What is Windows 365 & How Does Nerdio Fit In?

It’s here, Microsoft’s Windows 365, a new era in cloud-based end-user computing as announced during Microsoft Inspire on July 14th, 2021. Here at Nerdio, we couldn’t be more excited about this next step in delivering virtual desktops from the Azure cloud. Windows 365 will offer a simplified management and a slightly different commercial model.  

In this blog post, we will delve into the world of Windows 365, exploring its features, benefits, and how Nerdio complements this revolutionary solution. By understanding the intricacies of Windows 365 and Nerdio’s role, you will gain insights into how these technologies can elevate your organization’s productivity, simplify IT management, and enhance the end-user experience.

Windows 365 harnesses the power of the cloud to deliver a secure and seamless Windows desktop experience. It eliminates the traditional barriers of device limitations, software compatibility, and infrastructure management. With Windows 365, users can enjoy a familiar Windows environment, complete with their personalized settings, applications, and data, accessible from virtually any device with an internet connection. We will explore the remarkable features of Windows 365, such as instant-on boot, dynamic scalability, and simplified updates, enabling organizations to optimize their operations and empower their workforce.

For the past year, Nerdio worked closely with Microsoft Engineering to help develop Windows 365 and provide support for Cloud PCs in Nerdio Manager for MSP and Nerdio Manager for Enterprise on Day 1 of availability. 

Windows 365 in a Nutshell

Windows 365 is a Microsoft 365 virtual desktop product. It offers organizations a monthly fixed-price subscription to a Cloud PC that is dedicated to a user and can be managed using the exact same tools as a traditional Windows PC. Making a Cloud PC available to a user (once the initial environment is set up) is a matter of assigning a M365 license.

Each Cloud PC is a persistent VM that is dedicated to a specific user at a fixed price per user per month and is part of the Microsoft 365 cloud rather than Azure. Any applications that are installed on the Cloud PC do not disappear when the user logs off or shuts down his or her machine. Also, the user profile is not offloaded to a file share using FSLogix; it is local to the (virtual) machine. The Cloud PC is based and built upon the existing global Azure Virtual Desktop infrastructure as part of the Azure Cloud.

All security software agents, licensed applications or patches recognize the VM as a single-user, traditional Windows device running on the same Windows 10/11 Enterprise operating system. Windows 10 EVD (multi-session) is not currently supported. All this is important to make Cloud PCs behave and be managed together with and like physical devices, and over time replace physical machines with Cloud PCs. 

Being part of M365 means that Cloud PCs are purchased through the same channels as E3 and E5 that most organizations are already using – and use to leverage Azure Virtual Desktop as well.

Cloud PCs are delivered as a SaaS offer and managed through Microsoft Endpoint Manager and the M365 admin portal, rather than through the more complex Azure portal like AVD (unless you are using Nerdio Manager, of course).

Management Options

Windows 365 Cloud PCs come in two flavors; Enterprise (MEM-managed) and Business (self-service), as always both have pros and cons.

Companies who might have already invested in Enterprise (Microsoft Endpoint Manager) for managing their physical devices, for example, would be able to dip their toes into Windows 365 without too much trouble. All you need is an additional Intune license for each user assigned to a Cloud PC – these can be purchased separately as well, also see below.

The Business edition works a bit differently. Business Cloud PCs do not require a MEM/Intune license, though they need to be managed entirely by the end-user, just like a standalone physical PC. Depending on what you are used to or are looking for this might or might not fit your needs.

If you do not have Enterprise in place, using the Business model might be an easy way to start exploring if Windows 365 fits your needs. Setting up and getting started with MEM takes time and Enterprise Windows 365 needs some additional attention when it comes to setting up your Azure tenant and network, Active Directory, etc. and there are a few other things to keep an eye on. 

Business Cloud PCs, however, run entirely in Microsoft’s Azure subscription. You won’t even need your own tenant/network, no Intune license, no Active Directory prerequisite, etc. Simply assign a Business Cloud PC license to a user in the Microsoft 365 Admin portal and the new desktop gets provisioned within an hour. 

There’s a big difference from a networking perspective as well. While Enterprise Cloud PCs have the same capabilities as with AVD, meaning customers can fully manage and control things like routing, VPN, firewall, etc, this is not the case with Business Cloud PC VMs. Their network interfaces are part of a Microsoft-managed network, which as a consumer, you have no control over whatsoever.

There are more details to cover but this should at least give you an idea on some of the options available.

Licensing

From a licensing perspective, you need a Windows 10/11 Enterprise subscription and Intune license (if using Enterprise cloud PCs). Meaning, you’ll need the same Windows subscription license requirement as with Azure Virtual Desktop. 

A physical device license (e.g. OEM) doesn’t qualify. Only a M365 subscription to Windows can be used for Windows 365 Cloud PCs. Some popular M365 SKUs that include a Windows Enterprise subscription are M365 Business Premium, E3, E5 and Windows 10 Enterprise E3/E5/VDA.  

To manage Windows 365 via Enterprise, an Intune license is required. These licenses come with M365 E3, E5 and Business Premium subscriptions and can also be purchased as standalone licenses. 

In short, if you are already leveraging AVD or are thinking of doing so, Windows 365 can easily be leveraged alongside. And since it is al subscription based and no minimums apply you should be up and running in no time and if it doesn’t work out, you’ll just hand them back over to Microsoft – one of the main advantages of leveraging cloud technologies.

Where Nerdio Comes In

As you’ve probably noticed, while Windows 365 does address various challenges it also comes with restrictions, limitations, and potentially introduces a (steep?) learning curve when it comes to setting up and operating MEM, for example.

Simplicity also comes with less flexibility, unfortunately.

In an upcoming blog post I will share some of the main differences, things to consider and think about before choosing Azure Virtual desktop over Windows 365 or vice versa, it could also be both, of course.

With Windows 365, Microsoft aims to ease management by leveraging the same tools used to manage existing physical desktop and other types of virtual desktops. Of course, if you’re already using AVD, or have been thinking about doing so, this means you would now be using the Azure portal for AVD ongoing management and to manage the network settings of Enterprise Windows 365 alongside Microsoft Endpoint Manager.

Business Windows 365 PCs do not have a dedicated management portal, except for the 365 portal to hand out licenses and starting the provisioning process. But that’s where it ends. Ongoing management will need to be done by the end user or by using some other form of third-party management tool.

This is where Nerdio shines (again)!

As we do for Azure Virtual Desktop, Nerdio Manager now also offers additional management capabilities on top of the native Windows 365 service (Enterprise and Business), making it extremely simple to manage and optimize alongside AVD; they go hand-in-hand, you could say. This applies to both the MSP and Enterprise version of Nerdio Manager.

Enterprise Cloud PCs support Microsoft-provided images based on Windows 10/11 Enterprise (single-user only and persistent only, remember), or any custom images that a customer might have available in their subscription.

Nerdio already offered unparalleled image management options for AVD and now for Windows 365 as well, all from a single management interface, side-by-side. This makes image-based software deployments, updating and patching your MEM-managed Windows 365 machines a breeze since everything can be automated and scheduled at will.

While you might not necessarily need a File Server or an Azure Files file share, for example, if you do; all this can be auto provisioned, autoscaled, and fine-tuned from Nerdio Manager as well. This would apply only to Enterprise Windows 365 as they offer the same networking flexibility compared to AVD.

A few options are available as of day one:

  • Prepare your environment with all pre-requisites for Windows 365
  • Create and manage on-premises network connections and provisioning policies
  • Create and manage desktop images, including backups and versioning
  • Manage Active Directory profiles
  • Assign users, groups, and licenses
  • Provision and re-provision cloud PCs
  • Restart cloud PC machines
  • Manage multiple environments from a single interface (multi-tenant) 
  • Manage cloud PC user settings (i.e., local admin role)
  • Consolidated view of all cloud PCs provisioned and their status
  • All Windows scripts scripted actions capabilities of Nerdio Manager
  • Everything is audited and can be viewed in detail
  • And a whole lot more (coming)

In Short…

Nerdio Manager for MSP provides Manage Services Providers with a unified console to price, deploy, manage, and optimize all types of virtual desktops in the Microsoft cloud – both AVD and Windows 365 – across multiple customers. Selecting the right technology for the right use-case and deploying it with ease, using best practices, and in the most cost-effective manner. 

Nerdio Manager for Enterprise helps IT pros enable Windows 365 in their existing Azure environment and to manage both AVD and Windows 365 from a unified console leveraging powerful and automated image management, monitoring, auto-scaling, and scripted actions. Nerdio Manager enables migration scenarios from AVD to Windows 365 and vice versa so each user can get the right type of virtual desktop in the most cost-effective way. 

AVD is a flexible, Azure-based VDI solution while Windows 365 is a simpler and more limited cloud PC service. Nerdio Manager integrates the two services into the simplest, most cost-effective, and automated way to deploy, manage and optimize virtual desktops and applications in the Microsoft Cloud. 

 CLICK HERE TO LEARN MORE ABOUT WINDOWS 365

These are exciting times. With Windows 365 Cloud PC, Microsoft offers another, and in some cases more simplified way, to leverage cloud-based virtual desktops at a fixed price. Though, before getting too excited, make sure to read through the details, prerequisites and such, or come and have a talk with us, we’ll make sure to pick the right solution for your use-case while keeping a strong focus on ongoing manageability and the financial side of things.

Thank you for reading!

Azure Virtual Desktop vs. Windows 365 for Business: Which One is Right for Your Organization?

Azure Virtual Desktop for Business

What is Azure Virtual Desktop?

If you’re interested in a deep dive comparing Windows 365 to Azure Virtual Desktop across several technical dimensions like architecture, IT administration, end-user experience, and licensing and infrastructure costs then take a look at Windows 365 vs. Azure Virtual Desktop (AVD) – Comparing Two DaaS Products. 

In this blog post, we will explore the key factors that can help you make an informed decision when choosing between Windows 365 and Azure Virtual Desktop. By examining critical aspects such as deployment flexibility, scalability, cost efficiency, management capabilities, and integration with existing IT infrastructure, we aim to provide valuable insights and guidance to guide your decision-making process.

Windows 365, the cloud-native virtual desktop solution, offers simplicity and convenience. It seamlessly integrates the familiar Windows experience with the power of the cloud, enabling users to access their desktop, applications, and data from anywhere, on any device. Its user-centric approach caters to businesses seeking a solution that requires minimal setup, centralized management, and simplified end-user experience. We will dive into the specifics of Windows 365, exploring its unique benefits and how it can empower your workforce while optimizing productivity.

On the other hand, Azure Virtual Desktop (AVD) provides a robust and highly customizable virtualization platform built on Microsoft Azure. It offers businesses the flexibility to build tailored virtual desktop environments, accommodating specific requirements and complex scenarios. AVD provides advanced capabilities, such as custom image management, deep integration with Azure services, and the ability to leverage existing investments in Azure infrastructure. We will explore the intricacies of Azure Virtual Desktop, examining how it can cater to businesses seeking highly customizable virtualization solutions that align with their specific needs.

Throughout this blog post, we will compare and contrast the deployment options, management capabilities, scalability, performance, security, and cost considerations of both Windows 365 and Azure Virtual Desktop. Armed with this knowledge, you will be better equipped to choose the solution that best aligns with your organization’s goals, resources, and long-term strategy.

“Is the iPad an oversized iPhone or a small laptop without a keyboard?” 

This was the question many were asking when the iPad was first introduced by Steve Jobs in 2010.  Today, more than a decade later, we know that it is neither.  iPad created a brand-new tablet computing category.  It didn’t replace the smartphone and didn’t make the laptop obsolete.  It created new use-cases and markets for tablet devices.  

With the introduction of Windows 365 in July 2021, a similar question is being asked.   

“Is Windows 365 a new type of virtual desktop or a replacement for a physical PC?”  

On one hand, Windows 365 Cloud PCs are virtual desktops similar to those delivered by Azure Virtual Desktop and other similar services.  On the other hand, it is a personal Windows device that is managed and behaves the way a physical device does.  Cloud PC is likely to create a new category of computing.  One that will complement both the physical PC and virtual desktop. 

In this article, I will compare Windows 365 to the existing Azure Virtual Desktop service that many are already familiar with and analyze several use-cases where Windows 365 is the right choice and somewhere AVD is the way to go.  In a future article, we’ll compare Windows 365 Cloud PCs to their physical equivalents.   

6 use-cases where Windows 365 is a better fit

1. Fewer than 10 desktops 

If there are a small number of desktops in the IT environment, then Windows 365 Business is the perfect choice.  It does not require any pre-requisites like AVD does.  For example, there is no need for an Active Directory configuration or a storage location for FSLogix containers.  Therefore, from an ease of deployment, management, and cost-effectiveness perspective Windows 365 Business is a clear winner. 

2. No current/planned Azure footprint 

Some organizations have simple, cloud-only IT environments with Microsoft 365 and other SaaS products and no infrastructure footprint in Azure with no plans to add any such infrastructure.  In this scenario, Windows 365 Business is an excellent choice because it is easy to assign desktops to users and there is no administrative overhead for IT admins. 

3. No prior desktop virtualization experience 

Only a small fraction of Windows devices are virtualized today with technologies like AVD.  Desktop virtualization is a complex technology requiring a specialized skill set.  Many organizations do not possess such a skill set and are not looking to build it.  In this scenario, Windows 365 Enterprise is a great option.  It does not require knowledge of multi-session administration, profile encapsulation, auto-scaling, and other complex concepts found in AVD.  Instead, it provides a simpler way to deploy and manage Cloud PCs alongside existing physical PCs in much the same way.   

4. Current investment into Microsoft Endpoint Manager 

Organizations that have already made an investment into Microsoft Endpoint Manager to administer physical desktops and laptops will find Windows 365 an easy way to extend their existing environment with Cloud PCs.  Similar policies can be used to manage both physical and Cloud PCs. 

5. Personalized desktops and local admin rights 

Cloud PCs are designed to be dedicated, personalized VMs belonging to each individual user.  These users may need the ability to administer their own PCs by installing software or making other configuration changes that require local administrator rights.  Windows 365 Cloud PCs make it easy for IT to delegate administration of Cloud PCs to their users.   

6. Users need to access desktop 24/7 

Auto-scaling is a common way to save on Azure costs when using Azure Virtual Desktop.  Cloud PCs, on the other hand, run 24/7 and shutting them down does not save any costs.  If users need access to their Cloud PC on a 24/7 basis (or even more than 55 hours per week), then Windows 365 is not just easier to deploy and manage, it is also more cost-effective. 

3 scenarios where Azure Virtual Desktop may be a better fit

1. RemoteApp application streaming 

Sometimes all that’s needed is a published application rather than a complete Windows desktop session.  In these scenarios using a full Cloud PC (or AVD desktop) would be overkill and a published RemoteApp application is a better way to go.  Since RemoteApps cannot be published from Windows 365 Cloud PCs, Azure Virtual Desktop is the preferred choice. 

2. High fluctuations of number of desktops needed throughout the month 

Windows 365 licenses are monthly subscriptions.  Once purchased, they are available for use and the cost is incurred regardless of users actually making use of their desktops.  In IT environments where numbers of virtual desktop users fluctuate throughout the month, AVD may be a better fit.  Azure Virtual Desktop infrastructure costs are only incurred when users are actually consuming the resources whereas Windows 365 costs are incurred as soon as a per-user license is purchased. 

3. Cost is primary consideration 

When cost is the primary consideration and pooled Azure Virtual Desktops can be used to consolidate several users on a shared VM, then AVD will be the better option since it will be more cost-effective than Windows 365 in this scenario.  On average, pooled AVD desktops are up to 58% less expensive than dedicated Cloud PCs.  Even auto-scaled personal AVD desktops can be up to 9% cheaper than Windows 365 equivalents if users only utilize their desktop 50 hours per week.  Finally, Windows 365 costs are determined by the number of users with assigned Cloud PCs, regardless of actual usage.  Azure Virtual Desktop infrastructure cost is determined by the number of concurrent users, which is often much lower than the total number of users assigned to desktops. 

Comparing Windows 365 Cloud PC license costs vs. Azure Virtual Desktop Azure consumption 

There are several considerations that come into play when deciding on the right virtual desktop technology for your organization.  Microsoft provides customers with ample choice and meets customers where they are in terms of admin tooling, existing licenses, and Azure expertise.  Here we’ll explore the cost efficiency of different virtual desktop use cases and determine when Windows 365 fixed-price licenses are more cost-efficient than usage-based AVD infrastructure costs.  For this discussion, we’ll assume that Windows OS licensing costs are the same in both AVD and Windows 365 scenarios and focus exclusively on the cost of the infrastructure. 

Windows 365 license costs depend on the hardware specs needed by a user.  Each desktop comes with a certain number of vCPUs, GB of RAM, and SSD storage.  If we align the vCPU and RAM configuration of each Cloud PC license with a comparable Azure VM size and managed disk we can then compare their costs side-by-side. 

Since Cloud PCs are dedicated, persistent desktops they are most similar to AVD personal desktops. If we compare Cloud PCs with equivalently sized personal AVD desktops, using a VM on a 3-year reserved instance, we’ll see that the prices are very similar and Windows 365 is slightly less expensive for some sizes and much more cost-effective for the largest VMs.  On average, Windows 365 is 11% cheaper than a comparably sized Azure VM and managed disk running 24/7 on a 3-year reserved instance. 


If we assume that users are using their personal AVD desktops 50 hours per week (10 hours X 5 weekdays) and the VMs are stopped the rest of the time, then there will be cost savings by using personal AVD desktops with pay-as-you-go VM pricing and powering them off outside of the 50 work hours (70% of the time).  There are a few scenarios when Cloud PC is about the same cost as an AVD personal desktop, but on average, Azure Virtual Desktop personal desktops are 9% cheaper than Cloud PCs in this use-case.  


Let’s take this a step further and assume that not all users need a dedicated personal desktop and groups of users can be pooled together on multi-session AVD session hosts.  We can see that there are significant per-user savings with AVD pooled desktops using Reserved Instances (RI).  On average, the cost of a pooled Azure Virtual Desktop user on VMs that run 24/7 using 3-year reserved instances is 53% lower than Windows 365


Combining pooled AVD desktops with auto-scaling provides the deepest savings when using Azure Virtual Desktop as compared to Windows 365.  Assuming that users are working 10 hours/day, 5 days/week the average savings is 58% when using pay-as-you-go VMs with auto-scaling. 


Another important consideration is that Cloud PCs are priced per-named user.  Meaning that a license is consumed for every user who is assigned to a Cloud PC – regardless of whether this user ever connects to the desktop.  AVD desktops, on the other hand, only consume infrastructure when concurrent users are logged in.  If no users are connected, no session host VMs need to be powered on.  As more users log in, more infrastructure is brought online to accommodate the demand.   

In most environments, user concurrency is a fraction of the total named users at any given time – often 50% or less.  This means that the cost savings in an AVD desktop environment will be even greater than presented in the tables above when concurrency is considered. 

In summary, we see that Windows 365 Cloud PCs are most cost-effective when users need dedicated, persistent desktops and will be using them more than 55 hours per week.  With users who do not need dedicated, persistent desktops, there is significant infrastructure cost savings by using pooled desktops and auto-scaling technology. 

Free White Paper Download!

Microsoft Windows 365: Introducing a New Product to End-user Computing

Windows-365_-Introducing-a-New-Product-to-End-user-Computing-2

On July 14th, 2021 at the annual Inspire conference, Microsoft announced a new service that holds the promise to establish Windows desktop virtualization as a modern, cloud-native way to deliver Windows applications to users on any device.  Coming on the heels of Azure Virtual Desktop (AVD), Windows 365 is a service that is complimentary to AVD rather than its replacement.  The key differences are its simplified management and commercial model. 

In September 2019, Microsoft made history with the release of Windows Virtual Desktop (now Azure Virtual Desktop) and finally embraced desktop virtualization as a legitimate, modern way to deliver Windows applications from the cloud.  AVD grew rapidly in popularity, much faster than anyone anticipated, largely fueled by COVID-related remote work requirements.  AVD is an Azure-based VDI service designed for maximum flexibility and is wildly popular with end-user compute (EUC) veterans.

Welcome to the world of Microsoft Windows 365, a revolutionary product that brings a new era of end-user computing. In this rapidly evolving digital landscape, organizations and individuals alike are seeking innovative solutions that enhance productivity, flexibility, and security while simplifying the complexities of managing technology infrastructure. Windows 365 is poised to address these needs by seamlessly integrating cloud technology with the familiar Windows experience, offering a comprehensive and streamlined approach to computing.

Say goodbye to the limitations of traditional desktop environments, hardware dependencies, and software compatibility headaches. With Windows 365, the power of the cloud is harnessed to deliver a secure, scalable, and personalized Windows experience to users across a wide range of devices. This breakthrough solution enables individuals to access their desktop, applications, and data from anywhere, at any time, providing unparalleled flexibility and mobility.

There are more than a billion devices running Windows, but only a small fraction are virtualized.  Even with Azure Virtual Desktop, there is significant expertise required to set up and maintain a virtual desktop environment.  Managing virtual desktops requires an understanding of desktop imaging, multi-session OS application management, auto-scaling, and other advanced concepts.  Most importantly, AVD desktops are built on top of the Azure cloud, which is priced based on consumption.  This means that predicting the cost of a user’s virtual desktop is challenging because it depends on usage; some months the Azure bill may be higher than others.

Windows 365 aims to significantly grow the virtual desktop market by solving the technical and commercial complexity challenges.  While today desktop virtualization penetration is likely around 10% of the total Windows market, with Windows 365 this number can grow fast over time.

What Exactly is Microsoft Windows 365?

Windows 365 is a virtual desktop service that’s part of Microsoft 365.  It offers organizations a fixed-price monthly subscription to a cloud PC that is dedicated to a user and can be managed using the exact same tools as a traditional Windows PC. Making a cloud PC available to a user (once the initial environment is set up) is a matter of assigning a M365 license.  Three key properties of Windows 365 are worth repeating and emphasizing.  A cloud PC is dedicated to a user, fixed price, and part of the Microsoft 365 cloud rather than Azure.

Dedicated and Persistent

A cloud PC is a complete replacement of a user’s traditional Windows machine.  Therefore, it behaves exactly as a physical device would.  Each cloud PC is a persistent VM that is dedicated to a specific user.  Any applications that are installed on the cloud PC do not disappear when the user logs off.  The user profile is not offloaded to a file share using FSLogix.  All security software agents, licensed applications or patches recognize the VM as a single-user, traditional Windows device running the same Windows 10/11 Enterprise operating system.  Windows 10 EVD (multi-session) is not currently supported.  All this is important to make cloud PCs behave and be managed together with physical devices and over time replace physical machines with cloud PCs.

Fixed Monthly Price

Windows 365 cloud PCs are monthly product SKUs in Microsoft 365 just like M365 E3 or other M365 products.  There is no consumption-based pricing, as with Azure Virtual Desktop.  Purchasing physical Windows devices is predictable from a pricing perspective and Windows 365 delivers the same predictability when buying cloud PCs.  There are several SKUs for different sizes of cloud PCs that vary in CPU, RAM, and storage specs.  A user’s license can be upgraded to a larger cloud PC size at any time.

Microsoft 365 Cloud, Not Azure

Microsoft 365 is the most popular SaaS platform in the world.  Being part of M365 means that cloud PCs are purchased through the same channels as E3 and E5 that most organizations are already using.  Cloud PCs are delivered as a SaaS offer and managed through Microsoft Endpoint Manager and the M365 admin portal, rather than through the more complex Azure portal like AVD.

Think of the virtual desktop evolution from on-premises RDS to Azure Virtual Desktop to Windows 365 in the same way as Exchange messaging evolved from on-premises Exchange server to hosted Exchange to Office 365.  Once Office 365 solved technical and transactional complexity challenges adoption exploded.  Microsoft is hoping the same will happen with desktop virtualization now that Windows 365 is part of the same Microsoft 365 SaaS platform.

How Much Does Windows 365 Cloud PC Cost?

There are two cost components to a cloud PC: compute license and software license.

Compute capacity is purchased via a cloud PC license.  At general availability there will be 12 cloud PC sizes ranging from 1 vCPU to 8 vCPUs, 2 GB to 32 GB of RAM, and 64 GB to 512 GB of storage.  

From a licensing perspective, you need a Windows 10/11 Enterprise subscription and Intune license (if using Enterprise cloud PCs).  The Windows subscription license requirement is the same as in Azure Virtual Desktop.  A physical device license (e.g. OEM) doesn’t qualify.  Only a M365 subscription to Windows can be used for cloud PCs.  Some popular M365 SKUs that include a Windows Enterprise subscription are M365 Business Premium, E3, E5 and Windows 10 Enterprise E3/E5/VDA.

To manage cloud PCs via Microsoft Endpoint Manager (MEM) an Intune license is required.  These licenses come with M365 E3, E5 and Business Premium subscriptions and can also be purchased stand alone.

How Does Windows 365 Work?

There are two versions of cloud PCs: Enterprise and Business.

Enterprise cloud PCs are designed for organizations who have invested in Microsoft Endpoint Manager and are using this powerful platform to manage their existing physical Windows 10 desktops.  Enterprise cloud PCs require an Intune license for each user who is assigned a cloud PC M365 SKU.

Business cloud PCs are designed for individual users and very small businesses who typically go to their local Best Buy when they need a new computer.  Now, instead of Best Buy, they can go to Microsoft and subscribe to a new cloud PC and have it ready to use in an hour.  Business cloud PCs do not require MEM/Intune license and are managed entirely by the user, just like a standalone physical PC.

The diagram below depicts the deployment architecture of both Enterprise and Business cloud PCs.

Enterprise Cloud PC Architecture

Enterprise cloud PCs are Azure and Active Directory dependent.  An Azure subscription with a properly configured network is required with access to Active Directory that has Azure AD Hybrid Join enabled.  Azure AD DS is not currently supported and cloud-only, Azure AD join is not currently supported either.

The VM itself runs in a Microsoft-managed Azure subscription, which means admins don’t have access to it directly and are not incurring the cost of this VM in their own Azure subscription.  However, the VM’s network interface card (NIC) is “injected” into a vNet in customer’s Azure subscription.  All network traffic enters and leaves the VM via the customer-managed vNet.  Egress transfer costs are incurred by the customer.

Since admins don’t have direct access to the VM running in Microsoft’s Azure subscription, all management tasks (e.g. software installation, patching, policies) are performed through the Microsoft Endpoint Manager portal.   

Enterprise cloud PC pre-requisites:

  • Azure subscription with vNet
  • Azure vNet can access Active Directory domain controller (i.e. a PC can be joined to the domain). Custom DNS servers, necessary routing, and firewall access to AD.
  • Azure AD Connect configured and running within Active Directory with Azure AD Hybrid Join enabled
  • Intune enabled on Azure AD tenant (each cloud PC user needs Intune license assigned)
  • Admin setting up the initial deployment must be an Owner of this Azure subscription
  • Azure AD DS is NOT supported

Enterprise cloud PC high-level setup steps (without Nerdio Manager):

  • In Microsoft Endpoint Manager create an “on-premises network connection” pointing at the vNet and provide AD credentials to join new VMs to domain. The network connection and AD credentials will be validated automatically.  This process may take a while.
  • Upload an existing custom Windows 10 Enterprise image or use a clean, Microsoft-provided gallery image
  • Create a cloud PC “provisioning policy” that combines an “on-premises network connection” with a desktop image. Assign this provisioning policy to an Azure AD security group.
  • Add users to the Azure AD security group that the provisioning policy is assigned to

Enterprise cloud PC user entitlement:

  • Once the above pre-requisites and setup steps are completed, entitling a user to a cloud PC is very easy. Simply assign a cloud PC license to the user via Microsoft 365 Admin portal.
  • As long as the user is a member of a security group that’s assigned to a cloud PC provisioning policy and the network connection is “healthy” a new cloud PC will start provisioning. It will take up to an hour for the cloud PC to be ready for the user to log into.

Business Cloud PC Architecture

Business cloud PCs are VMs that run entirely in Microsoft’s Azure subscription, including the network interface cards.  There is no Azure subscription needed to be provided by the customer. There is also no Active Directory dependency since Business cloud PCs natively join Azure AD.  There is also no requirement of an Intune license.

Business cloud PCs route all network traffic through Microsoft-controlled network infrastructure and there is no way for admins to control the inbound or outbound connectivity to/from these VMs.  There is currently no way to assign static IPs to Business cloud PCs.  Since these cloud PCs run in Microsoft’s Azure subscription and are not Intune-enrolled, there is no admin interface to manage them.  They can only be managed directly by the user, just like a standalone physical Windows device.

There are no pre-requisites and no setup steps needed for business cloud PCs.  Simply assign a Business cloud PC license to a user in the Microsoft 365 Admin portal and the new desktop gets provisioned within an hour.  The user will get an email notification with login instructions to start using their new cloud PC.

End-user Experience

Windows 365 is built on top of Azure Virtual Desktop global infrastructure and will be familiar to those with AVD experience.  The end-user client apps are the same as AVD and are available for Windows, MacOS, iOS, Android and HTML.  When connecting to a cloud PC, a user will authenticate to Azure AD using the AVD client and all cloud PCs that the user is entitled to will appear in the feed.

Leveraging the same infrastructure as AVD provides users the advantage of a unified experience across Windows 365 and Azure Virtual Desktops.  Admins can control the resources visible to individual end-users and the user will see everything in a single feed using the same app.  The authentication and multi-factor experience will also be very familiar since it leverages Azure AD, which is used for M365 and AVD authentication.

Step 1: Go to https://cloudpc.microsoft.com and log in

Step 2: Connect to cloud PC in browser or download the Remote Desktop client app

How Nerdio Supports Windows 365 

By introducing Windows 365, Microsoft has expanded the available options for virtual desktops.  Now there is the flexible, Azure-based AVD with single-user, multi-session, and RemoteApp options and the simplified, M365-based Windows 365 with Enterprise and Business cloud PC alternatives.

For the past year, Nerdio worked closely with Microsoft Engineering to help develop Windows 365 and provide support for cloud PCs in Nerdio Manager for MSP and Nerdio Manager for Enterprise on Day 1 of availability.  Nerdio’s mission is to empower MSPs and IT professionals to build successful virtual desktop cloud practices in the Microsoft cloud.  We do this by helping our customers choose the right Microsoft service for the right use-case, automate the deployment, simplify ongoing management, and optimize to reduce ongoing costs. 

Nerdio Manager for MSP provides Manage Services Providers with a unified console to price, deploy, manage, and optimize all types of virtual desktops in the  Microsoft cloud – both AVD and Windows 365 â€“ across multiple customers.  Selecting the right technology for the right use-case and deploying it with ease, using best-practices, and in the most cost-effective manner.

Nerdio Manager for Enterprise helps IT pros enable Windows 365 in their existing Azure environment and manage both AVD and Windows 365 from a unified console leveraging powerful and automated image management, monitoring, auto-scaling, and scripted actions.  Nerdio Manager will enable migration scenarios from AVD to Windows 365 and vice versa so each user can get the right type of virtual desktop in the most cost-effective way.

AVD is a flexible, Azure-based VDI solution while Windows 365 is a simpler cloud PC service.  Nerdio Manager integrates the two services into the simplest, most cost effective, and automated way to deploy, manage and optimize virtual desktops and applications in the Microsoft Cloud.

Free White Paper Download!

Getting Your Sales Team Ready to Sell AVD

Are you a systems integrator or partner serving enterprise organizations that are considering selling Azure Virtual Desktop (AVD) and looking for tips on how to succeed in this market?  
 
From what your salespeople should know before selling AVD, to the common misconceptions about Desktop-as-a-Service (DaaS), and insights into the market that can help empower your sales team – this blog covers it all.  

With these tips, you can position yourself as a trusted advisor.

What Should All Salespeople Know Before Selling AVD 

Salespeople who are selling AVD should be aware of a few key points. Firstly, AVD is integrated into several existing Microsoft license agreements such as E3/E5. This means AVD uses Microsoft identity technology and is incredibly easy for customers to implement. This is particularly helpful for customers who have already heavily invested in Microsoft. Customers have already paid for the seat license, and there is no added cost, unlike with VMware or Citrix.  

Secondly, AVD is highly flexible and can adapt to a business’s needs quickly due to its consumption-based model. This means that new use cases can be delivered within hours, making it a valuable solution for companies looking to streamline their operations.  

What Enterprise Pain Points Does DaaS Solve?  

DaaS solutions assist with common enterprise pain points in many ways. Firstly, DaaS offers centralized data storage for security compliance and provides temporary access to corporate systems for third-party users. This eliminates the need to provide corporate devices that may not be returned, reduces costs, and improves control over temporary/contract workers.  

Moreover, DaaS allows companies to onboard new users quickly without having to ship a device, increasing efficiency and enabling employees to work from anywhere.  

Additionally, VDI/DaaS solutions eliminate the need to purchase expensive hardware for specialist workloads such as GPU for design work. Many users can share these solutions, reducing expenses and improving resource utilization of costly resources.

These are just a few examples of the hundreds of pain points that DaaS can solve.  

Common Misconceptions and Resistances for DaaS  

One major concern is the perception that DaaS is expensive because users still need a physical device to work remotely, resulting in the payment of workloads twice. This misconception is false as leveraging DaaS dramatically drives down the cost of supporting physical endpoints. 

 Another factor that causes resistance is the perceived complexity of delivering cloud desktops. Many enterprises believe that they lack the staff or technical ability to manage the transition. However, solutions like Nerdio can help simplify this process. Moreover, delivering DaaS allows for employees on work-from-home contracts, or seasonal employees to be onboarded and set up much quicker. As businesses increasingly adopt remote work policies, it is crucial to overcome these misconceptions and embrace the potential advantages of DaaS, such as improved security, scalability, and reduced infrastructure costs. 

What gets enterprise buyers excited about Azure-based DaaS? 

Enterprise buyers are increasingly excited about Azure-based DaaS due to a variety of selling points. One major advantage is that the licensing is included within the M365 agreement, making it more affordable for companies that are already using Microsoft apps. Additionally, using Microsoft on Microsoft technology can lead to improved performance and cost savings.  Another key factor is that many applications are now Software-as-a-Service (SaaS)-based, reducing the need for resources on the edge. As a result, enterprise buyers see value in simply presenting a Windows image for users to access SaaS apps. This is where AVD comes in as a solution, making it an attractive choice for companies looking to optimize productivity and overall EUC cost 

Market Insights Supporting Azure-Based DaaS 

Market analysis shows overwhelmingly that AVD is in high demand and that customers are ditching traditional VDI tech for it. This is a huge opportunity to help our customers modernize their systems and move to the cloud while offering them value-added services to optimize their operations while reducing costs. It’s not just about the tech; we can also position ourselves as trusted advisors and help our customers with their cloud strategy. With so much potential in the market, it’s important for salespeople to understand trends and ongoings so they can stay ahead and “in the know.” 

How can Partners Strengthen Their DaaS/Digital Workspace Offering? 

To strengthen their DaaS/digital workspace offering and increase sales and interest, partners can consider several strategies. One approach is to use the all-in opportunity, which combines Azure consumption margin (becoming a CSP provider), Nerdio margin, and services opportunity to create a more lucrative sales opportunity than a simple renewal of legacy technology.  Additionally, Microsoft offers a range of incentives for partners looking to drive AVD and Azure consumption, including paid services by Microsoft to help drive adoption. Furthermore, obtaining technical certifications, such as the NME Certification, can greatly enhance the value of a partner’s DaaS offering by showcasing their expertise in managing AVD-based virtual desktop environments. Overall, there are several ways for partners to strengthen their DaaS/digital workspace offering and increase sales and interest. It’s important to consider all available strategies to maximize the potential for success. 

Conclusion: 

Sales teams aiming to prioritize AVD can benefit from existing successful AVD sales strategies. Recent data reveals that 60% of Fortune 500 companies currently utilize Azure-based Desktop-as-a-Service (DaaS) offerings, with AVD performing exceptionally well in 2023.

By focusing on AVD sales, significant growth opportunities arise. Neglecting AVD could result in missing out on a rapidly expanding and potentially massive market.

To further enhance your AVD offerings, consider leveraging Nerdio Manager for Enterprise. This solution allows customers to capitalize on Microsoft’s substantial investments in Azure Virtual Desktop and Windows 365 services. Unlike other virtual desktop solutions, Nerdio Manager for Enterprise complements Microsoft’s native components by providing top-tier enterprise features. Learn more here.

Nerdio Employees Meet for the First Time! Watch Our Employee Reveals

Being a fully remote company that “took off” right around when the COVID-19 pandemic started in 2020, many of our employees (our Nerdios if you will) have never met in real life. Some employees have been working together for over three years at this point but have never connected face-to-face – something many in the tech industry can relate to. Yet, our team’s ability to rely on each other and get the job done virtually, all in the interest of our partners and customers, is something I consider rare. 

Something else unique about our company is that we don’t take ourselves too seriously. We love showing up each day to learn how we can do things better or what we can innovate or bring to life. We like to have fun and we like to try new things! Which is how this short video series – our Employee Reveals – came to be.  

With Employee Reveals, we wanted to capture the quirks of remote work while highlighting some of our rockstar employees, and of course, have a good time and enjoy being together in person. Our 2023 NerdioCon conference, held Feb 27 – Mar 3 in Cancun, Mexico, presented an excellent opportunity to bring the idea to life. We filmed three dynamic coworker duos meeting for the first time – each video is about two minutes in length. 

Take a look at the Reveals below + hope you enjoy!

Sarah & Ernesto

Marketing Employee Reveal

Chuck & Misty

Support & MSP Sales Employee Reveal

Jarred & Neil

Enterprise Sales Employee Reveal

Windows 365 vs. Azure (Windows) Virtual Desktop – Comparing Two DaaS Products

As businesses continue to shift towards remote work, cloud-based solutions such as Windows 365 and Azure Virtual Desktop (AVD) have emerged as powerful tools for enhancing productivity and enabling remote access to critical applications and data. While both solutions offer similar functionality, they differ significantly in their scope, features, and intended use cases. In this blog post, we will explore the differences between Windows 365 and Azure Virtual Desktop, highlighting their unique characteristics and helping you determine which solution is best suited for your organization’s needs. Whether you are a small business owner or a large enterprise IT manager, understanding the differences between these two cloud-based solutions is critical for making an informed decision about which platform to adopt.

Windows 365 Cloud PC service and Azure Virtual Desktop (AVD) are both Desktop-as-a-Service solutions from Microsoft, but there are several important differences between them.  In this article, we’ll take a deep dive into the similarities and differences between the services.  We’ll compare AVD and Windows 365 across several dimensions in detail and then summarize it all together in a side-by-side chart. Let’s take a look at the two services across 5 primary areas:

  1. Technical Architecture
  2. IT Admin Experience
  3. End-user Experience
  4. Licensing and Infrastructure Costs
  5. Cloud PC License Cost vs. AVD Azure Consumption

Azure (Windows) Virtual Desktop Infrastructure

1. Technical Architecture of Windows 365

Under-the-hood, both AVD and Windows 365 leverage a similar set of Microsoft cloud technologies.  Technically, Windows 365 is built on top of existing AVD components but has a different transactional model (fixed price vs. consumption-based).

There are two versions of cloud PCs: Enterprise and Business.

Enterprise cloud PCs are designed for organizations who have invested into Microsoft Endpoint Manager and are using this powerful platform to manage their existing, physical Windows 10 desktops.  Enterprise cloud PCs require an Intune license for each user who is assigned a cloud PC M365 SKU.

Business cloud PCs are designed for individual users and very small businesses who typically go to their local Best Buy when they need a new PC.  Now, instead of visiting Best Buy, they can go to Microsoft and subscribe to a new cloud PC and have it ready to use in an hour.  Business cloud PCs do not require an Intune license and are managed entirely by the user, similar to a standalone physical PC.

The diagram below depicts the deployment architecture of both Enterprise and Business cloud PCs.

Windows 365 Cloud PC ArchitectureEnterprise

Enterprise Cloud PCs are Azure and Active Directory dependent.  An Azure subscription with a properly configured network is required with access to Active Directory that has Azure AD Hybrid Join enabled.  Azure AD DS is not currently supported and cloud-only, Azure AD join is not currently supported either.

The VM itself runs in a Microsoft-managed Azure subscription, which means admins don’t have access to it directly and are not incurring the cost of this VM in their own Azure subscription.  However, the VM’s network interface card (NIC) is “injected” into a vNet in a customer’s Azure subscription.  All network traffic enters and leaves the VM via the customer-managed vNet.  Egress transfer costs are incurred by the customer.

Since admins don’t have direct access to the VM running in Microsoft’s Azure subscription, all management tasks (e.g. software installation, patching, policies) are performed through the Microsoft Endpoint Manager portal.  

Enterprise Cloud PC pre-requisites:

  • Azure subscription with vNet
  • Azure vNet can access Active Directory domain controller (i.e. a PC can be joined to the domain).  Custom DNS servers, necessary routing, and firewall access to AD.
  • Azure AD Connect configured and running within Active Directory with AAD Hybrid Join enabled
  • Intune enabled on Azure AD tenant (each cloud PC user needs and Intune license assigned)
  • Admin setting up the initial deployment must be an Owner of this Azure subscription
  • Azure AD DS is NOT supported

Enterprise Windows 365 Cloud PC high-level setup steps (without Nerdio Manager):

  • In Microsoft Endpoint Manager create an “on-premises network connection” pointing at the vNet and provide AD credentials to join new VMs.  The network connection and AD credentials will be validated automatically.  This process may take a while to complete.
  • Upload an existing custom Windows 10 Enterprise image or use a clean Microsoft-provided gallery image
  • Create a cloud PC “provisioning policy” that combines an “on-premises network connection” with a desktop image.  Assign this provisioning policy to an Azure AD security group.
  • Add users to the Azure AD security group that the provisioning policy is assigned to

Enterprise Cloud PC user entitlement

  • Once the above pre-requisites and setup steps are completed, entitling a user to a cloud PC is very easy.  Simply assign a cloud PC license to the user via the Windows 365 Admin portal.
  • If the user is a member of a security group that’s assigned to a cloud PC provisioning policy and the network connection is “healthy,” a new cloud PC will start provisioning. It will take up to an hour for the cloud PC to be ready for the user to log into.

Windows 365 Cloud PC ArchitectureBusiness

Business Cloud PCs are VMs that run entirely in Microsoft’s Azure subscription, including the network interface cards.  The customer does not need to provide an Azure subscription. There is no Active Directory dependency since Business cloud PCs natively join Azure AD.  There is also no requirement of an Intune license.

Business Cloud PCs route all traffic through Microsoft-controlled network infrastructure and there is no way for admins to control the inbound or outbound connectivity to/from these VMs.  There is currently no way to assign static IPs to Business cloud PCs.  Since these Cloud PCs run in Microsoft’s Azure subscription and are not enrolled in Intune, there is no admin interface to manage them.  They can only be managed directly by the user, just like a standalone physical Windows device.

There are no pre-requisites and no setup steps needed for Business Cloud PCs.  Simply assign a Business Cloud PC license to a user in the Windows 365 Admin portal and the new desktop gets provisioned within an hour.  The user will get an email notification with login instructions to start using their new cloud PC.

1a – Control Plane

Azure Virtual Desktop and Windows 365 share the same global control plane running in Azure.  The control plane consists of things such as the web portal, gateway, connection broker, licensing, and diagnostics service.  All components are hosted and managed by Microsoft and admins interact with them via a portal or API while end users interact with them via the AVD and cloud PC client apps.

An agent application runs on each virtual desktop – AVD session hosts and Windows 365 cloud PCs.  This agent is responsible for communication with the Microsoft-managed control plane.  Microsoft manages the agent and updates it automatically.  The agent for both AVD and Windows 365 appear to be the same.

1b – Azure Subscriptions & Windows 365

Azure Virtual Desktop requires all session host VMs, FSLogix profile storage, and networking to be contained in a customer’s Azure subscription.  Microsoft manages the control plane components, while the customer is fully responsible for everything related to the session host VMs.  Costs are also incurred for all components based on usage at the customer subscription level.

With Windows 365, all compute (i.e. VMs) is contained in a Microsoft-managed Azure subscription.  This means that customers don’t have direct access to manage the VM resources, as they do with AVD, since these resources are not accessible in their Azure subscription.  They also don’t incur the costs associated with running cloud PC VMs at the Azure subscription level (more on this below).

There is a significant difference between Windows 365 Enterprise cloud PCs and Business cloud PCs.  Enterprise cloud PCs run in Microsoft’s Azure subscription, but their network interface cards (virtual NICs) are “injected” into the customer’s Azure subscription.  Business cloud PC VMs reside entirely within Microsoft’s Azure subscription with no components connected to any customer Azure subscription.

1c – Compute

Azure Virtual Desktop session hosts are regular VMs and can be deployed and used in a very flexible way with all the power of Azure.  These session hosts can serve up personal desktops, where a VM is dedicated to a single user, or pooled desktops where a VM can be used by multiple users who move between such VMs daily.  The cost of compute is incurred by the customer since these VMs run in the customer’s Azure subscription.  Since pricing for Azure compute is based on usage, auto-scaling can be used to significantly reduce the cost of VMs in an AVD environment.  Reserved Instances can also be used with AVD session host VMs.

A Windows 365 cloud PC is a VM that’s dedicated to a single user via permanent assignment (like personal desktops in AVD).  These VMs run in Microsoft’s Azure subscription, which means the customer is not responsible for the compute costs.  They are licensed via a Windows 365 cloud PC license and are based on a fixed per-user-per-month price.  Since IT admins don’t have access to these VMs directly from the Azure portal and the cost doesn’t depend on usage, concepts like auto-scaling and reserved instances don’t apply to cloud PCs.

1d â€“ Storage

Azure Virtual Desktop session host VMs must have an OS disk attached to them.  These disks can be any Azure managed disk type (e.g. Premium SSD, Standard SSD or Standard HDD) and even an Ephemeral OS disk.  IT admins have full flexibility when it comes to the size and type of OS disk to use.  Auto-scaling can be leveraged to convert SSD disks to cheaper HDD disks while VMs are powered off. 

FSLogix profiles are typically stored in Azure Files shares, Azure NetApp Files volumes, or file server VMs.  Here too, IT admins have full flexibility around the type of storage and the size of storage to use in the AVD deployment, including what to back up and how.  All storage costs associated with session host OS disks and FSLogix profile storage are incurred by the customer via the Azure subscription.

Each Windows 365 cloud PC comes with a pre-defined amount of local SSD storage.  The cost of this storage is included in the cloud PC M365 license, and the OS disk object is located within Microsoft’s Azure subscription, which means the customer is not responsible for any Azure storage costs.  There is no flexibility around what type of storage to use and using auto-scaling is not possible since the cost is fixed.  FSLogix is not used with Windows 365 cloud PCs and user profiles are “native” and reside fully on the C: drive of the desktop.  This means that no additional Azure Files, Azure NetApp Files, or file server VMs are needed. There are limited backup and DR options available for now with cloud PCs.

1e – Networking 

Azure Virtual Desktop network routing and security is fully under the control of IT admins.  Session hosts are regular VMs that can be created on any virtual network in the customer’s Azure subscription and this vNet can be configured with all the flexibility of Azure networking.  This means that customers have full control of how ingress and egress traffic is routed, what IP addresses are used, VPN connectivity, etc.  They are also responsible for any costs associated with egress bandwidth usage.

The network configuration of Cloud PCs depends on whether they are Enterprise or Business.  Enterprise cloud PCs have the same capabilities, from a networking perspective, as AVD session hosts.  The vNet that they attach to resides within the customer’s Azure subscription and is fully controlled by the IT admin.  Network interfaces of cloud PCs are “injected” into the customer’s Azure subscription even though the VM resources they are attached to are in a different subscription.  Just like with AVD, all costs associated with networking are incurred by the customer.

Business cloud PCs don’t have the same network flexibility as Enterprise ones.  Their network interfaces are not injected into a vNet in the customer’s Azure subscription but are part of a Microsoft-managed network.  This means that routing, firewall security, VPN connectivity, and IP addressing cannot be controlled by the customer.  The costs of egress bandwidth usage are not customer’s responsibility and are included in the cost of licensing a cloud PC  (more on this below).

1f â€“ User Profiles 

Azure Virtual Desktop leverages FSLogix profile container technology.  This allows users to roam from one session host VM to another while their user profile (contents of c:\users\username folder) follows them seamlessly. FSLogix provides lots of flexibility but comes at the cost of having to deploy at least one SMB file share to host the profile container VHD(X) files.  This is typically done with Azure Files, Azure NetApp Files, or file server VMs. 

Because Windows 365 Cloud PCs are single-session desktops dedicated to individual users, Microsoft removed FSLogix from the picture.  A user’s Windows profile is “native”, meaning that it is stored directly on the C: drive of the cloud PC, exactly as is with traditional, physical Windows computers.  This removes the complexity of having to configure and manage FSLogix and the associated overhead of having a SMB file share to store profiles centrally.  It also introduces some unique challenges in protecting users’ data (e.g. Documents and Desktop folders) and moving users from one desktop to another without losing settings.

1g – Identity

Azure Virtual Desktop currently requires Active Directory Domain Services.  This requirement can be fulfilled by using an existing Windows AD environment or by using the Azure AD DS PaaS service.  Native Azure AD join isn’t yet supported, but upcoming support was recently announced.

Windows 365 Enterprise cloud PCs require Hybrid Azure AD join.  This means that you need traditional Windows AD synched to Azure AD with Hybrid Join enabled.  Azure AD DS is not currently supported.

Business cloud PCs are natively Azure AD joined and do not require (or support) Windows AD or Azure AD DS.

Summary (Windows 365 & AVD Technical Architecture)

The IT admin experience varies greatly between Windows 365 and Azure Virtual Desktop.  AVD relies heavily on Azure management concepts and provides maximum flexibility while Windows 365 aims to simplify management by making it (close to) identical to managing existing physical desktop assets and leveraging the same set of Microsoft tools to manage physical and virtual PCs.

2a – Management Portal

All components of Azure Virtual Desktop are managed via the Azure portal, PowerShell, or third-party tools like the Nerdio Manager.

Enterprise cloud PCs are managed via Microsoft Endpoint Manager (MEM) and via the Azure portal for all networking.  Administration of Enterprise cloud PCs can also be unified via a single portal like the Nerdio Manager.  MEM allows management of cloud PCs at the OS level and above.  This means that admins do not have access to make changes to the underlying VM resources, they can only make changes to Windows and applications.  Virtual networking is managed via the Azure portal.

Business cloud PCs are not integrated with Endpoint Manager and do not have a dedicated management portal.  They can only be managed by the end user assigned to the desktop while logged into it.  Actions such as PC restarts can be performed by the user from the cloud PC web portal.  Admins can manage Business cloud PC license assignment with Windows 365 Admin portal and third-party tools like the Nerdio Manager.

2b – Operating System

Azure Virtual Desktop supports all current versions of Windows, including Windows 10 Enterprise (single session), EVD (multi-session) and Server 2012/2016/2019.

Windows 365 cloud PCs only support Windows 10 Enterprise (single session) since they are dedicated, non-multi-user desktops.

2c – Desktop Image Management

Azure Virtual Desktop can leverage all image types.  These include Azure Marketplace images, custom images, and shared image gallery images.  Session host VMs can be created from these images and be kept up to date by updating the image and then re-imaging session hosts to the latest version.  Images can be stored in one or more Azure regions for geographic distribution and resilience.  Images can use any supported operating system and be both Gen1 and Gen2 VM hardware.  There is no limit on the number of Azure images that can be used in an AVD environment.

Enterprise Windows 365 Cloud PC images support Microsoft-provided Windows 10 Enterprise OS or custom images stored in a customer’s subscription.  These images must be Gen1 VM hardware.  There is a limit of 20 custom images per Azure AD tenant.

Business Windows 365 Cloud PCs don’t support custom images and must be deployed from Microsoft provided Windows 10 Enterprise OS.

2d – Applications and Updates

Azure Virtual Desktop session hosts can be updated via Microsoft Endpoint Manager, through a golden image, or manually.  Applications can be delivered to session hosts via image updates, manual installation on host VMs, or using MSIX app attach.  The update and application delivery process in AVD is very flexible and can be fully automated.

Enterprise cloud PCs can be updated via MEM or manual methods.  Image-based software deployments are not typical without third-party tools like Nerdio Manager.  Also, MSIX app attach application delivery is not currently supported with cloud PCs.

Business cloud PCs can be updated with Windows update, manually by the user, or by using third-party management tools.

2e – Backup and Disaster Recovery

Azure Virtual Desktop session hosts can be backed up and protected in several different ways including Azure Site Recovery and Azure Backup.  This allows organizations to create a robust backup, DR, and business continuity strategy for their virtual desktop environment.

There is currently no native backup method for Windows 365 cloud PCs since they are not accessible to admins at the storage or hypervisor level.  Third-party, agent-based, OS-level backup methods can be used to protect cloud PCs.

2f – Monitoring

Azure Virtual Desktop includes robust logging, diagnostics, monitoring, and reporting capabilities.  Logs are generated by the AVD service and AVD agent running on session host VMs.  This information is streamed to Azure Log Analytics where it is captured and visualized with Azure Monitor workbooks.  Many third-party monitoring tools are available for AVD.

Due to the lack of hypervisor-level access to cloud PC VMs, monitoring is possible only via Endpoint Analytics, which is the same tool that can be used for monitoring physical endpoints.  Business cloud PCs do not currently have a monitoring interface.

2g – User Profiles

Azure Virtual Desktop leverages FSLogix for user profile encapsulation.  This allows users to easily roam between session host VMs without losing their user state between sessions.  Personal AVD desktops can be deployed without FSLogix, but even in persistent scenarios FSLogix profiles provide a valuable profile backup capability and make it easier to manage session host updates through images.  A SMB file share is required to host the FSLogix profile containers.  This can be an Azure Files share, Azure NetApp Files volume, or a file server VM.

Windows 365 cloud PCs do not leverage FSLogix and all profiles are natively stored on the C: drive.  This allows for simplified management since no additional SMB storage or profile configuration is required.  Without profile data redirection it is important to consider ways to back up user data.  One such strategy can leverage OneDrive to protect user data.

2h – Networking

IT admins fully control all aspects of Azure Virtual Desktop networking since it runs in a customer-managed Azure subscription.  Static IP addresses can be assigned, VPN tunnels configured, and firewall rules enforced.

Enterprise cloud PCs have the same network flexibility as in AVD deployments.  Business cloud PCs, on the other hand, do not have any network flexibility.  Microsoft fully controls the IP addressing, traffic flow, and security of Business cloud PC networking.

2i – Auto-Scaling

Azure Virtual Desktop greatly benefits from usage-based Azure pricing model and auto-scale can be used to drastically reduce Azure compute and storage costs – up to 75% of peak demand.  It is also possible to use Azure Reserved Instances to reduce costs and guarantee available capacity.

Windows 365 cloud PCs are priced on a fixed monthly basis.  Even if a user does not log into their desktop at all during the month, the desktop will cost the same as if the user logged into their desktop every day.  Therefore, the concept of auto-scaling does not apply to cloud PCs.  This has significant impact on cost efficiency in different use-cases.  

Summary (Windows 365 & AVD IT Admin Experience)

3. Windows 365 & Azure Virtual Desktop End-user Experience

The end-user experience is almost identical in Windows 365 and AVD.  Users connect to AVD sessions and cloud PCs using the same client app, which is available for Windows, MacOS, iOS, Android and as a HTML client.

Windows 365 is built on top of Azure Virtual Desktop global infrastructure and will be familiar to those with AVD experience.  When connecting to a cloud PC, a user authenticates to Azure AD using the AVD client and all cloud PCs that the user is entitled to appear in the feed.

Leveraging the same infrastructure as AVD provides users the advantage of a unified experience across Windows 365 and Azure Virtual Desktop.  Admins can control the resources visible to individual end-users and the user will see everything in a single feed using the same app.  The authentication and multi-factor experience will also be very familiar since it leverages Azure AD, which is used for M365 and AVD authentication.

3a – Connecting to Desktop

With Azure Virtual Desktop, users navigate to https://aka.ms/wvdwebarm or download a client app from https://aka.ms/wvdclients

Windows 365 cloud PC users navigate to https://cloudpc.microsoft.com and connect in the same way as AVD.

Step 1: Go to https://cloudpc.microsoft.com and log in

Step 2: Connect to cloud PC in the browser or download the Remote Desktop client app

3b – Printing and Scanning

Both Azure Virtual Desktop and Windows 365 cloud PCs support printer and scanner redirection via the Remote Desktop client app.  With AVD and Enterprise cloud PCs it is possible to configure network-based printing and scanning with a site-to-site VPN tunnel between the Azure vNet and local network that hosts the printers and scanners.  It is not possible to use network-based printing and scanning with Business cloud PCs since IT admins do not have control of the network where the cloud PCs reside.  Universal Print is Microsoft’s new cloud-based print solution that can be used with AVD and Windows 365 cloud PCs.  Several third-party products exist that help simplifies printing and scanning.

3c – User self-service

Azure Virtual Desktop has limited self-service capabilities for end-users.  For example, users cannot restart their own desktop VM or log off a hung session with the AVD client app.  Third-party tools, like Nerdio Manager, provide users with a self-service portal where such actions can be performed.

Windows 365 cloud PCs can be restarted by the end-user without the need to contact support.  A restart button is built into the cloud PC web portal.

Summary (Windows 365 & AVD End-user Experience)

Windows 365 vs. Azure Virtual Desktop Costs

4. Windows 365 vs. Azure Virtual Desktop Licensing and Infrastructure Costs

4a – Windows 10 Enterprise

Azure Virtual Desktop requires the user connecting to an AVD session to have an assigned Windows 10 Enterprise subscription license.  Windows 10 Enterprise can be purchased as a standalone subscription (e.g. Windows 10 Ent E3/E5/VDA) or be included as part of a Windows 365 suite subscription (e.g. M365 E3/E5 and Business Premium).  This Windows subscription license includes the usage rights of the AVD control plane and entitles the user to connect to Windows 10 desktops hosted in Azure.  All other costs are part of Azure infrastructure consumption (e.g. compute, storage, networking).

Both Enterprise and Business Windows 365 cloud PCs require a Windows 10 Enterprise subscription just like AVD desktops.  However, the compute costs are not purchased as usage-based Azure resources but rather as a M365 license SKU.

4b – Compute and Storage

Azure Virtual Desktop infrastructure costs are based on Azure consumption.  This includes the compute costs of running AVD session host VMs, the cost of OS disks and the usage of Azure Files for FSLogix storage.  All costs are based on actual usage.  If a VM is powered off, there is no compute charge.

Windows 365 cloud PCs are not purchased as Azure usage-based infrastructure.  Rather, they are purchased as licenses through Windows 365.  Each cloud PC license provides the user with a certain amount of compute, RAM, and storage capacity.  At general availability, there will be 12 cloud PC sizes ranging from 1 vCPU to 8 vCPUs, 2 GB to 32 GB of RAM, and 64 GB to 512 GB of storage.  

4c – Networking

Azure Virtual Desktop networking costs are incurred at the Azure subscription level where session host VMs run.  These charges typically include egress bandwidth, NAT gateway, VPNs, and Firewalls.

Enterprise cloud PCs require the customer to provide a network infrastructure within a customer-managed Azure subscription.  Therefore, all network costs are the same as with AVD.

Business cloud PCs do not leverage a customer-managed Azure network.  Therefore, all network related costs are incurred by Microsoft and are included in the monthly cloud PC license.

4d – Intune

Intune can be optionally used to manage Azure Virtual Desktop session hosts.  However, Intune is not required for an AVD deployment, and most environments are managed via images.

Enterprise cloud PCs require an Intune license.  Since Intune is the management interface for these cloud PCs, the Azure AD tenant must have an Intune license and each user who is assigned to an Enterprise cloud PC must have an Intune license assigned.  Intune licenses can be purchased standalone or as part of a Windows 365 package like E3/E5 and Business Premium. 

Business cloud PCs are not managed through MEM and therefore do not require an Intune license.

4e – Windows 365 Apps (Office)

Azure Virtual Desktop requires a subscription to Windows 365 Apps with Shared Computer Activation entitlement.  All Microsoft 365 packages that include Office Apps have Shared Computer Activation. Windows 365 Business standalone does not and, therefore, cannot be used in AVD.

Windows 365 cloud PCs are dedicated VMs and therefore do not require Shared Computer Activation.  Any subscription to Microsoft 365 is sufficient.

Summary (Windows 365 & AVD Licensing and Infrastructure Costs)

5. Comparing Windows 365 Cloud PC License Costs vs. AVD Azure Consumption

There are several considerations that come into play when deciding on the right virtual desktop technology for your organization.  Microsoft provides customers with ample choice and meets customers where they are in terms of admin tooling, existing licenses, and Azure expertise.  In this section, we’ll explore the cost efficiency of different virtual desktop use-cases and determine when Windows 365 fixed-price licenses are more cost-efficient than usage-based AVD infrastructure costs.  For this discussion, we’ll assume that Windows OS licensing costs are the same in both AVD and Windows 365 scenarios and focus exclusively on the cost of the infrastructure. 

Windows 365 license costs depend on the hardware specs that a user needs.  Each desktop comes with a certain number of vCPUs, GB of RAM, and SSD storage.  If we align the vCPU and RAM configuration of each cloud PC license with a comparable Azure VM size and managed disk we can then compare their costs side-by-side. 

Since cloud PCs are dedicated, persistent desktops they are most similar to AVD personal desktops. If we compare cloud PCs with equivalently sized personal AVD desktops, using a VM on a 3-year reserved instance, we’ll see that the prices are very similar and cloud PC is slightly less expensive for some sizes and much more cost effective for the largest VMs.  On average, Windows 365 is 11% cheaper than a comparably sized Azure VM and managed disk running 24/7 on a 3-year reserved instance. 

If we assume that users are using their personal AVD desktops 50 hours per week (10 hours X 5 weekdays) and the VMs are stopped the rest of the time, then there will be a cost savings by using personal AVD desktops with pay-as-you-go VM pricing and powering them off outside of the 50 work hours (70% of the time).  There are a few scenarios when Cloud PC is about the same cost as an AVD personal desktop, but on average, Azure Virtual Desktop personal desktop is 9% cheaper than a cloud PC in this use-case.  

Let’s take this a step further and assume that not all users need a dedicated personal desktop and groups of users can be pooled together on multi-session AVD session hosts.  We can see that there is significant per-user savings with AVD pooled desktops using reserved instances (RI).  On average, the cost of a pooled Azure Virtual Desktop user on VMs that run 24/7 using 3-year reserved instances is 53% lower than Windows 365. 

Combining pooled AVD desktops with auto-scaling provides the deepest savings when using Azure Virtual Desktop as compared to Windows 365.  Assuming that users are working 10 hours/day, 5 days/week the average savings is 58% when using pay-as-you-go VMs with auto-scaling. 

Another important consideration is that Cloud PCs and personal AVD desktops are priced per-named user.  Meaning that a license or VM is consumed for every user to whom the Cloud PC license or AVD personal desktop VM is assigned – regardless of whether this user ever connects to the desktop.  Pooled desktops, on the other hand, only consume infrastructure when concurrent users are logged in.  If no users are connected, no session host VMs need to be powered on.  As more users log in, more infrastructure is brought online to accommodate the demand.   

In most environments, user concurrency is a fraction of the total named users at any given time – often 50% or less.  This means that the cost savings in a pooled desktop environment will be even greater, when concurrency is considered, than presented in the table above. 

By putting it all together, we see that Windows 365 Cloud PCs are most cost effective when users need dedicated, persistent desktops and will be using them more than 50 hours per week.  With users who can be pooled together into AVD host pools, there is significant infrastructure cost savings to be realized by using auto-scaling. 

Here’s a complete comparative summary table: 

LEARN MORE ABOUT WINDOWS 365 & NERDIO

LEARN MORE ABOUT NERDIO MANAGER FOR MSP

LEARN MORE ABOUT NERDIO MANAGER FOR ENTERPRISE

Free White Paper Download!

Microsoft (M365) vs. Office (O365): Licensing Explained

The Microsoft 365 (M365) and Office 365 (O365) licensing options can be confusing, especially when it comes to understanding the differences between the two. Both M365 and O365 offer a suite of productivity tools, but the licensing models, features, and pricing structures vary between the two. In this blog post, I will provide a comprehensive comparison of M365 vs. O365 licensing options, including a breakdown of the different plans, features, and pricing structures. Whether you are a small business owner or an enterprise IT manager, this guide will help you make an informed decision when selecting the right licensing option for your organization.

Windows 365 Introduction

With the increasing shift towards cloud-based computing, Microsoft has introduced two new cloud-based offerings for businesses and organizations: Windows 365 and Microsoft 365. While both products are aimed at enhancing productivity, they differ significantly in their scope, features, and intended use cases. See our updated posts on Windows 365.

The first step most Managed Service Providers (MSPs) take to move their customer’s business to the cloud is with Office 365—the cloud productivity suite from Microsoft.  Microsoft currently offers two main plans for its cloud productivity services: Office 365 and Microsoft 365.

In this article, we will explain the differences and help you understand when to choose one over the other when building a cloud practice.

1. Microsoft Licensing: Office 365 (O365)

Of the two types of plans, this one is the most popular. Office 365 is the traditional cloud productivity suite that comprises of common Microsoft Office applications like Outlook, Word, Excel, and PowerPoint. Most of these plans offer hosted Microsoft Exchange mailboxes along with various “add-ons” that add increased security and compliance for stand-alone office applications such as Project. The Office 365 suite is divided into two main categories: Office 365 Business and Office 365 Enterprise.

Office 365 Business

Business plans include Essential, Business, and Business Premium. These plans are a great low-cost way to provide key Office 365 services to clients with minimal needs. However, there are a few limitations to these plans which are important to note. For example, Office 365 Business does not include Shared Computer Activation (SCA) for Office products. This means that you cannot use Business plans with a Remote Desktop Environment (RDS) in Azure.

Office 365 Enterprise

Office 365 Enterprise plans include ProPlus, E1, E3, and E5. These plans offer key features that are geared towards Enterprise productivity which include options that are not available under Business plans. All these plans, except E1, include Office ProPlus with SCA and are suitable for use in an RDS environment. The Office 365 E3 plan is the most commonly used level within Enterprise plans as it includes Office ProPlus, Exchange, and important security and compliance features like e-discovery and archiving. In order to provision a Nerdio environment, you will need a minimum of one E3 license.

Other plans

Office 365 also offers various versions of Enterprise plans for various verticals. These include Education, Government, and Non-Profit licensing. Each licensing model caters to specific requirements and has varying costs.

2. Microsoft Licensing: Microsoft 365 (M365)

Microsoft 365 was introduced in late 2017 as a new product bundle that combines the traditional Office 365 features with Enterprise Mobility + Security (EMS) and Windows 10. Though these plans are costlier than Office 365 plans, they provide a complete cloud productivity solution. The most important differentiation is that these plans include a Windows 10 Enterprise license which can be used to license Virtual Desktops in Microsoft Azure through traditional VDI or through Azure Virtual Desktop (AVD). Microsoft 365 is split into three categories: Business, Enterprise, and Education.

Microsoft 365 Business 

This plan is focused on SMB deployments. It includes Office 365 Business (not ProPlus), some basic EMS functionality, and Intune for device management. These plans are an “upgrade” from the Office 365 Business Premium plans. A keynote here is that Office 365 Business plan has fewer features as compared to its Office 365 ProPlus version with respect to the limit on the number of users it can be deployed for (currently 300) and zero group policy support. As of April 2019, Office 365 Business through Microsoft 365 Business plans will include SCA for use on an RDS host.

Microsoft 365 Enterprise

Microsoft 365 Enterprise plans not only mirror the traditional Office 365 E3/E5 plans but also add in a Windows 10 Enterprise license along with EMS features. These plans would be an “upgrade” from the Office 365 E3/E5 plans and include critical security features like Azure Information Protection, Office 365 Advanced Threat Protection, and Microsoft Intune. There is also a new F1 plan within M365 Enterprise which is designed for users who need limited access to M365 services. These plans allow users to fully manage their desktop infrastructure either on-premise or in the cloud.

Microsoft 365 Education

Microsoft 365 Education consists of a new level of plans geared specifically for classrooms. These plans are focused on providing productivity tools required for the classroom at a reasonable price point. They are split into A1, A3, and A5 license levels with A1 being a one-time per device license while the A3/A5 licenses are traditional monthly recurring costs. In addition, with most levels, pricing is based on teacher licenses, with students being able to be added to the plan at no cost.

The table below provides a quick comparison between O365 and M365:

O365M365
O365 is a cloud-based suite centered around business productivity, which includes apps like Outlook, Word, PowerPoint, and more.M365 is a bundle of services that includes Office 365, and several other services.
Depending on your O365 plan, subscriptions also include apps and services like Skype for Business, SharePoint, OneDrive, Teams, Yammer, Planner and so on.An M365 license also includes Windows 10 Enterprise, Enterprise Mobility + Security (EMS), and machine learning.
O365 license is a monthly, per-user subscription. You can choose various O365 plans as per your specific business needs.There are three flavors to M365: Microsoft 365 Business is designed for SMBs with 300 users or less. Refer details at M365 business plans Microsoft 365 Enterprise is made for larger organizations that need stronger security and device management functionality. Refer details at M365 Enterprise plans Microsoft 365 Education is a basic plan designed for students and teachers to enhance learning in the classroom

A Guide to Microsoft Azure Performance Monitoring and Running Azure Speed Tests: How to Make Azure Virtual Desktop (AVD) Run Better

How-to-troubleshoot-performance-in-WVD-environments

In Azure Virtual Desktop (AVD) environments, performance issues can arise due to a variety of factors, such as insufficient hardware resources or poorly optimized configurations. Troubleshooting these issues can be challenging, especially when dealing with large-scale deployments. In this blog post, we share a step-by-step guide on how to troubleshoot performance issues in AVD environments, with a specific focus on SQL Server-related performance issues. Whether you are a seasoned SQL Server Engineer or new to AVD environments, this guide will help you identify and resolve performance issues effectively.

Troubleshooting performance issues in virtual desktop environments is challenging.  It requires a solid grasp of the deployment architecture and an understanding of how the various system components interact with each other.  Poor or inconsistent performance is the single biggest reason for an end-user to be unhappy with their virtual desktop and is by far the most common reason for failures of virtual desktop projects. 

In this article, we’ll explore a practical, methodical approach to identifying and resolving common performance issues that arise in Azure Virtual Desktop (AVD) environments deployed in Azure.  This is not meant to be an exhaustive guide for every possible deployment scenario, but rather an easy-to-follow, practical approach.  We will not use fancy monitoring and reporting tools and will leverage only free, built-in tools for performance monitoring such as the Task Manager, Resource Monitor, and Azure Monitor. 

There are four likely areas that should be investigated when users report poor performance and this write-up will be organized in the following order: 

Reproducible vs. Sporadic: Azure Virtual Desktop Performance Problems 

Just like when you bring your car to a mechanic and the problem “goes away” by itself, pinning down performance problems can be difficult.  However, understanding specifically what the user means by “it’s slow” and being able to reproduce it at will decreases the difficulty of performance troubleshooting by an order of magnitude.   

For this discussion, let’s assume that performance issues are constant or reproducible.  Once we have a good grasp on how to troubleshoot these “easier” problems we’ll be able to tackle the more challenging “sporadic” performance issues.  The approach to troubleshooting reproducible issues is different from sporadic ones.  When the issue is happening in real-time, we want to watch various real-time metrics and identify the one constraint that’s the bottleneck.  When issues occur sporadically without a way to “make it happen” we have to rely on good quality reporting tools that can monitor many metrics at a granular level and help us correlate the occurrence of the issue with a historical view of the system metrics at that time. 

There is never more than ONE constraint at a time 

It is critical to remember that there is one, and only one, bottleneck that is constraining the system at any one time.  The goal should be identifying that one constraint and eliminating it.  Once that’s done, the bottleneck will shift elsewhere and that will become the new constraint of the system.  It is very possible that as soon as the current constraint is alleviated, the system performance improves only marginally until the bottleneck shifts elsewhere but that doesn’t negate the fact that our focus should always be on finding the one bottleneck that’s constraining the system right now.  Such focus will make our job significantly easier – solving for one variable – even if soon after we’ll have to solve for another. 

Microsoft Azure Virtual Desktop Troubleshooting Tools 

In this guide we are going to rely on a handful of free monitoring and troubleshooting tools.   

  • Task Manager – will be used to monitor and troubleshoot CPU-based system constraints 
  • Right-click task bar and select Task Manager OR
  • Press CTRL-ALT-DEL and click on Task Manager OR
  • From Run box or command prompt type taskmgr 
  • Resource Monitor – will be used to monitor and troubleshoot RAM and DISK related constraints 
  • From Task Manager>Performance tab click “Open Resource Monitor” link on the bottom left OR
  • From Run box or command prompt type resmon 
  • Ping – will be used to monitor and troubleshoot NETWORK latency and packet loss 
  • PingPlotter – can be used to correlate packet loss and latency with poor user experience and determine where along the path the issue occurred 
  • PingPlotter Free can be downloaded here 
  • Speedtest.net – will be used to measure internet bandwidth on local connection and within virtual desktop session 
  • Iperf – can be used for advanced throughput measurement between two network nodes 
  • Iperf can be downloaded here 
  • Azure Monitor is a very powerful tool that can be used to monitor many different metrics for any Azure resource.  Monitoring and graphing Standard Metrics available on Azure resources is free.  Azure Monitor can be used to configure monitoring of CPU, RAM, DISK and NETWORK metrics on one or more Azure desktop VMs and use the data collected overtime to correlate user-reported performance issues with actual system behavior.  It is a great way to figure out what’s causing sporadic performance issue if they cannot be easily reproduced and monitored with the other tools mentioned above. 
  • Azure Monitor can be accessed in the Azure Portal>Monitor 
  • Detailed information about the capabilities can be found here 

Now that we understand the objective and have our tools in hand, we’re ready to begin the process of troubleshooting performance and implementing best practices. 

Performance issues related to CPU-based constraints are the most common and easiest to identify.  All you need to do is observe the Windows Task Manager while the problem is occurring.  The Performance tab will clearly show you if CPU utilization (as a percentage of total) is high or low.  If you’re seeing total CPU constantly spiking or flatlining at 75% or more, you’re likely CPU constrained.    

High CPU utilization may be the result of some other issue that’s causing CPU usage to be high.  For instance, if free RAM is low and the OS starts paging RAM contents to disk, this will spike CPU and disk activity — but the root cause of the problem will be RAM exhaustion, not CPU usage.  Therefore, it is important to understand precisely what is causing high CPU usage and why.   

CPU usage is typically measured in % CPU utilization of total CPU capacity available.  This is important, because it is nothing more than the ratio between “how much CPU is being used” divided by “how much CPU is available”.  This means that the usage can be high as a result of high CPU demand by users (e.g. watching YouTube) and applications or low amounts of available CPU (e.g. under-provisioned VM) – or both.  Therefore, the resolution to a CPU-based performance constraint is simple: reduce demand on CPU and/or increase the amount of available CPU. 

Understanding how much CPU is available is easy.  Just look at the Task Manager performance tab to see how many cores or logical processors there are in your VM. 

Understanding what is consuming the CPU and how much is being consumed can be done by looking at the Task Manager details tab and sorting the list of processes according to the CPU column in descending order.  You can also add the “CPU Time” column to see which process has been consuming a lot of CPU in aggregate over time since the VM booted up. 

What you’re looking for here is unusually high usage patterns for a single or handful of processes that are not expected.  If a process (other than System Idle Process) is at the top of the list most of the time, you need to determine whether that’s expected or the process is having an issue and may need to be killed.  If CPU utilization is high but the list of processes looks normal, with each process consuming a fraction of the CPU capacity, then it’s likely that the actual, legitimate load placed on the VM exceeds its available CPU. 

How CPU contention manifests itself to the end-user 

  • “Not responding” applications 
  • Slow log on and log off 
  • Slow launching of new applications, opening, and saving files 
  • Slow switching between windows 
  • Spinning (loading) cursor 
  • Web page loading slowly 
  • Pegged CPU can sometimes mimic network performance issues (audio distortion, slow screen refreshes) when the agent can’t keep up 

Check out our video overview below and/or read more about steps to resolve CPU-related issues.

  1. Connect to session host VM and look on performance tab of Task Manager.  If CPU is consistently low or moderate, then move your troubleshooting on to another system component. 
  2. If CPU is spiking high and frequently or staying near the top consistently, determine if this is normal behavior or if something unusual is happening.  Check the details tab in Task Manager and look for any processes at the top of the sorted list that aren’t expected to be there. 
  3. If there is an offending process at the top of list, investigate what it is, what user it is running under, and why it is keeping the CPU so busy.  Terminate the process if appropriate or take steps to optimize it depending on what it is. 
  4. If all processes are as expected and none are using an excessive amount of CPU constantly, then add more capacity or decrease load to improve performance.
    1. To increase capacity, increase the size of the VM 
    2. To decrease CPU load, spread users out across more session hosts 
  5. In most scenarios, AVD session hosts are CPU-bound, meaning that you will run out of CPU capacity before running out of RAM capacity.   The most common VM families are Ds-series (v3 and v2) and Es-series. 
  6. Here are some common mistakes that we often see lead to CPU-related performance issues
    1. Using burstable (B-series) VMs for production workloads.  These VMs may look like they have decent amount of CPU, but they have associated CPU quotas that limit how much of that CPU can be used.  Don’t use B-series VMs as session hosts in production (learn more about B-series VMs in the Nerdio Academy). 
    2. Leaving unnecessary start-up items that launch with every user login and needlessly consume CPU.  The more users log in, the more processes start up and the more CPU is wasted.  Check the All Users StartUp folder (C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp) for any items that don’t belong.  This should typically be an empty folder in a AVD deployment. 
    3. When deploying AVD session hosts from an image, updates may be installing every time a session host is deployed.  This happens when Windows Update was run on the template VM but the update didn’t finish installing.  Creating an image and then deploying session hosts from this image will install these updates (very CPU-intensive process).  Be sure that updates are fully installed on the template VM before capturing it as an image.  Allow the template VM to stay on for a long time and watch the CPU graph in Task Manager.  Once all CPU activity dies down, capture the image. 
    4. Streaming services like Pandora, Spotify, and YouTube consume a ton of CPU on virtual desktops rendering and encoding media.  These offenders can be easily seen in Task Manager during performance issues and will be at the top of the list.  Educate your users to stream on their local devices and not on the virtual desktop.  This will increase performance for others and reduce your bandwidth costs. 

On Azure Virtual Desktop (AVD) session hosts, RAM is primarily consumed by applications that run within users’ sessions.  Modern applications use a lot of RAM.  Each Google Chrome tab, open Word document, Outlook, Teams, and other apps can consume tens or even hundreds of MBs of RAM.  With multiple users sharing a session host VM, this usage can add up quickly and consume all available RAM.

High memory usage in it of itself is not an issue.  An application loading its bits into RAM will run faster than having to fetch data from a much slower disk.  However, when too many applications load too much of their data into RAM, then hard faults (previously known as page faults) start to slow down the VM.

A hard fault happens when a memory page that an application expects to find in RAM is unavailable and the page has been moved to the pagefile on disk.  This causes the operating system to go to disk to retrieve this data, which takes orders of magnitude more time than fetching it from RAM.  Consistently high page faults are an indication that the system is starved for available RAM.  Simply high RAM usage (used RAM as % of total available) is not a problem on its own but it is usually an indication that hard page faults are likely.

Diagnosing RAM-related performance issues can be done using Windows Resource Monitor.  This tool can be launched from the performance tab of Task Manager or by running “resmon” from the Run dialog box.  Looking at memory usage in the Task Manager will tell you the amount of RAM used but won’t tell you anything about hard faults.

In the Resource Monitor>Memory tab you want to focus on the Hard Faults/sec counter first.  If you’re seeing little or no activity there the system is likely not RAM constrained at the moment.  Bursts or constant hard fault activity is an indication of a performance issue.

If there are hard faults, then sort the running processes by the “Hard faults/sec” column and look for the ones contributing most to the performance issue.

RAM-related performance issues can result from too many users and applications, a single process hogging an unreasonable amount of RAM, or a faulty application that doesn’t release the RAM even when it’s not using it.

How RAM contention manifests itself to the end-user

  • “Not responding” applications
  • Slow log on and log off
  • Slow launching of new applications
  • Slow switching between windows
  • Already-running applications slow, jittery. Idle applications slow to resume.
  • Unexpected app crashes
  • Windows errors for low virtual memory

Check out our video overview below and/or read more about steps to resolve RAM-related issues.

  • If high memory usage is the result of normal user and application load on the VM then the only thing to do is upgrade the VM size to one with more RAM or spread users out over more session host VMs. The most cost effective first step is to upgrade from a general purpose VM size (e.g. Dsv3) to a memory optimized VM size (e.g. Esv3).  The memory optimized instances double the amount of available RAM while keeping the number of CPU cores constant and only increase the VM price by approximately 15%.
  • If high memory usage is the result of a faulty process or application, close that process or sign out the user. It is a good idea to educate users to log off their desktop session at the end of the day or put in place automation policies that will automatically log users off after a certain period of inactivity.
  • Applications that cause memory leaks can pose a challenge when session hosts stay on for long periods of time. Scheduling VMs to restart on a regular basis (e.g. nightly) or using autoscaling can prevent such problems by clearing the memory on a regular basis.

So far, we’ve covered how to troubleshoot AVD performance for CPU and RAM. Troubleshooting disk performance is a bit more challenging, however.  Slow disk response and long disk queues can have significant performance impact on end-user experience. 

For AVD session hosts, two disks are important: the local disk on session host VM and FSLogix profile container:

  1. Session host VM local disk is where system temporary files are written and where application binaries are launched from.  Slow disk performance will reduce the overall responsiveness of the user’s desktop session especially when it comes to launching applications and starting up the VM.  Virtual desktop VMs have a unique disk I/O profile and can benefit from faster storage such as Ephemeral OS disks in Azure.
  2. FSLogix Profile Containers are VHD files mounted over the network and stored on a file server outside of the session host VM.  These virtual disks are where user temp files, indexing, and user data are written to.  The performance of the underlying FSLogix storage system and the network that connects the session host VM to that storage has significant impact on user performance.


Resource Monitor is a useful tool to diagnose disk problems.  The Disk tab shows the per-volume Disk Queue Length.  A high queue length value (constantly over 1 and certainly spiking to the teens) is a good indication that the operating system is spending a lot of time waiting for the disk to respond to requests and the queue is long.  A consistently low disk queue length (<1) is a good indication that disk is likely not the constraint.

Keep in mind that looking at Disk Queue Length metric on the session host tells you how well the local disk is performing but doesn’t tell you how well the FSLogix VHD disk is performing.  Therefore, you need to run Resource Monitor on both the session host VM and the file server hosting the FSLogix containers.

If disk queue length is high, then there is likely high activity being generated by some processes running on the system.  Expanding the Disk Activity section on the disk tab of Resource Monitor will show you what process is using which file on disk.  This can be helpful in narrowing down who or what is generating so much disk activity that disk queue length is high.

In Azure, each managed disk size has performance limitations and so does each VM size.  Selecting a VM for FSLogix file server (e.g. FS01) that’s too small can lead to poor user performance even when using the fast Premium SSD disks.  In the chart below you can see the currently available Premium SSD managed disks with the corresponding IOPS and throughput limits.  The performance limitations increase (vertically) with disk size and a single VM can have multiple disks to horizontally scale performance limitations.  For instance, two P10 disks will allow for 500 IOPS each so if a Windows volume is created to span both of them then the new effective IOPS limit on this volume will be roughly 1000 IOPS.

Even with the fastest, largest managed disks, storage performance may still suffer if the VM to which these disks are connected is undersized.  Each VM family and size has its own set of parameters and performance limitations, include storage IOPS and throughput.  For example, general purpose VM information can be found here.  An example of the Dsv3 series is below.

If the file server VM that’s storing FSLogix profiles is a D2sv3 with a P40 (2TB) Premium SSD managed disk then the throughput will be limited to 48MBps (instead of 250MBps allowed by the disk) and IOPS will be limited to 3200 (instead of 7500 allowed by the disk).

How DISK contention manifests itself the end-user

  • Slow log on and log off
  • “Not responding” applications
  • Slow launching of new applications, especially apps with large cache or temp files (e.g. browsers)
  • Slow switching between windows
  • Slow to open & save files
  • RAM bottlenecks can impact disk through page faults

Check out our video overview below and/or read more about steps to resolve disk-related issues.

  • Make sure your file server VM is not undersized and both it and the managed disks that are attached to it have sufficient throughput and IOPS capabilities to support the number of users in the deployment.
  • Do not use Standard HDD storage (S-disks) for session hosts OS or FSLogix storage. At a minimum use Standard SSD (E-type) disks.
  • Consider using Ephemeral OS disks for session host VMs.
  • Use Premium SSD (P-type) disks for file servers where FSLogix profiles are stored. Other storage types will almost certainly reduce user performance.
  • Roam users’ indexed search cache data by storing it in the FSLogix container. Otherwise, every time a user logs in, their index will be rebuilt and cause excessive disk I/O.
  • Store users’ cached Outlook data (OST file) in the FSLogix container. Expect high disk IO when users log in for the first time and start using Outlook.  While the OST file is being hydrated with newly downloaded data, disk IO will be high.  If many users are logging in for the first time at the same time, overall performance will suffer.  Plan for this to happen during the go-live and try to stage users in groups rather have them logging in all at once.
  • Streaming activity (e.g. Spotify) can produce a lot of FSLogix VHD I/O. Learn how to spot a single user’s VHD file on the file server being very active (using Resource Monitor) and educate users to do their streaming locally.
  • Consider scalability of disk I/O in large environments.
    • The larger the Premium SSD P-disk is, the more I/O and throughput it can tolerate.
    • Multiple P-disks can be attached to a VM and a Windows volume can be created across them. This allows for I/O to be spread across multiple disks.
    • Scale Out File Server can spread the I/O across multiple file server VMs with one or more disks attached to each.
    • Azure Files on Premium Storage are a fast storage option.
    • NetApp Files are a high-performance option.
    • Ultra-SSD (U-type) disks are also very fast.

Network latency and packet loss can create a poor end-user experience.  Bandwidth, on its own, is not a likely contributor to poor performance unless the bandwidth is very constrained and that leads to latency of packet loss.  It is very important to draw the distinction between bandwidth, latency, and packet loss.  They are different, and often independent, measures of network quality and troubleshooting one when the problem is with another can lead to lots of wasted effort and erroneous conclusions. 

We often see bandwidth tests (e.g., speedtest.net) being used to rule out the network as the cause of slowness and this is a big and common mistake.  A speed test tells you how much bandwidth there is at a point in time, but it says nothing about the latency and packet loss of the connection between the end-user device and the virtual desktop in Azure. 

Let’s define some terms first:

  • 1. Bandwidth is the “capacity” of a connection (also known as throughput).  It answers the question of “how much data can be pushed through this connection in a given unit of time”.  It is typically measured in Mbps (megabits per second).  The easiest analogy to understand bandwidth is to think of a water pipe, where the water is data and the diameter of the pipe is bandwidth.  The “thicker” the pipe, the more water can be pushed through it over a given period of time.  The more bandwidth a network “pipe” has, the more data can be pushed through it. 
  • Effective, end-to-end bandwidth is determined by the “thinnest” segment of the connection.  This means that when the data travels from the end-user to the Azure VM over multiple networks (e.g. user’s home wifi, cable router, internet backbone, AVD management service, Azure vNet, etc.), the connection segment that has the lowest bandwidth will determine the overall end-to-end bandwidth.
  • Bandwidth between two network nodes can be measured by pushing as much data as the pipe will tolerate for a period of time and then measuring how much was actually transferred.  This is how speedtest.net (and other such tools) work.  They try to download and upload as much data as they can in a preset amount of time and then calculate the bandwidth.  It is important to note that a bandwidth test measures bandwidth between two network nodes: user’s device and some internet hosted speed test server.  There are other, more sophisticated ways, to measure actual bandwidth between two network nodes.  A popular tool that is often used is iperf.  When using iperf you must be sure to saturate the network, which won’t always happen with the default settings.  Settings like TCP window size and concurrent threads need to be tweaked to saturate the connection and get a true measure of network throughput. 
     
  • 2. Latency is the length of time that it takes data to reach from one end of the connection to the other (e.g. from the end-user’s device to the Azure VM).  In our water pipe analogy, it is the length of the pipe.  The base latency of a network connection is determined by the physical distance that this connection spans.  The latency of a connection between two points that are far away from each other will be higher than that of two network nodes that are physically close to each other – all else being equal.  Network latency is typically measured in ms (milliseconds).
  • Latency can be easily measured by simple tools like “ping”.  The time value returned by the ping command is the round-trip time that it took a data packet to make it from source to destination and back from destination to source.  For a decent virtual desktop experience, the round-trip latency should less than 100ms.  Between 100ms and 200ms is still ok, but anything above 200ms is going to be noticeable by the end-user.
  • The base latency is determined by physical distance of the connection, but other factors can contribute to high latency.  For instance, if the routers responsible for routing the data packets along the way are busy then latency will increase.  If they are very busy, it will increase a lot.  End-user experience is very latency sensitive.  Increased latency will be immediately noticed by the end-user.  They will notice slowness of screen refreshes, delay in typed characters appearing on the screen, and slow response to mouse clicks.
  • Lack of bandwidth can contribute to high latency.  Imagine our water pipe being filled with water.  A drop of water will take longer to get from one end to the other because the pipe is full.  The same happens when the bandwidth is limited, and the amount of data being pushed through the network connection exceeds its throughput capacity.  This will cause latency to spike and user performance to plummet.  For example, if a user is streaming a full screen HD video on their virtual desktop and saturating the network connection with that traffic, typing is going to be “laggy”. 
     
  • 3. Packet loss is the % of data packets that get dropped or lost along the way and never make it from the source to the destination.  It is the biggest user performance killer.  Packet loss happens when routing infrastructure along the way of the data packet gets very busy and drops the packet or as a result of poor line quality.  For instance, if a user has a cable internet connection and the quality of the signal from the cable company to the user’s cable model is poor this can manifest itself as packet loss.
  • Packet loss will cause “laggy” typing performance, slow screen refreshes, and overall “sticking” for the user.  This is because commands that are sent by the user to the virtual desktop aren’t making it there in a timely fashion. 
  • The TCP network protocol is designed to acknowledge that data has been received and if not, it is retransmitted.  High levels of TCP retransmits could be the result of packet loss.  UDP traffic is not acknowledged and if it’s dropped it never gets resent.  High-performance desktop streaming protocols (e.g. RDP v10) are designed to leverage UDP for screen streaming.
  • Packet loss can also result from line saturation, just like high latency.  If more traffic is being pushed through the line than it can support, then not only will latency go up, but packet loss can also result.
  • The easiest way to test for packet loss is to use the ping command.  A reply indicates that the ICMP packet made it all the way there and back and a Request Timed Out indicates packet loss.  At the end of the ping command there is a summary with a percentage of loss. 

So, how does all of this apply to Azure & Azure Virtual Desktop?   

 There are three network segments to be aware of when troubleshooting AVD user performance:  

  1. User’s device –> AVD Management Service (connection broker) hosted by Microsoft in various regions.  The host name that the user connects to is rdweb.avd.microsoft.com and gets routed to the closest connection broker based on user’s location. 
  2. AVD Management Service (connection broker) –> user’s Azure desktop VM.  This happens via “reverse connect” that is initiated by the AVD agent installed on the desktop VM.   
  3. Azure desktop VM’s –>  public internet.  This is what you’d measure by running a speedtest.net 

Connection segment #1 and #2 are primarily responsible for a user’s experience.  Connection segment #3 isn’t.  Unfortunately, most tend to run a speed test on their local device and virtual desktop and use those data points as a baseline for troubleshooting connectivity.  However, by understanding bandwidth, latency, and packet loss and the three connection segments involved in connectivity to a virtual desktop we can see how these data points are of little value. 

How NETWORK contention manifests itself to the end-user 

  • Slow screen refresh (or painting) 
  • Delayed typing and cursor 
  • Jittery mouse 
  • Bursts of letters appearing while typing 
  • Audio degraded or distorted 
  • Screen goes blank, then reappears 
  • Fonts fuzzy, overall image becomes less sharp (focused) 
  • Aero Shake triggering while dragging windows 

Check out our video overview below and/or read more about steps to resolve network-related issues.

What to do about it 

  • From a probability standpoint, it is much more likely that the issue is with segment #1 than #2 or #3. 
  • Measure bandwidth of the local connection by running a speed test 
  • If the bandwidth is decent, check for latency and packet loss by running a continuous ping for a few minutes.  This requires pinging a host that responds to ICMP pings.  Unfortunately, AVD connection brokers do not.  However, you can ping www.microsoft.com.  High or “spikey” latency and even occasional packet loss will contribute to poor user connectivity. 
  • Remember that latency and packet loss issues can be sporadic.  Meaning, when you run the test, things look good, but the user still reports that there are problems.  It is important to run the tests while the user is experiencing the problem.  Tools like PingPlotter can be very helpful in doing this in the background and then correlating the problem with user reports. 
  • Troubleshooting local connectivity is the only resolution to segment #1 problems.   
  • If you can identify that the problem is in segment #2, although this would be difficult to do, then a support case with Microsoft should be opened.  There is nothing you can do to resolve this problem on your own. 
  • If connectivity from the Azure VM to the public internet is the problem (segment #3) then there are a few things you can try before opening a case with Microsoft. 
  • Stop (deallocate) the VM and start it again.  This may move it to another physical host in Azure that may improve network connectivity. 
  • Redeploy the VM from the Azure portal to have it forcefully move to another physical host in Azure. 
  • Check Azure health status page to see if there are any current service impairment incidents that could be affecting your VMs. 
  • Try running a speed test from another VM on the same network.  If the problem is not present on the second VM, then investigate CPU, RAM, and DISK as potential root causes. 
  • Temporarily disable any software firewalls or AV solutions running on the desktop VM and see if that makes a difference. 
  • If none of this helps, open a ticket with Azure support. 
     

How much bandwidth is really needed for virtual desktops? 

Maxing out available bandwidth usually generates symptoms that match most other networking issues, probably because most networking issues in the public internet are caused by lack of bandwidth or changes in traffic flows that cause momentary bottlenecks while routes converge. Users would typically perceive this as slow screen refreshes, screens going out of focus (or taking a while to sharpen), screens going blank (depending on bandwidth bottleneck severity), and definitely audio distortions. This is also accompanied with very slow jittery mouse and keyboard activity.   

While troubleshooting this type of an issue you would typically see high ping times (typically not timeouts or drops, unless it’s extremely bad), and usually traceroute can identify the bottleneck point – usually first or second hop from the end-user location would be the problem point if their office bandwidth is exhausted. Topping out available bandwidth with virtual desktops would reflect symptoms creeping up slowly, with occasional bursts causing the worst symptoms. If users are experiencing long periods of issues, it’s usually things like downloads and uploads consuming bandwidth for extended periods of time – virtual desktop network traffic usually comes in spurts with activity on the screen. Unless the users have sustained activity on the screen, the symptoms from maxing out bandwidth would pop up frequently and then disappear. 

The typical average bandwidth consumption we see is roughly 0.5Mbps per active user, with more active users bumping that up to roughly 2Mbps/user. That’s just an estimate based on averages – users with extremely active screens (multimedia or applications with constantly changing visuals) can peak as high as 50Mbps (you read that right!). That’s definitely the high end, but users watching full screen videos could easily push 15-20Mbps each – imagine a team of employees participating in a full-screen video webinar or watching training videos, 10 users at 10Mbps apiece would saturate a 100Mbps link.  Keeping these rough guidelines in mind will help you properly size the network connectivity required to support a good experience for your virtual desktop users. 

Conclusion 

Good performance is critical for a successful desktop virtualization deployment.  End-users will reject their new virtual desktops if poor performance impedes their productivity.  Troubleshooting AVD performance is similar in some respects to traditional desktop performance troubleshooting but is much more complex and requires an understanding of all system components.  A methodical, diligent approach to identifying the root cause of the problem is needed and this guide provides the building blocks and tips for going through such a process. 

At Nerdio, thousands of virtual desktop environments have been deployed on our platform and we help hundreds of partners deliver high-quality, high-performance virtual desktop environments to their customers.

Free White Paper Download!

A Guide to Microsoft Azure SQL Server Pricing and Licensing

As a software engineer, one of the most critical considerations when developing an application is selecting the appropriate data storage solution. With the rise of cloud computing, Microsoft Azure SQL Server has emerged as a popular choice due to its scalability, reliability, and robust features. However, with various pricing and licensing options available, it can be challenging to navigate the different tiers and determine which option is best suited for your organization’s needs. In this blog post, we will dive into Microsoft Azure SQL Server pricing and licensing, demystifying the complex pricing models and helping you make an informed decision when selecting the right plan for your business.

One of the most common workloads that managed service providers (MSPs) support for their customers are line-of-business applications with a SQL Server database back-end.  This also happens to be one of the more popular Azure workloads.  Microsoft has created several SQL offerings in Azure, including Azure SQL and SQL Managed Instance.  However, most MSPs prefer to start out with a traditional VM in Azure running a full version of SQL Server just like it does on-premises. 

In this article, we will review all available SQL options in Azure with a special focus on licensing considerations when running SQL Server on a Windows VM.  We’ll clear up some common misconceptions and focus on cost implications of each licensing scenario. 

There are three common ways to host a SQL database in Azure: 

  1. Azure SQL database 
  2. SQL Server on Azure VM – Microsoft Managed Instance 
  3. SQL Server on Azure VM – MSP managed 

We will focus primarily on #3 – SQL Server on an MSP-managed Azure VM.   

Azure SQL Server Pricing

Azure SQL database  

A fully-managed SQL database engine based on the latest stable Enterprise Edition of SQL Server.  

This is a relational database-as-a-service (DBaaS) hosted in the Azure cloud that falls into the category of Platform-as-a-Service (PaaS).   

If you are developing a new application or re-architecting an existing one, this is the option that you should use first.  There are no VMs involved and Microsoft manages the entire back-end for this PaaS, including patching, updates, and high-availability.  The cost is relatively low compared to a full license of SQL Server — especially the Enterprise version.  However, there are a small number of feature limitations and you are locked into the latest version of SQL Enterprise without admin rights. 

SQL Server on Azure VM – Microsoft Managed Instance  

Managed Instance is a new deployment option of Azure SQL Database, providing nearly 100% compatibility with the latest SQL Server on-premises (Enterprise Edition) Database Engine.  This provides a native virtual network (VNet) implementation that addresses common security concerns, and a business model favorable for on-premises SQL Server customers.  

The Managed Instance deployment model allows existing SQL Server customers to lift and shift their on-premises applications to the cloud with minimal application and database changes.  The managed instance deployment model is designed for customers looking to migrate a large number of apps from on-premises (or IaaS), self-built, or in an ISV provided environment, to fully managed PaaS cloud environment with as low migration effort as possible. 

With Managed Instance, Microsoft manages the VM, SQL Server installation, patching, updates, high-availability, etc.  MSPs and customers do not have administrative access to the managed instance.  This is an interesting deployment model for some scenarios, but in our experience uncommon among MSPs and their customers. 

Azure SQL Server Licensing

SQL Server on Azure VM managed by MSP 

This is by far the most common deployment model for customers looking to lift-and-shift their existing LOB applications into Azure without re-architecting them.  The VM is set up and managed by the MSP or customer’s IT team, and any SQL Server version can be installed just like on a regular on-premises server. 

Many MSPs also choose to migrate existing SQL servers to Azure without rebuilding the VM and reinstalling SQL Server.  They simply use Azure Site Replication (ASR) or another data transfer tool to move a server from on-premises into Azure as a VM.   

With Nerdio’s Hybrid AD functionality, this allows the migrated VM to work without any modifications since Active Directory spans both the on-premises network and the Azure deployment where the VM now resides.  With Windows Server 2008 and SQL Server 2008 nearing end of support, Microsoft is providing three years of extended security updates to those who move the SQL Server VMs into Azure.   

Paying for your license 

Despite SQL Server on Azure VM being the most popular deployment model, it generates a lot of confusion around the valid and most efficient way to pay for the license.   

Let’s review the available options. 

1. Rent SQL Server via Azure (Pay-as-you-go) 

The easiest way to deploy a VM running SQL Server in Azure is to select it as an image from the Azure image library.  A new VM will be created with SQL Server pre-installed on it and Microsoft will bill for the SQL license as part of the VM price.   

This is one of the more expensive SQL licensing options but provides the most flexibility.   

  • List price for SQL Server license only:
    • SQL Standard â€“ $146/month per two CPU cores (4 cores minimum per VM) 
    • SQL Enterprise – $548/month per two CPU cores (4 cores minimum per VM) 
  • Payment model: Hourly, pay-as-you-go with no commitment or upfront payments 
  • Deployment model: Only from Azure image library 

2. Bring your own SQL Server Volume License with Software Assurance (License Mobility) 

Many Enterprise customers already own SQL Server licenses under an existing license program with Microsoft such as EA or Select.  These licenses can be used in Azure due to the License Mobility benefit that is part of the Software Assurance subscription.  Without active Software Assurance, an existing SQL Server license cannot be used in Azure because it is a multi-tenant hosting environment. 

SQL Server license with SA can be used by enabling Azure Hybrid Usage on a VM where SQL is installed.  If the VM was provisioned as a SQL VM from the Azure image library, it can be converted to “bring-your-own SQL license” mode.  Alternatively, SQL Server can be installed on a clean VM or the entire VM can be imported from on-premises with SQL Server already installed.  In all these scenarios, having a SQL Server license with active Software Assurance will cover the license obligation for SQL. 

This is not a common scenario for most MSPs, as customers don’t often maintain active Software Assurance on SQL Server licenses, and therefore rarely used when deploying SQL in Azure. 

3. SQL Server licensed via CSP Software Subscription 

Purchasing SQL Server via CSP Software Subscriptions is the most cost-effective option but requires an upfront investment and pre-payment for a 12- or 36-month license.  This license can be returned for a full refund within 60 days of purchase but cannot be returned after the 60-day mark. 

MSPs can use a CSP Software Subscription to SQL Server under any VM deployment scenario.  If the VM was migrated via Azure Site Replication (ASR) from on-premises, deployed as a Windows VM and then had SQL installed on it, or deployed from Azure image library as a SQL VM and was then converted to “bring-your-own license”, a CSP Software Subscription license can be used. 

  • List Price for SQL Server license subscription:
    • SQL Standard 12-month subscription: $130/month per two CPU cores (4 cores minimum per VM) 
    • SQL Standard 36-month subscription: $118/month per two CPU cores (4 cores minimum per VM) 
    • SQL Enterprise 12-month subscription: $498/month per two CPU cores (4 cores minimum per VM) 
    • SQL Enterprise 36-month subscription: $454/month per two CPU cores (4 cores minimum per VM) 
  • Payment model: Upfront, 60-day full refund 
  • Deployment models:
    • Migrate existing VM with SQL installed to Azure 
    • Deploy a new Windows VM in Azure and install SQL 
    • Deploy a new SQL VM in Azure, convert to “bring-your-own” license 

Azure SQL Server Pricing and Licensing Simplified

What about SPLA?  

MSPs often ask if they can use their existing SPLA agreements to license SQL Server in Azure.  The answer is yes and no.   

Yes, you can license SQL via SPLA using the SAL (Subscriber Access License) model, which is where you pay for each user who connects to the SQL Server.  However, you cannot use SPLA to license a per-core SQL model, which is by far the most common way to license SQL Server. 

The reason for this is the “DCP Eligibility” of SQL Server product in SPLA.  DCP stands for Data Center Provider and DCP Eligibility is a benefit of SPLA that allows certain services to be brought to other providers with Azure being a DCP.  SQL SAL licenses are DCP Eligible, while SQL Core licenses are not DCP Eligible (you can read more about that here). 

In summary, the PAYG SQL license is flexible from the payment perspective, expensive, and must be deployed from an Azure library.  SQL via CSP Software Subscriptions is the least expensive, most flexible in terms of deployment options, but requires an upfront payment.  SQL Server with Software Assurance is the least common option since many customers of MSPs don’t maintain active Software Assurance. 

MSPs building a cloud practice in Microsoft Azure need to be aware of the various options for licensing SQL Server since it is often a large component of the overall cost of an Azure IT environment.  Choosing the correct one can have a significant impact on an MSP’s overall margin for a particular customer deployment.   

At Nerdio, our mission is to empower MSPs to build successful cloud practices in Microsoft Azure.  We continue to stay up-to-date on all the latest developments with Microsoft licensing and help our MSP partners make the right choice when selecting among the multitude of alternatives. 

Employee Spotlight: Get to Know Colleen Herbert

  1. What’s your role here at Nerdio? What do you do on a day-to-day basis and how do you help partners/customers?  

I am a Channel Account Manager on our Enterprise Sales team, working with partners in North America serving the enterprise market. My day-to-day includes activities that fall along the partner relationship life cycle. These include onboarding partners, providing technical and enablement sessions, working with the partner teams to generate the Nerdio pipeline through webinars and in-person events, and, most importantly, making sure the enterprise partners have what they need to win at joint business with Nerdio.  

  1. What’s a fun fact about you that most people don’t know/couldn’t guess?  

I’ve been struck by lightning… twice! (Indirectly, thank goodness, but don’t hang out with me on a golf course during a storm!) 

  1. What’s one technological advancement you hope to see or think we will see in the next ten years?  

I hope that advances around affordable clean energy and clean water for all continue to develop. The earth is so fragile, so any progress around making it easy and affordable to “do the right thing” for Mother Earth, and all of us who inhabit this fine planet, is necessary. 

  1. What are three movies you’d bring with you to a deserted island?  
  • Lost in Translation
  • The Royal Tenenbaums
  • AmĂ©lie
  1. In your opinion, what’s the most rewarding part of working for Nerdio?  

Seeing the impact of my efforts, both from a sales perspective and also from a company growth and change perspective is very rewarding. We are a culture of drivers, which carries a lot of responsibility each day, but the “can do” attitude is inspiring and keeps me “driving” to accomplish more each day. 

  1. What sitcom family or friend group would you choose to be a part of?  

“What We Do in the Shadows.” It’s way too entertaining of a crew. Not being a vampire may cause an issue, but I think we could get past that. 

  1. Besides a standard computer, what is the earliest piece of technology you remember owning?  

I remember that the first microwave we had was a big deal. (Oh, so many exploded hot dogs!) Also, the first VCR we had… It was a top loader with a corded remote. It was such a game changer to be able to record “Friday Night Videos” and watch the next day since I couldn’t stay up that late and didn’t have cable/MTV! 

  1. You’ve been with Nerdio for a while now. What’s motivated you to stick around?  

Every day is an adventure, with the opportunity to directly have an impact on the company’s success. There is nowhere to hide, which offers such a great opportunity to push myself and learn so much.  

  1. What’s the most valuable thing you’ve learned while working in tech?  

If you’re not a fan of change – get out! 

  1. What’s a current technology trend you’re passionate about?  

I’m very interested in wearable technology that can help people track progress toward fitness goals, which keeps people safe and gives insights into our health. Also, “spray fabric” debuted at Paris Fashion Week last year and was very fascinating. If the technology becomes affordable, and if it is truly safe, there are so many possibilities around how it can be used, both for high-end fashion as well as for fast/everyday fashion.