Nerdio Manager for Enterprise Case Study: Telenet, Belgium’s Largest ISP

This Belgian ISP debated whether to build or buy an automation solution for Azure Virtual Desktop – the results speak for themselves with Nerdio Manager for Enterprise!

About Telenet

Telenet is the largest internet service provider (ISP) in Belgium, delivering cable broadband and phone services to businesses and residents across Belgium and Luxembourg. Providing such important services to so many people, Telenet needed its internal teams to operate at their most efficient while simultaneously running a profitable business.

To accomplish this, leadership knew they needed to migrate away from on-premises remote desktop services (RDS). RDS was not performing well, was reaching end of life, and Telenet was facing difficulties with licensing new hardware. The ISP has traditionally taken a Microsoft first approach when it comes to technology infrastructure, so Azure Virtual Desktop (AVD) was the obvious alternative.

In 2019, Telenet engaged with managed Nerdio and Microsoft managed partner, OB-V-US, to begin migration to AVD but the internal team was unsure of how to most efficiently manage and operate the system while keeping the process extremely cost effective. 

“We needed to onboard a large user base, but cloud isn’t cheap,” said Jan Heuvinck, Systems Engineer on the Digital Workplace Team, Telenet. “With a limited number of people on the digital workplace team, we needed tooling that would enable us to economically deploy and manage the environment, turning on and off session hosts as required – there was a clear gap in the AVD approach here.”

The Question: Build or Buy?

When determining how best to amplify the operational efficiency of their IT team, Telenet first considered building its own automation solution. It’s a practice the company regularly undertakes to streamline operations, but OB-V-US encouraged the team to do a more in-depth evaluation.

“Just because you’re able to build automation tooling for AVD, doesn’t necessarily mean it’s the best option with limited manpower,” added Heuvinck. “We needed to examine both cost and resource expenditure, in addition to the question of ongoing support. A strong vendor partner that can support us operationally provides a lot of value, where an in-house built solution has the potential for a myriad of headaches in the future.”

Heuvinck had heard a lot about Nerdio throughout the IT community as a way to better, more seamlessly manage the AVD environment in a way that Microsoft couldn’t. The team at OB-V-US had also explored the Nerdio Manager for Enterprise offering and the benefit to their customers was immediately clear.

“OB-V-US always wants to make sure we’re providing customers with the most bang for their buck and avoid anything that’s not providing real value to the implementation,” said Kenny Buntinx, CEO, OB-V-US. “We found that Nerdio is the only company in the Microsoft ecosystem that is completely filling the gaps in AVD functionality without unnecessary frills. It was one of the first companies that saw a hole in the market, talked to customers, and partnered with Microsoft to fix it.”

OB-V-US was quickly able to demonstrate how Nerdio could help Telenet go the extra mile with AVD and secure great return on investment – not only from a cost savings perspective on the infrastructure side, but also from an operational perspective. From there it was easy to obtain buy-in from leadership; it all came down to total cost of ownership.

The Solution: The Nerdio Advantage

Once the Telenet digital workplace team had a chance to play around with Nerdio Manager for Enterprise during the Proof of Concept (POC) stage, they quickly built a lot of confidence in the product. They also saw clear ROI potential and shifted quickly from POC to production load.

“What really convinced us was dynamic auto-scaling, cost optimization and manageability with a small digital workplace department,” said Heuvinck. “Nerdio provided more stability, automation, and usability for us which enabled us to be more productive than if we had double the number of people on the team.”

For instance, the pace and speed of implementing new features is something the Telenet team would never have been able to accomplish without Nerdio Manager. The simple, intuitive, single pane of glass interface makes the entire process much more straightforward. Additionally, monthly maintenance like patching or reimaging host pools is made so much easier with Nerdio.

Furthermore, user handling was no longer a concern for the team thanks to the auto-scaling functionality – a feature that had always been problematic with Citrix and even native AVD on its own. This allowed the digital workspace team to clearly demonstrate ROI to leadership, not only through performance optimization (scaling up and down session hosts) but also performance storage optimization.

“Nerdio Manager for Enterprise is particularly effective when it comes to communicating value to leadership,” Heuvinck continued. “It’s so simple to generate reports that outline cost savings in black and white. We’re easily able to justify the investment in the technology.”

Finally, the support Nerdio provides is unmatched. The responsiveness Nerdio support demonstrates around new or upcoming features made the Telenet team feel like a valued partner and generated great trust in the working relationship between the two companies.

ROI: “Nerdio Doesn’t Cost Money Us, It Saves Money”

As a major ISP serving millions of customers across Belgium and Luxembourg, ROI on any new technology is crucial for Telenet, and after only two years in real production that has become abundantly clear to the operational team as well as leadership.

“Telenet currently has more then 2,000 users with access to the production workspace and more than 1,000 unique users connect actively on a monthly basis,” noted Heuvinck. “We’re already seeing a monthly savings of upwards of 45 percent and we expect to see those savings grow as we migrate more users to the shared platform. At this point, Nerdio doesn’t cost us money, it saves money.”

On top of the overt ROI, Nerdio Manager for Enterprise has also positively impacted performance across the board. When everyone is working in a better performance environment that is better automated, Telenet as a whole is able to operate more efficiently.

“Nerdio helps us better serve our employees, consultants, and partners – providing a performative, stable environment in which to work,” concluded Heuvinck. “The previous environment actually hampered job performance, but thanks to Nerdio Manager, we can scale appropriately to ensure our most important stakeholders – our customers – receive the best service and user experience possible.”

About Nerdio

Nerdio adds value on top of the powerful capabilities in Azure Virtual Desktop, Windows 365, and Microsoft Intune by delivering hundreds of features that simplify management, ensure efficient operations, and lower Azure compute and storage costs by up to 80% via intelligent automation. Leveraging Nerdio, MSPs can manage customers’ cloud environments through streamlined, multi-tenant, workflow-powered technology that allows them to create and grow cloud-based recurring revenues. Enterprise IT professionals can deliver and maintain a wide range of virtual Windows endpoints across hybrid workforces with ease and fine-tune end-user computing (EUC) approaches for maximum effectiveness using powerful monitoring and analytics capabilities. For more information, please visit www.getnerdio.com.

Employee Spotlight: Get to Know Jarred Foley

  1. What’s your role here at Nerdio? What do you do on a day-to-day basis and how do you help partners/customers?  

I am the Regional Sales Manager for Nerdio in Australia, and I was Nerdio’s first hire in APAC. I help our customers and partners identify and overcome the opportunities and challenges they face while modernizing their digital workspace platforms and transitioning them to the public cloud. 

If you ask my family, it is a lot of emails and phone calls, at any time of the day. 

  1. What’s a fun fact about you that most people don’t know/couldn’t guess?  

I (briefly) trained as a figure skater when I was young. I grew up in a town where in summer it can average around 90 deg F with humidity in the 80% range. I thought it was a better option than running around a rugby field. While I wasn’t very good at it, it made roller blading easier when that was in vogue. 

  1. What’s one technological advancement you hope to see or think we will see in the next ten years?  

If I am thinking with my VDI / Digital Workspace hat on, the ability to migrate (ala vMotion) a user session from one multi-session OS machine to another, without the user having to log off and back on. 

In the world at large, I don’t necessarily want or think we need to see a wholesale adoption of fully autonomous cars in the short to medium term. However, I like the concept of using data and connected, semi-autonomous vehicles to ultimately improve safety, help with traffic flow, and congestion, and just make more efficient use of the limited space we dedicate to our roadways. 

  1. What are three movies you’d bring with you to a deserted island?  

That is a tough one, and I am not very nuanced in my movie taste, let’s go with the basics: 

  • Lock Stock and Two Smoking Barrels 
  • Happy Gilmore 
  • Shawshank Redemption 
  1. In your opinion, what’s the most rewarding part of working for Nerdio?  

Seeing our product develop in real time and those developments showing a meaningful benefit to our customers and partners.  

I have worked for vendors before where they might make a passing comment of something “being on the roadmap”. With Nerdio, when we say something like that, we mean it and deliver on it. 

  1. What sitcom family or friend group would you choose to be a part of?  

I like the family and friends group I have but if I had to choose, I would probably be the 4th wheel in a Top Gear / The Grand Tour style troop. Being part of the travelling circus that is Formula 1 would be cool too if you class it as somewhat of a sitcom from its recent Netflix fame. Maybe I could be the guy that makes coffee for one of the teams… 

How good would it be to just travel the world to all the locations a Formula 1 team goes to and be the one that kick starts people’s day with a great coffee? 

  1. Besides a standard computer, what is the earliest piece of technology you remember owning?  

It was more of a toy, but a Tandy / RadioShack Armatron Robotic Arm. I don’t know what you consider a standard computer, but my first computer was an Amstrad CPC 64 with a tape deck in the keyboard, before moving onto Commodore 64 and eventually an early 086 IBM clone. 

  1. You’ve been with Nerdio for a while now. What’s motivated you to stick around?  

I like being part of something that is growing and heading in the right direction. I am excited to see where the company is headed, and I can honestly say I wake up every day knowing I am going to have energizing conversations with customers and partners. You don’t get that at every organization you work for. 

  1. What’s the most valuable thing you’ve learned while working in tech?  

That is a tough one, I would have to say it would be that change is inevitable. While it is important to stay abreast of the latest technology and trends, it is also important to know about the history and the legacy behind things as it helps to explain the why. 

  1. What’s a current technology trend you’re passionate about?  

As a parent, I think it is my duty to be interested and invested in understanding the technology that is shaping and impacting our children. So ultimately a lot of that gets chosen for me. 

On the personal interest front, I think home automation and smart grid have a place in how we design and configure our homes and living spaces and have moved past being a gimmick or fad. While I don’t need Siri or Google to necessarily control everything in my home, I am happy to only use certain appliances when I have enough solar being generated for it to make sense. So smart grid and smart appliance technology coupled with home automation is something I am eager to see evolve and keen to further adopt.  

On the fun side, I am into mountain biking, so it is hard to not keep across the evolution of technology on and off the bike. It is interesting to see something that was traditionally a physical and mechanical endeavor get shaped by technical advancements. From wireless gear shifting, through to telemetry and data acquisition for suspension tuning. I do geek out on some of that stuff. 

Azure Virtual Desktop (AVD): Frequently Asked Questions (FAQs)

With Microsoft Azure Virtual Desktop (AVD) now in wide use, we’ve put together a list of the most frequently asked questions we receive, such as: What is AVD? How does it work? How much does it cost? How is it licensed? How do you access AVD and what are the tech requirements?

Read on for these answers and more information.

1. What is Azure Virtual Desktop? 

Azure Virtual Desktop or AVD (also sometimes incorrectly referred to online as Microsoft Virtual Desktop or MVD, and also as its previous name of Windows Virtual Desktop, or WVD) is a set of technologies from Microsoft Azure that enables IT professionals and Managed Service Providers (MSPs) to create Windows 10 virtual desktops in Azure.  AVD was launched in 2019 and is the evolution of Microsoft’s Remote Desktop Services (RDS) technology. Azure Virtual Desktop consists of 4 primary innovations: 

  1. Windows 10 multi-user operating system, which allows multiple concurrent users to use a single Azure virtual machine as a desktop.  Prior to AVD, this was only possible with the Windows Server operating system. 
  2. User profiles are handled independently of the virtual machine that serves are the user’s desktop.  These profiles are placed in containers and the containers are stored separately from the desktop VM in Azure.  This is enabled by FSLogix technology that Microsoft purchased in 2018.
  3. Microsoft Azure has a new Platform-as-a-Service (PaaS) offering that contains the management and connection broker functionality for AVD.  It is the service that determines which users end upon which Azure virtual machine when they connect.  Before Windows Virtual Desktop, this was handled by RDS server roles such as RD Gateway, RD WebAccess, RD Connection Broker, and RD License Server. 
  4. Licensing for AVD has been drastically simplified from prior virtual desktop technologies like RDS.  AVD rights are included at no additional charge with multiple Windows 10 subscriptions including Microsoft 365 and Windows 10 Enterprise. 

2. How much does Azure Virtual Desktop cost? How is AVD licensed?  

There are two cost components to AVD:  License and Azure infrastructure

Microsoft License – Azure Virtual Desktop is an entitlement of a Windows 10 subscription license.  This license can be purchased as part of Microsoft 365 Business/E3/E5/A3/A5 or as a standalone subscription (e.g. Windows 10 Enterprise E3).  If you already own one of these licenses there is no additional cost to use WVD from a software perspective.   
 
If you don’t already have a Windows 10 subscription license, then the least expensive option that covers AVD is Windows 10 Enterprise E3 for $7/user/month.  AVD license covers the cost of the operating system (Windows 10 single user and multi-session) and the use of the AVD management service that’s hosted by Microsoft in Azure.   
 
This license also replaces the need to pay for Windows Server OS license in Azure and the RDS license, since neither of these technologies is used to deliver Windows Virtual Desktop. It is important to note that AVD covers only Azure virtual machines and cannot be used to license on-premises deployments or other clouds.   
 

Azure Infrastructure – Once the license portion of AVD is covered, what remains is the cost of Azure infrastructure to run the virtual machines that users will connect to and use as their desktop.  In addition to the desktop VMs, you will need a place to store users’ profile containers and Active Directory (in addition to Azure AD).  Profile containers can be stored in Azure Files or on a Windows File Server VM in Azure, and Active Directory can be Azure AD DS or traditional AD running a Windows Server VM in Azure.   
 
The cost of all these components will include the virtual machines (compute), storage (disks and files), networking (egress bandwidth), etc.  The precise cost will depend on the number of users, amount of storage per user, how many and what types of applications the users use and many other factors.  The easiest way to calculate the precise cost is to use a tool like Nerdio’s Azure Cost Estimator to have it architect the infrastructure and figure out all the costs.  As a rough range, the Azure infrastructure cost component for pooled desktop users (those sharing a VM or set of VMs) would be in the $10-$30/user/month, and for a personal desktop user (those with dedicated desktop VMs) being in the $60-$130/user/month range. 

Schedule a demo with one of our experts!

 

3. Are there different pricing plans for Azure Virtual Desktop? 

There are not.  License cost is per-user and is the same no matter what type of desktop you’re using.  The cost of Azure infrastructure to run the virtual desktops varies based on what types of desktops you want to deploy.  It is very flexible. 

4. Can I subscribe to Azure Virtual Desktop?

AVD is an entitlement of any Windows 10 subscription license such as Microsoft 365 and Windows 10 Enterprise E3/E5, etc. 

5. How do I access Azure Virtual Desktop?  

AVD can be accessed from any modern, internet-connected device no matter what operating system it uses.  It can be accessed using an installed Remote Desktop client app.  This app is available for Windows, MacOS, iOS, and Android.   
 
This is not the same app as the one that is used for accessing RDS so be sure to download the latest version.  The Remote Desktop client allows a user to run both full session desktops (aka published desktop) and individual published apps (aka RemoteApps).  The RemoteApps and session desktops are even added automatically into the local computer’s Start Menu for easier access.  AVD can also be accessed via any HTML5 compatible browser.  This allows a user to run any session desktop or RemoteApp inside of a browser window or tab. 
 

6. How does Azure Virtual Desktop work?   

AVD allows IT pros and MSPs to create virtual desktops and RemoteApps in Azure and publish them to users who can access them from their own devices.

7. How do I create a virtual desktop on Windows 10? 

Windows 10 is the operating system that’s primarily used to deliver Microsoft’s Windows Virtual Desktop desktops to end-users.

8. How do I get started with AVD?  

Azure Virtual Desktop can be quickly and easily provisioned automatically with Nerdio Manager for MSP. Getting started with AVD is easy. In fact, you can deploy a desktop within 60 seconds using Nerdio Manager for MSP.

9. What are the technical requirements for running Azure Virtual Desktop?

To run AVD, you’ll need a Windows 10 subscription license and an Azure environment with all the prerequisites met. 

10. What is Azure Virtual Desktop session virtualization? 

Session virtualization is a technology that allows the same Azure virtual machine to be used by multiple users concurrently, each for their own desktop session.  This is in contract to VDI or personal desktops where each user gets his or her own dedicated Azure virtual machine to use as the desktop.  Session virtualization is a good way to increase “user density” and reduce costs. 
 

11. What operating systems does Azure Virtual Desktop support? 

On the Azure side, AVD supports Windows 10 Enterprise (single user), Windows 10 multi-session, and Server 2012/2016/2019.  On the client side (end-user device), AVD supports all modern, internet-connected devices such as PCs, Macs, iOS, Android and any device with an HTML5 browser. 
 

12. What hardware supports Azure Virtual Desktop? 

AVD is an Azure-only technology and can only be used in the Microsoft cloud.  Users of AVD can use any modern, internet-connected hardware device.  There are also hardware vendors who produce thin clients designed specifically for AVD. 
 

13. Which remote desktop clients support Azure Virtual Desktop? 

AVD supports all Remote Desktop client devices that are internet-connected. 
 

14. What are the limitations of Azure Virtual Desktop? 

AVD can only be used in Azure and not for on-premises or other cloud deployments.  It also requires a subscription to Windows 10 Enterprise.  This must be a subscription and not a perpetual Windows 10 license. 
 

Do you have more questions? Schedule a quick call with one of our experts.

Microsoft Azure Resources and Fundamentals: Azure Terminology and Hierarchy

In this post we’ll be going through some of the more important Microsoft Azure fundamentals and terminology, including product categories; accounts, tenants, and subscription types; resources and resource groups; and Azure object hierarchy.

Microsoft Azure Resources

The first step in building an MSP cloud practice with Microsoft Azure is deeply familiarizing yourself with Microsoft Azure’s fundamentals: its terminology, elements, and hierarchy.  Here we will list and define the most critical Azure elements and discuss how they interrelate with each other.   

In this section, we will focus exclusively on Azure Resource Manager (ARM), which is Microsoft’s latest and more current implementation of Azure.  Prior to ARM, Azure used a “Classic” model, which had significantly different terminology associated with it and is not relevant to the MSP community today. 

Microsoft Azure is a diverse cloud platform that contains hundreds of products (also known as SKUs).  Azure to Cloud is like Apple to devices–each has many SKUs within multiple categories. 

Microsoft Azure Categories 

These Azyure SKUs fall into many categories.  For instance: 

  • Infrastructure-as-a-Service (user-managed, raw resources that can be used to build IT environments)   
    For example:
    • Virtual Machines 
    • Storage 
    • Networking 
  • Platform-as-a-Service (Microsoft-managed, use-specific, packaged offers designed to be the building blocks of applications)   
    For example:
    • Azure SQL – Microsoft managed SQL service without a “server running SQL” that can be used as the database back-end for a new or existing application 
    • Azure Files – Microsoft managed SMB (CIFS) file share service that behaves just like a Windows file server but without a server to manage 
  • Data Services – things like machine learning, analytics, and cognitive services 
  • Software-as-a-Service – fully usable, end-user applications written, hosted, and managed by Microsoft
    • Office 365 
    • Dynamics 365 

We will focus on IaaS, SaaS, and somewhat on PaaS — as those are the most fundamental building blocks an MSP needs to build a cloud practice in Azure.  

Microsoft Azure Accounts, Tenants, and Subscriptions 

At the highest level is an Azure account, also known as a tenant or directory (these terms will be used interchangeably).  An Azure account is uniquely associated with an Azure Active Directory (AAD), where user objects that access the Azure Portal exist.  An Azure tenant is free to create, and by itself is simply a container for subscriptions and AAD objects.  You cannot run anything in an Azure account without a subscription.  Azure tenant names must be globally unique (i.e. no one else in the world can use the same name) and each one has a TenantName.onmicrosoft.com domain associated with it.   

Nerdio Tip: 

It is possible to use a single Azure tenant for all your customers’ infrastructure.  We will discuss below the advantages of doing so for flexibility of compute reservations.

Inside an Azure tenant there are subscriptions.  A single Azure tenant can contain multiple subscriptions, but each type of subscription must be contained within a single tenant.  A subscription is the “billing container”.  You obtain a subscription directly from Microsoft or through an Azure reseller and you can create resources inside of that subscription.  The monthly Azure invoice will contain the consumption of every resource you run inside of a subscription.  If you don’t run any resources and therefore have no consumption–-your bill is $0. 

Subscriptions come in many flavors, but the easiest way to think about them is an agreement between you and Microsoft that you will use any of the available Azure products under the terms of your subscription and you agree to pay for them after you’ve used them.  A good comparison is electrical power service in your home.  You open an account with the electricity provider (subscription), agree on a rate for electricity and delivery, use the electricity during a month, and then pay the bill once the power company tells you how much you have used or consumed. 

Subscriptions obtained directly from Microsoft will typically be Pay-as-you-go, Free, EA, CSP, or Sponsored. 

  • Pay-as-you-go (PAYG) – if you sign up to use Azure on www.azure.com you will be required to put in a credit card.  This will be the agreed upon payment method for any resources consumed inside of your subscription and it be billed automatically on a monthly basis – at Azure’s list prices. 
  • Free – this is limited subscription that you can obtain directly from azure.com to play around with Azure for a limited time and to consume up to $200 in resources usage.  This type of subscription is too limited to use for anything but a simple VM or two and is not recommended for MSPs looking to build cloud practices in Azure. 
  • EA (Enterprise Agreement) – if your customer is a larger organization, they will likely have a direct volume licensing agreement with Microsoft that gets negotiated every few years with annual “True Ups”.  As part of this EA, the customer will have prepaid for a certain amount of Azure consumption (monetary commitment) and will be able to use resources in the subscription up to this amount.  Any overages will be reconciled at the time of the customer’s True Up with Microsoft. 
  • CSP – if you are a Direct CSP with Microsoft, you can provision a CSP subscription for Azure inside of your customer’s tenant or your own tenant.  Microsoft will bill you for the usage (i.e. consumption) inside of this type of subscription – at your discounted reseller rate – and you will in turn bill your customer.  This is one of the most flexible and powerful Azure subscription types.   
  • Sponsored – if you are part of the Microsoft Partner Network (MPN) and have Silver or Gold competencies, Microsoft may provide you with a sponsored Azure subscription that you can use to hone your Azure skills, do demos for customers, and use internally.  Each subscription will have a preset monetary limit and you’ll be required to add a credit card to be used once you exceed the preset limits.  The details on your sponsored subscriptions, if you have any, can be obtained in your Partner Center under MPN or your Partner Development Manager (PDM).  A word of caution: do not use sponsored subscriptions for customer workloads.  Once you exceed your sponsored subscription limit, you will be billed at list rates on your credit card and there is no easy way to convert this subscription to CSP.  You will be forced to migrate actual resources to another subscription, which is a disruptive process. 

Most MSPs, however, purchase Azure through a CSP Provider (like Pax8, Sherweb, Ingram, Techdata, etc.).  The MSP in this scenario is known as a “CSP Reseller”.  Using the CSP Provider’s own portal, the MSP will be able to create a subscription to consume resources inside this subscription.  The CSP Provider will get a bill from Microsoft for the consumption and will in turn bill the MSP.  The MSP will then bill its customer for the Azure consumption. 

Subscriptions have globally unique IDs (GUID) associated with them.  They also have a friendly name that you can set to anything you want, and this name does not have to be unique.  As a matter of fact, you can have subscriptions with the same friendly name inside of the same tenant.  However, try to assign logical, unique names to each of your subscriptions to make things easier to manage. 

Carefully consider your subscription options before starting to deploy Azure resources, as changing subscription types later can be challenging or even impossible.   

Nerdio Tip: 

Become a CSP Reseller with your provider of choice and create a dedicated subscription for each of your customers under a single tenant.  This will provide you the optimal segregation of billing information on a per-customer basis but will allow you to take advantage of portability of Azure reservations between customers, since all subscriptions will be in the same account.  

Microsoft Azure Resource Groups

Below the Azure subscription are resource groups (RG).  These are logical groupings of resources in Azure that allow you to easily view and manage sets of resources associated with a single function.  For example, if you have two complex, multi-component applications A and B, you will want to split them up into resource groups (e.g. RG-A and RG-B) to logically group all the compute, storage, and networking for each application with other related components.   

Resource groups are not billing units.  You won’t be able to easily answer the question of “how much are the resources in resource group RG-A costing me” by looking at your Azure invoice.  These RGs are there for ease of management, resource organization, and isolation.  There are lots of resources in every Azure deployment so keeping things nice, tidy, and logical is very important. 

There could be multiple resource groups within a single subscription, but any one resource group can only be part of only one subscription.  Resource group names do not have to be globally unique, but must be unique within a single subscription. 

Finally, resources are created inside of a resource group, which is inside a subscription, which is inside a tenant.  What are resources?  It’s everything that does something in Azure.  Examples are virtual machines, virtual networks, disks, network cards, VPN gateways, IP addresses, etc.   

Microsoft Azure Usage and Billing

There are many categories of resources and each one has different configuration, usage and billing characteristics.  We will explore the most important elements in this and future write-ups.  For now, let’s focus on billing. 

Some resources will be billable while others won’t.  For example, a virtual machine (compute resource) will be billable while a virtual network interface (network resource) attached to a virtual machine will not be billable.   

Billing in Azure typically has a unit and frequency.  The easiest way to think about this is to go back to our electricity at home example.  Electric power is a resource, the unit is kWatt and frequency is hour.  We therefore have a pre-defined cost per kWatt-hour.  As we use electricity, there is a meter running that measures how many kWatt-hours we’ve used up and then the electric company sends us a bill for what we used.  Azure works the same way. For instance, a virtual machine (VM) is billed for compute capacity (unit) on a per-second basis (frequency).  Every time we start up (provision) a VM, a meter starts up and keeps track of how long this VM is running.  At the end of the month our invoice will show how many hours we used a particular type of VM and that’s what we owe either Microsoft directly or via a CSP.   

The key takeaway here is that each billable resource has a virtual “meter” that’s running any time the resource in “used” (this is defined differently for each type of resource).  If we stop the resource, we stop the meter and we are no longer billed.   

Nerdio Tip:

In future articles, we’ll learn how these meters can be stopped even if the resource is running.  For example, by using compute reservations and software subscriptions.

Microsoft Azure Object Hierarchy Overview  

To summarize, we learned the hierarchy of Azure objects and how the interact with each other: 

Azure account/tenant/directory 

  • Subscription A 
    • Resource Group 1 
      • Virtual machine (resource)
        • Compute meter 
      • Premium SSD Managed disk (resource)
        • Storage capacity meter 
    • Resource Group 2 
      • Virtual machine (resource)
        • Compute meter 
      • Standard SSD Managed disk (resource)
        • Storage capacity meter 
        • Storage operations meter 
  • Subscription B 
    • Resource Group 1 
      • Virtual machine (resource)
        • Compute meter 
      • Virtual Network Interface (resource)
        • No billing meter
    • Resource Group 2 
      • Azure SQL (resource)
        • vCPU meter OR 
        • DTU meter 
      • VPN Gateway (resource)
        • VPN gateway
        • Transfer meter

  Here’s a diagram to help you understand it all at a glance:

Familiarizing yourself with this set of core building blocks including Accounts, Tenants, Subscriptions, Resource Groups, Resources, and Billing options is the first step an MSP should take in determining the most efficient and cost-effective way to build a cloud IT practice in Microsoft Azure. 

Now, let’s dive deeper in Azure Resources. 


Microsoft Azure Resources  

As we stated above, the building blocks of an Azure IT environment are Resources.  These resources are organized into Resource Groups inside of an Azure subscription.  There are billable and non-billable resources.  Billable resources have a Meter attached to them that runs while the resource is provisioned.   

In this section, we will explore the three most common types of Azure resources used by MSPs when deploying IT environments: Compute (virtual machines), Storage, and Network. 

Every resource used in Azure must be deployed in a geographical location known as a Region.  An Azure region is a grouping of data centers located in a specific geographic location.  Microsoft is constantly growing its global footprint and adding data centers and regions.  At the time of this article, there are 54 regions available in 140 countries and the list is growing.  The most up-to-date map of regions can be viewed here

Azure resources deployed in the same region are interconnected with high speed connectivity (think LAN speeds).  Resources in different regions can still communicate with each other but are subject to additional WAN latency.  The latency depends on how far the regions are from each other.

Microsoft Azure Compute (Virtual Machines) 

Virtual Machines (VMs) in Azure come in predefined sizes that are called families or series.  An individual VM is often referred to as an instance.  Different VM families are designed for common use-cases and are comprised of certain amounts of CPU cores and GB of RAM.  It’s not possible to arbitrarily mix and match CPU cores and GB of RAM as can be done with Hyper-V and VMware.  Here, we will focus on the four most commonly used VM families by MSPs: Ds-series, B-series, Esv3-series, and NV-series. 

Ds-series 

These are “general purpose” VMs that can be used for a wide variety of workloads.  There are three versions of the DS-series: v1, v2, and v3.  Only v2 and v3 should be used. 

  • Purpose: general applications (domain controllers, file servers, application servers, etc.) 
  • CPU clock speed: 2.4Ghz – 3.0GHz (with Intel Turbo Boost) 
  • CPU-to-RAM ratio
    • V2 – 1:3.5GB (each CPU core gets 3.5GB of RAM) 
    • V3 – 1:4.0GB (each CPU core gets 4.0GB of RAM) 
  • Storage supported: Standard and Premium 
  • Approximate average list price per CPU
    • V2 – $85/month 
    • V3 – $77/month 
  • Difference between V2 and V3
    • V2 VMs use non-hyperthreaded vCPUs (1 vCPU per 1 physical CPU core), which is why they are slightly more expensive.  V2 VMs start at a single core size (DS1v2). 
    • V3 VMs use hyperthreaded vCPUs (2 vCPUs per 1 physical CPU), which is why they are less expensive.  V3 VMs start at a minimum of two vCPUs (D2sv3). 

Ds-series VMs are a good fit for workloads that require consistent CPU usage and are not very RAM hungry. 

Esv3-series 

These are “general purpose, high-memory” VMs that can be used for many workloads that are more RAM hungry rather than CPU hungry. 

  • Purpose: general, RAM bound applications (database servers, application servers, desktops, etc.) 
  • CPU clock speed: 2.3Ghz – 3.5Ghz (with Intel Turbo Boost) 
  • vCPU-to-RAM ratio: 1:8.0GB (each CPU gets 8.0GB of RAM) 
  • Storage supported: Standard and Premium 
  • Approximate average list price per CPU: $88/month 

Esv3-series VMs are very similar to Dsv3-series but have double the RAM per CPU and are about 15% more expensive.  They are ideal for workloads that consistently utilize the CPU and are memory hungry.  Examples are database servers and RDS session hosts. 

B-series 

These are known as “burstable” VMs.  They are very useful but the way they work is a bit complicated.  B-series are used for non-CPU intensive workloads (e.g. domain controllers, file servers) and cost about 50% of an equivalently sized Ds-series VM.  The reason they’re cheaper is because Azure imposes a quota on how much of the total CPU cores can be used.  This quota is usually a fraction of the total available CPU.   

For instance, B2m’s quota is 60% of a single CPU, which is 30% of the 2 CPUs visible in the VM.  Every second that the VM is using less than its quota (less than 60% of a single CPU) it is “banking credits”.  These banked credits can be used to burst up to the total available CPUs (100% of 2 CPUs, in this example) when needed.  While bursting, the VM is consuming its banked credits.  Once credits run out, the VM’s CPU utilization is throttled down to its 60% quota. 

Why use B-series VMs?  They are cheaper.  For approximately the same price that you would pay for a Ds-series VM, you can get a B-series with double the CPUs and double the RAM.  However, they should only be used for workloads that are either not CPU intensive or “bursty”, meaning they only occasionally need all the CPU but most of the time the CPU is idle.   

For instance, an Active Directory domain controller is not utilizing its CPU very heavily on a regular basis.  However, when Windows Updates run, the VM will use all its available CPU horsepower.  B-series are perfect for Domain Controllers since they bank credits while idle and then consume them when needed to update or do some other CPU intensive task. 

  • Purpose: General, non-CPU intensive workloads (e.g. AD domain controllers, file servers) 
  • CPU clock speed: varies 
  • vCPU-to-RAM ratio: varies from 1:1 to 1:4 for VMs larger than B2s 
  • Storage supported: Standard and Premium 
  • Approximate average list price per CPU: ranges from $13/month to $40/month 

Nerdio Tips:

  • Don’t use B-series VMs for CPU intensive workloads 
  • When a B-series VM is first provisioned, it doesn’t have any banked credits and is subject to its quota limit on the CPU, which means it’s slow.  Once the VM is running idle for some time, credits get banked and the VM performance improves when it needs to burst. 
  • Don’t shut down B-series VMs overnight when they are not in use.  This will not allow the VMs to bank credits for the following day of usage.
NV-series 

These VMs are intended for special use-cases when a dedicated GPU is needed.  They include an NVIDIA GRID 2.0 Tesla GPU and are ideal for running graphically intensive workloads like AutoCAD, SolidWorks, and Revit.  These are very large and expensive VMs (starting at 6 CPUs and 56GB of RAM) and need to be used with caution and with a specific purpose in mind to not generate unpredictably large Azure compute consumption bills. 

  • Purpose: Graphically heavy, visual workloads inside of virtual desktop sessions 
  • vCPU-to-RAM ratio: 6:56GB (each 6 CPUs get 56GB of RAM) 
  • vCPU-to-GPU ratio: 6:1 (each 6 CPUs get 1 M60 GPU) 
  • Storage supported: Standard ONLY (note that Premium is not supported) 
  • Approximate average list price per CPU: $165/month 

Nerdio Tips:

  • Smallest VM is NV6 (6 CPU / 56GB RAM / 1 GPU) 
  • Since only Standard storage is supported, disk performance is not fast 
  • Not available in all Azure regions 
  • New NVv2 VMs are currently in preview and are going to have the following notable improvement once they are generally available. They will confer: 
    • 40% price reduction 
    • 2X RAM increase per CPU 
    • Support for Premium storage 

Anatomy of a VM 

Now that we understand the different types of VMs, let’s talk about how to use them.  The first important thing to understand is that VMs are not stand-alone resources.  For example, a VM must have an OS disk (and optionally data disks) attached to it, as well as a virtual network interface (vNIC).  A new VM can be created (deployed) using an existing OS disk and vNIC or new disk and vNIC can be created together with the VM.  If a VM is deleted, its data (i.e. OS and Data disks) are not deleted.  They remain as resource objects in Azure that are not attached to any VM.  More on Storage resources later. 

When deploying a VM, its OS disk must be based on an existing image and cannot be blank.  Since you don’t have console access to VMs in Azure, the OS cannot be installed on a “blank” OS disk.  The OS disk must already have the OS on it.  Images could be pulled from the Azure image library or you can create and upload your own custom image as a VHD file to Azure to be used for deploying a VM. 

All VMs also come with a temporary D: drive that has locally attached fast storage (SSD).  Keep in mind that this disk is temporary, and any data stored on it will likely be erased if the VM is ever shut down or moved to another Azure host in the background.   

Nerdio tip: Use this disk for the pagefile and temporary data, but be sure to never store anything you need to retain on the temporary disk. 

Allocated vs. Deallocated 

After you deploy a VM it becomes provisioned or allocated, meaning it is running on an Azure host, consuming Azure resources and you’re consequently being billed for every second that the VM is allocated.  To stop being billed for a running VM, you must stop it.  This process causes the VM to become deallocated, which means it is effectively powered off and is not consuming Azure resources.  It is possible to shut down a VM and still be paying for it because it stays allocated.  When you power off a VM from inside of the OS it shuts down, but Azure still sees it as allocated and you are being billed.  Be sure to stop VMs at the Azure level even if you shut them down at the OS level. 

Subscription Core Quotas 

Another important concept to mention when discussing VMs is subscription core quotas.  To prevent accidental or malicious use of Azure where many VMs are created and a large amount of consumption occurs, Microsoft imposes core quotas on subscriptions by default.   

The number of CPU cores that can be provisioned in a subscription in total and per VM family are limited.  For instance, a Free subscription has an overall core quota of 4.  Direct Pay-As-You-Go subscriptions have a default core quota of 10 and CSP subscriptions have a core quota of 20.  This means that with a CSP subscription you cannot provision more VMs whose total CPU cores exceed 20.  Be mindful of this limit.  To increase the core quota limit, you need to submit a request to Microsoft via the Azure portal for a core limit increase. 

Service Level Agreement

Finally, it is important to be aware that only some Azure VMs’ availability is covered by Microsoft’s Service Level Agreement (SLA).  VMs not covered by an SLA could be unexpectedly rebooted due to underlying Azure infrastructure upgrades or hardware failure.  It has become exceedingly rare to see VMs reboot in Azure, but it was not uncommon in the past. 

Presence of an SLA and the availability guarantee (e.g. 99.9% vs. 99.95% vs. 99.99%) is based on several factors that have to do with the type of storage the VM uses for its OS and data disks, as well as if it is deployed in an availability set or an availability zone.  You can learn more about the specifics here.  The diagram below summarizes the available protection options. 

For most situations relevant to an MSP, it is important to know that individual VMs (“Single VM” in Microsoft terms) that use any Standard storage disks are not covered by any SLA.  The chance of outage is very small and even if the VM reboots due to an underlying hardware failure it will restart very quickly elsewhere.  However, it is important to remember that no SLA applies. 

Critical VMs should use Premium storage only, which will provide them with a 99.9% availability guarantee and improved performance.  For additional availability guarantees, distributed workloads that can have multiple VMs participating in the same application, can be placed inside Availability Sets and will then be subject to 99.95% availability guarantee.   

An example of such a deployment may be Active Directory.  You can have two AD domain controllers in an Availability Set and your AD, as a whole, will have a guarantee of 99.95%.  This doesn’t mean that each domain controller VM has this guarantee.  Rather, the “application” (i.e. AD), as a whole, is guaranteed to be available 99.95% of the time. 

Microsoft Azure Storage 

Azure offers multiple storage options with different performance, redundancy, location and price characteristics.  It’s easy to get lost in all the available options and to clearly understand what type of storage should be used when.   

We will focus on three storage resources that are most commonly used by MSPs when deploying IT environments in Azure: Managed Disks, Backup Vaults, and Files

In addition to considering the type of storage resource, we need to understand the Data RedundancyPerformance, and Cost for each type of storage object.  

Data Redundancy 
  • LRSLocally Redundant Storage 
  • Three redundant copies of data stored in one data center 
  • 99.99999999% (yes, 11 9’s) durability 
  • ZRSZone-Redundant Storage
    • Three redundant copies of data stored across two or three data centers within the same Azure region 
    • 99.9999999999% (12 9’s) durability 
  • GRSGeo-Redundant Storage
    • Six total redundant copies of data;  three copies stored in one region and another three copies are asynchronously replicated to a second region 
    • 99.99999999999999% (that’s 16 9’s) durability  
  • ZRSZone-Redundant Storage
    • Three redundant copies of data stored across two or three data centers within the same Azure region 
    • 99.9999999999% (12 9’s) durability 
  • RA-GRSRead Access GRS.  This redundancy type is not relevant to the storage objects in this discussion 
Performance Tiers 

There are three Performance tiers: Standard, Premium, and Ultra.   

Standard storage utilizes inexpensive and slow HDD and recently Microsoft added Standard SSD, which doesn’t increase the average performance but makes it more consistent than HDD. 

Premium storage uses SSD disks and is fast.  This type of storage is best for most disk IO intensive applications such as databases and virtual desktops.  

Ultra SSD is a new type of storage for very high-performance, disk IO intensive applications.   

Storage Resources 

Now that we understand the redundancy and performance characteristics of Azure storage, let’s dive into the actual storage resources. 

Managed Disks are by far the most commonly used type of storage when deploying an IT environment in Azure using virtual machines.  Recall that each VM must have, at a minimum, an OS disk and sometimes one or more additional data disks.  These disks that get attached to a VM are known as Managed Disks in Azure.  There is an older type of disk called Unmanaged Disk, but for the purposes of our discussion we will stick to Managed Disks.   

If you’re interested in learning more about the differences between managed and unmanaged disks, click here

Managed disks are only available with LRS data redundancy since they are attached directly to VMs, and these VMs must be able to communicate with disks in a very high throughput, low latency way.  This is why managed disks and the VMs they’re attached to must be in the same region.  Disks come in Standard HDD, Standard SSD, Premium SSD, and Ultra SSD performance flavors.   

Let’s explore each type of managed disk in detail:  

  • Standard HDD (S-type disk – e.g. S4, S10, S20, etc.)
    • Available sizes: 32GB – 32TB in discreet increments (e.g. 32GB, 64GB, 128GB, etc.) 
    • Billed on allocated space, not used space.  Creating an S-type disk of a certain size will result in a bill for the entire size, even if it completely unused. 
    • What you’re billed for:
      • Capacity – approximately $0.048/GB/month 
      • Operations – $0.0005 per 10,000 transactions 
      • Performance: Up to 500 IOPS and up to 60MB/sec throughput (performance varies significantly and can often be far below this limit) 
    • When to use?
      • Very low disk IO applications (e.g. ADFS proxy server) 
      • Test environments 
      • When VM is deallocated but you still want to keep it around, changing it to an S-type disk saves on storage costs 
  • Standard SSD (E-type disk – e.g. E4, E10, E20, etc.)
    • Available sizes: 32GB – 32TB in discreet increments (e.g. 32GB, 64GB, 128GB, etc.) 
    • Billed on allocated space, not used space.  Creating an E-type disk of a certain size will result in a bill for the entire size, even if it completely unused. 
    • What you’re billed for:
      • Capacity – approximately $0.075/GB/month 
      • Operations – $0.002 per 10,000 transactions 
      • Performance: Up to 500 IOPS and up to 60MB/sec throughput (more consistent performance than S-type disks) 
    • When to use?
      • Best for most non-disk IO heavy applications because of nice balance between performance consistency and cost (e.g. domain controllers, file servers).  Not a good fit for high IO database servers. 
      • Production environments, if no SLA is needed 
      • Most VDI desktop workloads for typical users 
  • Premium SSD (P-type disk – e.g. P4, P10, P20, etc.)
    • Available sizes: 32GB – 32TB in discreet increments (e.g. 32GB, 64GB, 128GB, etc.) 
    • Billed on allocated space, not used space.  Creating a P-type disk of a certain size will result in a bill for the entire size, even if it completely unused. 
    • What you’re billed for:
      • Capacity – approximately $0.15/GB/month 
      • Operations – no transaction costs 
      • Performance: 120 – 7500 IOPS and 25MB/sec – 250MB/sec throughput 
    • When to use?
      • Best disk performance for any disk IO intensive applications such as databases 
      • Great for power user virtual desktops and RDS session hosts with many users 
      • Expensive for data storage only when the VM is powered off.  Consider converting P to S or E disk if VM is being deallocated and data stored for archival purposes.
  • Ultra SSD
    • High performance and high cost disk option for very disk IO intensive workloads 
    • Complex billing structure based on provisioned IOPS and throughput in addition to capacity storage 
    • Not commonly used with typical MSP workloads in Azure 
Backup 

Backup Vaults, as the name implies, are used by the Azure Backup service to store backup snapshots.  It is a Block Blob storage container and its cost is based on actual consumption.  Currently, Azure backup supports only Standard HDD performance tiers and LRS and GRS data redundancy options.  The cost of backup vault storage is approximately $0.024/GB/month for LRS and 2X that amount for GRS storage. 

Azure Backup is most commonly used by MSPs to protect data on VMs running inside of an Azure IT environment but can also be used to back up data from on-premises systems.  To protect Azure VMs, the backup vault must reside in the same region as the VMs that are being backed up to it. 

Azure backup can be used to achieve compliance with requirements to save data in multiple geographic locations by selecting the GRS redundancy option when creating the backup vault.  This way, there will be multiple copies of the backup data in the same datacenter where the VMs reside as well as multiple copies in another paired region.  With GRS, Microsoft has pre-defined region pairs.  More information is available here.  

Azure Files 

Azure Files is a PaaS offering.  The easiest way to think about it is as a Microsoft-managed file server where you can create Windows shares and publish them out to the world.  These shares can then be mounted directly on Windows, Linux, and macOS devices, either on-premises or in cloud VMs without any special drivers.   

Azure Files supports LRS, ZRS and GRS storage and costs range from $0.06/GB/month to $0.10/GB/month plus the cost of operations ($0.015 to $0.03 per 10,000 transactions).  Azure Files is currently available with Standard storage only, which significantly limits its performance.  However, Premium storage support is in preview and should be available soon. 

In summary, Azure offers an almost endless list of storage options with varying redundancy, performance, and cost characteristics.  For MSPs, it is important to focus on the storage types that are commonly used for typical IT workloads (managed disks for VMs, Block Blob for Azure Backup and Azure Files for creating SMB shares) and avoid confusion around other storage types that are designed for developers creating applications and repositories. 

Network 

Azure’s flexibility when it comes to networking is vast and not without complexity.  Many network resources are for advanced use cases and for developers who are designing new applications.   

We will focus on 4 network resources that are most relevant to an MSP and the way they interrelate with each other: Virtual NetworksPublic IP AddressesNetwork Security Groups, and VPN Gateways. 

Before delving into the specifics of these network resources, we need to understand how Azure charges for data transfer (aka bandwidth).  The basic rule is that any data coming into an Azure data center is free while going out of an Azure region will be charged on a per GB basis.  It doesn’t matter if the data is leaving a region and going into another region or leaving a region and going into some other, non-Azure location.  In both cases, there is a charge.  However, data transfer within the same Azure region (even across different data centers) is free. 

Costs of Data Transfer 

How much does outbound data transfer cost?  The first 5GB in any given month are free and then it’s $0.05 to $0.087 per GB after that.  Let’s put things in perspective; a 10GB file being downloaded from an Azure hosted VM to your laptop will cost $0.87. 

It is important to note that Azure data transfer is not charged per mbps (using 95% percentile or some other method), but rather per transferred GB of data.  Let’s compare the two methods.   

Colocation Provider A charges $50/month for 1mbps of bandwidth using the 95% percentile method.  Assuming the line is utilized 95% for the entire month straight, that’s equivalent to 60sec/min*60min/hr*24hr/day*30.5days/month * (0.95 * 1mbps) = 2,503,440 megabits per month, or 305GB/month.  For the same amount of data transfer, Azure cost will be $26.48.   

Therefore, a useful number for cost comparison between “GB transferred” and “mbps” based pricing is $26 per fully utilized mbps line.  Since in a typical hosted IT environment the line is utilized only fractionally the cost of bandwidth in Azure is relatively low compared to the way other hosting and colocation providers charge for bandwidth. 

This data transfer fee applies to all methods of transfer: communicating with a VM in Azure, downloading a file from Azure Files, restoring from a backup to outside of the region where the backup vault resides, using site-to-site VPN, etc.  Anytime data leaves the boundaries of an Azure region, there is a charge. 

Networking Structure 

With the cost of data transfer out of the way, let’s delve into the way networking is structured in Azure.  At the top level there is a Virtual Network (vNet).  A vNet has an address space that you as an MSP can define (e.g. 10.1.0.0/16).  All objects within a vNet must fall inside of this address space.  vNet also contains Subnets.  These subnets are a way to segment the vNet into smaller sections.  For instance, you could have a LAN and DMZ subnets within a vNet.   

  • vNet – 10.1.0.0/16
    • LAN subnet – 10.1.0.0/17 
  • DMZ subnet – 10.1.254.0/24 

Subnets that are part of a vNet can have virtual Network Interfaces (vNIC) attached to them.  These vNICs are then attached to a VM and this is the way VMs communicate with each other and the rest of the world. 

VM->vNIC->Subnet->vNet. 

Each vNIC has an assigned private IP address (or addresses), DNS settings, an optional public IP address and other network interface properties.  In Azure, IP address and DNS settings are not set at the Windows level inside of a VM.  Rather, they are set at the vNIC level in Azure.  In Windows, the network adapter is set to DHCP and receives its settings from the vNIC that’s attached to it.  The vNIC itself could have a statically assigned IP address or a dynamic one given to it by Azure via DHCP. 

You can Peer (i.e., connect) different vNets together.  These vNets can be in the same Azure region or you can use Global vNet Peering to connect vNets in different regions. 

Public IP addresses are billable Azure resources that can be assigned to a vNIC.  There are dynamic IP addresses and static IP addresses.  Dynamic ones have a persistent DNS name that resolves to a dynamic IP, while a static IP address has a fixed IPv4 address and DNS name.  The cost of a public dynamic IP address is $3/month while the cost of a public static IP address is about $4/month.  Assigning a public IP address to a vNIC does not automatically expose the VM to the internet.  In order to make it accessible from the internet a Network Security Group rule must be applied.   

Network Security Groups (NSGs) are Azure’s basic network firewall.  They are non-billable network resources.  NSGs are groups of firewall rules that specify what’s allowed or denied into and out of a vNet.  If an NSG is assigned to a subnet its rules will apply to all VMs whose vNICs are part of this subnet.  Alternatively, NSGs can be assigned directly to a vNIC.  In that case, the NSG firewall rules will apply to this single VM only. 

VPN Gateway is a service that allows encrypted, site-to-site IPSec VPN connectivity from an on-premises network or another cloud to an Azure vNet.  VPN Gateways are Microsoft managed resources that get added to a special subnet in a vNet called the Gateway Subnet.  VPN Gateway is a billable network resource and pricing starts at $26/month for a basic gateway with a throughput limit of 100 mbps and support for up to 10 site-to-site VPN tunnels.  The largest VPN Gateway is $912/month and supports 1.25 Gbps of throughput with up to 30 tunnels. 

Microsoft Azure Fundamentals: Complete!

Nerdio empowers MSPs to build successful cloud practices in Azure. We’ll continue to keep up on the latest Azure news and releases and will keep this document up-to-date in the process.  Hopefully, these Microsoft Azure fundamentals helped you to get your head around what is, admittedly, a very complicated subject.

Case Study: Impact Networking Selects Nerdio Manager for MSP for Mature, Modern IT Operations

Learn how a large Chicago-based MSP with operations across the United States has been able to onboard new cloud customers and scale their staff and business by transitioning from Nerdio for Azure to Nerdio’s modern platform for managed service providers – Nerdio Manager for MSP

______________________ 

A Deep, Rich History Starts in Chicago  

Founded in 1999, Impact Networking is one of the fastest-growing managed service providers (MSPs) in the United States, employing more than 800 industry experts at 23 locations across the US. The company specializes in the conception, development and execution of customized strategies and solutions that improve technical, financial, operational, and creative aspects of a business. 

In 2016 as more workloads were being moved to the cloud, whether it be full or hybrid postures, Impact partnered with Nerdio to leverage its private cloud offering at the time for their clients. The two IT companies, both Chicago-headquartered, shared an unwavering commitment to help businesses reduce redundant, manual processes with modern technology and intelligent automation. The white glove support and close collaborative nature displayed by Nerdio, a pre-seed startup at the time, resonated immediately with Impact.  

As Microsoft Azure started gaining momentum, Impact carefully evaluated how to best position offerings around the service and use it to bring new value to their clients who had perhaps outgrown the private cloud solution. Impact’s natural evolution of service delivery was to migrate their clients to Azure itself, leveraging Nerdio for Azure, Nerdio’s SaaS Azure management platform.  

Nerdio for Azure allowed Impact to begin automating the deployment of various infrastructure solutions inside of Azure. They could automate user onboarding and off boardings, license assignments, etc. and navigate Azure more efficiently through Nerdio’s admin portal. More impactful still, Nerdio gave the MSP the chance to standardize every account across all Azure components like resource groups, virtual networking and VM image management. This way they would all follow the same name, be found in the same place, etc. This made it immediately easier for Impact’s engineers to troubleshoot client environments because it was easy to tell when something was out of order. 

Selecting Nerdio Manager for MSP 

Despite their heavy usage of Nerdio for Azure, Impact did not fret when the product sunset was announced. “We knew we were going to be able to rely on our partners over at Nerdio to help,” clarified Daniel Alfaro, Managed IT Operations Manager, at Impact. “And they did not disappoint. Everything had been thought through and communicated so that MSPs had the knowledge at-hand they needed to make their next move.” 

In general, the quality and high-touch nature of Nerdio’s support and Partner Solutions team is one of Impact’s favorite aspects of their partnership. The two teams share inside jokes about Nerdio’s staff being chatbots in disguise because they are so responsive at all hours of the day, night, and weekend. Nerdio’s knowledge base site – help.nerdio.net — also provided the Impact team with a treasure trove of product information, troubleshooting guides, how-to guides and video explainers that helped simplify their transition to Nerdio Manager and gave Impact a way to self-help themselves in a matter of minutes.   

Nerdio Manager for MSP is a multi-tenant management platform that allows MSPs to deploy, manage and optimize Microsoft Azure and its virtual desktop services. Installing Nerdio Manager into an MSP’s Azure tenant lays the foundation for dozens, if not hundreds, of customers to be onboarded and managed from a single intuitive management interface.   

In Impact’s case – they started their transition from Nerdio for Azure to Nerdio Manager for MSP in late fall 2021. By summer 2022 they had several dozen clients with substantial environments, migrated to the new platform. Roughly a third of those were net-new cloud customers.  

“I am 99% confident that we can completely stand up and manage an Azure client entirely in Nerdio Manager without ever having to touch the Azure portal outside maybe the initial setup for registering providers.” – Daniel Alfaro, Managed IT Operations Manager at Impact.  

Exploring + Informing the Latest Nerdio Innovation  

Even though they had long been fans of Nerdio’s product innovation, the Impact team was still surprised and impressed by Nerdio Manager’s features. Overall, the platform was better, faster, and stronger than Nerdio for Azure. Still, three features stood out among the team’s favorites.  

Host Pool Management  

Luis Garcia, Cloud Engineer at Impact, expressed great enthusiasm for Nerdio’s improved host pool management capabilities in Nerdio Manager. He expounded, “I use this every single day. It’s been great for my job. I am constantly in Azure doing something related, whether it’s trying to troubleshoot issues, stand up new host pools, upgrade images – it’s the one feature that I use the most. If you’re trying to do these manually, it requires a lot of steps and time to set things up yourself that could be handled by Nerdio in seconds.” 

REST API  

Automation is critical to the business Impact runs. Having access to Nerdio’s API lets them take the Nerdio automation even further with custom tasks and reporting which lowers their operational and technical overhead. This also reduces risk for their customers and allows Impact to better align operations with their own internal business systems and processes.  

Integrations with Microsoft Intune 

Nerdio’s integrations with Microsoft Endpoint Manager and Microsoft Intune help bridge the management of physical and virtual device management. Alfaro’s team was so excited by these that they created a new job role in the company – their first Modern Workplace Engineer. This role supports a great Azure experience through elements like identity and access management, centralized device management, and more.  

In addition to using the new features, Impact also has played a role in informing them. On average, Nerdio comes out with 10-15 new Nerdio Manager for MSP features each month – almost all driven by direct partner feedback. Impact plays a very proactive role in this regard and recently beta tested Nerdio’s new reporting feature that shows how a client’s Azure deployment compared to the quote provided prior to deployment. This is just one of countless contributions they’ve made to Nerdio’s products over the years.  

“There’s plenty of times where we’ll look at Nerdio’s change log and release notes and we’re like, ’Ah, that’s us, and this one, this one, this one, this one, this one.’ So that’s rare, and frankly awesome,” said Andy Nolan, another one of Impact’s Cloud Engineers. “I think what makes the difference is that it seems as though everybody’s committed to that support from the top down. Anybody at any level in Nerdio’s organization seems genuinely interested in what we’re doing, and the things they can do better to help us do better.” 

Results: Exploring the Impact   

The Nerdio Manager application enables Impact to implement and manage Microsoft Azure tenants for its clients with little effort, improve service for dozens of clients, and greatly increase operational efficiency. 

Furthermore, they are doubling their team of Azure engineers to support the demand they are seeing for Azure and its related services facilitated by Nerdio.  

With their latest Nerdio investment, Impact can easily create and implement trainable, repeatable workflows that has led to increased efficiency among their staff. They spend less time trying to figure out things in Azure and ramping up new hires and spend more time serving customers and solving problems. 

“Nerdio Manager for MSP has truly enabled us to turn around the requests that are sent to us, whether it be quoting or deployment or troubleshooting. Honestly, we’re doubling the size of our Azure engineers, primarily because we’re winning so much business because we’re able to turn things around much faster and stand clients up in Azure in record time.” 

Alfaro adds, “With the additional hires, we hope to create even better processes that will help standardize tasks further and allow our Azure engineers to spend a lot more time on staff education and growth.” 
 

About Impact 

Impact Networking, LLC is a leading national managed service provider (MSP) that specializes in the conception, development, and execution of customized strategies and solutions that improve the technical, financial, operational, and creative aspects of a business. The wide range of services includes Managed IT and Cloud, Cybersecurity, Digital Innovation, Branding and Marketing, and Print and Document Management. Founded in 1999, the company is headquartered in Lake Forest, IL, and maintains 23 branches across the Midwest, West Coast, and Texas, employing over 750 industry experts. For more information, visit www.impactmybiz.com.  

About Nerdio  

Nerdio adds value on top of the powerful capabilities in Azure Virtual Desktop, Windows 365, and Microsoft Intune by delivering hundreds of features that simplify management, ensure efficient operations, and lower Azure compute and storage costs by up to 80% via automation and license optimization.  

Leveraging Nerdio, MSPs can manage customers’ cloud environments through streamlined, multi-tenant, workflow-powered technology that allows them to create and grow cloud-based recurring revenues. Enterprise IT professionals can deliver and maintain a wide range of virtual Windows endpoints across hybrid workforces with ease and fine-tune end-user computing (EUC) approaches for maximum effectiveness using powerful monitoring and analytics capabilities. Learn more at www.getnerdio.com/nmm

mpsWORKS Transitions to Modern, Multi-tenant Azure Management 

As we continue to see a huge shift in MSPs (Managed Service Providers) moving toward cloud-based infrastructure and cloud-delivered Windows, we in tandem are seeing savvy MSPs who have been in the cloud for years and are now looking to optimize and toward “what’s next.”  

We sat down with Robert Bohacek, owner of mpsWORKS, a Florida-based MSP serving the Tampa Bay area, to better understand how transitioning to Nerdio Manager for MSP from Nerdio for Azure has helped him improve his Azure practice and operations.  

Tell Us about How You Initially Approached the Migration to Nerdio Manager  

At the time we moved to Nerdio Manager for MSP we already had six accounts, totaling just shy of 50 seats, managed using Nerdio for Azure.  So, we knew Nerdio’s team and products to be very innovative and helpful.  

The assets created to help partners transition between Nerdio’s MSP products, as opposed to from on-prem or another Azure or AVD (Azure Virtual Desktop) management tool, made the journey more streamlined. After all, migrations can be complex even if you have the most cutting-edge tech.  

There’s a spreadsheet the Partner Solutions team put together that we used to collect documents and the information we needed for the migration. We went one step further by adding a simple technician checklist to the end to ensure the tech who performs the migration for each of the accounts, or with future accounts, is not missing certain steps. This kind of thing is something I’m seeing from Nerdio too with Approvals Workflows and product features that help to eliminate human error.  

What Assets Have Helped You Streamline Your Transition to Nerdio Manager for MSP?  

The planning for a migration guide and the discovery document found on Nerdio’s MSP Knowledge Base not only allowed us to complete the migration successfully, but it also allowed us to take a step back and look at the setups of our different accounts. I’m proud to say that we have also experienced and utilized the migration to a point to actually realize some very important cost savings. 

I would encourage anyone embarking on the transition from Nerdio for Azure to Nerdio Manager for MSP to look at them because the guides allow you to peek inside of the migration process, and you will realize that the steps are not very complex. The guide is split up into detailed sections and each section has a certain number of tasks that you should perform – recommended practices for a successful migration. And some steps will feel very familiar and intuitive because of the day-to-day tasks that you perform in Nerdio for Azure already. 

Did You Encounter Any Specific Challenges During the Migration to Nerdio Manager?  

Some migrations had different identity sources. Some used domain federation identities, some dual tenant identities, and others standard AD DS.  

I do want to point out that I did not have the automation button that migrates Nerdio for Azure accounts directly to Nerdio Manager for MSP. I’ve heard a lot of great things, but we were a bit earlier in our migration and did so before the button was available.  

Which really wasn’t a problem, I just point it out as the lack of the button led us to go back and review each of our accounts. I was glad to do that because it allowed me to sort of sit back and evaluate if the different resources we had allocated in each were appropriate. 

From the Other Side of Migration, What Are Some of the Benefits You’re Seeing?  

Once you get through the migration, you now have a platform that requires even less maintenance and management. As I mentioned earlier, we’ve found important cost savings by standardizing our accounts managed by Nerdio.  

Nerdio Manager for MSP, an ARM-based system, seems to generate a lot less issues with users and FSLogix profiles. We’ve seen a decrease in help desk tickets since switching to the platform. The image templates and other templates seem to work so much better with the newest version of AVD which is ARM-based. The way Azure Files stores and reacts together with hosts seem to work very well, and the handshake between the entire ARM-based system is great.  

I also love the Nerdio Manager interface. The way things happen in the platform is much faster, much more fluid. You don’t have to wait for a certain task, tasks that before you had to go back and check on it. Overall, the interface is very neat, very organized, and there are a ton of features, and new features being added all the time.  

Things in Nerdio Manager are automated to a point where, for example, if you do a small update to a session host you can automatically terminate it after whatever time period you choose. Just as you are in control of the session host schedule and when they turn on, you can dictate whether session hosts be turned off in 30 minutes, an hour, two hours. You can schedule the powering off your desktop template. Because I’m sure that’s happened to everyone: that a tech may have unintentionally left the session running overnight. This creates extra costs and significant costs because, you know, the reserved instance (RI) was only applied to the existing host users are using. 

For any questions about Nerdio Manager for MSP or to get assistance with your migration away from Nerdio for Azure, please contact our team at nmm.support@getnerdio.com.   

How to Make Azure Virtual Desktop (AVD) Deployment More Resilient for Disaster Recovery Considerations

The usage of Azure Virtual Desktop (AVD) is growing fast and AVD has become a mission critical component of many IT environments. Making AVD resilient is an important design consideration when relying on the service for access to corporate data and applications. 

Since AVD deployments consist of several inter-dependent components, we will consider each one individually in the configuration of Business Continuity and Disaster Recovery (BCDR) for AVD. 

Azure Virtual Desktop Components 

The table below lists the various AVD components with their associated DR considerations.   

Disaster Recovery (DR) Scenarios 

When planning for AVD disaster recovery, it is important to identify the possible outage scenarios and decide on the ones to protect against.  Some DR strategies will cover multiple scenarios as we’ll see below. 

Scenario #1:  Corruption of data, metadata, or resources, but no underlying data center or region outage 

In this situation, restoring from backup or rebuilding session host VMs is the best approach.  Let’s review how this applies to each AVD environment component: 

  1. AVD service - because this service is hosted, managed, and backed up by Microsoft there is nothing for you to do.  The AVD service will fail over automatically and Microsoft is responsible for getting everything back up and running within the provided SLA. 
  1. Identity / Directory – If using native Azure AD joined VMs, no action is necessary. Microsoft is responsible for keeping this service operational within the provided SLA.  If using Active Directory, functional AD domain controllers must always be accessible. Azure AD DS operates two domain controllers, in separate availability zones if supported, by default.
    • Recommendation: Use Azure AD native, Azure AD DS, or if using Active Directory create multiple AD domain controllers.  Back up the AD system state and restore, if needed. 
  1. Desktop images - Changes are often made to desktop images during the normal course of AVD maintenance.  Maintaining backups of desktop images is important to be able to quickly recover from any corruption.
    • Recommendation: Use Shared Image Gallery with image versioning. Leverage Nerdio Manager’s built-in desktop image backup functionality to version the images prior to making any changes.   
  1. Session host VMs - Hosts can become unavailable or corrupted in the normal course of operation.
    • Recommendation: Enable Nerdio Manager’s Auto-Heal functionality to automatically repair broken session hosts. 
  1. FSLogix profiles - Corruption of profile containers can be resolved by restoring the corrupted VHD(X) files from backup.
    • Recommendation: Depending on your FSLogix storage technology choice – configure Azure Backup for Azure Files shares, Azure NetApp Files snapshots, or use any backup or versioning method for file server VMs (e.g. Volume Shadow Copies).  Restore corrupted profile containers, as needed. 

Scenario #2: Single datacenter or Availability Zone failure within an Azure region 

Availability Zones are unique physical locations within an Azure region. Each zone is made up of one or more datacenters equipped with independent power, cooling, and networking. To ensure resiliency, there’s a minimum of three separate zones in all enabled regions. The physical separation of Availability Zones within a region protects applications and data from datacenter failures. Zone-redundant services replicate your applications and data across Availability Zones to protect from single-points-of-failure. With Availability Zones, Azure offers an industry-best 99.99% VM uptime SLA.  Learn more here

In the case of datacenter or Availability Zone failure, most components of the AVD environment will automatically fail-over to another Availability Zone with no user intervention required.   

NOTE: Not all Azure regions support Availability Zones for all products.  Review the Regions that support Availability Zones before deploying your AVD environment to select the region that addresses your availability requirements.  Pay special attention to Premium Files Storage if using Azure Files for FSLogix profiles. 

To protect against Availability Zone failure, the initial AVD architecture and design must take zone redundancy into account.  Let’s review this on a component-by-component basis. 

  1. AVD service - because this service is hosted, managed, and backed up by Microsoft, there is nothing for you to do.  The AVD service will fail over automatically and Microsoft is responsible for getting everything back up and running within provided SLA. 
  1. Identity / Directory – If using native Azure AD joined VMs, no action is necessary. Microsoft is responsible for keeping this service operational within provided SLA.  If using Active Directory, functional AD domain controllers must be always accessible. Azure AD DS operates two domain controllers, in separate availability zones if supported, by default.
    • Recommendation: Use Azure AD native, Azure AD DS, or if using Active Directory create multiple AD domain controllers in different Availability Zones
  1. Desktop images – Desktop images stored using ZRS (Zone Redundant Storage) will be available during Availability Zone failure.
    • Recommendation: Store images with ZRS storage.
  1. Session host VMs – Session host VMs running in the datacenter where an outage occurs will go offline.
    • Recommendation: When deploying session hosts, distribute them across Azure region’s Availability Zones using Nerdio Manager’s automation.
  1. FSLogix profiles – FSLogix profiles stored on Azure Files Premium ZRS storage won’t be impact by an Availability Zone failure.
    • Recommendation: Use ZRS storage with Azure Files Premium to store FSLogix profiles 

Scenario #3: Entire Azure region outage 

An Azure region is a set of datacenters deployed within a latency-defined perimeter and connected through a dedicated, regional low-latency network. Azure gives you the flexibility to deploy applications where you need to, including across multiple regions to deliver cross-region resiliency.  Failure of complete Azure regions is highly unlikely and rare.  For more information, see Overview of the resiliency pillar

Failure of an entire Azure region is the most severe scenario.  The best way to protect against this situation is by automatically distributing AVD session host VMs across two Azure regions and replicating FSLogix profile data, thereby creating an Active/Active DR configuration.  If one of the regions becomes unavailable, VMs in the second region can continue servicing users. Learn more about host pool DR in our video below and read further for considerations regarding the different components involved in Scenario 3.

  1. AVD service - because this service is hosted, managed, and backed up by Microsoft, there is nothing for you to do.  The AVD service will fail over automatically and Microsoft is responsible for getting everything back up and running within the provided SLA. 
  1. Identity / Directory – If using native Azure AD joined VMs, no action is necessary. Microsoft is responsible for keeping this service operational within provided SLA.  If using Active Directory, functional AD domain controllers must be always accessible. Azure AD DS operates two domain controllers, in separate availability zones if supported, by default.
    • Recommendation: Use Azure AD native, Azure AD DS replica sets, or if using Active Directory create multiple AD domain controllers in 2 Azure regions. 
  1. Desktop images – Desktop images stored in Shared Image Gallery and replicated to multiple regions will be available during a single region outage.
    • Recommendation: Geo-replicate desktop images with Nerdio Manager and Shared Image Gallery. 
  1. Session host VMs – Session host VMs running in the Azure region where an outage occurs will go offline.  If there are available session host VMs in a secondary region, users will be able to reconnect and continue working.
    • Recommendation: Leverage Nerdio Manager’s Active/Active host pool DR to automatically distribute session hosts across two selected Azure regions. 
  1. FSLogix profiles – Users won’t be able to work without access to the FSLogix user profiles.  Profiles must be continuously replicated in multiple regions.
    • Recommendation: Use Nerdio Manager’s FSLogix Cloud Cache functionality to replicate user profiles across two Azure regions. 

Configuring an AVD environment to be resilient to an Azure region failure (scenario #3) will also cover Azure Availability Zone failure (scenario #2).  The outlined approach works best for pooled AVD deployments.  Personal desktops can also be protected, but the approach is different.  Protecting personal desktops involves using Azure Site Recovery in an active/passive configuration. 

Summary Table 

For more information on Nerdio Manager for Enterprise, click here.

For more information on Nerdio Manager for MSP, click here.

Microsoft Intune 101: A Beginner’s Guide

Microsoft Endpoint Manager (MEM) is Microsoft’s cloud-based device management platform, which Nerdio Manager for MSP launched integrations with in February 2022. Within this, Microsoft Intune provides granular control of your physical and virtual desktops and laptops. Intune can manage mobile (iOS / Android) devices as well as Windows and Mac OS.   

The Challenge 

Historically, organizations have managed their end-user devices with a variety of products, most commonly Microsoft System Center Configuration Manager. These products work well when managing devices attached to internal networks, but managing external devices can be complex and challenging given today’s work landscape. A significant proportion of employees are working in a hybrid manner, moving devices between the office and the home, therefore a new device management solution is needed which better fits these requirements. 

Microsoft Intune

Intune is different from traditional solutions; the product was designed as a web-based device management solution. Moreover, it can manage the device enrollment lifecycle. By taking advantage of Intune’s “Windows Autopilot” feature, which you can learn more about here, end-users can have brand new devices delivered to their home from the manufacturer or reseller. These devices will then auto-provision themselves out of the box, deploying the settings and applications required for the user. There are many steps to achieving such an outcome, but the key point is – it’s possible! 

Key Features 

Autopilot is just one aspect of Intune. The service covers the full range of device management requirements. Let’s examine some of the key benefits.  

Policy and Security 

Compliance policies allow you to control which devices are allowed to access services based on their compliance. This allows devices to be checked and either barred from using corporate services or flagged within the console until they meet the specific requirements, such as having antivirus enabled. These policies are fully configurable. 

Configuration profiles are analogous to group policies, and you can even import existing group policy objects into your configuration profiles in order to manage device configuration settings. 

Intune also allows the creation of various security policies and features, including DLP policies. Enrolled devices can also be rebuilt, blocked or wiped at the discretion of an administrator.  

Application Deployment 

Intune can be used to manage application deployment to your devices, including Win32, MSI and Windows Store applications. The corporate iOS App Store and Google Play stores can also be linked, allowing application management for mobile devices.  

Patching and Updates 

Windows quality and feature updates can be managed from the console, and the status of devices can be recorded in a log analytics workspace for reporting purposes. 

Mobile Device Management (MDM) vs Mobile Application Management (MAM)

MDM is generally used to manage corporate devices, where all aspects of the devices should be managed and controlled by the organization. MAM is generally used for lighter touch management on personal devices, where you need to control specific corporate applications or data, but you do not want to compromise the sovereignty of the user’s personal device. 

Where to Start?

It’s important to recognize that a move to Intune-based device management does not require a “big bang” or “all in” approach. We recommend that you identify a small subset of devices – maybe 5-10 – for initial testing. Defining your management objectives and device types prior to piloting the service is beneficial. There are five key questions you should ask before starting out, and Microsoft has plenty of guides (linked below) to help: 

  • Application Delivery 
  • Patching & updates 
  • Device restrictions or policies 
  • AutoPilot Deployment 
  • Security & DLP 

Still need help getting started? Check out Microsoft’s documentation for setting up Intune here or schedule some time to chat about your Intune needs + questions with our experts.  

NerdioCon Day 3 Recap

On the final day of #NerdioCon23, we had lots of amazing presentations and content! Thank you to all our speakers and sponsors for making NerdioCon23 as amazing as possible. Thank you for the great day, the amazing closing party, and an overall unbelievable week!

Keynotes  

We had a few fantastic keynotes from some channel superstars and industry vets that you didn’t want to miss!

Nerdio’s “Ask Us Anything” Presentation to wrap up the amazing week

Breakout Sessions and Roundtables

Our Breakout track continued. We also had a second round of our new and popular Partner Roundtables. Tons of opportunities and learnings available for both MSPs and Enterprise partners alike.

Partner Roundtables – Day 3

Closing Party!

Thank you for NerdioCon23

Once again, a huge thank you to all those who attended NerdioCon this year. And a second huge thank you to our staff and sponsors – without all of you, this wouldn’t be possible. NerdioCon23 was a blast, and we can’t wait to see what’s in store for NerdioCon24.

Vadim Vladimirskiy & Scott Manchester Discuss Nerdio Evolution

In this video, you’ll learn from Nerdio’s Vadim Vladimirskiy and Microsoft’s Scott Manchester how the companies’ collaboration is driving innovation in cloud technology. Learn how Nerdio and Microsoft are enabling businesses of all sizes to harness the power of the cloud. Watch their discussion below.