Azure Virtual Desktop (AVD): Frequently Asked Questions (FAQs)

With Microsoft Azure Virtual Desktop (AVD) now in wide use, we’ve put together a list of the most frequently asked questions we receive, such as: What is AVD? How does it work? How much does it cost? How is it licensed? How do you access AVD and what are the tech requirements?

Read on for these answers and more information.

1. What is Azure Virtual Desktop? 

Azure Virtual Desktop or AVD (also sometimes incorrectly referred to online as Microsoft Virtual Desktop or MVD, and also as its previous name of Windows Virtual Desktop, or WVD) is a set of technologies from Microsoft Azure that enables IT professionals and Managed Service Providers (MSPs) to create Windows 10 virtual desktops in Azure.  AVD was launched in 2019 and is the evolution of Microsoft’s Remote Desktop Services (RDS) technology. Azure Virtual Desktop consists of 4 primary innovations: 

  1. Windows 10 multi-user operating system, which allows multiple concurrent users to use a single Azure virtual machine as a desktop.  Prior to AVD, this was only possible with the Windows Server operating system. 
  2. User profiles are handled independently of the virtual machine that serves are the user’s desktop.  These profiles are placed in containers and the containers are stored separately from the desktop VM in Azure.  This is enabled by FSLogix technology that Microsoft purchased in 2018.
  3. Microsoft Azure has a new Platform-as-a-Service (PaaS) offering that contains the management and connection broker functionality for AVD.  It is the service that determines which users end upon which Azure virtual machine when they connect.  Before Windows Virtual Desktop, this was handled by RDS server roles such as RD Gateway, RD WebAccess, RD Connection Broker, and RD License Server. 
  4. Licensing for AVD has been drastically simplified from prior virtual desktop technologies like RDS.  AVD rights are included at no additional charge with multiple Windows 10 subscriptions including Microsoft 365 and Windows 10 Enterprise. 

2. How much does Azure Virtual Desktop cost? How is AVD licensed?  

There are two cost components to AVD:  License and Azure infrastructure

Microsoft License – Azure Virtual Desktop is an entitlement of a Windows 10 subscription license.  This license can be purchased as part of Microsoft 365 Business/E3/E5/A3/A5 or as a standalone subscription (e.g. Windows 10 Enterprise E3).  If you already own one of these licenses there is no additional cost to use WVD from a software perspective.   
 
If you don’t already have a Windows 10 subscription license, then the least expensive option that covers AVD is Windows 10 Enterprise E3 for $7/user/month.  AVD license covers the cost of the operating system (Windows 10 single user and multi-session) and the use of the AVD management service that’s hosted by Microsoft in Azure.   
 
This license also replaces the need to pay for Windows Server OS license in Azure and the RDS license, since neither of these technologies is used to deliver Windows Virtual Desktop. It is important to note that AVD covers only Azure virtual machines and cannot be used to license on-premises deployments or other clouds.   
 

Azure Infrastructure – Once the license portion of AVD is covered, what remains is the cost of Azure infrastructure to run the virtual machines that users will connect to and use as their desktop.  In addition to the desktop VMs, you will need a place to store users’ profile containers and Active Directory (in addition to Azure AD).  Profile containers can be stored in Azure Files or on a Windows File Server VM in Azure, and Active Directory can be Azure AD DS or traditional AD running a Windows Server VM in Azure.   
 
The cost of all these components will include the virtual machines (compute), storage (disks and files), networking (egress bandwidth), etc.  The precise cost will depend on the number of users, amount of storage per user, how many and what types of applications the users use and many other factors.  The easiest way to calculate the precise cost is to use a tool like Nerdio’s Azure Cost Estimator to have it architect the infrastructure and figure out all the costs.  As a rough range, the Azure infrastructure cost component for pooled desktop users (those sharing a VM or set of VMs) would be in the $10-$30/user/month, and for a personal desktop user (those with dedicated desktop VMs) being in the $60-$130/user/month range. 

Schedule a demo with one of our experts!

 

3. Are there different pricing plans for Azure Virtual Desktop? 

There are not.  License cost is per-user and is the same no matter what type of desktop you’re using.  The cost of Azure infrastructure to run the virtual desktops varies based on what types of desktops you want to deploy.  It is very flexible. 

4. Can I subscribe to Azure Virtual Desktop?

AVD is an entitlement of any Windows 10 subscription license such as Microsoft 365 and Windows 10 Enterprise E3/E5, etc. 

5. How do I access Azure Virtual Desktop?  

AVD can be accessed from any modern, internet-connected device no matter what operating system it uses.  It can be accessed using an installed Remote Desktop client app.  This app is available for Windows, MacOS, iOS, and Android.   
 
This is not the same app as the one that is used for accessing RDS so be sure to download the latest version.  The Remote Desktop client allows a user to run both full session desktops (aka published desktop) and individual published apps (aka RemoteApps).  The RemoteApps and session desktops are even added automatically into the local computer’s Start Menu for easier access.  AVD can also be accessed via any HTML5 compatible browser.  This allows a user to run any session desktop or RemoteApp inside of a browser window or tab. 
 

6. How does Azure Virtual Desktop work?   

AVD allows IT pros and MSPs to create virtual desktops and RemoteApps in Azure and publish them to users who can access them from their own devices.

7. How do I create a virtual desktop on Windows 10? 

Windows 10 is the operating system that’s primarily used to deliver Microsoft’s Windows Virtual Desktop desktops to end-users.

8. How do I get started with AVD?  

Azure Virtual Desktop can be quickly and easily provisioned automatically with Nerdio Manager for MSP. Getting started with AVD is easy. In fact, you can deploy a desktop within 60 seconds using Nerdio Manager for MSP.

9. What are the technical requirements for running Azure Virtual Desktop?

To run AVD, you’ll need a Windows 10 subscription license and an Azure environment with all the prerequisites met. 

10. What is Azure Virtual Desktop session virtualization? 

Session virtualization is a technology that allows the same Azure virtual machine to be used by multiple users concurrently, each for their own desktop session.  This is in contract to VDI or personal desktops where each user gets his or her own dedicated Azure virtual machine to use as the desktop.  Session virtualization is a good way to increase “user density” and reduce costs. 
 

11. What operating systems does Azure Virtual Desktop support? 

On the Azure side, AVD supports Windows 10 Enterprise (single user), Windows 10 multi-session, and Server 2012/2016/2019.  On the client side (end-user device), AVD supports all modern, internet-connected devices such as PCs, Macs, iOS, Android and any device with an HTML5 browser. 
 

12. What hardware supports Azure Virtual Desktop? 

AVD is an Azure-only technology and can only be used in the Microsoft cloud.  Users of AVD can use any modern, internet-connected hardware device.  There are also hardware vendors who produce thin clients designed specifically for AVD. 
 

13. Which remote desktop clients support Azure Virtual Desktop? 

AVD supports all Remote Desktop client devices that are internet-connected. 
 

14. What are the limitations of Azure Virtual Desktop? 

AVD can only be used in Azure and not for on-premises or other cloud deployments.  It also requires a subscription to Windows 10 Enterprise.  This must be a subscription and not a perpetual Windows 10 license. 
 

Do you have more questions? Schedule a quick call with one of our experts.

How to Achieve Azure Solutions Partner Designation in the New Microsoft Cloud Partner Program

July marked the start of Microsoft’s new fiscal year. Among a long list of new product features, integrations and initiatives that are expected in the year ahead, the evolution of the Microsoft cloud partner program is one that we are thrilled to see come to fruition.  

We have talked many times at Nerdio about the need to become a modern, cloud MSP (managed service provider) and move your practice and clients to the cloud. Well folks – the Microsoft Cloud Partner Program is the big neon sign, from the most influential vendor in the small and medium-sized businesses (SMB) market, echoing and amplifying that message.   

Our new white paper helps partners fully comprehend how they can fast track their Azure Infrastructure solution provider designation and obtain a competitive advantage in the Microsoft Cloud Partner Program much quicker by leveraging several out-of-the-box Nerdio Manager benefits. 

Download our white paper for the comprehensive guide or read below for key need-to-knows regarding the new partner program changes and Solutions Partner designations.  

What Are the Benefits of Being a Microsoft (Cloud) Partner? 

Microsoft has one of the largest, and most comprehensive partner programs in the software landscape. Over 400,000 partners from all over the world benefit from their partnership with the Redmond-based giant. If you are looking for a place to sign up to become a Microsoft partner, check out Microsoft’s site.  

Becoming part of Microsoft’s new Cloud Partner Program will allow you to stand out from other MSPs who are still living in the on-premises world and who have not committed to building a cloud MSP.  

As part of the program, you also will qualify for benefits including Azure Production and Dev/Test credits and Product Benefits (formerly known as Internal Use Rights (IUL)) for important Microsoft cloud products including Microsoft 365, Power BI, and more. 

Microsoft Silver and Gold Competencies Shift to Solutions Partner Designations  

One of the biggest changes in the new Microsoft Cloud Partner Program is the shift from the well-known silver and gold competencies to Solutions Partner designations.  

Microsoft introduced silver and gold competencies in 2009 to help Microsoft partners grow faster and highlight their unique expertise among the competitive market of providers leveraging Microsoft technologies. When comparing two potential providers, SMBs could use these competencies to easily tell which were experts in the specific technology area they needed assistance with, be it cloud platform and datacenter, business application integration, etc. The same goes for the new Solutions Partner designations that also reinforce that your MSP is an expert in cloud aka the future of IT.  

The new Solutions Partner designations can be obtained on October 3, 2022. However, September 30, 2022 is the last date to renew legacy silver and gold competencies. 

How Do I Attain a Solutions Partner Designation? And Which Designation Should My MSP Pursue?   

The Solutions Partner designation most relevant to Nerdio partners and MSPs who understand the value of having their clients and operations in the cloud is the Infrastructure (Azure) designation. The Infrastructure designation showcases your MSP can help customers accelerate their migration of key infrastructure workloads to Azure. You can find a list of other designations linked here.  

To qualify for any Solutions Partner designation, you must obtain a minimum Partner Capability Score of 70 (of 100 points maximum) across five metrics – Performance, Skilling (Intermediate), Skilling (Advanced), Customer Success (Usage Growth) and Customer Success (Deployments). 

Resources to Help Understand New Microsoft Cloud Partner Program Requirements and Benefits 

In addition to our white paper, explore additional resources including those from our partners Microsoft, Pax8 and Sherweb that help explain the new program benefits and associated partner opportunities. 

Are You Ready for the Microsoft Cloud Partner Program?  

Contact us today to discuss your Azure needs and how we can help you grow your Azure practice and achieve important distinction in the Microsoft partner ecosystem. And don’t forget to download Nerdio Manager for MSP for 30-days free from the Azure Marketplace!  

A Beginner’s Guide to Intune

Microsoft Endpoint Manager (MEM) is Microsoft’s cloud-based device management platform, which Nerdio Manager for MSP launched integrations with in February 2022. Within this, Microsoft Intune provides granular control of your physical and virtual desktops and laptops. Intune can manage mobile (iOS / Android) devices as well as Windows and Mac OS.   

The Challenge 

Historically, organizations have managed their end-user devices with a variety of products, most commonly Microsoft System Center Configuration Manager. These products work well when managing devices attached to internal networks, but managing external devices can be complex and challenging given today’s work landscape. A significant proportion of employees are working in a hybrid manner, moving devices between the office and the home, therefore a new device management solution is needed which better fits these requirements. 

Microsoft Intune

Intune is different from traditional solutions; the product was designed as a web-based device management solution. Moreover, it can manage the device enrolment lifecycle. By taking advantage of Intune’s “Windows Autopilot” feature, which you can learn more about here, end-users can have brand new devices delivered to their home from the manufacturer or reseller. These devices will then auto-provision themselves out of the box, deploying the settings and applications required for the user. There are many steps to achieving such an outcome, but the key point is – it’s possible! 

Key Features 

Autopilot is just one aspect of Intune. The service covers the full range of device management requirements. Let’s examine some of the key benefits.  

Policy and Security 

Compliance policies allow you to control which devices are allowed to access services based on their compliance. This allows devices to be checked and either barred from using corporate services or flagged within the console until they meet the specific requirements, such as having antivirus enabled. These policies are fully configurable. 

Configuration profiles are analogous to group policies, and you can even import existing group policy objects into your configuration profiles in order to manage device configuration settings. 

Intune also allows the creation of various security policies and features, including DLP policies. Enrolled devices can also be rebuilt, blocked or wiped at the discretion of an administrator.  

Application Deployment 

Intune can be used to manage application deployment to your devices, including Win32, MSI and Windows Store applications. The corporate iOS App Store and Google Play stores can also be linked, allowing application management for mobile devices.  

Patching and Updates 

Windows quality and feature updates can be managed from the console, and the status of devices can be recorded in a log analytics workspace for reporting purposes. 

Mobile Device Management (MDM) vs Mobile Application Management (MAM)

MDM is generally used to manage corporate devices, where all aspects of the devices should be managed and controlled by the organization. MAM is generally used for lighter touch management on personal devices, where you need to control specific corporate applications or data, but you do not want to compromise the sovereignty of the user’s personal device. 

Where to Start?

It’s important to recognize that a move to Intune-based device management does not require a “big bang” or “all in” approach. We recommend that you identify a small subset of devices – maybe 5-10 – for initial testing. Defining your management objectives and device types prior to piloting the service is beneficial. There are five key questions you should ask before starting out, and Microsoft has plenty of guides (linked below) to help: 

  • Application Delivery 
  • Patching & updates 
  • Device restrictions or policies 
  • AutoPilot Deployment 
  • Security & DLP 

Still need help getting started? Check out Microsoft’s documentation for setting up Intune here or schedule some time to chat about your Intune needs + questions with our experts.  

Azure Virtual Desktop vs. Windows 365 for Business

What is Azure Virtual Desktop?

If you’re interested in a deep dive comparing Windows 365 to Azure Virtual Desktop across several technical dimensions like architecture, IT administration, end-user experience, and licensing and infrastructure costs then take a look at Windows 365 vs. Azure Virtual Desktop (AVD) – Comparing Two DaaS Products

“Is Windows 365 an oversized iPhone or a small laptop without a keyboard?” 

This was the question many were asking when the iPad was first introduced by Steve Jobs in 2010.  Today, more than a decade later, we know that it is neither.  iPad created a brand-new tablet computing category.  It didn’t replace the smartphone and didn’t make the laptop obsolete.  It created new use-cases and markets for tablet devices.  

With the introduction of Windows 365 in July 2021, a similar question is being asked.   

“Is Windows 365 a new type of virtual desktop or a replacement for a physical PC?”  

On one hand, Windows 365 Cloud PCs are virtual desktops similar to those delivered by Azure Virtual Desktop and other similar services.  On the other hand, it is a personal Windows device that is managed and behaves the way a physical device does.  Cloud PC is likely to create a new category of computing.  One that will complement both the physical PC and virtual desktop. 

In this article, I will compare Windows 365 to the existing Azure Virtual Desktop service that many are already familiar with and analyze several use-cases where Windows 365 is the right choice and somewhere AVD is the way to go.  In a future article, we’ll compare Windows 365 Cloud PCs to their physical equivalents.   

6 use-cases where Windows 365 is a better fit than Azure Virtual Desktop

1. Fewer than 10 desktops 

If there are a small number of desktops in the IT environment, then Windows 365 Business is the perfect choice.  It does not require any pre-requisites like AVD does.  For example, there is no need for an Active Directory configuration or a storage location for FSLogix containers.  Therefore, from an ease of deployment, management, and cost-effectiveness perspective Windows 365 Business is a clear winner. 

2. No current/planned Azure footprint 

Some organizations have simple, cloud-only IT environments with Microsoft 365 and other SaaS products and no infrastructure footprint in Azure with no plans to add any such infrastructure.  In this scenario, Windows 365 Business is an excellent choice because it is easy to assign desktops to users and there is no administrative overhead for IT admins. 

3. No prior desktop virtualization experience 

Only a small fraction of Windows devices are virtualized today with technologies like AVD.  Desktop virtualization is a complex technology requiring a specialized skill set.  Many organizations do not possess such a skill set and are not looking to build it.  In this scenario, Windows 365 Enterprise is a great option.  It does not require knowledge of multi-session administration, profile encapsulation, auto-scaling, and other complex concepts found in AVD.  Instead, it provides a simpler way to deploy and manage Cloud PCs alongside existing physical PCs in much the same way.   

4. Current investment into Microsoft Endpoint Manager 

Organizations that have already made an investment into Microsoft Endpoint Manager to administer physical desktops and laptops will find Windows 365 an easy way to extend their existing environment with Cloud PCs.  Similar policies can be used to manage both physical and Cloud PCs. 

5. Personalized desktops and local admin rights 

Cloud PCs are designed to be dedicated, personalized VMs belonging to each individual user.  These users may need the ability to administer their own PCs by installing software or making other configuration changes that require local administrator rights.  Windows 365 Cloud PCs make it easy for IT to delegate administration of Cloud PCs to their users.   

6. Users need to access desktop 24/7 

Auto-scaling is a common way to save on Azure costs when using Azure Virtual Desktop.  Cloud PCs, on the other hand, run 24/7 and shutting them down does not save any costs.  If users need access to their Cloud PC on a 24/7 basis (or even more than 55 hours per week), then Windows 365 is not just easier to deploy and manage, it is also more cost-effective. 

3 scenarios where Azure Virtual Desktop may be a better fit than Windows 365 

1. RemoteApp application streaming 

Sometimes all that’s needed is a published application rather than a complete Windows desktop session.  In these scenarios using a full Cloud PC (or AVD desktop) would be overkill and a published RemoteApp application is a better way to go.  Since RemoteApps cannot be published from Windows 365 Cloud PCs, Azure Virtual Desktop is the preferred choice. 

2. High fluctuations of number of desktops needed throughout the month 

Windows 365 licenses are monthly subscriptions.  Once purchased, they are available for use and the cost is incurred regardless of users actually making use of their desktops.  In IT environments where numbers of virtual desktop users fluctuate throughout the month, AVD may be a better fit.  Azure Virtual Desktop infrastructure costs are only incurred when users are actually consuming the resources whereas Windows 365 costs are incurred as soon as a per-user license is purchased. 

3. Cost is primary consideration 

When cost is the primary consideration and pooled Azure Virtual Desktops can be used to consolidate several users on a shared VM, then AVD will be the better option since it will be more cost-effective than Windows 365 in this scenario.  On average, pooled AVD desktops are up to 58% less expensive than dedicated Cloud PCs.  Even auto-scaled personal AVD desktops can be up to 9% cheaper than Windows 365 equivalents if users only utilize their desktop 50 hours per week.  Finally, Windows 365 costs are determined by the number of users with assigned Cloud PCs, regardless of actual usage.  Azure Virtual Desktop infrastructure cost is determined by the number of concurrent users, which is often much lower than the total number of users assigned to desktops. 

Comparing Cloud PC license costs vs. AVD Azure consumption 

There are several considerations that come into play when deciding on the right virtual desktop technology for your organization.  Microsoft provides customers with ample choice and meets customers where they are in terms of admin tooling, existing licenses, and Azure expertise.  Here we’ll explore the cost efficiency of different virtual desktop use cases and determine when Windows 365 fixed-price licenses are more cost-efficient than usage-based AVD infrastructure costs.  For this discussion, we’ll assume that Windows OS licensing costs are the same in both AVD and Windows 365 scenarios and focus exclusively on the cost of the infrastructure. 

Windows 365 license costs depend on the hardware specs needed by a user.  Each desktop comes with a certain number of vCPUs, GB of RAM, and SSD storage.  If we align the vCPU and RAM configuration of each Cloud PC license with a comparable Azure VM size and managed disk we can then compare their costs side-by-side. 

Since Cloud PCs are dedicated, persistent desktops they are most similar to AVD personal desktops. If we compare Cloud PCs with equivalently sized personal AVD desktops, using a VM on a 3-year reserved instance, we’ll see that the prices are very similar and Windows 365 is slightly less expensive for some sizes and much more cost-effective for the largest VMs.  On average, Windows 365 is 11% cheaper than a comparably sized Azure VM and managed disk running 24/7 on a 3-year reserved instance. 


If we assume that users are using their personal AVD desktops 50 hours per week (10 hours X 5 weekdays) and the VMs are stopped the rest of the time, then there will be cost savings by using personal AVD desktops with pay-as-you-go VM pricing and powering them off outside of the 50 work hours (70% of the time).  There are a few scenarios when Cloud PC is about the same cost as an AVD personal desktop, but on average, Azure Virtual Desktop personal desktops are 9% cheaper than Cloud PCs in this use-case.  


Let’s take this a step further and assume that not all users need a dedicated personal desktop and groups of users can be pooled together on multi-session AVD session hosts.  We can see that there are significant per-user savings with AVD pooled desktops using Reserved Instances (RI).  On average, the cost of a pooled Azure Virtual Desktop user on VMs that run 24/7 using 3-year reserved instances is 53% lower than Windows 365


Combining pooled AVD desktops with auto-scaling provides the deepest savings when using Azure Virtual Desktop as compared to Windows 365.  Assuming that users are working 10 hours/day, 5 days/week the average savings is 58% when using pay-as-you-go VMs with auto-scaling. 


Another important consideration is that Cloud PCs are priced per-named user.  Meaning that a license is consumed for every user who is assigned to a Cloud PC – regardless of whether this user ever connects to the desktop.  AVD desktops, on the other hand, only consume infrastructure when concurrent users are logged in.  If no users are connected, no session host VMs need to be powered on.  As more users log in, more infrastructure is brought online to accommodate the demand.   

In most environments, user concurrency is a fraction of the total named users at any given time – often 50% or less.  This means that the cost savings in an AVD desktop environment will be even greater than presented in the tables above when concurrency is considered. 

In summary, we see that Windows 365 Cloud PCs are most cost-effective when users need dedicated, persistent desktops and will be using them more than 55 hours per week.  With users who do not need dedicated, persistent desktops, there is significant infrastructure cost savings by using pooled desktops and auto-scaling technology. 

Free White Paper Download!

Azure Virtual Desktop (AVD) Application Management

 

The purpose of a virtual desktop deployment is to provide users access to applications.  Application and data access is the reason to build a virtual desktop, like Azure Virtual Desktop (AVD), in the first place.  Therefore, installing, updating, and delivering applications to end users is a critical component of a desktop virtualization strategy. 

Azure Virtual Desktop host pools can be deployed as “personal” or “pooled”.  In single-session, personal environments, each user is permanently assigned a dedicated VM as their desktop.  In pooled environments, both single-session and multi-session, multiple users are connected to a “random” VM for the duration of their session and may be connected to a completely different VM the following day.  The methods of managing applications on personal desktops are very different than those used with pooled desktops.  Personal desktops (and Windows 365 Cloud PCs) behave exactly like a physical endpoint device and can be managed using traditional application delivery tools like Microsoft Endpoint Manager (SCCM and Intune).   

Pooled desktops provide several advantages over personal desktops such as cost efficiency and ability to standardize the IT environment.  However, they also come with unique application management challenges since most existing tools are built for a one-to-one user-to-desktop assignment, which is not the case with pooled desktops. 

In this article, we’ll focus on the strategies available to manage applications in pooled AVD deployments. 

 

The challenge with app management in pooled desktop environment can be boiled down to this – multiple users are sharing VMs, any installed app is available to all users. This “all or nothing” approach creates many challenges in situations where specific apps must be available to certain groups of users, but not to others.  How can we selectively assign applications to individual users or groups of users?   

Delivering apps to AVD users on pooled desktops requires two steps:

  1. Installing the application on either the image or session host VM
  2. Delivering the app to some or all users

Let’s take a look at the available options for each of these steps.

List of Azure Virtual Desktop Installation Applications

Installing applications in a pooled AVD environment can be accomplished in one of five ways: Manual install on image, scripted action install on image, Microsoft Endpoint Manager (MEM) install on image, scripted action install on session hosts, or MEM install on session hosts.

1. Manual Install On Image 

The easiest way to install applications is by loading each app on the base image VM one at a time.  Once all apps are installed, the image is “sealed” and can be used to build new session hosts or update existing ones.  All installed apps will be available to all users who connect to these session hosts. 

This method is easy to start with but becomes difficult and time consuming to maintain over time. 

2. Scripted Action Install On Image 

Script the installation of applications with Powershell, save these scripted actions in the Nerdio Manager Scripted Action library, and run the scripted actions on the image during creation or monthly patch cycle.  Once the updated image is deployed to session hosts, all users can access all apps. 

This method requires a bit of work to script the installation of each app but makes ongoing image and application updates easy and automated. 

3. MEM Install On Image 

Leverage existing MEM workflows to install and update applications on the base image.  Once all apps are installed, the image is “sealed” and can be used to build new session hosts or update existing ones.  All installed apps will be available to all users who connect to these session hosts. 

This method required some upfront work to get all applications imported and configured in MEM. 

4. Scripted Action Install On Session Hosts 

Instead of pre-installing application on the image, deploy apps to session host VMs with Nerdio Manager using scripted actions while the VMs are being created.  The latest base image can be pulled from the Azure Marketplace and all apps can be automatically installed during session host VM creation. 

This method required a bit of work to script installation of each app but makes ongoing host updates easy and automated.  All installed apps are available to all desktop users. 

5. MEM Install On Session Hosts 

Instead of pre-installing applications on the base image, deploy apps to session host VMs with MEM after the VMs are created.  The most recent image can be pulled from the Azure Marketplace and all apps will be automatically installed once the session host VMs are created. 

This method required some upfront work to get all applications imported and configured in MEM. 

Azure Virtual Desktop User Delivery 

Once applications are installed, they need to be delivered to users.  This is where the challenge of pooled desktops comes in.  Regardless of which of the 5 methods above was used to install the apps, once installed, all users will have access to all apps.  This may be OK in some scenarios but, often, this is not ideal. 

The following methods can be used to selectively deliver specific apps to specific users or groups: Multiple images and host pools, RemoteApps, MSIX app attach, or Nerdio’s installed apps management.

1. Multiple Images and Host Pools 

Since all installed apps on the image are available to all users assigned to a host pool based on this image, one way to selectively assign groups of apps to groups of users is by creating and maintaining multiple desktop images, each associated with its own host pool.  Different groups of users are assigned to separate host pools that only have the apps that the users need. 

Although this method can achieve the objective of selective app assignment in a pooled desktop environment, it is difficult to manage at scale.  The number of images with unique configurations tends to be high and the effort required to maintain each individual image with its own set of apps is extremely time consuming. 

2. RemoteApps 

If users don’t need access to a full desktop, RemoteApps can be selectively published to individual users or groups.  Instead of launching a full desktop session, users will open individual apps published to them by the administrator. 

3. MSIX App Attach 

MSIX app attach is a relatively new technology available in AVD.  Administrators can assign individual MSIX apps to specific users or groups.  The application gets mounted when the user logs in and only entitled users can access the app.  One session host VM can have multiple connected users with different apps available in their sessions. 

MSIX app attach is great in concept and works well in practice.  However, today very few applications are available in the new MSIX format and converting existing apps to MSIX is a challenging and time-consuming process.  As a result, until the MSIX format becomes more widespread among software publishers, app attach is not very commonly used. 

4. Nerdio’s Installed Apps Management 

This is the most flexible and easy method to manage app assignment.  It leverages a technology built into FSLogix called “Application Masking”.  The concept is very simple: install a superset of apps on the image and use application masking to only reveal the apps an individual user need.  App masking doesn’t just hide the application shortcut, it makes all components of the app (e.g. files, registry entries, shortcuts, etc.) completely invisible to users who have no access.  There is nothing even a very sophisticated user can do to access an application that has been masked from them.  Unfortunately, with out-of-the-box FSLogix tools, implementing app masking is challenging and extremely complex.  It is difficult to initially configure and even more difficult to maintain at scale. 

This is where Nerdio’s Installed Apps Management feature comes in.  Nerdio Manager simplifies and automates the app masking configuration process down to 3 steps: Discover installed apps, create app-to-users assignment rules, and apply rules to hosts.

Let’s look at each of these steps in more detail. 

1. Discover Installed Apps 

Whenever a new host pool is created or an existing host pool is re-imaged, Nerdio Manager will automatically discover all installed applications on the host pool and create an inventory.  This inventory of discovered apps will include all apps installed on the base image and directly on the session host VMs.  Each discovered application will have several “paths” associated with it.  These paths are locations of files and registry entries that belong to a specific application. 

2. Create App-to-Users Assignment Rules 

Once all apps are discovered, one or more rule sets can be created to define which apps are available to which users and groups.  By default, all installed apps are available to all users.  However, once an application is added to a rule set it can be made available to all users with exceptions (blacklist) or be made unavailable to all users with exceptions (whitelist). 

Apps-to-users assignment rules can be used for individual apps or groups of applications.  For example, there may be a rule set for Browsers that includes Microsoft Edge, Google Chrome, and Mozilla Firefox that is made available to all users except for certain group of task workers.  And there could also be a rule set for Accounting Apps that includes various accounting and finance applications that are available only to members of Accounting and Finance security groups. 

3. Apply Rules to Hosts 

Once apps are automatically discovered and rule sets are created, Nerdio Manager applies these rule sets to all existing hosts and all newly created VMs in the host pool.  The process of applying rule sets does not require a reboot of the VMs and can be done in production.  Within a few minutes, users will notice apps appear or disappear depending on rule set configuration. 

With these the simple steps, admins gain full control over users’ access to specific apps without creating and managing multiple images and host pools. 

Application management is a critical component of AVD administration strategy and Nerdio Manager provides a complete suite of tools to install applications via images and scripted actions and to deliver apps to specific users with RemoteApps, MSIX app attach, and Installed Apps management. 

DOWNLOAD THE FULL ARTICLE HERE

 

Employee Spotlight: Get to Know Jenae Gay

  1. What’s your role here at Nerdio? What do you do on a day-to-day basis and how do you help partners/customers?  

I’m an Administrative Assistant for the Events team. On a day-to-day basis I primarily work on our training camp events that take place globally! I mostly focus on coordinating the US training camps. I am responsible for the various event deliverables to make our training camps a success from pre- to post- event! That process entails locating the venue and planning event logistics with the venue staff, managing guest registration and communication of all event details, ensuring event inventory arrives to the venue, and organizing leads from our events to get generated to the marketing department.  

  1. What’s a fun fact about you that most people don’t know/couldn’t guess?  

I grew up singing and dancing! I’ve done pretty much every style of dance my whole life–jazz, tap, ballet, lyrical, you name it– and I used to sing in the church and performed a bit in high school, as well! 

  1. What’s one technology advancement you hope to see or think we will see in the next ten years?  

 I can definitely see an increased advancement in productivity-based technology. A lot of technological advances are based in helping the user save time and use It efficiently, whether it’s for business purposes or everyday household use like Roombas. I can see that continuing for sure over the next ten years.  

  1. What are three albums you’d bring with you to a deserted island?  

If I could bring three albums to a deserted island, they would be: Beyonce’s Renaissance, Rihanna’s Anti, and definitely a Best of the 80’s album. 

  1. In your opinion, what’s the most rewarding part of working for Nerdio?  

The most rewarding part is the culture. I’ve been searching for a company that truly values their employees and works hard, but also emphasizes a work life balance. Nerdio is exactly what I was looking for, in that they really prioritize all three. I also appreciate the fact that we are a smaller team but we continue to produce and achieve a lot within the industry.  

  1. What sitcom family or friend group would you choose to be a part of?  

The Office for sure. Reality TV wise, I would love to be a part of any of the Real Housewives Series 

  1. Besides a standard computer, what is the earliest piece of technology you remember owning? The first piece of technology I owned was an iPod Shuffle, the really small one which didn’t even have a screen. 
  1. You joined Nerdio in April. What drew you to join Nerdio’s team? 

I was looking for a role with more responsibility, so the role itself drew me in naturally. I also really did love my interview with Michele Spirk. I felt like we really connected and had similar experiences in the events industry, and I knew I’d really enjoy working with her and the Events team. Another draw was having a remote position. I wanted to get into the tech industry and keep working in events and wanted to coordinate and plan events with the option of not always attending the events in person. After the lack of job security during the pandemic in the events industry due to the in-person nature, a remote job involving tech and events seemed perfect. I also really appreciated the company values.  

  1. What’s the most valuable thing you’ve learned while working in tech?  

The most valuable thing I’ve learned is how important workflows are to maximizing your productivity, as well as the resources we utilize. I’ve learned over the last few months how many things are connected to our partners and customers. I’ve also had a closeup view of how important events are in the tech industry, and the integrations and workflows are a huge component of making our events successful.  

  1. What’s a current technology trend you’re passionate about?  

I’m really passionate about the integration of technology together to increase productivity. The way technology works together, with cloud-based technologies for example, to make different aspects and tasks in life more convenient and allow people to operate more efficiently is really great.  

Windows 365 vs. Azure (Windows) Virtual Desktop – Comparing Two DaaS Products

Windows 365 Cloud PC service and Azure Virtual Desktop (AVD) are both Desktop-as-a-Service solutions from Microsoft, but there are several important differences between them.  In this article, we’ll take a deep dive into the similarities and differences between the services.  We’ll compare AVD and Windows 365 across several dimensions in detail and then summarize it all together in a side-by-side chart. Let’s take a look at the two services across 5 primary areas:

  1. Technical Architecture
  2. IT Admin Experience
  3. End-user Experience
  4. Licensing and Infrastructure Costs
  5. Cloud PC License Cost vs. AVD Azure Consumption

Azure (Windows) Virtual Desktop Infrastructure

1. Technical Architecture of Windows 365

Under-the-hood, both AVD and Windows 365 leverage a similar set of Microsoft cloud technologies.  Technically, Windows 365 is built on top of existing AVD components but has a different transactional model (fixed price vs. consumption-based).

There are two versions of cloud PCs: Enterprise and Business.

Enterprise cloud PCs are designed for organizations who have invested into Microsoft Endpoint Manager and are using this powerful platform to manage their existing, physical Windows 10 desktops.  Enterprise cloud PCs require an Intune license for each user who is assigned a cloud PC M365 SKU.

Business cloud PCs are designed for individual users and very small businesses who typically go to their local Best Buy when they need a new PC.  Now, instead of visiting Best Buy, they can go to Microsoft and subscribe to a new cloud PC and have it ready to use in an hour.  Business cloud PCs do not require an Intune license and are managed entirely by the user, similar to a standalone physical PC.

The diagram below depicts the deployment architecture of both Enterprise and Business cloud PCs.

Windows 365 Cloud PC ArchitectureEnterprise

Enterprise Cloud PCs are Azure and Active Directory dependent.  An Azure subscription with a properly configured network is required with access to Active Directory that has Azure AD Hybrid Join enabled.  Azure AD DS is not currently supported and cloud-only, Azure AD join is not currently supported either.

The VM itself runs in a Microsoft-managed Azure subscription, which means admins don’t have access to it directly and are not incurring the cost of this VM in their own Azure subscription.  However, the VM’s network interface card (NIC) is “injected” into a vNet in a customer’s Azure subscription.  All network traffic enters and leaves the VM via the customer-managed vNet.  Egress transfer costs are incurred by the customer.

Since admins don’t have direct access to the VM running in Microsoft’s Azure subscription, all management tasks (e.g. software installation, patching, policies) are performed through the Microsoft Endpoint Manager portal.  

Enterprise Cloud PC pre-requisites:

  • Azure subscription with vNet
  • Azure vNet can access Active Directory domain controller (i.e. a PC can be joined to the domain).  Custom DNS servers, necessary routing, and firewall access to AD.
  • Azure AD Connect configured and running within Active Directory with AAD Hybrid Join enabled
  • Intune enabled on Azure AD tenant (each cloud PC user needs and Intune license assigned)
  • Admin setting up the initial deployment must be an Owner of this Azure subscription
  • Azure AD DS is NOT supported

Enterprise Windows 365 Cloud PC high-level setup steps (without Nerdio Manager):

  • In Microsoft Endpoint Manager create an “on-premises network connection” pointing at the vNet and provide AD credentials to join new VMs.  The network connection and AD credentials will be validated automatically.  This process may take a while to complete.
  • Upload an existing custom Windows 10 Enterprise image or use a clean Microsoft-provided gallery image
  • Create a cloud PC “provisioning policy” that combines an “on-premises network connection” with a desktop image.  Assign this provisioning policy to an Azure AD security group.
  • Add users to the Azure AD security group that the provisioning policy is assigned to

Enterprise Cloud PC user entitlement

  • Once the above pre-requisites and setup steps are completed, entitling a user to a cloud PC is very easy.  Simply assign a cloud PC license to the user via the Windows 365 Admin portal.
  • If the user is a member of a security group that’s assigned to a cloud PC provisioning policy and the network connection is “healthy,” a new cloud PC will start provisioning. It will take up to an hour for the cloud PC to be ready for the user to log into.

Windows 365 Cloud PC ArchitectureBusiness

Business Cloud PCs are VMs that run entirely in Microsoft’s Azure subscription, including the network interface cards.  The customer does not need to provide an Azure subscription. There is no Active Directory dependency since Business cloud PCs natively join Azure AD.  There is also no requirement of an Intune license.

Business Cloud PCs route all traffic through Microsoft-controlled network infrastructure and there is no way for admins to control the inbound or outbound connectivity to/from these VMs.  There is currently no way to assign static IPs to Business cloud PCs.  Since these Cloud PCs run in Microsoft’s Azure subscription and are not enrolled in Intune, there is no admin interface to manage them.  They can only be managed directly by the user, just like a standalone physical Windows device.

There are no pre-requisites and no setup steps needed for Business Cloud PCs.  Simply assign a Business Cloud PC license to a user in the Windows 365 Admin portal and the new desktop gets provisioned within an hour.  The user will get an email notification with login instructions to start using their new cloud PC.

1a – Control Plane

Azure Virtual Desktop and Windows 365 share the same global control plane running in Azure.  The control plane consists of things such as the web portal, gateway, connection broker, licensing, and diagnostics service.  All components are hosted and managed by Microsoft and admins interact with them via a portal or API while end users interact with them via the AVD and cloud PC client apps.

An agent application runs on each virtual desktop – AVD session hosts and Windows 365 cloud PCs.  This agent is responsible for communication with the Microsoft-managed control plane.  Microsoft manages the agent and updates it automatically.  The agent for both AVD and Windows 365 appear to be the same.

1b – Azure Subscriptions & Windows 365

Azure Virtual Desktop requires all session host VMs, FSLogix profile storage, and networking to be contained in a customer’s Azure subscription.  Microsoft manages the control plane components, while the customer is fully responsible for everything related to the session host VMs.  Costs are also incurred for all components based on usage at the customer subscription level.

With Windows 365, all compute (i.e. VMs) is contained in a Microsoft-managed Azure subscription.  This means that customers don’t have direct access to manage the VM resources, as they do with AVD, since these resources are not accessible in their Azure subscription.  They also don’t incur the costs associated with running cloud PC VMs at the Azure subscription level (more on this below).

There is a significant difference between Windows 365 Enterprise cloud PCs and Business cloud PCs.  Enterprise cloud PCs run in Microsoft’s Azure subscription, but their network interface cards (virtual NICs) are “injected” into the customer’s Azure subscription.  Business cloud PC VMs reside entirely within Microsoft’s Azure subscription with no components connected to any customer Azure subscription.

1c – Compute

Azure Virtual Desktop session hosts are regular VMs and can be deployed and used in a very flexible way with all the power of Azure.  These session hosts can serve up personal desktops, where a VM is dedicated to a single user, or pooled desktops where a VM can be used by multiple users who move between such VMs daily.  The cost of compute is incurred by the customer since these VMs run in the customer’s Azure subscription.  Since pricing for Azure compute is based on usage, auto-scaling can be used to significantly reduce the cost of VMs in an AVD environment.  Reserved Instances can also be used with AVD session host VMs.

A Windows 365 cloud PC is a VM that’s dedicated to a single user via permanent assignment (like personal desktops in AVD).  These VMs run in Microsoft’s Azure subscription, which means the customer is not responsible for the compute costs.  They are licensed via a Windows 365 cloud PC license and are based on a fixed per-user-per-month price.  Since IT admins don’t have access to these VMs directly from the Azure portal and the cost doesn’t depend on usage, concepts like auto-scaling and reserved instances don’t apply to cloud PCs.

1d â€“ Storage

Azure Virtual Desktop session host VMs must have an OS disk attached to them.  These disks can be any Azure managed disk type (e.g. Premium SSD, Standard SSD or Standard HDD) and even an Ephemeral OS disk.  IT admins have full flexibility when it comes to the size and type of OS disk to use.  Auto-scaling can be leveraged to convert SSD disks to cheaper HDD disks while VMs are powered off. 

FSLogix profiles are typically stored in Azure Files shares, Azure NetApp Files volumes, or file server VMs.  Here too, IT admins have full flexibility around the type of storage and the size of storage to use in the AVD deployment, including what to back up and how.  All storage costs associated with session host OS disks and FSLogix profile storage are incurred by the customer via the Azure subscription.

Each Windows 365 cloud PC comes with a pre-defined amount of local SSD storage.  The cost of this storage is included in the cloud PC M365 license, and the OS disk object is located within Microsoft’s Azure subscription, which means the customer is not responsible for any Azure storage costs.  There is no flexibility around what type of storage to use and using auto-scaling is not possible since the cost is fixed.  FSLogix is not used with Windows 365 cloud PCs and user profiles are “native” and reside fully on the C: drive of the desktop.  This means that no additional Azure Files, Azure NetApp Files, or file server VMs are needed. There are limited backup and DR options available for now with cloud PCs.

1e – Networking 

Azure Virtual Desktop network routing and security is fully under the control of IT admins.  Session hosts are regular VMs that can be created on any virtual network in the customer’s Azure subscription and this vNet can be configured with all the flexibility of Azure networking.  This means that customers have full control of how ingress and egress traffic is routed, what IP addresses are used, VPN connectivity, etc.  They are also responsible for any costs associated with egress bandwidth usage.

The network configuration of Cloud PCs depends on whether they are Enterprise or Business.  Enterprise cloud PCs have the same capabilities, from a networking perspective, as AVD session hosts.  The vNet that they attach to resides within the customer’s Azure subscription and is fully controlled by the IT admin.  Network interfaces of cloud PCs are “injected” into the customer’s Azure subscription even though the VM resources they are attached to are in a different subscription.  Just like with AVD, all costs associated with networking are incurred by the customer.

Business cloud PCs don’t have the same network flexibility as Enterprise ones.  Their network interfaces are not injected into a vNet in the customer’s Azure subscription but are part of a Microsoft-managed network.  This means that routing, firewall security, VPN connectivity, and IP addressing cannot be controlled by the customer.  The costs of egress bandwidth usage are not customer’s responsibility and are included in the cost of licensing a cloud PC  (more on this below).

1f â€“ User Profiles 

Azure Virtual Desktop leverages FSLogix profile container technology.  This allows users to roam from one session host VM to another while their user profile (contents of c:\users\username folder) follows them seamlessly. FSLogix provides lots of flexibility but comes at the cost of having to deploy at least one SMB file share to host the profile container VHD(X) files.  This is typically done with Azure Files, Azure NetApp Files, or file server VMs. 

Because Windows 365 Cloud PCs are single-session desktops dedicated to individual users, Microsoft removed FSLogix from the picture.  A user’s Windows profile is “native”, meaning that it is stored directly on the C: drive of the cloud PC, exactly as is with traditional, physical Windows computers.  This removes the complexity of having to configure and manage FSLogix and the associated overhead of having a SMB file share to store profiles centrally.  It also introduces some unique challenges in protecting users’ data (e.g. Documents and Desktop folders) and moving users from one desktop to another without losing settings.

1g – Identity

Azure Virtual Desktop currently requires Active Directory Domain Services.  This requirement can be fulfilled by using an existing Windows AD environment or by using the Azure AD DS PaaS service.  Native Azure AD join isn’t yet supported, but upcoming support was recently announced.

Windows 365 Enterprise cloud PCs require Hybrid Azure AD join.  This means that you need traditional Windows AD synched to Azure AD with Hybrid Join enabled.  Azure AD DS is not currently supported.

Business cloud PCs are natively Azure AD joined and do not require (or support) Windows AD or Azure AD DS.

Summary (Windows 365 & AVD Technical Architecture)

The IT admin experience varies greatly between Windows 365 and Azure Virtual Desktop.  AVD relies heavily on Azure management concepts and provides maximum flexibility while Windows 365 aims to simplify management by making it (close to) identical to managing existing physical desktop assets and leveraging the same set of Microsoft tools to manage physical and virtual PCs.

2a – Management Portal

All components of Azure Virtual Desktop are managed via the Azure portal, PowerShell, or third-party tools like the Nerdio Manager.

Enterprise cloud PCs are managed via Microsoft Endpoint Manager (MEM) and via the Azure portal for all networking.  Administration of Enterprise cloud PCs can also be unified via a single portal like the Nerdio Manager.  MEM allows management of cloud PCs at the OS level and above.  This means that admins do not have access to make changes to the underlying VM resources, they can only make changes to Windows and applications.  Virtual networking is managed via the Azure portal.

Business cloud PCs are not integrated with Endpoint Manager and do not have a dedicated management portal.  They can only be managed by the end user assigned to the desktop while logged into it.  Actions such as PC restarts can be performed by the user from the cloud PC web portal.  Admins can manage Business cloud PC license assignment with Windows 365 Admin portal and third-party tools like the Nerdio Manager.

2b – Operating System

Azure Virtual Desktop supports all current versions of Windows, including Windows 10 Enterprise (single session), EVD (multi-session) and Server 2012/2016/2019.

Windows 365 cloud PCs only support Windows 10 Enterprise (single session) since they are dedicated, non-multi-user desktops.

2c – Desktop Image Management

Azure Virtual Desktop can leverage all image types.  These include Azure Marketplace images, custom images, and shared image gallery images.  Session host VMs can be created from these images and be kept up to date by updating the image and then re-imaging session hosts to the latest version.  Images can be stored in one or more Azure regions for geographic distribution and resilience.  Images can use any supported operating system and be both Gen1 and Gen2 VM hardware.  There is no limit on the number of Azure images that can be used in an AVD environment.

Enterprise Windows 365 Cloud PC images support Microsoft-provided Windows 10 Enterprise OS or custom images stored in a customer’s subscription.  These images must be Gen1 VM hardware.  There is a limit of 20 custom images per Azure AD tenant.

Business Windows 365 Cloud PCs don’t support custom images and must be deployed from Microsoft provided Windows 10 Enterprise OS.

2d – Applications and Updates

Azure Virtual Desktop session hosts can be updated via Microsoft Endpoint Manager, through a golden image, or manually.  Applications can be delivered to session hosts via image updates, manual installation on host VMs, or using MSIX app attach.  The update and application delivery process in AVD is very flexible and can be fully automated.

Enterprise cloud PCs can be updated via MEM or manual methods.  Image-based software deployments are not typical without third-party tools like Nerdio Manager.  Also, MSIX app attach application delivery is not currently supported with cloud PCs.

Business cloud PCs can be updated with Windows update, manually by the user, or by using third-party management tools.

2e – Backup and Disaster Recovery

Azure Virtual Desktop session hosts can be backed up and protected in several different ways including Azure Site Recovery and Azure Backup.  This allows organizations to create a robust backup, DR, and business continuity strategy for their virtual desktop environment.

There is currently no native backup method for Windows 365 cloud PCs since they are not accessible to admins at the storage or hypervisor level.  Third-party, agent-based, OS-level backup methods can be used to protect cloud PCs.

2f – Monitoring

Azure Virtual Desktop includes robust logging, diagnostics, monitoring, and reporting capabilities.  Logs are generated by the AVD service and AVD agent running on session host VMs.  This information is streamed to Azure Log Analytics where it is captured and visualized with Azure Monitor workbooks.  Many third-party monitoring tools are available for AVD.

Due to the lack of hypervisor-level access to cloud PC VMs, monitoring is possible only via Endpoint Analytics, which is the same tool that can be used for monitoring physical endpoints.  Business cloud PCs do not currently have a monitoring interface.

2g – User Profiles

Azure Virtual Desktop leverages FSLogix for user profile encapsulation.  This allows users to easily roam between session host VMs without losing their user state between sessions.  Personal AVD desktops can be deployed without FSLogix, but even in persistent scenarios FSLogix profiles provide a valuable profile backup capability and make it easier to manage session host updates through images.  A SMB file share is required to host the FSLogix profile containers.  This can be an Azure Files share, Azure NetApp Files volume, or a file server VM.

Windows 365 cloud PCs do not leverage FSLogix and all profiles are natively stored on the C: drive.  This allows for simplified management since no additional SMB storage or profile configuration is required.  Without profile data redirection it is important to consider ways to back up user data.  One such strategy can leverage OneDrive to protect user data.

2h – Networking

IT admins fully control all aspects of Azure Virtual Desktop networking since it runs in a customer-managed Azure subscription.  Static IP addresses can be assigned, VPN tunnels configured, and firewall rules enforced.

Enterprise cloud PCs have the same network flexibility as in AVD deployments.  Business cloud PCs, on the other hand, do not have any network flexibility.  Microsoft fully controls the IP addressing, traffic flow, and security of Business cloud PC networking.

2i – Auto-Scaling

Azure Virtual Desktop greatly benefits from usage-based Azure pricing model and auto-scale can be used to drastically reduce Azure compute and storage costs – up to 75% of peak demand.  It is also possible to use Azure Reserved Instances to reduce costs and guarantee available capacity.

Windows 365 cloud PCs are priced on a fixed monthly basis.  Even if a user does not log into their desktop at all during the month, the desktop will cost the same as if the user logged into their desktop every day.  Therefore, the concept of auto-scaling does not apply to cloud PCs.  This has significant impact on cost efficiency in different use-cases.  

Summary (Windows 365 & AVD IT Admin Experience)

3. Windows 365 & Azure Virtual Desktop End-user Experience

The end-user experience is almost identical in Windows 365 and AVD.  Users connect to AVD sessions and cloud PCs using the same client app, which is available for Windows, MacOS, iOS, Android and as a HTML client.

Windows 365 is built on top of Azure Virtual Desktop global infrastructure and will be familiar to those with AVD experience.  When connecting to a cloud PC, a user authenticates to Azure AD using the AVD client and all cloud PCs that the user is entitled to appear in the feed.

Leveraging the same infrastructure as AVD provides users the advantage of a unified experience across Windows 365 and Azure Virtual Desktop.  Admins can control the resources visible to individual end-users and the user will see everything in a single feed using the same app.  The authentication and multi-factor experience will also be very familiar since it leverages Azure AD, which is used for M365 and AVD authentication.

3a – Connecting to Desktop

With Azure Virtual Desktop, users navigate to https://aka.ms/wvdwebarm or download a client app from https://aka.ms/wvdclients

Windows 365 cloud PC users navigate to https://cloudpc.microsoft.com and connect in the same way as AVD.

Step 1: Go to https://cloudpc.microsoft.com and log in

Step 2: Connect to cloud PC in the browser or download the Remote Desktop client app

3b – Printing and Scanning

Both Azure Virtual Desktop and Windows 365 cloud PCs support printer and scanner redirection via the Remote Desktop client app.  With AVD and Enterprise cloud PCs it is possible to configure network-based printing and scanning with a site-to-site VPN tunnel between the Azure vNet and local network that hosts the printers and scanners.  It is not possible to use network-based printing and scanning with Business cloud PCs since IT admins do not have control of the network where the cloud PCs reside.  Universal Print is Microsoft’s new cloud-based print solution that can be used with AVD and Windows 365 cloud PCs.  Several third-party products exist that help simplifies printing and scanning.

3c – User self-service

Azure Virtual Desktop has limited self-service capabilities for end-users.  For example, users cannot restart their own desktop VM or log off a hung session with the AVD client app.  Third-party tools, like Nerdio Manager, provide users with a self-service portal where such actions can be performed.

Windows 365 cloud PCs can be restarted by the end-user without the need to contact support.  A restart button is built into the cloud PC web portal.

Summary (Windows 365 & AVD End-user Experience)

Windows 365 vs. Azure Virtual Desktop Costs

4. Windows 365 vs. Azure Virtual Desktop Licensing and Infrastructure Costs

4a – Windows 10 Enterprise

Azure Virtual Desktop requires the user connecting to an AVD session to have an assigned Windows 10 Enterprise subscription license.  Windows 10 Enterprise can be purchased as a standalone subscription (e.g. Windows 10 Ent E3/E5/VDA) or be included as part of a Windows 365 suite subscription (e.g. M365 E3/E5 and Business Premium).  This Windows subscription license includes the usage rights of the AVD control plane and entitles the user to connect to Windows 10 desktops hosted in Azure.  All other costs are part of Azure infrastructure consumption (e.g. compute, storage, networking).

Both Enterprise and Business Windows 365 cloud PCs require a Windows 10 Enterprise subscription just like AVD desktops.  However, the compute costs are not purchased as usage-based Azure resources but rather as a M365 license SKU.

4b – Compute and Storage

Azure Virtual Desktop infrastructure costs are based on Azure consumption.  This includes the compute costs of running AVD session host VMs, the cost of OS disks and the usage of Azure Files for FSLogix storage.  All costs are based on actual usage.  If a VM is powered off, there is no compute charge.

Windows 365 cloud PCs are not purchased as Azure usage-based infrastructure.  Rather, they are purchased as licenses through Windows 365.  Each cloud PC license provides the user with a certain amount of compute, RAM, and storage capacity.  At general availability, there will be 12 cloud PC sizes ranging from 1 vCPU to 8 vCPUs, 2 GB to 32 GB of RAM, and 64 GB to 512 GB of storage.  

4c – Networking

Azure Virtual Desktop networking costs are incurred at the Azure subscription level where session host VMs run.  These charges typically include egress bandwidth, NAT gateway, VPNs, and Firewalls.

Enterprise cloud PCs require the customer to provide a network infrastructure within a customer-managed Azure subscription.  Therefore, all network costs are the same as with AVD.

Business cloud PCs do not leverage a customer-managed Azure network.  Therefore, all network related costs are incurred by Microsoft and are included in the monthly cloud PC license.

4d – Intune

Intune can be optionally used to manage Azure Virtual Desktop session hosts.  However, Intune is not required for an AVD deployment, and most environments are managed via images.

Enterprise cloud PCs require an Intune license.  Since Intune is the management interface for these cloud PCs, the Azure AD tenant must have an Intune license and each user who is assigned to an Enterprise cloud PC must have an Intune license assigned.  Intune licenses can be purchased standalone or as part of a Windows 365 package like E3/E5 and Business Premium. 

Business cloud PCs are not managed through MEM and therefore do not require an Intune license.

4e – Windows 365 Apps (Office)

Azure Virtual Desktop requires a subscription to Windows 365 Apps with Shared Computer Activation entitlement.  All Microsoft 365 packages that include Office Apps have Shared Computer Activation. Windows 365 Business standalone does not and, therefore, cannot be used in AVD.

Windows 365 cloud PCs are dedicated VMs and therefore do not require Shared Computer Activation.  Any subscription to Microsoft 365 is sufficient.

Summary (Windows 365 & AVD Licensing and Infrastructure Costs)

5. Comparing Windows 365 Cloud PC License Costs vs. AVD Azure Consumption

There are several considerations that come into play when deciding on the right virtual desktop technology for your organization.  Microsoft provides customers with ample choice and meets customers where they are in terms of admin tooling, existing licenses, and Azure expertise.  In this section, we’ll explore the cost efficiency of different virtual desktop use-cases and determine when Windows 365 fixed-price licenses are more cost-efficient than usage-based AVD infrastructure costs.  For this discussion, we’ll assume that Windows OS licensing costs are the same in both AVD and Windows 365 scenarios and focus exclusively on the cost of the infrastructure. 

Windows 365 license costs depend on the hardware specs that a user needs.  Each desktop comes with a certain number of vCPUs, GB of RAM, and SSD storage.  If we align the vCPU and RAM configuration of each cloud PC license with a comparable Azure VM size and managed disk we can then compare their costs side-by-side. 

Since cloud PCs are dedicated, persistent desktops they are most similar to AVD personal desktops. If we compare cloud PCs with equivalently sized personal AVD desktops, using a VM on a 3-year reserved instance, we’ll see that the prices are very similar and cloud PC is slightly less expensive for some sizes and much more cost effective for the largest VMs.  On average, Windows 365 is 11% cheaper than a comparably sized Azure VM and managed disk running 24/7 on a 3-year reserved instance. 

If we assume that users are using their personal AVD desktops 50 hours per week (10 hours X 5 weekdays) and the VMs are stopped the rest of the time, then there will be a cost savings by using personal AVD desktops with pay-as-you-go VM pricing and powering them off outside of the 50 work hours (70% of the time).  There are a few scenarios when Cloud PC is about the same cost as an AVD personal desktop, but on average, Azure Virtual Desktop personal desktop is 9% cheaper than a cloud PC in this use-case.  

Let’s take this a step further and assume that not all users need a dedicated personal desktop and groups of users can be pooled together on multi-session AVD session hosts.  We can see that there is significant per-user savings with AVD pooled desktops using reserved instances (RI).  On average, the cost of a pooled Azure Virtual Desktop user on VMs that run 24/7 using 3-year reserved instances is 53% lower than Windows 365. 

Combining pooled AVD desktops with auto-scaling provides the deepest savings when using Azure Virtual Desktop as compared to Windows 365.  Assuming that users are working 10 hours/day, 5 days/week the average savings is 58% when using pay-as-you-go VMs with auto-scaling. 

Another important consideration is that Cloud PCs and personal AVD desktops are priced per-named user.  Meaning that a license or VM is consumed for every user to whom the Cloud PC license or AVD personal desktop VM is assigned – regardless of whether this user ever connects to the desktop.  Pooled desktops, on the other hand, only consume infrastructure when concurrent users are logged in.  If no users are connected, no session host VMs need to be powered on.  As more users log in, more infrastructure is brought online to accommodate the demand.   

In most environments, user concurrency is a fraction of the total named users at any given time – often 50% or less.  This means that the cost savings in a pooled desktop environment will be even greater, when concurrency is considered, than presented in the table above. 

By putting it all together, we see that Windows 365 Cloud PCs are most cost effective when users need dedicated, persistent desktops and will be using them more than 50 hours per week.  With users who can be pooled together into AVD host pools, there is significant infrastructure cost savings to be realized by using auto-scaling. 

Here’s a complete comparative summary table: 

LEARN MORE ABOUT WINDOWS 365 & NERDIO

LEARN MORE ABOUT NERDIO MANAGER FOR MSP

LEARN MORE ABOUT NERDIO MANAGER FOR ENTERPRISE

Free White Paper Download!

How to Make Azure Virtual Desktop (AVD) Deployment More Resilient for Disaster Recovery Considerations

The usage of Azure Virtual Desktop (AVD) is growing fast and AVD has become a mission critical component of many IT environments. Making AVD resilient is an important design consideration when relying on the service for access to corporate data and applications. 

Since AVD deployments consist of several inter-dependent components, we will consider each one individually in the configuration of Business Continuity and Disaster Recovery (BCDR) for AVD. 

Azure Virtual Desktop Components 

The table below lists the various AVD components with their associated DR considerations.   

Disaster Recovery (DR) Scenarios 

When planning for AVD disaster recovery, it is important to identify the possible outage scenarios and decide on the ones to protect against.  Some DR strategies will cover multiple scenarios as we’ll see below. 

Scenario #1:  Corruption of data, metadata, or resources, but no underlying data center or region outage 

In this situation, restoring from backup or rebuilding session host VMs is the best approach.  Let’s review how this applies to each AVD environment component: 

  1. AVD service - because this service is hosted, managed, and backed up by Microsoft there is nothing for you to do.  The AVD service will fail over automatically and Microsoft is responsible for getting everything back up and running within the provided SLA. 
  1. Identity / Directory â€“ If using native Azure AD joined VMs, no action is necessary. Microsoft is responsible for keeping this service operational within the provided SLA.  If using Active Directory, functional AD domain controllers must always be accessible. Azure AD DS operates two domain controllers, in separate availability zones if supported, by default
    • Recommendation: Use Azure AD native, Azure AD DS, or if using Active Directory create multiple AD domain controllers.  Back up the AD system state and restore, if needed. 
  1. Desktop images - Changes are often made to desktop images during the normal course of AVD maintenance.  Maintaining backups of desktop images is important to be able to quickly recover from any corruption. 
    • Recommendation: Use Shared Image Gallery with image versioning. Leverage Nerdio Manager’s built-in desktop image backup functionality to version the images prior to making any changes.   
  1. Session host VMs - Hosts can become unavailable or corrupted in the normal course of operation. 
    • Recommendation: Enable Nerdio Manager’s Auto-Heal functionality to automatically repair broken session hosts. 
  1. FSLogix profiles - Corruption of profile containers can be resolved by restoring the corrupted VHD(X) files from backup. 
    • Recommendation: Depending on your FSLogix storage technology choice – configure Azure Backup for Azure Files shares, Azure NetApp Files snapshots, or use any backup or versioning method for file server VMs (e.g. Volume Shadow Copies).  Restore corrupted profile containers, as needed. 

Scenario #2: Single datacenter or Availability Zone failure within an Azure region 

Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there’s a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures. Zone-redundant services replicate your applications and data across Availability Zones to protect from single-points-of-failure. With Availability Zones, Azure offers an industry-best 99.99% VM uptime SLA.  Learn more here

In the case of datacenter or Availability Zone failure, most components of the AVD environment will automatically fail-over to another Availability Zone with no user intervention required.   

NOTE: Not all Azure regions support Availability Zones for all products.  Review the Regions that support Availability Zones before deploying your AVD environment to select the region that addresses your availability requirements.  Pay special attention to Premium Files Storage if using Azure Files for FSLogix profiles. 

To protect against Availability Zone failure, the initial AVD architecture and design must take zone redundancy into account.  Let’s review this on a component-by-component basis. 

  1. AVD service - because this service is hosted, managed, and backed up by Microsoft, there is nothing for you to do.  The AVD service will fail over automatically and Microsoft is responsible for getting everything back up and running within provided SLA. 
  1. Identity / Directory â€“ If using native Azure AD joined VMs, no action is necessary. Microsoft is responsible for keeping this service operational within provided SLA.  If using Active Directory, functional AD domain controllers must be always accessible. Azure AD DS operates two domain controllers, in separate availability zones if supported, by default
    • Recommendation: Use Azure AD native, Azure AD DS, or if using Active Directory create multiple AD domain controllers in different Availability Zones
  1. Desktop images â€“ Desktop images stored using ZRS (Zone Redundant Storage) will be available during Availability Zone failure. 
    • Recommendation: Store images with ZRS storage.
  1. Session host VMs – Session host VMs running in the datacenter where an outage occurs will go offline. 
    • Recommendation: When deploying session hosts, distribute them across Azure region’s Availability Zones using Nerdio Manager’s automation.
  1. FSLogix profiles â€“ FSLogix profiles stored on Azure Files Premium ZRS storage won’t be impact by an Availability Zone failure. 
    • Recommendation: Use ZRS storage with Azure Files Premium to store FSLogix profiles 

Scenario #3: Entire Azure region outage 

An Azure region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated, regional low-latency network. Azure gives you the flexibility to deploy applications where you need to, including across multiple regions to deliver cross-region resiliency.  Failure of complete Azure regions is highly unlikely and rare.  For more information, see Overview of the resiliency pillar

Failure of an entire Azure region is the most severe scenario.  The best way to protect against this situation is by automatically distributing AVD session host VMs across two Azure regions and replicating FSLogix profile data, thereby creating an Active/Active DR configuration.  If one of the regions becomes unavailable, VMs in the second region can continue servicing users. Learn more about host pool DR in our video below and read further for considerations regarding the different components involved in Scenario 3.

  1. AVD service - because this service is hosted, managed, and backed up by Microsoft, there is nothing for you to do.  The AVD service will fail over automatically and Microsoft is responsible for getting everything back up and running within the provided SLA. 
  1. Identity / Directory â€“ If using native Azure AD joined VMs, no action is necessary. Microsoft is responsible for keeping this service operational within provided SLA.  If using Active Directory, functional AD domain controllers must be always accessible. Azure AD DS operates two domain controllers, in separate availability zones if supported, by default
    • Recommendation: Use Azure AD native, Azure AD DS replica sets, or if using Active Directory create multiple AD domain controllers in 2 Azure regions. 
  1. Desktop images â€“ Desktop images stored in Shared Image Gallery and replicated to multiple regions will be available during a single region outage. 
    • Recommendation: Geo-replicate desktop images with Nerdio Manager and Shared Image Gallery. 
  1. Session host VMs – Session host VMs running in the Azure region where an outage occurs will go offline.  If there are available session host VMs in a secondary region, users will be able to reconnect and continue working. 
    • Recommendation: Leverage Nerdio Manager’s Active/Active host pool DR to automatically distribute session hosts across two selected Azure regions. 
  1. FSLogix profiles â€“ Users won’t be able to work without access to the FSLogix user profiles.  Profiles must be continuously replicated in multiple regions. 
    • Recommendation: Use Nerdio Manager’s FSLogix Cloud Cache functionality to replicate user profiles across two Azure regions. 

Configuring an AVD environment to be resilient to an Azure region failure (scenario #3) will also cover Azure Availability Zone failure (scenario #2).  The outlined approach works best for pooled AVD deployments.  Personal desktops can also be protected, but the approach is different.  Protecting personal desktops involves using Azure Site Recovery in an active/passive configuration. 

Summary Table 

For more information on Nerdio Manager for Enterprise, click here.

For more information on Nerdio Manager for MSP, click here.

Nerdio Manager vs. Native Auto-scaling: A Deep Dive

One of Nerdio’s primary features is our advanced auto-scaling capability for Azure Virtual Desktop. This enables customers to save up to 75% on their Azure Virtual Desktop compute and storage costs, which in most cases pays for the Nerdio licenses themselves within the first week of usage not to mention significant savings on top of that.

One question which I am often asked is “How does Nerdio’s auto-scaling capability compare to Microsoft’s built-in, native capability?” In this post, I will discuss both solutions, as well as the benefits of each. Let’s start with Microsoft’s offering.

Native Microsoft Auto-scaling

Microsoft’s auto-scaling technology is based on using an Azure Automation account, a PowerShell runbook, a webhook, and an Azure Logic App. You will need to go and create all of these. Once created, you have the following capabilities:

  • Schedule VMs to start and stop based on peak and off-peak business hours.
  • Scale out VMs based on number of sessions per CPU core.
  • Scale in VMs during off-Peak hours, leaving the minimum number of session host VMs running.

There are some limitations, though:

  • This solution applies only to pooled multi-session session host VMs.
  • This solution can manage VMs in any region, but these VMs must be in the same subscription as your Azure Automation account and Azure Logic App.
  • The maximum runtime of a job in the run book is three hours. If starting or stopping the VMs in the host pool takes longer than that, the job will fail. For more details, see Shared Resources.
  • At least one VM or session host needs to be turned on for the scaling algorithm to work properly.
  • The scaling tool doesn’t support scaling based on CPU or memory.
  • Scaling only works with existing hosts in the host pool. The scaling tool doesn’t support scaling new session hosts.
  • The setup process is quite complicated involving multiple PowerShell scripts–probably around 2-4 hours depending on your technical capability.
  • It can be quite difficult for someone with limited Azure or AVD expertise to understand.
  • For multiple host pools, you would need multiple scripts.
  • Only basic reporting capabilities are available.

It is quite difficult to manage this configuration on an ongoing basis.  Also, for multiple host pools you would need create and maintain multiple scripts.

Nerdio Auto-scaling

Nerdio’s auto-scaling technology is built directly into the Nerdio Manager application.  This means that once you have deployed Nerdio Manager, you do not need to deploy anything else. The Nerdio auto-scaling technology has far more features than the Microsoft native auto-scaling technology, and saves much more money due to its advanced and customizable features. These features include:

1. Enable Auto-scaling at the flip of a switch 

Using Nerdio Manager you can easily enable auto-scaling in under two minutes by literally flipping a switch. Compared to having to deploy all the native Microsoft tooling, this could be a huge time saver, especially for less experienced IT admins.

2. Automatically swapping out OS disks for lower SKUs

Nerdio will automatically swap out the OS disk type to a lower SKU to save on costs when VMs are stopped as part of the auto-scaling process. By doing this, you ensure that you are not paying for Premium SSD storage when you are not actively using it. 

3. Customizable active host capacity

Using Nerdio Manager, you can set a Minimum Active Host Capacity. If you know what your minimum workload requirement is, it can be maintained automatically with Nerdio Manager.

This ensures that your capacity is available on demand when you need it, without having to wait for hosts to be created. For example, we can set the Base Host Pool Capacity to 10, and the Active Host Capacity to one, which means that 10 hosts will be created, but only one host will be active. When extra load is required, the additional hosts will be powered on via auto-scaling and be available for connections within minutes.

4. Customizable Scaling Logic 

Using Nerdio, we can configure 3 separate types of scaling logic:

i. CPU Usage

We can configure the logic based on actual CPU usage and customize the trigger points for scaling up and down. We can also restrict the scale in hours to ensure that your workforce is not interrupted.

ii. Average Active Sessions

We can auto-scale based on the Average Active Sessions across your host pool. If you know for example your Host Capacity is around five users per host, once those hosts are full, we can scale new hosts based on actual user demand.

iii. Available Sessions

We can configure the scaling to ensure that there is always spare capacity available in the pool by configuring the Available Sessions.

Having three different types of scaling logic ensures that we can configure our workload to how we use it to ensure that you are only paying for what you need to pay for.

5. Pre-staging of hosts

Using Nerdio, we can “pre-stage hosts”. Pre-staging hosts means that we can ensure the required capacity is there whenever your business needs it the most. If you run a call center for example, we can ensure that there are, let’s say, 10 hosts available at 8am for when your users come in and start work.

You can also configure multiple pre-stage schedules. If you need to have separate working hours during the weekend, for example, or if you are an educational institute and need to set different schedules during the school holidays.

6. Customizable messages when hosts are shutting down

The Microsoft auto-scaling tools will just send a standard message when the hosts are shutting down. When using Nerdio, we can send a customizable message at pre-defined periods (i.e., 5, 10, 15, 30 minutes) and also instruct the auto-scaling engine to NOT log users off if they are still active, or have disconnected sessions.

7. Auto-Scaling for personal host pools 

Nerdio also has auto-scaling for personal host pools. This enables us to turn off personal host pools at set periods of times (i.e., at the end of the workday), and then turn them on at, say, 8am, and have them switched off during weekends.

Personal host pools can be very expensive as most users expect them to be available at any time, but by using Nerdio, you can ensure that they are only powered on when they need to be, saving you lots of money in Azure compute and storage costs.

We can also have user-driven auto-scaling which will automatically start the VM when the user connects, and then when the user logs off the VM will be powered down and de-allocated at a time which is configurable. This ensures that you only pay for resources you actually use.

8. Storage Auto-scaling 

Nerdio will also perform auto-scaling for your Azure Files or Azure NetApp Files. We enable you to set a minimum and maximum quota, ensuring that you will also have the performance and capacity required for your users, while saving you money. We do this utilizing three methods:

  1. Capacity â€“ Nerdio Manager will automatically monitor the space usage and when space is running low, we will automatically grow the space for you, meaning that you will never run out of space.
  2. Performance â€“ Nerdio Manager will monitor the latency of your storage and if it detects latency, it will grow the storage capacity therefore giving you more IOPS.
  3. Schedule â€“ Nerdio Manager will grow and shrink capacity and performance of the storage based on a pre-defined schedule. 

9. Reporting 

Nerdio reports every action that’s performed and displays it visually showing you the cost savings on a per host pool basis.

Summary

As you can see, Nerdio Manger gives the IT professional many options to configure auto-scaling to exactly how they want it to be, all within a few clicks of a button.

To achieve the same outcome within Native Azure, you would need to write hundreds of lines of PowerShell code or JSON Scripts and then amend those scripts anytime anything needed changing. Using Nerdio Manager you can easily achieve this without advanced scripting skills, therefore saving you time and money to use your resources where you really need them.

Learn more or start your free 30-day trial!

Top 5 Considerations Before Starting with Azure Virtual Desktop  

Azure Virtual Desktop (AVD) is a great option for many but is not always easy to adopt right off the bat. But before the transition even begins, it is important to weigh the benefits of AVD and carefully consider why it is right for your organization, and what needs to be done before you switch.  

Some of those considerations include aligning on responsibilities, understanding how applications and data will be handled in the new environment, and determining which outcomes you want to see from your move to AVD.  

Worried you won’t be able to determine where to get started on even thinking about those steps? No worries, we’ve got you covered.  

Determine Responsibilities and Resource Availability  

Used in this context, “resources” refers not to Azure resources like compute and storage, but to whomever is going to be involved and actively working on the project, or more precisely, who will be responsible for what? And do they have the right skillset to do what needs to be done?  

In addition to the above, use these questions to drill down deeper when determining responsibility and resource availability:  

  • Who is in charge of building the new environment and/or writing proper documentation?  
  • Who will be testing applications?  
  • Who will be educating and onboarding users when their new workspace is ready for production?  
  • What will the process look like, is there a plan in place, and who’s responsible for that?  
  • Do we need additional staff to help with these tasks? And is there room in the budget to hire?  

Of course, many of these responsibilities can be shared and it often happens that a single person oversees multiple. If that’s the case, that’s perfectly fine, as long as it is clear who is doing what and expectations have been set.  

It’s important to clearly outline and assign responsibilities, and perhaps even more importantly, you need to make sure that the people involved have enough time reserved to spend on the tasks at hand. While the days and weeks pass, there will always be “fires” that need to put out, or other issues that deserve attention, meaning priorities might shift from time to time. However, by establishing a baseline it gives you something to fall back to, clearly communicates to everyone involved who to contact, call, email, etc, when they have questions, and helps hold the team accountable.  

Team misalignment and misunderstanding are easily two of the top reasons projects take longer than necessary. By making sure people have time allocated to the actions they will be expected to incorporate into their role, it takes a lot of uncertainty away and will greatly enhance your chances of completing your project on time.  

Set Goals and Success Criteria 

It’s also important to identify what you would like to achieve. Let me give you an example. When Nerdio Manager for Enterprise is installed, or better yet before the installation takes place, we always like to set up a meeting with the prospective customer and discuss what we refer to as “customer success criteria”.  

The goal is to establish a clear picture of what the customer wants to achieve when leveraging Nerdio. While going through this exercise, assuming the correct people take part (who will be actively working on this project and have the time reserved to do so) you’ll notice that certain “critical needs,” or “want to have”s can be quite surprising.  You may also discover certain “needs” that you may not have thought about before, prior to the POC.  

This practice ensures customers will get the best out of our 30-day free trial. While this helps us, it is a huge advantage for the customer as well, as we have now set a common goal to work towards and we will make sure to do everything we can to achieve them within the given timeframe. This includes recurring meetings to align and go over questions, potential roadblocks, architectural reviews, health checks, etc. Of course, this approach can also be applied whenever a new technology is being considered or implemented. 

On top of this, you want to establish how “success” is measured. Are we seeing the desired results defined by one metric? Does our environment have all the (automated) “critical” features we are interested in, and do they work as expected? What about costs, are they in line with what was projected? And more. This can be as detailed as desired depending on your needs and the size / scope of the project.      

After the trial period expires, it’s time to wrap up and discuss the outcomes with your team and the users in the POC. Satisfied? Yes, good. Let’s review next steps and take it from there.  

Application Considerations  

While this article is not meant as a complete technical reference, it’s important to highlight applications as it’s one of the most common challenges we see with companies interested in moving to the cloud.  

 
Take the following actions when determining your strategy for migrating applications to AVD:  

  • Consider application compatibility. Switching platforms often means a change of the underlying operating system, so make sure you will not run into any surprises once users go live.  
  • Examine the number and types of applications involved. This metric can be helpful in determining how much time it will take to do proper testing. You may also want to consider which applications can be dropped or replaced with a SaaS alternative. Bear in mind, too, that certain applications could behave differently when they are run on a cloud based VM, meaning more or less compute resources might be needed.  
  • Examine application delivery and overall maintenance beforehand. Nerdio helps you discover applications installed on a host pool (image) and you can configure rules to decide which users can access which applications, while “masking” the rest of the applications from them. Multiple apps can be grouped together for consolidate access management.  

Another option to leverage is some of the different “layering” solutions out there, like FlexApp One from Liquidware or MSIX AppAttach offered by Microsoft. And while we are not highlighting any specific testing methodologies, you might want to give our friends over at Rimo3 a visit, as application (compatibility) is their bread and butter. 

  • Think about how applications will be delivered to your users. Will applications be published (Remote App) or will you be offering a published desktop? Will users start their applications by clicking desktop icons as part of the start menu, or will they be using the AVD client exclusively? A combination of the above is also optional. 
  • Develop a strategy for ongoing management. Your base images will need to be updated from time to time; application and security updates will be factors, new applications may need to be added, security may need to be enhanced, and more. You can find more information on application management in this blog.   

Data Considerations

Besides applications, data can be a huge hurdle as well. As with applications, you want to make sure that the data used, never mind the type, is as close to your hosts (where the actual work is done) and users as possible. This eliminates part of any latency issues you may run into and makes sure users will have quick access to files and folders. 

It is important to understand how much data you are dealing with and what it is used for. This will help with prioritizing the types of databases used currently and what will be used on Azure, and so on. The same will apply to where other data will be stored as well. Will you be using traditional file servers, or do you prefer a more flexible and scalable approach like Azure Files file share? Most opt for the latter.  

This might also be a good time to think about archiving certain data, to clean things up a bit. As with the applications refresh cycle mentioned earlier, it will depend on the scope of the project and how much time and effort can be spend on this specific topic.  

Once done, more technical research can be done regarding which method or tool best fits your approach and you will get a sense of how long it will take. Migrating data is always tricky since most data will be used “live” during the day meaning there will always be a delta of some sort which will need to be replicated at certain point. It’s a matter of finding the sweet spot and disabling access to the old environment.  

Some other items to consider, these apply to applications as well as data, are: 

  • Are there any restrictions, legally why you might not be allowed to run certain applications and/or store the data in the public cloud?  
  • Are there any specific dependencies? Think about legacy on-prem applications using a dongle, for example. Are they dependent on other systems, databases, applications etc.? 
  • Are there any specific needs for encryption or authentication?  
  • Are there any specific networking requirements (or latency) that need to be taking into consideration? Remember that on-premisses is different from cloud. I/O could play a role here as well.  

Educate and Involve Your Users

This is easily a “must do” to increase your chances of success when it comes to the adoption of new technology. 

Shifting to a new platform can be confusing for users. People tend to stick to what they know, and change is often seen as a bad or scary thing. 

When things are about to change it helps to think about how you will “guide” and educate your users about what’s coming, what’s new, and most importantly, why the company chose to take this route. This often has to do with getting rid of legacy technology, making the platform more future proof, secure, and eventually easier to work with. Of course, that’s not how most of your users will see it, unless you explain it to them.  

Think about training programs, explaining new ways of work, perhaps there will be new types of applications involved, a new way of logging into their systems in the morning, an interface they are not used to, etc. Try to focus on, or at least underline what’s in it for them, and how eventually it will make their lives easier and more efficient.  

The sooner you involve your users, the greater acceptation will be. When users are involved early and are asked for their opinion and feedback, they feel like they have a say in how things will turn out. Organize sessions to explain some of the above topics so they know what is coming. Ask for their thoughts on the matter and what they think, if they have any suggestions, compared to how they work currently is there anything they like or feel needs improving, etc.  

You could argue that the above, especially examining your current platform/infrastructure and the way users go about their daily routines should always be a part of any preparation phase when thinking about shifting to a new way of working. It’s probably where you’ll find answers to some of the most important questions when it comes to what needs to be done to improve and what has worked well over the years.  

Conclusion

Azure Virtual Desktop is an incredibly useful and powerful tool and can be a huge asset to your business. However, making the switch to it can be complicated without the right steps set up in advance and the right people on board. Keeping in mind the above will ensure that you are putting your best foot forward when starting your AVD journey.  

Think AVD may be right for your business? Nerdio can help. You can find more information on Azure Virtual Desktop here and begin a free trial here.