Update (22/12/2021): Since Managed Identities for Automation accounts is now GA. I have updated the script to make use of this. This way the Automation account requires less permissions to run.
If you’re using Azure Virtual Desktop in a pooled scenario you are properly using the scaling script that Microsoft has provided . This script works great, but what about personal host pools. The scaling script doesn’t have support for this type of host pool. This is a shame because you can also save considerably amount of money if your personal session hosts would only be running if they are being used. Especially now that Start Virtual Machine on Connect is now generally available. This means that users can power on the machines when they start working. However the machines are only turned on, and not deallocated. Which is only half of the solution…
In order to deallocate machines that are not being used I’ve create a PowerShell script that can be run in an Automation Account. The script does the following:
- Checks if the host pool is set to personal, pooled is not supported
- Checks if start on Connect is enabled. Link to how to configure this https://docs.microsoft.com/en-us/azure/virtual-desktop/start-virtual-machine-connect
- Collects all the Session Hosts in the host pool
- If the Session Host is running it checks if there is an active session, if there are no active sessions the Session Host will be Deallocated.
- You can exclude machines from the script by using a tag
The script is available in my GitHub Repo. You can import the script into an automation account and set it up yourself. Or if you would like to use the script you can use the following script that will set everything up for you. This script is a slightly adjusted version of Microsoft’s script which is used for the scaling script itself.
The DeployAutomationAccount.ps1 script will:
- Checks if you have the appropriate permissions
- Checks if you have the correct modules installed on your computer
- Deploys a new resource group for the automation account (if needed)
- Deploys a new Automation Account (if needed) and imports the necessary modules and runbook
- Creates an Automation Schedule which runs every 1 hour
- Connects the Runbook to the Schedule so it will start
Validates if an Run As Account is present- Creates a managed identity with the required permissions
To deploy the automation account with the AVD-PersonalAUtoShutdown.ps1 script you first download the script:
New-Item -ItemType Directory -Path "C:\Temp" -Force
Set-Location -Path "C:\Temp"
$Uri = "https://raw.githubusercontent.com/stephanvandekruis/AVD/main/PersonalScaling/DeployAutomationAccount.ps1"
# Download the script
Invoke-WebRequest -Uri $Uri -OutFile ".\DeployAutomationAccount.ps1"
Also download the Custom Role Definition for the role assignments
$Uri = "https://raw.githubusercontent.com/stephanvandekruis/AVD/main/PersonalScaling/Automation-RoleDefinition.json"
# Download the script
Invoke-WebRequest -Uri $Uri -OutFile ".\Automation-RoleDefinition.json"
Log in to your environment
Login-AzAccount
Run the following cmdlet to execute the script and create the Automation Account. You can fill in the values or comment them out to use their default values.
$Params = @{
"AADTenantId" = "<Azure_Active_Directory_tenant_ID>"
"SubscriptionId" = "<Azure_subscription_ID>"
"AutomationRG" = "<ResourceGroup of the Automation Account>" # Optional. Default: rgAVDAutoShutdown
"AutomationAccountName" = "<Automation Account Name>" # Optional. Default: AVDAutoScaleAccount
"AutomationScheduleName" = "<Automation Schedule Name>" # Optional. Default: AVDShutdownSchedule
"AVDrg" = "<AVD resource group which holds the Host Pool Object>"
"SessionHostrg" = "<Resource group which contains the VMs of the session hosts>"
"HostPoolName" = "<Host pool Name>"
"SkipTag" = "<Name of the tag to skip the vm from processing>" # Optional. Default: SkipAutoShutdown
"TimeDifference" = "<Time difference from UTC (e.g. +2:00) >" # Optional. Default: +2:00
"Location" = "<Location of deployment (e.g West Europe)>" # Optional. Default: West Europe
}
.\DeployAutomationAccount.ps1 @Params
The deployment will kick off and the automation account with the AVD-PeronalAutoShutdown.ps1 script will be created.
The one thing that I will not do for you is the creation of an Run As Account. To create the Run as Account:
In the Azure portal, select All services. In the list of resources, enter and select Automation accounts.On the Automation accounts page, select the name of your Azure Automation account. The default value is AVDAutoShutdownAutomationAccountIn the pane on the left side of the window, select Run As accounts under the Account Settings section.Select Azure Run As account. When the Add Azure Run As account pane appears, review the overview information, and then select Create to start the account creation process.Wait for the deployment to complete
During the deployment of the Automation account a schedule as also created. This schedule will trigger the runbook every hour and will do so for the next 5 years. You can adjust the schedule to your requirements.
To view the out put of the AVD-PersonalShutdown script you:
- Go to the Automation account that hosts the script (default is AVDAutoShutdownAutomationAccount)
- Under Process Automation you find Jobs
- Select the top job, which is the latest.
- Select the tab Output. Here you will find all the output information that the script generated.
To exclude a machine from begin processed you can simply add a tag to the VM and the script will skip that practically machine, the default value for this is SkipAutoShutdown
Wrapping up
You can find the scripts and additional information in my GitHub Repo.
If you are using the script and liking it, I would love to read about it in the comments! Or if you have any suggestions on how to improve the script, I would love the read your suggestions as well!