when using Credential Manager.

Registry Value Type Value
CCDLocations REG_SZ / MULTI_SZ type=smb,connectionString=<\FILESERVER\SharedFolder>;type=azure,connectionString=<"type=smb,connectionString=\FILESERVER\SharedFolder;type=azure,connectionString="DefaultEndpointsProtocol=https;AccountName=myAccountName;AccountKey=|fslogix/myAccountKey|;EndpointSuffix=mySuffix">
Enabled DWORD 1

Any information that you would like to protect may be saved in Credential Manger, and accessed in this way. For Instance, if you wanted to protect both the Account Name and the Account Key, then system keys could be created for both and used in the connection string as described above.

There are a number of ways to use Credential Manger, and any will work with the Azure connection string, provided that the credential is stored under the SYSTEM user. The credential type is “generic”, and the credential name is prefixed with fslogix/.

frx.exe may be used to create, list and delete system keys.

Command Parameters Result
frx.exe add-secure-key -<key keyName> -<value keyValue> *Creates a key with a key name of fslogix/<keyName> value of fslogix/<keyValue>
frx.exe del-secure-key -key keyName *Deletes specified key
frx.exe list-secure-key Lists secure keys with fslogix/ prefix

* /fslogix is added automatically when using frx.exe, don't manually add /fslogix

Next Steps