Azure Ephemeral OS Disks: What Are They and How Do They Benefit MSPs?

Virtual Machines in Azure run on top of the Microsoft Hyper-V hypervisor on physical hardware inside Azure data centers around the world.  Each VM can be attached to two types of storage: Local and Remote

Local VM Storage 

This type is non-persistent (i.e. volatile) storage that is internal to the physical Hyper-V host that a VM is running on at any given time.  As soon as the VM is moved to another physical host as a result of a deallocate (stop) and start command, hardware or VM crash, or Azure fabric maintenance, the local storage is wiped clean and any data stored on it is lost.  Because of the volatile nature of local storage, no important data can be stored on it.  However, it is ideal for non-persistent data such as temp files and page/swap files.  Local storage is typically visible as the D: drive on Windows VMs in Azure and has a text file in the root directory warning users against data loss. 

Remote VM Storage 

This storage type is persistent and comes in the form of managed (or unmanaged) disks.  These disks can have different performance and redundancy characteristics. 

For more information about Azure storage for MSPs, see Microsoft Azure Fundamentals: Terminology, Hierarchy, and Resources. 

Remote storage is required for any VM’s OS disk (i.e. C: drive where Windows is installed) and certainly for any data disks that are intended to permanently store important data.  In order to retain the data and persist across moves of the VM from one physical host to another, the remote storage is, well… remote from the VM itself.  It is stored on Azure’s storage system and VMs attach to it via the network.  The physical Hyper-V host running the VM is independent of the remote storage system, which means that any Hyper-V host or VM can mount a remotely stored disk. 

Remote storage has the critical advantage of being persistent, while local storage has the advantage of being faster (because it’s local to the VM – on the same physical host) and it is free.  When starting an Azure VM, you only pay for its OS and data disks that are remote.  Local storage on a VM (i.e. D: drive) is included in the price of the VM itself and carries no usage charge of its own. 

Ephemeral OS Disks

Recently, Microsoft introduced the concept of Ephemeral OS disk for certain types of VMs.  An Ephemeral OS disk is stored on local storage and is therefore faster and free, but it is not persistent.  It is therefore only used in situations where the VM is based on an image and every time it is started the OS disk will get “regenerated” from the generalized image and any changes made to the OS disk (C:) will be lost if the VM moves to another host or is reallocated.   

Why does this matter?  OS disks on Windows VMs, such as RDS or AVD session hosts, constitute a significant cost component ($20 or so for a 128GB Premium SSD P10 disk).  Using generalized RDS/AVD host images and Ephemeral OS disks removes this cost component completely, further reducing the cost of running virtual desktops in Azure. 

The performance of Ephemeral OS disks is also significantly better than remote storage OS disks.  This is because they are stored on local SSD storage and don’t have to be mounted over the network in Azure.  This increased speed and reduced latency leads to faster VM start/stop operations, faster provisioning, and overall increased performance.  How much faster are they?  Micha Wets wrote a great article comparing the performance of AVD hosts using Ephemeral OS disks and remote OS disks.  Take a look to see how much of a difference this makes. 

How can you take advantage of Ephemeral OS disks?  

Since these OS disks make the most sense with VMs based on generalized images, and because Nerdio’s implementation of AVD host pools is based on Azure VM Scale Sets that use an image natively, this is going to be a very easy feature to enable when creating new AVD host pools in the future.  You will be able to check a box to select the use of Ephemeral OS disks instead of traditional managed disks when creating a new AVD host pool in the Nerdio Admin Portal on the Servers screen. 

The result will be faster disk performance of AVD virtual desktops and significant cost savings resulting from eliminating the need to pay for traditional, remote storage-based managed disks.   

At Nerdio, we strive to stay on the leading edge of newly released Azure features and integrate them into our product to improve our MSP partners’ margins and experience.  We’re always on the lookout for better, more efficient ways to empower MSPs to build successful cloud practices in Microsoft Azure. 

What MSPs Need to Know About Azure Lighthouse

On July 11th, 2019, just three days before Inspire, Microsoft announced the general availability of a new Azure technology called Azure Lighthouse.  Lighthouse promises to provide “capabilities for cross customer management at scale for partners to differentiate and benefit from greater efficiency and automation.”  A great, deep under-the-hood overview of Azure Lighthouse can be found in this blog post by Azure Chief Technology Officer Mark Russinovich.

Although exciting and full of potential, Azure Lighthouse capabilities can be a bit difficult to understand without direct, hands-on experience.  In this article, my goal is to cut through both the marketing and tech speak and answer a few fundamental questions about this technology.

  • What exactly is Azure Lighthouse?
  • How can MSPs leverage Azure Lighthouse?
  • How does Azure Lighthouse fit into Nerdio’s product strategy

What exactly is Azure Lighthouse?

In a word, Azure Lighthouse is “delegated resource management” (I guess that’s not a single word but more of a phrase).  To be more precise, Azure Lighthouse is an Azure Resource Manager capability that lets customers delegate permissions to service providers over scopes, including subscriptions, resource groups, and individual resources, which enable service providers to perform management operations on their behalf. 

Yes, that’s a mouthful so let’s try to break it down and understand it by way of an example.

Imagine that your MSP is not in the technology business but rather in the office building maintenance business.  You’ve signed a contract with a big downtown office building operator (think – Microsoft Azure) that leases office space to their tenants (think – your customers).  These tenants can contract with your firm to take care of their office spaces for them if they want, but don’t have to use you and can just take care of their office themselves.  Your employees, the building engineers (think – techs and engineers), need to go into the the tenant office spaces after hours to maintain the space.  Now, the building hasn’t invested in electronic locks and every office space has a unique physical key that your employees must carry with them to get into the space.  Imagine a big ring of keys that each employee carries containing a key for each customer tenant.

This is how managing Azure looked before Lighthouse.  You had to maintain a set of admin credentials for each customer’s Azure tenant.  They were all independent of each other and you had to switch from one to the next whenever managing multiple customers.

Azure Lighthouse is the cloud equivalent of the big downtown office building installing digital locks throughout and giving your employees a single fob to be able to open a tenant’s door, as long as the tenant authorizes it first.  In Azure, you now have the ability to request your customers’ permission to manage various parts of their environment using your own set of credentials.  Once they grant you this permission, you’ll be able to stay logged into Azure portal with your own username and have visibility and control over multiple customers’ tenants, subscriptions, resource groups and resources.

This is very convenient and more secure.  You no longer have to log in as different users to manage different customers and you have only one set of credentials to protect (e.g. MFA and Conditional Access).  What about those spreadsheets with admin login credentials for each and every customer?  Those can be gone, too!

Here is a hierarchical way to think about this new capability:

  • (NEW with Azure Lighthouse) Partner Azure AD tenant with delegated access to some/all customers’ environments
    • Customer A Azure AD tenant
      • Subscription
        • Resource Group
          • Resources
        • Customer B Azure AD tenant
          • Subscription
            • Resource Group
              • Resources

Prior to Azure Lighthouse, each customer’s Azure AD tenant was completely independent from a management perspective.  Now, your Partner Azure AD tenant can be entitled to manage multiple customers’ Azure AD tenants.

How can MSPs leverage Azure Lighthouse?

So, having a “master key” for all of your customers’ Azure deployment is convenient, but is that all?  What’s the big deal with Azure Lighthouse if all it does is make access to Azure Admin Portal easier?

Although delegated resource management is the core technology of Azure Lighthouse, it enables MSPs and software companies to do some pretty cool things at scale with much more efficiency.  Let’s look at a few examples.

Security policies

Imagine that you’ve created a set of best-practice Azure security policies that you recommend and implement for all of your Azure customers.  Before Lighthouse, you would have to create, evaluate and apply these policies independently for each customer.  Any change to your standard policies would have to be manually applied to every Azure tenant.  Imagine doing that for hundreds or thousands of customers.  This is very inefficient and error-prone.

With Azure Lighthouse, you can have a centralized set of security policies that you create and manage and then can apply to all (or some) of your customers at the same time.  This is much more efficient, automated, and less error-prone.

Patching policies

If you’re monitoring the patching status of your customers Virtual Machines (VMs) using Azure Update Management, doing it inside of individual tenant is laborious.  Imagine being able to view and take action on Update Management event across all customers in one place.

Portal, RestAPI, CLI, PowerShell

Azure Lighthouse is not only for the Azure Portal.  It enables developers and engineers to create software solutions and scripts using all of Azure’s management capabilities, such as CLI, RestAPI, and PowerShell to manage all aspects of customers’ environment.  This creates limitless possibilities for automation software to work efficiently across large customer bases.

How does Azure Lighthouse fit into Nerdio’s product strategy?

At Nerdio we are all about empowering MSPs to build successful cloud practices in Microsoft Azure through our innovative automation software.  Since all of our MSP partners have multiple customers, the challenges outlined above weren’t new to them or Nerdio, and we couldn’t wait for Azure Lighthouse to come out in order to solve these problems.  Therefore, two years ago we created the Nerdio Admin Portal, a multi-tenant, single-pane-of-glass management portal that allows MSPs to manage all aspects of all customers’ Azure environment in one place.

Now, with Azure Lighthouse, we will incorporate this new delegated resource management technology to make the Nerdio Admin Portal even more efficient.  For example, today when you deploy a new customer account with Nerdio, you have to specify that customer’s Azure admin credentials to “plug” Nerdio into the tenant.  Once you do that, the Nerdio Admin Portal manages that tenant going forward and you don’t need to use these credentials again.  With Azure Lighthouse, as partners gain delegated access to their customers’ Azure tenants, we will enable the capability for a partner to simply click the “Add Nerdio For Azure account” button and select a customer name from a list rather than have to provide an individual customer’s Azure credentials.

At Nerdio, we couldn’t be more thrilled to see Microsoft recognize how Azure environments are managed in the real-world – by MSPs, and support these MSPs by making their job easier through automation capabilities that lead to improved efficiency, reduce service delivery costs, and increase profitability.

Contact us to learn more about how Nerdio partners with Microsoft to empower MSPs every single day to succeed with Azure.

Microsoft Azure Reserved Instances Explained

In this article, we will take a detailed look at how Azure Reserved Instances affect the cost of Azure compute consumption.  This is not an introductory article, but more of a 300-level illustration using a specific example to demonstrate the salient points.

Let’s start by defining a few terms: 

  • Azure Reserved Instance (RI) – the ability to pay for Azure compute capacity in a specific Azure region in exchange for a significant discount. 
  • RI Term – the duration of the agreement.  There are only two available terms: 1 year and 3 years.  The 3-year terms provide a deeper discount than an equivalent 1 year term RI. 
  • RI Scope â€“ the scope of an RI is set when the reservation is purchased.  It defines how the RI applies to specific VMs to offset their monthly PAYG cost.  There are two types of scope: 
    • Shared Scope – shared scope RIs can apply to any VM inside of any subscription within a single Azure tenant.   
    • Subscription Scope – subscription scope RIs can apply only to VMs inside of a specific Azure subscription.  Even if there are VMs in other subscriptions that match a specific RI with Subscription Scope, on another subscription it will not offset the monthly cost of that VM.  Only VMs within the subscription where the RI is applied will be offset. 
  • RI Instance Size Flexibility â€“ A feature of Azure RIs that allows a reservation to offset partial cost of a VM or the cost of multiple VMs.  For instance, an RI for a single CPU core VM can offset 50% of the cost of a dual CPU core VM in the same VM size group. 

Let’s see how all this works using an example:

In the example above, we see an Azure tenant with two subscriptions.   

There are 3 Shared Scope reservations 

  • RI-1: E8sv3 (8C/32GB) 
  • RI-2: B4ms (4C/16GB) 
  • RI-3: D2sv3 (2C/8GB) 

There are also 4 Subscription Scope reservations; two in each of the Azure subscriptions. 

  • Subscription A 
    • RI-A1: D2sv3 (2C/8GB) 
    • RI-A2: E4sv3 (4C/32GB) 
  • Subscription B 
    • RI-B1: DS1v2 (1C/3.5GB) 
    • RI-B2: B2ms (2C/8GB) 

Each of the subscriptions has 4 running VMs. 

  • Subscription A 
    • VM-A1: E4sv3 (4C/32GB) 
    • VM-A2: E4sv3 (4C/32GB) 
    • VM-A3: D4sv3 (4C/16GB) 
    • VM-A4: NV6 (6C/56GB) 
  • Subscription B 
    • VM-B1: DS2v2 (2C/7GB) 
    • VM-B2: D8ms (8C/32GB) 
    • VM-B3: E8sv3 (8C/64GB) 
    • VM-B4: D2sv3 (2C/8GB) 

All reservations have a 3-year term and are paid for upfront. 

  • RI-1: $5,257 
  • RI-2: $1,646 
  • RI-3: $968 
  • RI-A1: $968 
  • RI-A2: $2,628 
  • RI-B1: $637 
  • RI-B2: $823 

The total upfront reservation payment for all shared scope and reservation scope RIs is $12,927.

You also have the option to pay for the reservation on a month to month basis rather than all up front.  This comes at no additional cost when compared to the yearly price of the RI.  If you decided to go with monthly payments your monthly cost would be $1,901 compared to the $3055 it would normally cost with full PAYG.  

By purchasing these reservations, the monthly cost of running VMs is offset when there is a matching reservation.  Sometimes the cost is offset completely (as in the case of VM-A1), sometimes it’s offset partially (as in the case of VM-B3), and sometimes there aren’t any RIs available to offset the cost of a VM (as in the case of VM-A4).  

In this example, you can see there is significant savings in using RIs.  Adding up the monthly cost of all 8 VMs and multiplying by 36 months to get the 3-year cost yields $109,980.  However, by utilizing reservations that cost ~$13k, one can save $41,523 or 38% of the 3-year total.  Purchasing additional RIs to offset the remaining monthly cost would result in even greater savings. 

Azure compute reservations are a powerful lever to increase margin for MSPs when creating Azure-based IT solutions.  They are complex and require some planning in advance, but with savings of up to 57% over a 3-year period, RIs are an important tool to MSPs to understand and leverage. 

At Nerdio our mission is to empower MSPs to build and grow their cloud practices in Microsoft Azure. Nerdio’s Azure Cost Estimator is a great place to start in evaluating the magnitude of savings that RIs can provide. 

Using Nerdio to Manage Existing Microsoft Azure Deployments 

The Nerdio Admin Portal (NAP) is a multi-tenant, single-pane-of-glass portal that allows MSPs to manage all of their Azure deployments securely in one place and across all aspects of the IT environment. The NAP can manage VMs, storage, networking, backup, autoscaling, users, virtual desktops, Office 365, mailboxes, security, and much more – all in a “3-click or less” console with role-based security.  The customers of MSPs can be full admins with access to all aspects of a customer’s IT environment or they can be limited users (e.g. Tier 1 Support) with access to things like user password resets but not VPN configuration.   

MSPs can also co-manage a customer’s Azure environment with the customer’s internal IT staff.  For example, an end-user account can be given access to the NAP to do both basic and advanced management of just their own environment.  Because the NAP is so simple to use, delegating some basic management capabilities to specific end-users reduces the number of incoming tickets, gives the customer more control that they desire, and speeds up time-to-resolution by allowing the customer to self-serve on some common functions.  All without risking overwhelming the customer with too much technical complexity or exposing Azure with administrative access and risking issues that could be created by an inexperienced user in an otherwise stable environment. 

A common question we get from partners goes something like this: “We’d love to use Nerdio to manage our Azure deployments but have existing customers in Azure.  Can Nerdio be used to manage those?” 

The short answer is, “yes, they absolutely can” and it does require a bit of planning.”

The goal of this article is to outline the steps necessary to configure Nerdio to manage existing Azure resources. 

The Typical Nerdio Manager for MSP Deployment 

Nerdio is designed to be safe and non-disruptive to existing environments.  Therefore, when you provision a new Nerdio account into Azure, it creates a brand new, empty resource group and only manages resources in that one resource group.  You can have a single Azure AD tenant with a single Azure Subscription and segregate customers by resource groups (or by Azure subscriptions or Azure AD tenants).  The resources in each of these groups will be independent and isolated.  Nerdio will manage each deployment in each unique resource group as its own Nerdio account. 

Every Nerdio for Azure deployment is designed to start out as a “greenfield” deployment without any existing legacy information (other than connectivity into an existing Office 365 account).  The goal is to enable an MSP to set up a greenfield Azure environment and conduct a pilot with a customer without disrupting the existing IT infrastructure.  Once the pilot is successful, the Nerdio deployment is “plugged into” an existing IT environment and added to production, making it accessible to users.  Once in production, users, data, and server workloads can be seamlessly moved into the new Nerdio deployment in Azure. 

“Plugging” Nerdio into an existing IT environment 

There are three top level steps involved in plugging a greenfield Nerdio deployment into an existing IT environment. 

  1. Extend the network â€“ this is typically accomplished by setting up a site-to-site VPN between the Nerdio for Azure environment and an existing environment.  It is also possible to use the VNet peering capability of Azure in some cases, as we’ll see below. 
  2. Extend Active Directory – Making the same Active Directory Domain Services available in Azure is fully automated by Nerdio with our Nerdio Hybrid AD™ functionality.  Extending AD into Azure allows the NAP to have visibility into the existing Active Directory, manage user objects, and assign virtual desktops – all without any changes to the existing environment.  Once the AD is extended from the existing environment to Azure, it spans both locations and allows seamless movement of servers from one to the other. 
  3. Move VM workloads â€“ Once network connectivity is established and AD is extended into Azure, servers and data can be moved from the existing environment to Azure using Azure Site Recovery (ASR), another VM replication technology, or Azure Resource Move process, as we’ll see below. 

The result of the 3 steps above is a Nerdio managed Azure environment with connectivity to an existing IT environment, AD visibility, and the ability to move VMs from one environment to the other without the need to re-join the domain or reconfigure the operating system. 

“Plugging” Nerdio into an existing Azure deployment 

It is possible to leverage Nerdio to manage an existing Azure deployment.  Think of it as a special case of a typical process outlined above – create a new Nerdio for Azure greenfield deployment, plug it into an existing Azure deployment, and migrate workloads as appropriate.  However, because both the existing Azure deployment and the new Nerdio deployment are both in Azure, there are some additional tools available to simplify and speed up the process. 

Let’s look at each of the three steps as they relate to this unique scenario. 

1. Extend the network 

 While it is possible to use VPN Gateways and site-to-site VPN connections between virtual networks in Azure, it is far simpler to leverage Azure VNet peering capability.  Azure supports two types of VNet peering: 

  • VNet peering – connecting VNets within the same Azure region 
  • Global VNet peering – connecting VNets across Azure regions 

There are multiple advantages to using VNet Peering instead of site-to-site VPN.  Network traffic is private, low-latency, and high-bandwidth.  That’s because it traverses Azure’s private network backbone instead of leveraging public internet infrastructure. 

VNet peering has all the expected functionality, including no downtime for the VMs when creating the peering, the ability to apply Network Security Groups (NSG) to control traffic flow and access, if needed, and, by default, complete and simple connectivity of all resources in peered networks without additional setup. 

There is a charge associated with using VNet peering.  When data travels within the same Azure region (both inbound and outbound, unlike public internet bandwidth) there is a charge of $0.01/GB of transfer.  To transfer a 100GB virtual disk from the existing virtual network in Azure to the Nerdio deployment will cost about $1.  When peering VNets across Azure regions (Global VNet Peering), the cost is about $0.035/GB in most US regions. 

2. Extend Active Directory 

Extending the Active Directory (not Azure AD – that’s already integrated into Nerdio by default when deployed) from an existing Azure environment into the new Nerdio environment is identical to the process when the source environment is not in Azure.   

Once the VNet peering is in place and VMs in the Nerdio deployment can talk to the VMs in the existing Azure deployment, the Nerdio Hybrid AD engine will create a new domain controller in the Nerdio deployment and extend the existing Active Directory Domain Services.  Once AD is extended and all resources are moved over to the Nerdio deployment to be managed in the NAP, Active Directory FSMO roles can be transitioned over to the new domain controller VM in Nerdio and the existing AD can be de-provisioned. 

3. Move VM workloads 

Since both the source (existing Azure deployment) and destination (new Nerdio deployment) are in Azure, it is possible to use the native resource move functionality  to transfer from source to destination.  This is an easy and seamless process that can be done via the Azure portal or via PowerShell. 

Establishing network connectivity with VNet peering and extending Active Directory with Nerdio Hybrid AD before moving the VMs will allow the process to be seamless.  For example, if one out of five server VMs are moved from source to destination, the moved VM will still be able to talk to its peer VMs in the existing Azure deployment due to VNet peering that’s in place.  Similarly, since the same AD spans both environments, the moved VM will be able to communicate with a local domain controller and authenticate connections without the need to join it to a new AD domain.   

Other Azure resources such as public IP addresses and storage accounts can also be moved via the Azure portal from their source resource group to the new Nerdio one.  

As all VM workloads and other resources are moved over to Nerdio, which can be done in a non-disruptive, phased approach, and FSMO roles are transferred to the new AD DC, the source environment can be simply de-provisioned and VNet peering turned off. 

The result will be a new Nerdio deployment managed via the Nerdio Admin Portal with all the automation and simplification benefits outlined above but using the same data, applications and user objects.  This process allows MSPs to standardize their Azure deployments and automate much of the management, auto-scaling and help desk tasks. 

What’s New at Nerdio? June 2019

Today is a big day at Nerdio and it has nothing to do with finding a new partner, attending a great peer-to-peer group, or recording a webinar. It isn’t about a new product feature or a different way to use our product, either. It’s about helping you.

At Nerdio, our mission is to enable Managed Service Providers to build successful cloud practices in Microsoft Azure. When MSPs want to understand their cloud practice options and opportunities, we provide the tools and insights for specific and tangible solutions. Instead of wondering how much to charge or how to deploy and manage a cloud solution, we’ll offer the necessary resources for MSPs to quickly find out how their business can benefit from being built on Microsoft Azure.

We believe that when working with partners, they want two primary daily deliverables:

1. To be understood.

We are techies who love our community of partners that make their living from providing leading technology.
When MSPs find Nerdio, they know someone finally ‘gets’ how complex the subject can be. Nerdio proactively anticipates the questions MSPs have before they ever need to ask them.

2. To be informed.

We regularly curate content and resources for our website and social media presence to stay on top of industry developments and keep our partners aware of the latest Azure information. With Nerdio by their side, the MSP has all the information they need to make the right choice for their business. Every time they interact with Nerdio, they leave having learned something new about Azure.

It makes sense, then, that we have a world-class website that matches our mission statement, therefore allowing MSPs to be understood and be informed.

Today, we re-launch www.getnerdio.com as the primary resource for MSPs to build a successful cloud practice in Microsoft Azure.  You’ll find a clean, modern look which will differentiate Nerdio from the clutter, flash, and generic stock photography seen on so many other sites. You will also be introduced to the “Nerdio Academy” which is an incredibly rich resource designed for the MSP community. It includes best-in-class educational videos, webinars, white papers, and much more designed to help MSPs understand how to build a successful Azure practice — including topics from Windows Virtual Desktop, increasing your margins selling Azure, and deep technical Azure content.  You won’t find this breadth and depth of MSP-focused content anywhere else.

At Nerdio, we aim to be focused, straightforward, empowering, and helpful to our partners.  By doing so, we offer you the definitive Azure solution for the MSP community.

8 Help Desk Tasks Slowing MSPs Down

Managed Service Providers (MSPs) are always looking for ways to improve Help Desk efficiencies. Reducing the time it takes to close a client ticket while delivering great customer service is key to increased profitability and customer success.  

Nerdio helps MSPs save significant time and resources through automation. Let’s look at eight common tasks that eat up time and prevent engineers from moving on to the next ticket – and how much time Nerdio can help an MSP save with each.  

1. A corrupt Windows profile 

Sometimes a corrupt Windows profile is just unavoidable. You receive a call saying, â€śI can’t log in. It says I have a temporary profile and none of my icons are there.”  

Somehow the PC magically got dropped off the domain or the PC can’t authenticate. Once you realize it’s a corrupt profile, you can find the issue and fix it and then proceed to log in again. But if not, you must wipe out the profile completely and remove or rename it from the C:\Users folder before the end-user can login again.  

Usually, this process happens several times before it’s resolved. What’s the cost? Probably two hours of time wasted – not only the engineers’ time, but during that time the client’s environment was also down and their desktop was unavailable. 

Average time to close a ticket of this type: two hours.
With Nerdio, the time to resolve this issue is less than five minutes.

In the Nerdio Admin Portal>Users select “Revert Profile” next to the user with a corrupted profile. 

This will enumerate the available Shadow Copy snapshots (VSS) on the user’s desktop and allow you to select a known-working version. 

Simply select the date and time, check the “I understand…” box and click Confirm. Nerdio will automatically place the desktop in maintenance mode, back up the current corrupted profile, restore a copy of the profile from VSS snapshot, replace the corrupted profile, and reboot the desktop.  After a few minutes, the user will be able to log back in and have a working desktop with a functioning Windows profile. 

2. End-user onboarding  

Suppose your client tells you they are growing and have just hired a new employee! Naturally, you’re happy for them and if they’re growing, it also means you just grew by one endpoint.  

The task of onboarding a new employee could be one that takes a long time. Every client has different needs and therefore a different process.  What are some of the tasks you are asked to perform?  You log into your Domain Controller, open Active Directory Users and Computers, add their username, and setup a password.   

Hopefully you have AD Connect set up so it syncs the new account to Office 365. You log into Office 365 and create the same account there. Then come back down to the File Server, make sure the user is in the correct Security Groups, and make sure their mapped drives show up. You must make sure their printers are installed as well. 

Next, their applications need to be loaded and all the correct file paths pointed to the right place. You then open Outlook and make sure Office 365 is activated and email caching can begin. Depending on how many line–of–business applications this user has, it can take some time. 

Average time to close a ticket of this type: 30 minutes to an hour.
With Nerdio, the time to close this type of ticket is three minutes. 

In the Nerdio Admin Portal>Users click Add User

  • Type in the user’s first and last name 
  • Specify an email address and any relevant email aliases 
  • Specify a mobile phone number to automatically enable multi-factor authentication for desktop login.  Leave the field blank to keep it off. 
  • Select an available Office 365 license to assign to the user 
  • (Optional) Assign the user admin privileges to the Nerdio Admin Portal and/or their desktop 
  • Assign a virtual desktop: RDS virtual session, VDI dedicated desktop or None 
  • Type in the name of a similar user in the same department into the Copy From field to pre-populate all security membership and application profiles 
  • (Optional) Specify the user’s personal email address and click Save 

After about 2-3 minutes, the user will receive an email with login instructions and their newly created credentials.  The user will be able to immediately log into their new desktop where all applications will be installed, Office 365 activated, Outlook configured, backup enabled, AV setup, etc.  All automatically, within 3 minutes, and perfect out-of-the-box – every time.  

3. End-user offboarding 

You get the call just before 5PM on a Friday: “Michelle is moving to Florida, her last day is today. Make sure we delete her account but save her emails and files. Please make sure Samantha, her manager, has access to those files as well.”  

You scramble to find the customer’s offboarding documentation. It says to back up her Office 365 emails, save her desktop files, documents, and perhaps items in OneDrive that must be saved. You need to reset her account PW, disable her access, and put her in the ex-employees OU group. Perhaps you will save her mails in an exported PST? 

Average time to close a ticket of this type: 30 minutes – 2 hours.
With Nerdio, the time to close this type of ticket is less than five minutes. 

In the Nerdio Admin Portal>Users select “Archive user” next to the user who is leaving. 

Select the departing employee’s manager from the list of users, check the confirmation box and click Confirm. 

Nerdio will spring into action and automatically offboard the user.  The following actions will be performed: 

  • User account will be disabled and moved into Archived Users OU in Active Directory and Office 365 
  • The user’s desktop will be shut down and placed into maintenance mode 
  • User’s Office 365 mailbox will be converted to Shared Mailbox to free up an Office 365 license and assigned to user’s manager.  The manager will see the mailbox pop-up automatically in Outlook in the folder list. 
  • Manager will be assigned as the owner of the user’s OneDrive data and be able to access the files 
  • User’s Documents and Desktop folder contents will be moved to a special Disabled Users file share on the file server and the manager will be given permissions to this folder 
  • Manager will receive an email notifying them that an employee was offboarded and they now have access to all data belonging to that user 

Quick, easy, and reliable. 

4. Replacing an end user 

Typically, you are both off-boarding an employee and onboarding an employee as well as setting up a new desktop. This one goes a little something like this: “Andy is leaving the company on Friday, but John is joining on Monday and taking over his role. Make sure John has everything Andy has.”

You’ll have to open the documentation and follow it line by line until you get to the end – if you even have documentation for replacing an employee.  

You’ll most likely start by deleting the account from AD and Office 365, exporting the emails out somehow, or possibly create a shared mailbox. Add the new user in AD and Office 365. Log on as the new user on the local PC, copy all the files over, etc.  Log into Outlook, make sure Andy’s old email pops up. Then, you must make sure all the mapped drives are setup, printers are set as defaults, and perhaps you are then done. 

Average time to close a ticket of this type:  30 minutes – 2 hours.
With Nerdio, the time to close this type of ticket is less than five minutes. 

In the Nerdio Admin Portal>Users select “Replace user” next to the user who is leaving. 

Type in the personal information of the new employee and click OK.   

Nerdio will automatically replace the old user with the new, re-assign the data, email and applications, and even send an email to the new employee with login instructions. 

5. Setting up a new Desktop 

In this scenario, your customer buys a new PC from you.  You order it from distribution, it takes a few days to come into your shop. It will likely go through your staging process where you unbox the PC, update everything to the latest firmware, and re-image the computer to your default base image. You’ll install your client’s LOB applications and perform all your Windows updates before it gets boxed back up again to then be brought onsite or shipped out. Then, you’ll schedule someone to install the PC onsite, connect it to the network jack, join it to the domain, and begin setting up the end user. 

If the client has many complex apps to get installed, be prepared to spend all day between installation and migrating files to the new PC. If five people receive new PCs, it’s even more work! What if you arrive onsite without the correct display cables? 

Average time to close a ticket of this type:  3 – 8 hours.
With Nerdio, setting up a new user with a virtual desktop – including all applications – is a breeze, and takes three minutes. 

Simply go to Nerdio Admin Portal>Users>Add user, specify all the information and click Save. 

The user will be able to use their personal device (i.e. laptop, iPad, or Surface), a PC in the office, or thin client to connect to their virtual desktop with all applications installed and configured per the company standard. 

6. Slow user experience 

This complaint is very common: “My computer is slow today; it was running great a week ago!”

You open your RMM solution and remote into the customer’s session. You ask them to show you what they mean by “acting slow”. You follow a trailing mouse as the customer demonstrates the slowness.  

At this point, it’s a subjective thing to determine if something is really running slow or not. You run some malware scans, maybe schedule a full AV scan after business hours, and tweak a few settings.  This first round of fixes may or may not solve the problem. You give it a few days and try to get the ticket closed. Was the client really satisfied? It is sometimes hard to tell. You might follow up once a day until they tell you “it’s all good.” 

Average time to close a ticket of this type:  1 hour to 3 days.
With Nerdio, you can see user desktop performance quickly at a glance. 

In Nerdio Admin Portal>Users select “View performance” from the action menu next to the user experiencing the issues. 

Here, you can see the performance of many of the user’s common application and even click More… to see a historical trend.  This let’s you quickly spot if there is an issue with user login times, the web browser, Office applications, or PDF viewer.  If no slowdowns are observed by the performance monitoring system on the user’s desktop, then the issue is likely network latency related. 

Troubleshooting end-user performance is no easy task, but with Nerdio, the job is much easier and takes far less time than with traditional tools in traditional IT environments. 

7. Scheduling a task to be done later 

Although it is stressful when a client calls with an emergency, when the opposite occurs, a ticket will be generated for a task that needs to be done at some point in the future. For example, “we’re hiring a new person into our marketing department in two weeks” or, â€śplease reboot the app server hours at 3AM tomorrow night.”

You open a ticket and assign it to an engineer hoping they will remember to do that task on time. The ticket remains open till the task is complete. 

Average time to close a ticket of this type:  15 minutes to multiple days.
With Nerdio, tasks can be submitted to be performed right away or scheduled for some time in the future.  

This will save the engineer from having to get up at 3AM to perform that server reboot. 

8. File level restores/disaster recovery 

A customer loses a file or accidentally deletes it. They call requesting that you locate it. Hopefully, you have a robust backup solution in place so a file restore can be painless. You go to your third-party backup solution, find the file, find the right version of it, restore it to a new location, call the customer and have them verify to see if the right one has been restored. It can sometimes take several tries before getting to the right file. In some cases, the end user leaves work early, and it gets pushed until the next day. 

What if a hurricane or fire strikes your client’s office? Everything is gone and all employees must work from home. You move into emergency mode trying to figure out how to best support your client in this time of need. Thankfully the data is safe in the cloud. Your customer is concerned their data is lost forever, but fortunately, with Nerdio, all data is backed up to multiple regions. 

Average time to close a ticket of this type:  15 minutes to multiple days.
With Nerdio, recovering data is quick and easy. 

Every volume on every server and desktop created by Nerdio is automatically configured with twice–daily Shadow Copies snapshots.  This means that a user can right-click on any folder, select Previous Version, select a date and time from the past, and recover any file or folder they have access to.  All without calling your help desk. 

If an entire server needs to be restored, the Nerdio Admin Portal helps you do that in three clicks. 

Navigate to Backup & DR>In-region Backup and click on Restore next to any server. 

Select a backup date, check the confirmation box and click Confirm. 

Nerdio will reach into Azure and restore the virtual machine back to its previous state automatically. 

How Nerdio will make your life easier 

Imagine what it would be like if each one of these tasks took just a few minutes each? As you have seen, there is built-in automation for every single one of these time-consuming tasks. Just think how many more clients each member of your team would be able to service quickly and in a highly satisfactory way if you were using Nerdio. 

One key to a successful MSP IT practice is to minimize the amount of time your clients utilize your unlimited support services.  In fact, putting in place strong automation that prevents them from calling in the first place and minimizes the issues they experience is a priority! 

At Nerdio, we’ve invested a lot of time and effort into automating each and every one of the common tasks mentioned above, allowing your team to perform them in “three clicks or less”.

Containers Create Growth Opportunity for MSPs

As the public cloud becomes more ubiquitous, there are still many traditional MSPs struggling with making their full transition to a cloud practice. To become a NextGen MSP, IT practices must move away from a break-fix mentality and transition to delivering and managing a variety of cloud services for customers. Enter container technology.

IT professionals tend to focus on infrastructure but there’s a whole other cloud discussion going on today in the Dev-ops area/web apps development world. That focus is on containers. As MSPs get more familiarized with IaaS in the cloud, NextGen MSPs who are already fluent in cloud will look at how to pivot their business to offer more.

Offering managed services around containers could be an opportunity for those who are willing to invest in a new business unit.

Containers help MSPs standardize how code is deployed. This makes it easy to build workflows for applications that run between on-premises and cloud IT environments. Containers speed up application migration to the cloud.

MSPs using the technology then have life a whole lot easier, Technologists can package entire applications and move them to the cloud without needing to make any code changes.

Containers Create Business Opportunity

Containers are like VMs on ESXi or Hyper-V. However, one key difference is that a container does not include an operating system whereas a guest VM does. Containers are used to deploy web apps in mainly mid-to-enterprise-sized companies.

The advantage of not having an OS in a container is a secure ease-of-use. MSPs don’t have to worry about patching and library compatibility if the developer decides to upgrade to a new version of a specific library or use a new API for their app.

The most popular container solution is Docker. In order to manage and scale web apps in Docker, a container orchestration solution is required to facilitate scaling the app. This is where Kubernetes comes in. Kubernetes is not the same as Docker. Where Docker is the container technology, Kubernetes is the open source software originally developed by Google that orchestrates Docker.

Containers Solve Problems

Containers rose to popularity to solve very common issues between developers and Dev-ops folks. Developers write code, give instructions to Dev-ops on how to deploy the code in VMs. Often, Dev-ops would run into issues when the developers update their code or APIs would break. Scaling the web apps both vertically and horizontally was also an issue.

Containers came to solve those issues by removing the dependencies of the OS from each container. By removing the OS, the technology allows each piece of the app to boot faster, become less dependent on the OS version, and improve compatibility.

MSPs Can Fill a Market Void

Is there a need for managed Kubernetes and Docker services? I would say yes. Docker and Kubernetes technologies are still considered new, and over the last four years have seen explosive growth. So much growth that IBM’s acquisition of RedHat was based around gaining expertise in those types of workloads.

RedHat (prior to IBM) also acquired CoreOS last year, which was another expertise grab on their technology around Kubernetes management. Larger-sized companies are looking for container experts, but the demand is larger than the supply right now.

Address the Challenges to Gain Success

MSPs with groups that service mid-size companies are in an ideal position to take advantage of this demand, but several challenges exist. For example:

  • Most MSPs don’t offer application development services or Linux expertise and lack the skillset needed to start this type of practice with current resources.
  • Kubernetes and Docker are quite complex technologies to master. Expertise in Dev-ops and Infrastructure as Code is required to enter this market.
  • Talent acquisition for Dev-ops resources in this area is a huge challenge because there are few engineers with the needed expertise, and their talent comes a huge salary premium.

How MSPs Get into Container Work

Opportunities to provide managed services around containers will be specifically in the areas of logging/analytics, monitoring/alerting, and optimization. The key ideas of streamlining technology decisions and the removing day-to-day mundane support issues from over-burdened IT staff are always selling points of an MSP.

The same is true about offering managed services around containers. Developers and Dev-ops teams consider logging/analytics/monitoring/alerting tasks to be something they can outsource in order to free them up to focus on application development.

There are many tools that manage logs collected from the hypervisor level, all the way up to web apps generated logs. Legacy MSP services could then be introduced into those clients further expanding services into this account base.

Get Started Today

This was just a glimpse into what the future of the MSP IT practice could become. Right now, the focus should be converting fully into an MRR model with most of the revenue being generated around cloud services and value-added services.

Honing the skills on the public cloud today should be a top priority as it’s the foundation of the future. Microsoft Azure should be the public cloud of choice for MSPs. Start by moving on-premises services such as Active Directory/File Server to the cloud and move closer to containers by providing full IT in the cloud, This includes hosting desktops, all servers, storage, backup, and disaster recovery.

Nerdio is a suite of tools written by our team of software developers and tech nerds to help you hone and manage IT in the cloud for your customers with ease. Partners are leveraging Nerdio to solidify their position as a NextGen MSP.

It will be quite interesting to see how this landscape changes in the next few years. M&A activity is rampant in the technology space. Who knows what’s next but managed services providers are certainly here to stay and so is container technology. Why not bring the two together?

Get Ready for VDI-DaaS to Go Mainstream with AVD

When Microsoft released Business Productivity Online Standard Suite (BPOS) in 2007, many MSPs were skeptical about its purpose. No one in the MSP space wanted Microsoft to take away their ability to manage Exchange Servers.

Then came the BPOS successor, Office 365, which was based on Exchange 2010. Earlier on, Microsoft partners were still resistant to the idea of moving a critical workload such as email to “the cloud.”

End-customers were resistant to it as well, fearing security and privacy would be compromised in the still-new-concept cloud. I remember sitting in my company’s conference room when the Office 365 launch was announced and thinking: “Microsoft is out to get us, they are taking over, and the cloud is going to make us obsolete.”

Office 365 Kickstarted VDI Acceptance

However, my fears were unfounded as quite the contrary happened. Fast forward a few years, and Office 365 became the catalyst for MSPs wanting to build that MRR model, which got us to evolve from break-fix to a more strategic mindset.

More on-premises applications started moving to the cloud by having a “software-as-a-service” version. Many first attempts of virtual apps weren’t great but the start of a shift in delivering apps via a browser was really taking off and hosted offsite storage became very popular. Early on, Office 365 had its fair share of outages and problems like every other new SaaS solution, but it became stable, feature-rich and is now mainstream.

How I See the VDI Market Today

The virtual desktop space has been around for a long time, well over 10 years. It never gained mainstream mass adoption due to the complexities of setting it up and the skillset of an engineer needed to maintain the infrastructure. Experts in the market offered their own private cloud VDI hosting services but all this is evolving quickly.

At Inspire 2017, Microsoft announced Remote Desktop Modern Infrastructure (RDMi). The premise of RDMi was that Azure was going to take over some of the infrastructure services around delivering a desktop such has RD Gateway, RD Broker roles, and offering it as a service.

AVD Is the Future

After RDMi, things went quiet for about a year in terms of updates. However, this year at Ignite 2018, Microsoft kicked it up by announcing Azure Virtual Desktop (AVD), which is essentially a rebrand of RDMi, except on steroids. AVD is based on the very successful Windows 10 operating system and will now have a multiuser version.

Think of it like a Remote Desktop Server except the underlying Operating System is Windows 10 as opposed to Windows Server 2019. Windows Server will still keep its RDS role, so no worries there.

The Azure cloud is ripe to support VDIs, internet circuit bandwidths have increased, and costs have come down to allow desktops to be streamed to monitors. All the traditional barriers of entry have been eliminated. Microsoft is finally going for it, taking VDI and making it mainstream, just as Office 365 went after on-premises Exchange Server.

Working to Ensure AVD Success

Microsoft has already positioned itself to be successful in this endeavor. In late November, Microsoft announced the acquisition of FXLogix, which helped solidify its AVD solution. FXLogix has solutions that enable a better user experience through its profile capabilities in order to further enhance Microsoft’s offering.

They’ve partnered with Citrix to overlay Citrix Cloud on top of AVD, an obvious move. Nerdio will help our partners to provision, manage, and optimize AVD when its ready, and help MSPs migrate existing Nerdio deployments to AVD, if desired.

New Fears, But Lots of Excitement

Is everyone as excited about this as Nerdio is? Probably not quite yet, but momentum is picking up. There’s a lot of fear and uncertainty in the MSP community with this announcement. AVD is in private preview at the moment, but it is scheduled to go public preview in Q1 of 2019.

MSPs aren’t sure about what this means for their practices based on how they currently deliver services. If we’ve learned anything from history, MSPs pushed back eight years ago at Office 365, now they can’t seem to sell it fast enough. Most end-customers are now 90% migrated to Office 365 today.

We can presume that this is the next wave of change coming to MSPs, the day has come where delivery of DaaS is now mainstream.

Be Prepared to Join the Action

AVD means good news for the MSP, another MRR revenue stream is coming your way, this time with more margins than Office 365! This is all part of the evolution of an MSP. My advice is to get in front of this wave, figure out as soon as possible how to monetize it and position yourself to come out strong. Become a leader in the space before it becomes just another commodity like Office 365.

Over 10% of today’s Azure workloads are already RDS based; this move is going to have DaaS consume a large piece of the Azure pie. The question is, how quickly will you be a part of it. It’s not a matter of when or if, the question you should be asking is “how fast?”!

Improve Your Users’ IT Experience With Cloud Computing

In a world that’s become ever more digital, IT personnel have become the unsung heroes of the office. The sheer number of platforms, applications and devices we use seems to grow on a daily basis. It falls to IT staff to keep everything copacetic —  and on the most challenging days, that can be something of a high wire juggling act.

We rely on IT personnel to protect networks, ensure that digital infrastructure runs properly, help fellow employees with tech support — and save the day if an unforeseen emergency strikes.

So why not make their job easier by switching to cloud computing?

How Cloud Computing Improves the User Experience

Ask any IT worker to identify the least pleasant parts of her job, and you’ll likely hear the same familiar litany of woe: Endless help desk tickets, integration problems, device management issues, user security lapses and downtime complaints.

Many of these problems can be directly tied to the use of creaking legacy IT systems. Some businesses â€” whether due to organizational inertia or a desire to avoid change â€” continue to apply band-aid solutions to their legacy systems in an effort to help employees stay current with evolving business practices.

Switching to cloud computing eliminates the need to approach updates and upgrades in a piecemeal fashion while also significantly improving the user experience. That’s something that will make for happier employees, and less harried IT staff.

Let’s take a closer look at some of the key benefits that can be reaped by migrating to the cloud:

  • Modern, streamlined design. Many of today’s workers are digital natives who grew up in an era of seamless, on-demand mobile services and high level UX. Clunky legacy IT, with its hodgepodge of outdated operating systems and software, hardly provides the modern, consumer-grade experience to which many workers are accustomed. Switching to the cloud can help deliver the kind of intuitive, mobile-optimized user experience that earns employee loyalty and helps people stay productive.
  • Reduced complexity. Unnecessary complexity is the enemy of great user experience — and legacy IT is often absurdly complex. Cloud solutions allow organizations to reduce (or mask) this complexity by allowing users to interact with systems without advanced knowledge. This can also significantly reduce the costs and time expenditures associated with training, freeing up IT staff to work on higher value tasks.
  • Greater flexibility. Today’s workers want the freedom that mobile offers. Using a cloud solution allows them to escape the “tyranny of proximity” — having to remain on-premises simply because that’s where the necessary infrastructure is located. Given larger trends toward workplace mobility and remote working, migrating to the cloud plays a critical role in ensuring that companies are aligned with modern worker preferences. Employees can get the job done virtually anywhere and anytime.
  • The power to collaborate. Innovation and collaboration go hand in hand. Yet today, it’s no longer necessary to huddle around a desk or a conference room table to get the collaborative juices flowing. Moving to the cloud allows workers to share, edit and access files and documents from anywhere and communicate across a variety of channels. By using these tools, updates can happen in real time, work is finished faster and everyone involved is instantly reachable if their input is needed. With cloud, collaboration doesn’t have to stop at the office door — which is great because the best ideas often occur during off hours.
  • No worry about software updates. The pain of having to deal with frequent updates on an older (and often unwieldy) system is resolved by migrating to the cloud. Updates occur automatically, freeing up workers to focus on less vexing and more important tasks. Overall, moving to the cloud reduces or even eliminates the burden of worrying about out-of-date applications, conflicts and general maintenance headaches.
  • Security, recovery and peace of mind. Given our ever expanding lists of log-in credentials and devices, practicing good security hygiene is a challenge for many of today’s users. By that same token, dealing with the fallout from security lapses is an equally stiff challenge for IT staff. Switching to cloud helps mitigate these risks. Backup data is stored on offsite servers, sensitive data can be wiped remotely and the process of managing credentials is simplified. Should catastrophe strike, whether via a natural disaster or systemic failure, a cloud solution can help businesses recover lost data. By helping provide greater security, cloud computing offers users greater peace of mind.
  • Greater business continuity. Let’s face it: Everyone hates downtime. By moving to a cloud provider that uses offsite servers, the risk of downtime is reduced and workers can avoid dealing with frustrating outages.

The Takeaway

Given the range of powerful benefits offered by cloud computing solutions, it’s hardly surprising that so many firms have decided to mothball their legacy IT systems.

If your organization would like to profoundly improve user experience — while easing the burden on the unsung heroes of your IT department — we encourage you to take a closer look at what a modern cloud computing solution has to offer.