The First 7 Things to Configure in a New Nerdio Manager Deployment

Provisioning with Nerdio is an exciting experience. A whole new virtual environment is created and ready to be explored, configured, tested, and deployed. However, we find that partners often jump ahead and don’t set themselves up for success. This article discusses the first 7 things to do in a newly provisioned Nerdio environment to allow for a smooth and seamless deployment.

This list is in sequential order, so following along from point 1-7 is best practice.

1. Linking Your Domain

By default, Nerdio provisions with a Federated domain that looks something like XXXX.nerdio.net where XXXX is the four digit ID associated with your account. This domain is assigned as the default domain and all users get the Nerdio.net UPN applied upon import and creation. Understandably, this can create conflicts when importing users from the existing environment, or creating new ones. To avoid this, we recommend linking your primary domain and setting it as default. 

To link your primary domain, login to the Nerdio Admin Portal (NAP), then navigate to the “Onboard” section and select “Domains” from the drop down. Once there, select “Add Domain” and go through the process of verifying the domain. After the domain is verified, select “Set as default”.

2. Turning On Backups

This section goes without saying and I know is best practice. However, amidst the excitement of getting everything configured in a new environment, this step often gets put on the back burner until it is too late.

The process for tuning backups on is very simple. First login to the NAP, go to the “Backup & DR” section and select “In-region backup.” It will take a few seconds to load, but once it’s loaded turn the switch to “ON” and then manually force a backup on each of the servers. This provides a fresh image of the environment to fall back on if something goes awry during the initial configuration. 

3. Syncing Office 365 & Importing Users

Importing users is a pretty straight forward process:

  1. If your existing environment is already using AD Connect, you’ll want to follow THIS article to ensure the correct PowerShell modules are installed. 
  2. Then follow the instructions HERE to stop the current on premise AD sync, clearing the immutable ID’s, and re-syncing with Azure AD.
  3. After the steps above have been completed THIS article walks through the Import process.

Nerdio Tip: When importing users, a password reset is necessary. This is a Microsoft limitation and is part of user import process. We recommend gathering a list of the user’s current passwords, and then leveraging Nerdio’s Bulk Add/Update tool to reassign the old passwords after the import. 

4. Configuring the Golden Image (GI) and Pool Template

This step will take the most time, and it’s better when broken into three phases.

Phase 1 – Configure/Install environment wide settings/applications on the GI. This is the standard image for your environment. All pool template VMs & individual users’ virtual desktop sessions will get created based on the GI. We encourage admins not to make very specific user customizations to the GI. It should contain applications that are common to all, or most, users in the deployment. For more information on configuring the GI, check out THIS article.

Phase 2 – Configure/install user specific settings/applications on the Pool Template. The template is where most of the customizations begin. It’s the standard for every session host within that specific pool. This is where you set things like the VM series size (CPU and RAM), drive capacity (OS disk size and performance), unique applications and settings specific to the members in that pool. 

Phase 3 – Assign users to the pools and configure the scale settings on the pools. Scale settings should be set specific to the user count and use case.

For further details on pool logic and configuration, see THIS article.

5. Configuring VM Series Size for Use Case

We find that partners tend to be a bit hesitant when it comes to modifying the VM series size in their environment. As a reminder, we like to assure our partners that we are here to empower them, not limit them.

We provision a new environment with the minimum requirements for testing. We do not provision based on the recommendations for a production deployment. We do this to limit the initial cost associated with the environment and the understanding that most partners don’t “Go Live” in their first week in a new environment. As a result, we help manage cost on the front end. All servers in a new deployment will be either A or B series VM’s.

With that, our recommendation is to, at the minimum, run FS01 on a D2sv3, DC01 on B2ms, & the pools on a D2sv3’s. Something we do like to point out, don’t assign a B-series VM to a server with an SSD drive. Due to the limitations of the B-series it won’t actually leverage the added IOPS and performance of the SSD drive. This means you’ll be paying extra for the solid state when the B-series VM could never actually utilize the added capabilities of the SSD.

At the end of the day we cannot anticipate the needs of each environment and monitoring/tracking will need to take place to determine the best resource allocation (tracking can be done via an RMM tool, or by logging into each session host and monitoring Task Manager). This is especially true in the first 1-2 weeks. In that timeframe we recommend waiting to implement scale settings in order to keep things in the environment controlled. Once the VM series sizes have been appropriately adjusted, and usage patterns have been tracked, scale settings can be implemented to help optimize cost savings. 

Nerdio Tips:

  • If your domain is “Managed” you won’t need the PRX01 server. In that case, the drive size can be reduced to an HDD (S10) and the VM can be powered off to save on cost.
  • You can check if your domain is “Managed” by going to the Nerdio Admin Portal, Onboard>Domains and checking for “Managed” or “Federated” in parentheses at the end of the domain suffix.

6. Cleanup the Environment

In the initial provisioning, Nerdio assigns 4 test users. Those users are designed to help navigate the environment, and provide parity to a live deployment. They can be modified and adjusted at your discretion. We do recommend having one “Admin” account that’s been granted “Domain Admin” rights (follow this article for instructions) and is part of the IT Department AD Group. That user can then be leveraged to login to DC01 & FS01. 

During the provisioning phase of a deployment Nerdio leverages one M365 license. Post provisioning that license is assigned to the AndyIT user, along with a dedicated desktop. To cut on cost, and recover the license, you can remove the dedicated desktop from Andy IT, and also strip the license. 

Final Thoughts

In relation to VM series size and scale settings, we recommend in the first week or so to turn off scale settings on the pools and overcompensate with the resources. The last thing you want is for the client to be unhappy in their new environment due to slow performance. Just make sure that during the initial week or two you have an RMM tool installed and monitoring performance. Once you’ve gathered consistent usage patterns from your client you can then implement scale rules and Reserved Instances. 

So that’s it guys. The first 7 things to configure in your new AVD deployment. If you get these all dialed in you’ll be set for a smooth migration, deployment, and end user experience.

Introducing Nerdio Manager for Enterprise: Deployment & Management of Azure Virtual Desktop for the Enterprise

Today, we’re launching the public preview of a brand-new product called Nerdio Manager for Enterprise. It is an automation platform designed for Enterprise IT Professionals to deploy, manage, and autoscale Windows Virtual Desktop (AVD) in Azure.

We’ve been quietly building this product for some time now and have worked with several global enterprise companies, system integrators, and ISVs during the private preview phase where the product was put through its paces. Now we are excited to make it available to the world and help accelerate and further drive adoption of AVD by enterprise organizations.

CLICK HERE TO LEARN MORE ABOUT NERDIO MANAGER FOR ENTERPRISE 

How we got here – the release of Azure Virtual Desktop

Sixteen years ago, long before Nerdio was founded, we created a hosted, virtual desktop MSP in Chicago using Terminal Services(then RDS) and eventually VMware Horizon (View) VDI technology. Over the course of a more than decade and countless customer deployments, we learned what it takes to deploy and, more importantly, manage virtual desktops at a large scale. This experience is what led to the birth of Nerdio, which started as an automation platform for MSPs to build a hosted virtual desktop practice using our private cloud.  It didn’t take long for us to realize that MSPs were much more interested in building their virtual desktop cloud practices in Azure, not in our private cloud.  Nerdio for Azure (NFA) was our answer and for the past three years,Nerdio has helped thousands of MSPs price, deploy, manage, and optimize virtual desktops in Azure.

The release of AVD, which entered general availability in October 2019, was a game changer. I expected it to be quite popularbut underestimated the magnitude of interest in this new technology and IT delivery model.  We released AVD support in Nerdio for Azure the day Microsoft launched AVD, and as a result MSPs rushed to try AVD with NFA as native, manual deployment with PowerShell is so complex and time consuming.  Having an intuitive and easy to use interface for deploying and managing AVD has given us the opportunity to work with many large, global enterprises looking to implement AVD for their workforce.

Having spent time with these large enterprises learning how they wanted to leverage AVD, it was very clear they had unique needs and requirements when it comes to virtual desktop management that were significantly different from our MSP partners. 

First, each deployment is very large with thousands and even tens of thousands (or more) virtual desktops and users spread all over the world. Data residency, security, and compliance are critical elements.  Fast and efficient user management and easy deployment are at the top of the list.  Cost savings and Azure spend optimization, at such large scale, are critical. Finally, flexibility of configuration to accommodate complex environments and the ability to integrate with existing deployments were table-stakes.

After being introduced by Microsoft into many such conversations when AVD first launched, we quickly realized there was a tremendous opportunity to create value and help these organizations adopt AVD natively. We were faced with a choice: retrofit our existing, MSP-focused, Nerdio for Azure product to accommodate this type of customer or start from scratch. We chose the latter path and created Nerdio Manager for Enterprise as the most modern, secure, and feature-rich native AVD management product on the market.  I won’t go into a feature discussion here, but you can see all the product details on our website and Azure Marketplace listing.

How is Nerdio Manager for Enterprise built? 

Nerdio Manager was built as an Azure native, PaaS-only (no VMs) application that is deployed by customers exclusively through the Azure Marketplace into their own subscription in any region they choose. This is an innovative deployment model that addresses customers’ data residency and security concerns. They choose where the Nerdio Manager deployment lives and fully control access to the application. In contrast, all other AVD management solutions on the market use a multi-tenant, SaaS model that connects the vendor’s control plane into the customer’s Azure environment. A compromise of the vendor’s systems could lead to unauthorized access into the customer’s environment. The customer also has little control of how their data travels and where it resides. With multi-tenant control planes, compliance can also be a challenge with data residency being hard to identify and pin down since a third-party controls and has access to this metadata.

Nerdio Manager for Enterprise’ unique single-tenant deployment model is just one component of the product’s innovation.  It is also deployed and billed through the Azure Marketplace. This means that organizations with a typically extensive procurement process can start using the product without any hurdles because it is billed by Microsoft alongside all other Azure consumption – on the same invoice.

Nerdio Manager was built from the ground-up for AVD. It is not a legacy product retrofitted to work with AVD. That means it’s lighter, faster, more secure, and easier to use than the alternatives. It is also priced at a fraction of the cost of other products.Ultimately, it delivers value to enterprise IT Professionals, who want to deploy and manage large AVD deployments, in 3 ways—

  • Operationalize large AVD deployments through a powerful and intuitive UI used by engineering and help desk staff to deploy the environment and provide ongoing user management. Capabilities like desktop images, performance monitoring, and user session control eliminate the need for complex scripting and speed up response to end-users.
  • Reduce Azure costs with schedule and event-driven autoscaling and speed AVD deployment with a guided setup wizard reducing engineering workload. Azure compute and storage costs can be reduced by up to 75% and deployment time from weeks to hours. Additional savings result from consolidating user management and monitoring tools and eliminating third-party apps.
  • Reinforce existing security policies, compliance, and address data residency concerns. Nerdio Manager for Enterprise is deployed as an all-PaaS, secure Azure application inside a customer’s own subscription in a geographic location of their choice. No user data ever leaves the Azure environment and there is no third-party access to the deployment.

Isn’t this functionality being built by Microsoft?

After a customer sees and uses the product, the feedback we consistently hear is that this is how AVD should be “out-of-the-box”. Many ask how Nerdio plans to stay relevant if Microsoft will build their own management portal for AVD. Won’t it make Nerdio Manager irrelevant?

Before making a significant investment into building this product we carefully considered this question.  With Azure, Microsoft is building amazing technology and at an unbelievable pace. The rate at which Azure and AVD are evolving are hard to keep up with. However, Microsoft is primarily focused on innovation of the core AVD product. Things like Windows 10 multi-session, AppAttach, AVD control plane, ARM-based object model and a multitude of other innovations that Nerdio, or anyone else for that matter, could not do. After all, most of these are proprietary Microsoft technologies. Where Nerdio adds value is in our deep operational expertise with virtual desktop environments and the ability to move and innovate rapidly, building on top of Microsoft’s technology, in response to customer feedback.  Nerdio Manager for Enterprise is launching with an extensive list of AVD management and scaling innovations beyond anything that is expected from Microsoft in the near term. Things like UI-integrated schedule and event driven autoscaling, desktop image management, and performance monitoring are just a fewexamples.

One of Nerdio’s core principles is to earn our customers’ business every day. That is why our products are priced on a consumption basis with no monetary or time commitments. That is also why we strongly believe in “no vendor lock-in”.  Nerdio Manager for Enterprise can be removed just as easily and non-disruptively as it can be added into a AVD environment. No custom VM agents or user clients, no vendor-managed control planes, and no license commitments. We strongly feel that the power and ease of use of our products speak for themselves and the cost reductions in Azure spend and labor far outweigh the licensing costs. No other AVD management vendor can credibly make this claim.

We plan to keep innovating at a fast pace and continue to constantly build new value on top of AVD.  Being nimble allows Nerdio to respond quickly to customer requests.  Nerdio Manager’s brand new, Azure-native code base allows for limitless possibilities in terms of new features and functionality.  As a matter of fact, we already have a well-defined roadmap of groundbreaking virtual desktop management functionality for the foreseeable future based on early-adopter feedback.

How is Nerdio Manager for Enterprise billed?

During the public preview phase, Nerdio Manager for Enterprise is available at no charge and can be deployed directly from the Azure Marketplace. Once in general availability, we will offer two pricing models: per-named and per-concurrent AVD user. This will provide flexibility to organizations who have many users entitled to use virtual desktops but a smaller number logging in at the same time.

Is Nerdio shifting focus away from MSPs?

Nerdio’s primary mission has always been and remains to empower MSPs to build successful cloud practices in Microsoft Azure. The creation of Nerdio Manager for Enterprise was an incremental investment and was done without redirecting any resources, staff or focus away from our core MSP mission.  Our new enterprise sales, product development, and service delivery teams will focus on Nerdio Manager for Enterprise and help customers with very large AVD deployments. The rest of the organization will continue to provide world-class training, engineering assistance, sales, and technical support that our MSP partners have come to expect from Nerdio. Our award-winning Nerdio for Azure platform will continue to improve and evolve at an ever-increasing pace to empower more MSPs to build and grow bigger and more profitable Azure practices.

It is an exciting time to be part of the amazingly fast evolution of the IT industry towards cloud and virtual desktops.  Windows Virtual Desktop holds the promise to revolutionize the IT delivery model and dramatically grow the, already sizable, virtual desktop market. Nerdio spends every day talking to partners and customers to understand their needs and couple them with our deep operational experience to create revolutionary products and functionalities that remove speed bumps to adoption.

To learn more about Nerdio Manager for Enterprise, click here.

Click here for the Azure Marketplace listing. 

Nerdio’s Azure Virtual Desktop (AVD) Pools Explained

AVD desktop pools

Nerdio AVD desktop pools are great. They enable auto-scaling to save on costs and simplify image management with a centralized template that can be pushed out to all session host. In this article, we’ll break down the logic behind the operation of Nerdio AVD desktop pools, explain some use-cases, and discuss some terminology to be aware of.

First and foremost, it’s important to understand the different components of a Nerdio AVD desktop pool. As you can see from the image below, there are three key components:

  1. Golden Image desktop
  2. Nerdio AVD desktop Pool Template VM
  3. Individual AVD Session Host VMs

Golden Image Desktop (GI)  – This is the standard image for your environment. All pool template VMs & individual users’ virtual desktop sessions will get created based on the GI. We encourage admins not to make very specific user customizations to the GI. It should contain applications that are common to all, or most, of the users in the deployment.

AVD Desktop Pool Template VM – The pool template is where most of the customizations begin. It’s the standard for every session host within that specific pool. So, this is where you set things like the VM series size (CPU and RAM), drive capacity (OS disk size and performance), unique applications specific to the members in that pool, and anything else that would apply to all users being assigned to that specific pool.

  • Our partners sometimes ask why they should create multiple pools. Couldn’t they just place all users onto one pool? While in theory that would be possible, there are many reasons to assign different users to different pools. Below are just two examples:
    • User specific performance requirements: Let’s say you have three different user types: Task users, knowledge users, and power users. You don’t want to put all of them on a single desktop pool based on a single template VM. A single power user could max the resources of a lower VM series, making any subsequent users who login experience slowness because of low system resources. In contrast, a task user assigned to a large VM series pool might have a session host spun up that’s 10x larger than what they need for their session.
    • Geographic Location: In large deployment that have locations across the country or the world, you wouldn’t want session hosts to begin scaling in at the end of the day for the East Coast branch, and subsequently cause performance issues for the West Coast one. Similarly, you wouldn’t want extra VMs left running when not required simply to accommodate the different time zones. Separating these locations into their own separate AVD desktop pools solves these issues.

Session Host VMs – It’s best to see session hosts as non-persistent VM’s. They are deleted at a frequent rate, by default, through the autoscaling rules in place on the Pools. As a result, it’s important to remember that any permanent changes that are intended to be persistent across the environment should take place on the Template VM, not an individual session host. The only time to make a change on the session host is when testing. The hosts give you a good non-persistent environment that you can work on testing changes. If things go well, simply apply the final changes to the template VM, set it as image, and update the individual session hosts. However, if the changes aren’t working in your testing, simply delete the session host, create a new one (which will create as a clone of the template VM) and continue working as if nothing happened.

That covers the different components of a Nerdio AVD desktop pool. Now, let’s take a look at some terminology that you should be aware of.

Terminology

Scale-In vs. Scale-Out – The addition or subtraction of a session host within a specific desktop pool.

  • As an example, if I currently have four session hosts in Pool_A, then scaling-in would bring the number down to three, and scaling-out would bring the number up to five.

Scale-Up vs. Scale-Down – Increasing or decrease the size of the session host (or template) VM by adding or removing CPU, RAM and storage.

  • As an example, if my template is currently running with a D4sv3 VM series (4C / 16GB RAM), then to Scale-Up would be to change the VM size to a D8sv3 (8C / 32GB RAM) and to Scale-Down is to reduce the VM size to a D2sv3 (2C / 8GB RAM). This change would be made to the Template VM level and then get pushed to the session hosts in the pool via the update process.

Standby Host

A Standby Host is configured to be a session host that is created but powered off (de-allocated in Azure). This way when a user tries to sign into an already over-allocated host, and the scale rules get applied to add a new host, Azure simply needs to boot up the Standby host, rather than completely recreating a new host from scratch. This saves time and allows for session host capacity to be available to service user requests sooner.

Final Thoughts

This concludes our conversation regarding AVD pools. The most important thing to remember when making modifications in a AVD pool is the hierarchy of Golden Desktop Image>Pool Template VM>Session Host>User desktop session. As long as you keep that in mind and understand that any changes made to the session host VM get blown away after a scale-in/out or update, you should be good to go.