Demystifying Microsoft Azure Site Recovery

One of the most common questions we get from managed service providers (MSPs) who are in the process of building a cloud practice in Microsoft Azure is “what is Azure Site Recovery (ASR) and when should I use it?” 

Let’s review this important Azure service from Microsoft and its relevance to MSPs.  

Why does ASR exist? 

Azure Site Recovery (ASR) is Microsoft’s Disaster Recovery-as-a-Service (DRaaS) solution built specifically for Azure workloads. ASR enables companies to recover from catastrophes quickly with minimal downtime. ASR can also be used as a tool to migrate existing servers into Azure from an on-premises environment or migrate workloads between Azure regions and resource groups. 

Who is ASR designed for? 

  • Companies that need to meet specific requirements or regulations for their industry such as ISO 27001 
  • Companies who are sensitive to downtime or want to limit impact from region-specific Azure outages 
  • Companies who wish to migrate current workloads into Azure from an on-premises environment, between Azure regions, or between resource groups 
  • Anyone seeking a complete business continuity and disaster recovery (BCDR) strategy for their business 

When can ASR be used? 

  • Replication of Azure VMs from one Azure region to another 
  • Replication of on-premises VMware VMs, Hyper-V VMs, physical Windows and Linux servers, and Azure Stack VMs to Azure 
  • Replication of on-premises VMware VMs, Hyper-V VMs managed by System Center VMM, and physical servers to a secondary site. 
  • Replication of specific workloads running on a machine that’s supported for replication 

What are some of the key features of ASR? 

  • A simple BCDR solution – ASR is built into Azure and can be managed entirely from within a single location
  • Data Resilience – Data is replicated inside of Azure storage with all the resilience and security provided by Azure
  • RTO and RPO Targets – Manage and meet organizational RTO/RPO targets with continuous replication at intervals as low as 30 seconds for Hyper-V servers
  • Easy and Flexible Failover– Test failover and disaster recovery scenarios without disrupting replication
    • Failovers can also be planned for expected outages with zero-data loss
    • Unplanned failovers can happen with minimal data loss and fail back to your primary site can be done easily when it’s available again 

How do I setup a basic ASR replication?  

Enable replication for an Azure VM  

  • In the Azure portal, click Virtual machines, and select the VM you want to replicate 
  • In Operations, click Disaster recovery 
  • In Configure disaster recovery > Target region select the target region to which you’ll replicate 
  • For this QuickStart, accept the other default settings 
  • Click Enable replication. This starts a job to enable replication for the VM

Verify your settings  

  • After the replication job has finished, you can check the replication status, modify replication settings, and test the deployment 
    • In the VM menu, click Disaster recovery
    • You can verify replication health, the recovery points that have been created, source, and target regions on the map

Clean up resources/stop replication  

  • The VM in the primary region stops replicating when you disable replication for it:  
    • The source replication settings are cleaned up automatically. The Site Recovery extension installed on the VM as part of the replication isn’t removed and must be removed manually. 
    • Site Recovery billing for the VM stops

Stop replication as follows 

  • Select the VM 
  • In Disaster recovery, click Disable Replication

Where can I get more information? 

Microsoft (M365) vs. Office (O365): Licensing Explained

The first step most Managed Service Providers (MSPs) take to move their customer’s business to the cloud is with Office 365—the cloud productivity suite from Microsoft.  Microsoft currently offers two main plans for its cloud productivity services: Office 365 and Microsoft 365.

In this article, we will explain the differences and help you understand when to choose one over the other when building a cloud practice.

1. Office 365

Of the two types of plans, this one is the most popular. Office 365 is the traditional cloud productivity suite that comprises of common Microsoft Office applications like Outlook, Word, Excel, and PowerPoint. Most of these plans offer hosted Microsoft Exchange mailboxes along with various “add-ons” that add increased security and compliance for stand-alone office applications such as Project. The Office 365 suite is divided into two main categories: Office 365 Business and Office 365 Enterprise.

Office 365 Business

Business plans include Essential, Business, and Business Premium. These plans are a great low-cost way to provide key Office 365 services to clients with minimal needs. However, there are a few limitations to these plans which are important to note. For example, Office 365 Business does not include Shared Computer Activation (SCA) for Office products. This means that you cannot use Business plans with a Remote Desktop Environment (RDS) in Azure.

Office 365 Enterprise

Office 365 Enterprise plans include ProPlus, E1, E3, and E5. These plans offer key features that are geared towards Enterprise productivity which include options that are not available under Business plans. All these plans, except E1, include Office ProPlus with SCA and are suitable for use in an RDS environment. The Office 365 E3 plan is the most commonly used level within Enterprise plans as it includes Office ProPlus, Exchange, and important security and compliance features like e-discovery and archiving. In order to provision a Nerdio environment, you will need a minimum of one E3 license.

Other plans

Office 365 also offers various versions of Enterprise plans for various verticals. These include Education, Government, and Non-Profit licensing. Each licensing model caters to specific requirements and has varying costs.

2. Microsoft 365 

Microsoft 365 was introduced in late 2017 as a new product bundle that combines the traditional Office 365 features with Enterprise Mobility + Security (EMS) and Windows 10. Though these plans are costlier than Office 365 plans, they provide a complete cloud productivity solution. The most important differentiation is that these plans include a Windows 10 Enterprise license which can be used to license Virtual Desktops in Microsoft Azure through traditional VDI or through Azure Virtual Desktop (AVD). Microsoft 365 is split into three categories: Business, Enterprise, and Education.

Microsoft 365 Business 

This plan is focused on SMB deployments. It includes Office 365 Business (not ProPlus), some basic EMS functionality, and Intune for device management. These plans are an “upgrade” from the Office 365 Business Premium plans. A keynote here is that Office 365 Business plan has fewer features as compared to its Office 365 ProPlus version with respect to the limit on the number of users it can be deployed for (currently 300) and zero group policy support. As of April 2019, Office 365 Business through Microsoft 365 Business plans will include SCA for use on an RDS host.

Microsoft 365 Enterprise

Microsoft 365 Enterprise plans not only mirror the traditional Office 365 E3/E5 plans but also add in a Windows 10 Enterprise license along with EMS features. These plans would be an “upgrade” from the Office 365 E3/E5 plans and include critical security features like Azure Information Protection, Office 365 Advanced Threat Protection, and Microsoft Intune. There is also a new F1 plan within M365 Enterprise which is designed for users who need limited access to M365 services. These plans allow users to fully manage their desktop infrastructure either on-premise or in the cloud.

Microsoft 365 Education

Microsoft 365 Education consists of a new level of plans geared specifically for classrooms. These plans are focused on providing productivity tools required for the classroom at a reasonable price point. They are split into A1, A3, and A5 license levels with A1 being a one-time per device license while the A3/A5 licenses are traditional monthly recurring costs. In addition, with most levels, pricing is based on teacher licenses, with students being able to be added to the plan at no cost.

The table below provides a quick comparison between O365 and M365:

O365M365
O365 is a cloud-based suite centered around business productivity, which includes apps like Outlook, Word, PowerPoint, and more.M365 is a bundle of services that includes Office 365, and several other services.
Depending on your O365 plan, subscriptions also include apps and services like Skype for Business, SharePoint, OneDrive, Teams, Yammer, Planner and so on.An M365 license also includes Windows 10 Enterprise, Enterprise Mobility + Security (EMS), and machine learning.
O365 license is a monthly, per-user subscription. You can choose various O365 plans as per your specific business needs.There are three flavors to M365: Microsoft 365 Business is designed for SMBs with 300 users or less. Refer details at M365 business plans Microsoft 365 Enterprise is made for larger organizations that need stronger security and device management functionality. Refer details at M365 Enterprise plans Microsoft 365 Education is a basic plan designed for students and teachers to enhance learning in the classroom

Using Nerdio to Manage Existing Microsoft Azure Deployments 

The Nerdio Admin Portal (NAP) is a multi-tenant, single-pane-of-glass portal that allows MSPs to manage all of their Azure deployments securely in one place and across all aspects of the IT environment. The NAP can manage VMs, storage, networking, backup, autoscaling, users, virtual desktops, Office 365, mailboxes, security, and much more – all in a “3-click or less” console with role-based security.  The customers of MSPs can be full admins with access to all aspects of a customer’s IT environment or they can be limited users (e.g. Tier 1 Support) with access to things like user password resets but not VPN configuration.   

MSPs can also co-manage a customer’s Azure environment with the customer’s internal IT staff.  For example, an end-user account can be given access to the NAP to do both basic and advanced management of just their own environment.  Because the NAP is so simple to use, delegating some basic management capabilities to specific end-users reduces the number of incoming tickets, gives the customer more control that they desire, and speeds up time-to-resolution by allowing the customer to self-serve on some common functions.  All without risking overwhelming the customer with too much technical complexity or exposing Azure with administrative access and risking issues that could be created by an inexperienced user in an otherwise stable environment. 

A common question we get from partners goes something like this: “We’d love to use Nerdio to manage our Azure deployments but have existing customers in Azure.  Can Nerdio be used to manage those?” 

The short answer is, “yes, they absolutely can” and it does require a bit of planning.”

The goal of this article is to outline the steps necessary to configure Nerdio to manage existing Azure resources. 

The Typical Nerdio Manager for MSP Deployment 

Nerdio is designed to be safe and non-disruptive to existing environments.  Therefore, when you provision a new Nerdio account into Azure, it creates a brand new, empty resource group and only manages resources in that one resource group.  You can have a single Azure AD tenant with a single Azure Subscription and segregate customers by resource groups (or by Azure subscriptions or Azure AD tenants).  The resources in each of these groups will be independent and isolated.  Nerdio will manage each deployment in each unique resource group as its own Nerdio account. 

Every Nerdio for Azure deployment is designed to start out as a “greenfield” deployment without any existing legacy information (other than connectivity into an existing Office 365 account).  The goal is to enable an MSP to set up a greenfield Azure environment and conduct a pilot with a customer without disrupting the existing IT infrastructure.  Once the pilot is successful, the Nerdio deployment is “plugged into” an existing IT environment and added to production, making it accessible to users.  Once in production, users, data, and server workloads can be seamlessly moved into the new Nerdio deployment in Azure. 

“Plugging” Nerdio into an existing IT environment 

There are three top level steps involved in plugging a greenfield Nerdio deployment into an existing IT environment. 

  1. Extend the network – this is typically accomplished by setting up a site-to-site VPN between the Nerdio for Azure environment and an existing environment.  It is also possible to use the VNet peering capability of Azure in some cases, as we’ll see below. 
  2. Extend Active Directory – Making the same Active Directory Domain Services available in Azure is fully automated by Nerdio with our Nerdio Hybrid AD™ functionality.  Extending AD into Azure allows the NAP to have visibility into the existing Active Directory, manage user objects, and assign virtual desktops – all without any changes to the existing environment.  Once the AD is extended from the existing environment to Azure, it spans both locations and allows seamless movement of servers from one to the other. 
  3. Move VM workloads – Once network connectivity is established and AD is extended into Azure, servers and data can be moved from the existing environment to Azure using Azure Site Recovery (ASR), another VM replication technology, or Azure Resource Move process, as we’ll see below. 

The result of the 3 steps above is a Nerdio managed Azure environment with connectivity to an existing IT environment, AD visibility, and the ability to move VMs from one environment to the other without the need to re-join the domain or reconfigure the operating system. 

“Plugging” Nerdio into an existing Azure deployment 

It is possible to leverage Nerdio to manage an existing Azure deployment.  Think of it as a special case of a typical process outlined above – create a new Nerdio for Azure greenfield deployment, plug it into an existing Azure deployment, and migrate workloads as appropriate.  However, because both the existing Azure deployment and the new Nerdio deployment are both in Azure, there are some additional tools available to simplify and speed up the process. 

Let’s look at each of the three steps as they relate to this unique scenario. 

1. Extend the network 

 While it is possible to use VPN Gateways and site-to-site VPN connections between virtual networks in Azure, it is far simpler to leverage Azure VNet peering capability.  Azure supports two types of VNet peering: 

  • VNet peering – connecting VNets within the same Azure region 
  • Global VNet peering – connecting VNets across Azure regions 

There are multiple advantages to using VNet Peering instead of site-to-site VPN.  Network traffic is private, low-latency, and high-bandwidth.  That’s because it traverses Azure’s private network backbone instead of leveraging public internet infrastructure. 

VNet peering has all the expected functionality, including no downtime for the VMs when creating the peering, the ability to apply Network Security Groups (NSG) to control traffic flow and access, if needed, and, by default, complete and simple connectivity of all resources in peered networks without additional setup. 

There is a charge associated with using VNet peering.  When data travels within the same Azure region (both inbound and outbound, unlike public internet bandwidth) there is a charge of $0.01/GB of transfer.  To transfer a 100GB virtual disk from the existing virtual network in Azure to the Nerdio deployment will cost about $1.  When peering VNets across Azure regions (Global VNet Peering), the cost is about $0.035/GB in most US regions. 

2. Extend Active Directory 

Extending the Active Directory (not Azure AD – that’s already integrated into Nerdio by default when deployed) from an existing Azure environment into the new Nerdio environment is identical to the process when the source environment is not in Azure.   

Once the VNet peering is in place and VMs in the Nerdio deployment can talk to the VMs in the existing Azure deployment, the Nerdio Hybrid AD engine will create a new domain controller in the Nerdio deployment and extend the existing Active Directory Domain Services.  Once AD is extended and all resources are moved over to the Nerdio deployment to be managed in the NAP, Active Directory FSMO roles can be transitioned over to the new domain controller VM in Nerdio and the existing AD can be de-provisioned. 

3. Move VM workloads 

Since both the source (existing Azure deployment) and destination (new Nerdio deployment) are in Azure, it is possible to use the native resource move functionality  to transfer from source to destination.  This is an easy and seamless process that can be done via the Azure portal or via PowerShell. 

Establishing network connectivity with VNet peering and extending Active Directory with Nerdio Hybrid AD before moving the VMs will allow the process to be seamless.  For example, if one out of five server VMs are moved from source to destination, the moved VM will still be able to talk to its peer VMs in the existing Azure deployment due to VNet peering that’s in place.  Similarly, since the same AD spans both environments, the moved VM will be able to communicate with a local domain controller and authenticate connections without the need to join it to a new AD domain.   

Other Azure resources such as public IP addresses and storage accounts can also be moved via the Azure portal from their source resource group to the new Nerdio one.  

As all VM workloads and other resources are moved over to Nerdio, which can be done in a non-disruptive, phased approach, and FSMO roles are transferred to the new AD DC, the source environment can be simply de-provisioned and VNet peering turned off. 

The result will be a new Nerdio deployment managed via the Nerdio Admin Portal with all the automation and simplification benefits outlined above but using the same data, applications and user objects.  This process allows MSPs to standardize their Azure deployments and automate much of the management, auto-scaling and help desk tasks. 

An MSP’s Guide to Running and Licensing SQL Server in Azure 

One of the most common workloads that managed service providers (MSPs) support for their customers are line-of-business applications with a SQL Server database back-end.  This also happens to be one of the more popular Azure workloads.  Microsoft has created several SQL offerings in Azure, including Azure SQL and SQL Managed Instance.  However, most MSPs prefer to start out with a traditional VM in Azure running a full version of SQL Server just like it does on-premises. 

In this article, we will review all available SQL options in Azure with a special focus on licensing considerations when running SQL Server on a Windows VM.  We’ll clear up some common misconceptions and focus on cost implications of each licensing scenario. 

There are three common ways to host a SQL database in Azure: 

  1. Azure SQL database 
  2. SQL Server on Azure VM – Microsoft Managed Instance 
  3. SQL Server on Azure VM – MSP managed 

We will focus primarily on #3 – SQL Server on an MSP-managed Azure VM.   

Azure SQL database  

A fully-managed SQL database engine based on the latest stable Enterprise Edition of SQL Server.  

This is a relational database-as-a-service (DBaaS) hosted in the Azure cloud that falls into the category of Platform-as-a-Service (PaaS).   

If you are developing a new application or re-architecting an existing one, this is the option that you should use first.  There are no VMs involved and Microsoft manages the entire back-end for this PaaS, including patching, updates, and high-availability.  The cost is relatively low compared to a full license of SQL Server — especially the Enterprise version.  However, there are a small number of feature limitations and you are locked into the latest version of SQL Enterprise without admin rights. 

SQL Server on Azure VM – Microsoft Managed Instance  

Managed Instance is a new deployment option of Azure SQL Database, providing nearly 100% compatibility with the latest SQL Server on-premises (Enterprise Edition) Database Engine.  This provides a native virtual network (VNet) implementation that addresses common security concerns, and a business model favorable for on-premises SQL Server customers.  

The Managed Instance deployment model allows existing SQL Server customers to lift and shift their on-premises applications to the cloud with minimal application and database changes.  The managed instance deployment model is designed for customers looking to migrate a large number of apps from on-premises (or IaaS), self-built, or in an ISV provided environment, to fully managed PaaS cloud environment with as low migration effort as possible. 

With Managed Instance, Microsoft manages the VM, SQL Server installation, patching, updates, high-availability, etc.  MSPs and customers do not have administrative access to the managed instance.  This is an interesting deployment model for some scenarios, but in our experience uncommon among MSPs and their customers. 

SQL Server on Azure VM managed by MSP 

This is by far the most common deployment model for customers looking to lift-and-shift their existing LOB applications into Azure without re-architecting them.  The VM is set up and managed by the MSP or customer’s IT team, and any SQL Server version can be installed just like on a regular on-premises server. 

Many MSPs also choose to migrate existing SQL servers to Azure without rebuilding the VM and reinstalling SQL Server.  They simply use Azure Site Replication (ASR) or another data transfer tool to move a server from on-premises into Azure as a VM.   

With Nerdio’s Hybrid AD functionality, this allows the migrated VM to work without any modifications since Active Directory spans both the on-premises network and the Azure deployment where the VM now resides.  With Windows Server 2008 and SQL Server 2008 nearing end of support, Microsoft is providing three years of extended security updates to those who move the SQL Server VMs into Azure.   

Paying for your license 

Despite SQL Server on Azure VM being the most popular deployment model, it generates a lot of confusion around the valid and most efficient way to pay for the license.   

Let’s review the available options. 

1. Rent SQL Server via Azure (Pay-as-you-go) 

The easiest way to deploy a VM running SQL Server in Azure is to select it as an image from the Azure image library.  A new VM will be created with SQL Server pre-installed on it and Microsoft will bill for the SQL license as part of the VM price.   

This is one of the more expensive SQL licensing options but provides the most flexibility.   

  • List price for SQL Server license only: 
    • SQL Standard – $146/month per two CPU cores (4 cores minimum per VM) 
    • SQL Enterprise – $548/month per two CPU cores (4 cores minimum per VM) 
  • Payment model: Hourly, pay-as-you-go with no commitment or upfront payments 
  • Deployment model: Only from Azure image library 

2. Bring your own SQL Server Volume License with Software Assurance (License Mobility) 

Many Enterprise customers already own SQL Server licenses under an existing license program with Microsoft such as EA or Select.  These licenses can be used in Azure due to the License Mobility benefit that is part of the Software Assurance subscription.  Without active Software Assurance, an existing SQL Server license cannot be used in Azure because it is a multi-tenant hosting environment. 

SQL Server license with SA can be used by enabling Azure Hybrid Usage on a VM where SQL is installed.  If the VM was provisioned as a SQL VM from the Azure image library, it can be converted to “bring-your-own SQL license” mode.  Alternatively, SQL Server can be installed on a clean VM or the entire VM can be imported from on-premises with SQL Server already installed.  In all these scenarios, having a SQL Server license with active Software Assurance will cover the license obligation for SQL. 

This is not a common scenario for most MSPs, as customers don’t often maintain active Software Assurance on SQL Server licenses, and therefore rarely used when deploying SQL in Azure. 

3. SQL Server licensed via CSP Software Subscription 

Purchasing SQL Server via CSP Software Subscriptions is the most cost-effective option but requires an upfront investment and pre-payment for a 12- or 36-month license.  This license can be returned for a full refund within 60 days of purchase but cannot be returned after the 60-day mark. 

MSPs can use a CSP Software Subscription to SQL Server under any VM deployment scenario.  If the VM was migrated via Azure Site Replication (ASR) from on-premises, deployed as a Windows VM and then had SQL installed on it, or deployed from Azure image library as a SQL VM and was then converted to “bring-your-own license”, a CSP Software Subscription license can be used. 

  • List Price for SQL Server license subscription: 
    • SQL Standard 12-month subscription: $130/month per two CPU cores (4 cores minimum per VM) 
    • SQL Standard 36-month subscription: $118/month per two CPU cores (4 cores minimum per VM) 
    • SQL Enterprise 12-month subscription: $498/month per two CPU cores (4 cores minimum per VM) 
    • SQL Enterprise 36-month subscription: $454/month per two CPU cores (4 cores minimum per VM) 
  • Payment model: Upfront, 60-day full refund 
  • Deployment models: 
    • Migrate existing VM with SQL installed to Azure 
    • Deploy a new Windows VM in Azure and install SQL 
    • Deploy a new SQL VM in Azure, convert to “bring-your-own” license 

What about SPLA?  

MSPs often ask if they can use their existing SPLA agreements to license SQL Server in Azure.  The answer is yes and no.   

Yes, you can license SQL via SPLA using the SAL (Subscriber Access License) model, which is where you pay for each user who connects to the SQL Server.  However, you cannot use SPLA to license a per-core SQL model, which is by far the most common way to license SQL Server. 

The reason for this is the “DCP Eligibility” of SQL Server product in SPLA.  DCP stands for Data Center Provider and DCP Eligibility is a benefit of SPLA that allows certain services to be brought to other providers with Azure being a DCP.  SQL SAL licenses are DCP Eligible, while SQL Core licenses are not DCP Eligible (you can read more about that here). 

In summary, the PAYG SQL license is flexible from the payment perspective, expensive, and must be deployed from an Azure library.  SQL via CSP Software Subscriptions is the least expensive, most flexible in terms of deployment options, but requires an upfront payment.  SQL Server with Software Assurance is the least common option since many customers of MSPs don’t maintain active Software Assurance. 

MSPs building a cloud practice in Microsoft Azure need to be aware of the various options for licensing SQL Server since it is often a large component of the overall cost of an Azure IT environment.  Choosing the correct one can have a significant impact on an MSP’s overall margin for a particular customer deployment.   

At Nerdio, our mission is to empower MSPs to build successful cloud practices in Microsoft Azure.  We continue to stay up-to-date on all the latest developments with Microsoft licensing and help our MSP partners make the right choice when selecting among the multitude of alternatives. 

Microsoft Drops the Cost of Licensing Azure Virtual Desktop (AVD) Deployments by 25%

Although not the case in every single deployment scenario, for the vast majority of Azure Virtual Desktop (AVD) deployments for SMBs, Microsoft has dropped the price by 25%!  As most Managed Service Providers (MSP) cater to the SMB market, this recent development will significantly decrease the cost per-user for the majority of their AVD deployments. 

Here, we discuss real-world virtual desktop deployments, the licensing needs of such deployments, and how a little known announcement Microsoft made a few weeks ago is reducing the cost of AVD licensing by 25%. 

What does a typical virtual desktop deployment look like for an SMB customer from a licensing perspective?  First you need the operating system license, which is either Windows Server plus RDS (in a Remote Desktop Services deployment) or a Windows 10 Enterprise subscription (in a AVD deployment).  We’ll be working with AVD here, so let’s assume that we need a Windows 10 Enterprise subscription to cover the cost of the OS and AVD functionality.  Windows 10 Enterprise E3 is $7/user/month and is the least expensive license that can be used for this purpose. 

What else does a Azure Virtual Desktop user need besides Windows 10?  The Office suite, of course!  Office can be purchased as a standalone product (e.g. Office 365 ProPlus or Office 365 Business) or as part of a package (e.g. Office 365 E3, Office 365 Business Premium, and Microsoft 365).  The tricky thing about Office is that with AVD (and RDS), you’re running it in a multi-session environment where multiple users are using the same virtual machine to launch the Office apps.  To enable such multi-session use, Office relies on a feature called “Shared Computer Activation” (SCA).  Until recently, only Office 365 ProPlus had SCA.  This meant that only enterprise Office 365 packages (e.g. E3, E5, etc.) could be used with AVD because only they include Office 365 ProPlus.   

In addition to Windows 10 Enterprise and Office ProPlus, virtual desktop users typically leverage Exchange Online, OneDrive, SharePoint Online, Teams, and other Office 365 services.  From a licensing perspective, it is always less expensive to purchase an Office 365 package than two or more of its sub-components.  This means that for most virtual desktop users, Office 365 E3 + Windows 10 Enterprise E3 was the most cost-effective option to license all needed functionality.  The cost?  $27/user/month ($20 for E3 and $7 for Windows 10). 

Let’s look at this visually.  You could buy Microsoft 365 E3 and get everything you need in a single package for $32/user/month.  Or, you could mix-and-match components, for example #10 + #11 for $27/user/month. 

Note that the key here is that Office 365 ProPlus must be included since it was the only version that supported SCA.  You can’t buy Office 365 Business Premium for $12.50/user/month, which includes Office 365 Business, since that version would not activate on a multi-session virtual desktop with SCA. 

With all of that in mind, what did the Microsoft announcement change?  Microsoft enabled Shared Computer Activation for Office 365 Business when it is purchased as part of the Microsoft 365 Business package

Prior to the announcement, it was not possible to use this specific package to fully license a virtual desktop deployment because Office 365 ProPlus was still needed for its SCA capabilities.  Now, Microsoft 365 Business can be used to license the entire AVD deployment: Windows 10 + Office suite + Exchange/OneDrive/Teams/SharePoint.  All for $20/user/month, which is $7 less than the best alternative available previously.  This is a 25% reduction in the per-user-per-month cost. One thing to note is that SCA is available for Office 365 Business ONLY when purchased as part of #1.  It is not available with #5 or even #3. 

But wait, there is more! Not only do you get Windows 10 and Office 365 for $20, but you also get Enterprise Mobility + Security (EMS), which is a suite of technologies to help with mobile device management and security.  Customers can have their primary desktop running securely in Azure with AVD and their local PCs, laptops, and mobile devices managed and protected via Intune. 

Microsoft is making many licensing and technology moves in advance of Windows Virtual Desktop entering general availability later this year that are all meant to drive demand for this IT delivery model.  It is likely that AVD with desktop VMs running in Azure and leveraging Microsoft 365 SaaS products will be the most cost-effective IT solution for small and mid-size businesses in the very near future.  This is a tremendous opportunity for the channel and specifically the MSPs who service these customers. 

At Nerdio, we enable MSPs to build successful cloud practices in Microsoft Azure.  Contact us to learn more.

What’s New at Nerdio? June 2019

Today is a big day at Nerdio and it has nothing to do with finding a new partner, attending a great peer-to-peer group, or recording a webinar. It isn’t about a new product feature or a different way to use our product, either. It’s about helping you.

At Nerdio, our mission is to enable Managed Service Providers to build successful cloud practices in Microsoft Azure. When MSPs want to understand their cloud practice options and opportunities, we provide the tools and insights for specific and tangible solutions. Instead of wondering how much to charge or how to deploy and manage a cloud solution, we’ll offer the necessary resources for MSPs to quickly find out how their business can benefit from being built on Microsoft Azure.

We believe that when working with partners, they want two primary daily deliverables:

1. To be understood.

We are techies who love our community of partners that make their living from providing leading technology.
When MSPs find Nerdio, they know someone finally ‘gets’ how complex the subject can be. Nerdio proactively anticipates the questions MSPs have before they ever need to ask them.

2. To be informed.

We regularly curate content and resources for our website and social media presence to stay on top of industry developments and keep our partners aware of the latest Azure information. With Nerdio by their side, the MSP has all the information they need to make the right choice for their business. Every time they interact with Nerdio, they leave having learned something new about Azure.

It makes sense, then, that we have a world-class website that matches our mission statement, therefore allowing MSPs to be understood and be informed.

Today, we re-launch www.getnerdio.com as the primary resource for MSPs to build a successful cloud practice in Microsoft Azure.  You’ll find a clean, modern look which will differentiate Nerdio from the clutter, flash, and generic stock photography seen on so many other sites. You will also be introduced to the “Nerdio Academy” which is an incredibly rich resource designed for the MSP community. It includes best-in-class educational videos, webinars, white papers, and much more designed to help MSPs understand how to build a successful Azure practice — including topics from Windows Virtual Desktop, increasing your margins selling Azure, and deep technical Azure content.  You won’t find this breadth and depth of MSP-focused content anywhere else.

At Nerdio, we aim to be focused, straightforward, empowering, and helpful to our partners.  By doing so, we offer you the definitive Azure solution for the MSP community.

8 Reasons to Move Your Data Center to Microsoft Azure

If you are a Managed Service Provider (MSP) with a focus on managing hosted infrastructure, then you’ve likely invested in creating a data center of your own in a colocation facility.  Such data center deployments can be fun to create and historically have been able to provide significant margin advantages when pricing and selling managed infrastructure services at scale. 

With significant technology and pricing changes due to the emergence of public cloud in recent years, it is time to evaluate if maintaining and investing in your current data center is still the best option for your business.  Microsoft is making significant investments in driving partner adoption of Azure with programs like Data Center Optimization (DCO).

If you have not yet explored the pros and cons of an Azure data center migration, here are eight reasons why you should consider making the switch.   

1. Hardware Refresh 

Private data center deployments are typically a CapEx investment for an MSP, which is capitalized and then depreciated over the course of the useful life of the equipment.  With warranties on most equipment like SANs and blade servers of 4-5 years, depreciating even sizable investments over 60 months creates a very attractive cost structure on the P&L– until the time comes to refresh the equipment. 

When the initial investment is made into compute, storage, and networking equipment, everything is brand new and performing well.  As the equipment ages and reaches the end of its useful life, it becomes less reliable with frequent component failures that can affect the production environment.  Replacing equipment is not only a significant CapEx (cash) outlay, but the complexity of doing so in a non-disruptive way is quite high.   

When you first deployed your data center, you were doing a greenfield deployment with maybe a handful of customers.  You now have tens, hundreds, or even thousands of customers relying on the equipment that you need to replace, and the longer you wait, the more you risk an outage — which can create high customer dissatisfaction.  Even if the equipment is operating reliably, the risk of having your SAN or blade chassis be out of manufacturer’s warranty is high risk.  If a component fails and you can’t get a replacement quickly, that could spell disaster for your customers. 

With Azure, the equipment backing your deployment is owned by Microsoft.  Microsoft owns the responsibility for the hardware stack, therefore any failures are theirs to fix.  You will no longer have to worry about wholesale hardware refresh cycles once you make the switch to Azure.  Hardware refresh cycles are painful and migrating to an Azure data center can make them a thing of the past.   

2. The Cost Structure and the Average Fixed Cost (vs. Marginal Cost) Fallacy 

Initially, an efficient data center deployment’s long depreciation period of 60 months can create a cost structure that appears an order of magnitude better than a comparable deployment in Azure.  However, this advantage is only superficial.  Logic would dictate that Microsoft’s hyper-scale data centers should provide them with significant economies-of-scale cost benefits.  You can argue and say that although Microsoft does have a much better cost structure on the infrastructure than you do, they may not decide to pass the savings onto the customer. Or that they will only seek to capture it as their own gross margin and make more money on Azure.   

Don’t forget, though, that Microsoft has large and aggressive competitors in the public cloud space (Amazon, Google, and IBM, to name a few) and they are all in a land-grab for as much market share as possible.  They are not necessarily in margin-optimization mode today and price-parity (providers matching each other’s pricing) is the rule rather than the exception.  If so, it would stand to reason that if Microsoft’s infrastructure margins are thin due to competition, their prices would be as good or better than what a smaller scale MSP can achieve on cost with their own data center.  So, why does it seem like your data center cost structure is better than Microsoft’s Azure prices? 

The answer comes down to two main things:  

  1. Comparing CapEx costs that are depreciated over a long period with Azure’s Pay-As-You-go list prices
  2. Confusing average fixed costs with marginal costs 

CapEx costs vs. Azure’s Pay-As-You-Go (PAYG) list prices 

Let’s take compute as an example.  You can buy a Dell PowerEdge M630 server blade with two E5-2698 V4 processors (40 hyper-threaded cores each) and 768GB of RAM for $20K.  This doesn’t take the blade chassis, network switch, power, and hosting infrastructure into account.  Let’s add another 20% for that.  That increases it to $24K all-in, which is $300 per hyper-threaded core with 9.6GB of RAM per core.  That’s a $300/core upfront cash outlay that gets depreciated over 60 months and comes out to $5 per core per month (this does not take cost of capital cash flow discounting into account, which would make the cost a bit higher).  

Azure doesn’t even come close when looking at their Pay-As-You-Go pricing.  The closest comparable VM is a F72sv2, which has 72 CPU cores and 576GB of RAM with a PAYG list price of $4,651/month – that $65 per core per month!  Not even in the same ballpark. 

However, consider the fact that the cost of your Dell PE M630 does not include any OS licensing and you’re making a five-year commitment by purchasing it upfront.  It’s not accurate to compare this to Azure’s PAYG prices, which include the Windows Server OS license for 72 cores and the option of turning the VM off to stop paying for it at any time you wish.  A more accurate comparison would be to the price of the same Azure VM but with a 3-year Reserved Instance and Azure Hybrid Usage enabled (a licensing program from Microsoft that includes the Windows Server OS license).  The cost then drops down to $806/month or $11 per core per month — still double the cost of the Dell server option –but we’re not done yet. 

If you’re a Direct CSP then you get a 5% discount on Azure Reserved Instances (RI).  There is currently a global RI incentive in place of an additional 10%.  There is also a global accelerator rebate of 8% on Azure consumption, a 2% rebate on new Azure customer adds, and special programs like DCO (Data Center Optimization) which can add an additional 20%.  Your starting price of $11/core/month minus 45% in discounts and rebates bring it down to $6/month.  Getting closer. 

Average fixed cost (AFC) vs. Marginal cost (MC) 

Although this is a simple Economics 101 concept, for ease of analysis we often ignore its significant effect on properly understanding the true cost structure.  Average Fixed Cost (AFC) means simply taking the total fixed cost (Dell PE M630 for $24k, in this example) and calculating its average cost over the course of 60 months.  On average the server will cost you $5/core/month regardless of whether it’s used or not.  If you fill it up with billable customer workloads, it will cost you $5/core/month.  If it sits idle with no revenue generating workloads, it will still cost you $5/core/month.   

Marginal Cost (MC), on the other hand, is only incurred if you have the customer demand to justify spending the money.  With Azure, if you have no customers, then your marginal cost will be $0.  If you have a small number of customers, you can buy any size VM that supports that size workload and then upgrade as needed.  This is true even if you’re reserving Azure capacity for three years given the ability to exchange reservations at no charge.   

Why does this matter?  It’s very tempting to calculate the AFC of a piece of hardware by dividing the cost into the number of months it’s going to be used.  But this doesn’t consider that you won’t fill up every piece of hardware you purchase on day one that it is purchased.  Not only that, but you’ll never fill your hardware to 100% capacity even if customer demand is there because you want to have redundancy in case of failure and you want to leave some spare capacity for peak demand.  How does this change the math?   

Let’s assume you decide that you won’t utilize the server at 100% but rather will keep it below 70% for redundancy and peak demand reasons.  You’re also expecting to build up this utilization evenly over time.  In month 1, you’ll start out with 0% utilization and at the end of month 60 you’ll be at your peak 70% utilization.  This means that the average utilization over the 60 months is 35%.  With this new piece of data, we need to reassess our cost comparison between Azure’s $6/core/month cost vs. the Dell server $5/cost/month where we assume 100% utilization throughout the 60-month life of the server.  Since our actual utilization is 35% on average and we use Azure’s flexible VM sizing to perfectly fit this utilization, we end up with Azure’s per-CPU cost being about $2/core/month, which is significantly lower than the Dell M630 alternative. 

Similar analysis can be applied to other infrastructure components such as storage and bandwidth.  Not every analysis will produce such a cost advantage for Azure, but compute is a significant cost component and typically tilts the analysis in Azure’s favor. 

With Azureyou get to take advantage of public cloud’s flexibility to closely match the capacity you purchase with the demand from your customers.  By leveraging reserved instances and not renting the Windows Server OS via Azure (more on this below), you can achieve a clear cost advantage at a much lower scale than you can with a private data center. 

3. Microsoft Owns the Software 

Microsoft owns the foundational software components of a hosted IT stack, assuming you live in a Windows world.  They own Windows Server, SQL Server, Windows 10, and much more.  It would stand to reason that Microsoft would use their control over the software stack components to make Azure more cost effective than the alternatives.  Remember, today it’s a market share play with Azure trying to grab as much of the market as it possibly can knowing that once a workload is in Azure it’s unlikely to move.  Microsoft leverages Windows Server and SQL Server (as an example), which have $0 marginal cost to the company being pure software, to position Azure as the cloud of choice. 

Let’s see an example of how this works. 

If you run Windows Server on your data center hardware, you’re likely using SPLA to license Windows Server Datacenter Edition on a per-core basis.  You’re paying about $28/month for a 2-core license just for the Windows Server OS.  That’s two physical cores and assuming hyper-threading you’re paying about $7/month per hyper-threaded core.  With Azure Hybrid Usage and Software Subscriptions via CSP you can purchase an 8-core Windows Server OS license for $14/month with a 36 month pre-payment.  That’s less than $2/month per core as compared to $7.  A big cost advantage. 

Microsoft is doing many other things to make Azure the best platform for your workloads.  Do you currently have Windows Server 2008 or SQL Server 2008 in your environment?  If so, support is ending, and no more security updates will be provided, leaving customers exposed to hackers and malware.  You have three options: rebuild your Windows Server 2008 and SQL Server 2008 environments with the latest versions to get updates, pay for extended security updates, or migrate the servers to Azure as they are and get an additional three years of updates for free!  Another compelling reason to not spend the money on doing Windows Server OS and SQL upgrade work on premises, but rather lift-and-shift the VMs to Azure. 

4. Global footprint and redundancy 

Your data center is unlikely to have a global footprint and certainly not anything close to Microsoft’s 54+ global regions.  If your current customers are geographically distributed or even if you want to replicate data across data centers in the same country, a local data center strategy is not optimal.  Operating a centralized data center leads to unnecessary latency and performance degradation for users who are far away and building and maintaining distributed data centers becomes very expensive quickly. There is no question Microsoft will continue to increase their data center footprint to include more regions and availability zones and they will do so faster than any MSP can ever hope to do with their own data center resources. 

5. Market demand 

Study after study shows that as cloud acceptance increases, organizations become more and more comfortable moving their IT into the cloud.  Whereas a few years ago the market had privacy and security concerns when it came to the public cloud and instead preferred smaller, private deployments, this is no longer the case.  The market is predominantly shifting towards a consumption based, hyper-scale public cloud model and more and more customers are asking for a specific cloud by name.  As time goes on, it will become difficult to justify running IT workloads in a private data center rather than in a world-class, always up-to-date, secure, and fully certified public cloud like Microsoft Azure. 

There will always be niche use-cases for non-public cloud deployments in certain industries and regulated verticals.  However, these will become more of an exception than the rule. 

6. The “bus test” 

If you’re like most MSPs who operate a data center, then you have a “guy” or a “few guys” or maybe you are “the guy” who knows the deployment inside and out.  Any major issue must be escalated to this person and he or she is the ultimate technical guru when it comes to your data center.  The question is does it pass the “bus test”?  Can your business survive if this individual would get figuratively hit by a bus — or more likely find another job?  Is this a risk to your business you can tolerate?  For some, the risk is acceptable, for others who are thinking of continuity, succession, and building long-term business value, it is not.   

With Azure, your customers will be using a world-class platform which is well known and understood throughout the IT industry.  There are plenty of training courses and certification tracks with more being added each day.  An Azure data center deployment can be supported by people other than your “guy.”  It may not be easy to find this talent and today it is not cheap, but it’s certainly possible and less risky. 

7. Who’s to blame? 

Few things are more stressful to an MSP owner than a widespread data center outage that is affecting customers’ ability to conduct business.  When this happens, the rest of your company grinds to a halt, blood pressure rises, and all attention is immediately diverted to resolving the outage.  Once resolved, there are scores of customers to talk to about what happened, apologize for the situation, and communicate a plan of how this won’t happen again.  Outages can be mitigated with proper setup, maintenance, and redundancy, but it is not possible to completely eliminate them.  Even Microsoft and Amazon, who invest billions into their data centers, experience outages.  When an outage does happen, do you want the stress of solving the problem and dealing with the fallout?   

With Azure, outages are rare, but they do happen.  When they happen there is nothing for you to do, no bridge call to set up with all of your engineers, no RCA to write, and really no one blames you for it.   There is no negativity that accrues to your company. Azure outages are publicly visible and usually high profile.  It is unfortunate when they happen but not having to deal with the consequences of your own data center outage is priceless. 

8. Management and control plane 

Most data center deployments consist of a combination of technologies loosely coupled together.  There typically isn’t a common management interface for all the pieces.  Virtual machines may be managed in one portal, SAN in another, and network switches in yet another.  Since managing most of the components requires specialized knowledge of unique technologies, there are typically very few engineers at an MSP who are given the keys to make changes.  This often leads to a bottleneck scenario where all routine changes (e.g. creating a new VM or setting up a VPN) must be escalated to a handful of already busy engineers instead of being done by lower-skilled resources. 

With Azure, you can use IT automation tools like Nerdio to simplify the management of the underlying infrastructure through an easy-to-use, single-pane-of-glass portal that can be delegated down to the help desk technician level for basic IT administration tasks without the need to expose admin access to the underlying infrastructure. 

Conclusion 

There are many compelling reasons to consider moving your data center to Azure.  The timing may not always be right such as if you’ve recently built out or refreshed your data center equipment you may want to wait until it depreciates for some time.  When you do decide to make the switch, be sure to leave yourself with enough time to architect the proper solution, understand the cost implications, and create a gradual migration plan.  Six to twelve months is a good time frame to budget for a sizable migration project. The secular trend of public cloud computing, however, is not something coming down the road—it is here today—and it is important for every MSP to understand the benefits and implications of moving to the public cloud. 

At Nerdio, we enable MSPs with technology and resources to build successful cloud practices in Azure. Our Partner Solutions team has extensive experience helping MSPs evaluate and execute transitions from private data centers to Azure.