HOW TO Lift and Shift Migration Strategy for Managed Service Providers (MSPs)


As a quick overview and definition of terms, a “lift and shift” is where existing resources are migrated from the on-premises environment into Azure. A close cousin of this is a Greenfield deployment where new VMs are provisioned in Azure and only the data is moved from on-premises. In this white paper, we will use lift and shift (L&S) to reference both since in most cases, partners will be doing a little bit of each when migrating their on-premises environment to Azure. 

Before we get too deep into the L&S strategy, let’s also discuss its counterpart which is known as a Hybrid Active Directory configuration. Hybrid AD is the process of extending an on-premises internal domain into the Azure environment, allowing you to keep existing infrastructure in place, as well as providing new resources in Azure under the on-premises internal domain. 

 In some cases when we bring up the idea of migrating the on-premises environment into Azure, our partners become a little overwhelmed at the prospect of moving everything. They say something like “we’ve spent a lot of time and energy building the existing environment, we don’t want to go through the headache of migrating everything or starting over.” This is definitely a valid argument, however, when we break down the process and go over exactly what’s included, most partners actually get excited about the L&S Azure migration option and elect to go this route. 

Lift and Shift Concerns

In order to do this topic justice, let’s begin by bringing up the top three concerns we hear partners raise when considering the L&S strategy, and we’ll break down exactly why those concerns are largely unfounded.

Concern #1: Changing the Active Directory management from on-premisesises to Azure

 “Transferring user data sounds like more work than it’s worth, plus it could cause major disruptions for the end-user.”

To address this effectively, we’ll break down both concerns in turn.

 Active Directory

The process of severing the user’s connections with the on-premisesises AD and transferring ownership of those users to the AD in Azure is pretty straightforward. What’s, even more, is that the process of transferring ownership shouldn’t cause any disruptions to the end-user. Nothing is physically migrated (i.e.. email, contacts, calendar appointments, etc.); you’re only changing who has the rights to manage those user objects. 

Transferring User Data

Since users will be moving to the cloud anyway, we see the process of transferring user data as the first step to get users thinking in that direction. Although there are several options for this, we normally see partners leverage something like SharePoint or OneDrive to easily backup the user’s data, and then copy that to the AVD environment. We’ve even seen this as something the end users appreciate because it gives them the option to do some house cleaning on their local session. Our partners will hand this task over to the end-user and have them decide what’s important to bring over to the cloud environment, and what on their computer is old or redundant data that can be cleaned up or left on the old environment. Once the users have synced their data with an application like OneDrive, the data migration phase is essentially over since the users will simply authenticate to OneDrive in Azure and have all their critical data ready and accessible. 

 As you can see, when we break down both of these concerns, the actual transition for the users won’t cause much disruption at all and can take place during standard work hours if necessary. The process of severing the user’s connections with the on-premisesises AD and transferring ownership of those users to the AD in Azure is pretty straightforward. What’s even more is that the process of transferring ownership shouldn’t cause any disruptions to the end-user. Nothing is physically migrated (i.e.. email, contacts, calendar appointments, etc.); you’re only changing who has the rights to manage those user objects. 

Concern #2: Group Policy/On-premisesises Domain

 “Our group policy and on-premisesises internal domain have been in place for years. It would be too difficult to start over in Azure.”

Since both the GPOs and the internal domain have sometimes existed for over a decade, it’s understandable why partners are initially hesitant to transition away. What makes matters worse is that most MSPs have inherited the domain and GPO from a previous provider, which adds another layer of uncertainty. In these situations, there are two options we see most often utilized by partners.

Option 1: Export/Import

The first option is to simply export the GPOs from the on-premisesises environment into Azure. This can be a good option, but one thing to keep in mind is that both the good and the bad get migrated over when going this route. If this environment had been operating for over a decade, it’s likely a mess and you’re bringing that mess into the Cloud with you. As a result, partners will frequently decide to go with option two.

Option 2: Clean Start with a Reference

The other option is to start over clean and fresh in the cloud but use the existing on-premises GPO as a template to build out the GPO in Azure. Although this sounds intimidating at first, once our partners think about it, they start to like the idea of having complete control and intentionality behind every rule and policy that’s in place in the environment. 

Tied into this conversation is the idea of moving away from the internal domain on-premises. This would be something like contoso.local. After working with many partners in similar scenarios, we’ve found that since they are moving all the infrastructure and users to the cloud, there isn’t a great reason to keep the on-premises internal domain. All the on-premises servers will be in the cloud and the users and their AVD desktops will be managed by AD and GPO in the cloud. The only thing left on-premises are the users’ physical workstations which, to a degree, become irrelevant. What I mean by this is that technically, the users could log in from any computer in the world, as long as they have their phone nearby to verify 2- factor authentication. They could be at home, in the office, at the local library, etc. 

In addition, given that AVD is now streamed to their local session, they could use something as simple as a Microsoft Surface Pro, Chrome Book, or some other low-level laptop. Once the connection is established, they’re then placed in the cloud with all the controls and restrictions that have been set via GPO. So again, being tied to an on-premisesises internal domain is really not necessary since there won’t really be anything left on-premisesises other than a few workstations.

Concern #3: Migration

 “It’s going to be too much of a headache to migrate all the On-premisesises infrastructure into Azure”

The final concern we see partners raise is related to the migration process of moving their on-premises infrastructure into Azure. This is especially true when they’ve spent an extended period of time configuring their Servers with applications and customizations that would take 8 to 12 hours to reconfigure from scratch in Azure. In these situations, we see them leverage Azure native tools like Azure migrate or Azure Site Recovery to lift their servers and place them into Azure. This allows for a transition of the entire server without going through the headache of reconfiguring it. They can then place it on the new internal domain in Azure and move forward as if nothing changed. The other option is to use something like our Nerdio built in data mirroring tool. This is effective when the on-premises server is end-of-life and has an outdated operating system. In this case partners don’t typically want to move, for example, a server 2008 R2, or 2012 machine into Azure. Instead, they’ll migrate individual files/folders using our data mirroring tool, and provision a brand-new server in Azure as the new host.

As you can see, if we break down the top three concerns and talk about the details of what’s included, then the L&S option becomes far more appealing, and the vast majority of our partners choose to go this Azure migration route.

Advantages of L&S

Now that we’ve addressed the top three concerns let’s talk about the top three advantages of going the L&S route.

Advantage #1: Reduces Overhead and Increases Security

As you can imagine, not having the on-premises infrastructure will immediately reduce costs when compared to the Hybrid AD setup. With the L&S strategy, you don’t have to worry about refreshing end-of-life servers or keeping them backed up. The other benefit is that the L&S option requires less infrastructure to run than the Hybrid AD setup. Hybrid AD out of the box includes an additional DC to manage the Domain Trust between on-premises and Azure.

In addition to the reduced overhead, the L&S option is far more secure as there are less opportunities for security breaches. With everything sitting in Azure the only thing left on-premises are the physical workstations used to establish a connection to user’s virtual desktops, and those are usually secured with 2-factor. The actual infrastructure in Azure and the security protecting it is backed my Microsoft’s trillion-dollar budget, which makes it infinitely more secure than anything the average MSP could create, both physical and virtual.

Advantage #2: Run LOB Applications in Parallel

One of the advantages of a L&S deployment is the ability to test and verify the cloud infrastructure before providing access for end-users. This is especially true with Database applications such as SQL. You can restore the on-premises database in the cloud and run it for a few weeks or for however long is necessary to ensure everything is working as it should. Then as the last step just take one final backup of the SQL database, migrate it into the cloud environment over the weekend, and then use the Cloud environment as the authority starting the next week. This provides ample opportunity for testing and helps to ensure an outstanding end-user experience once the environment goes live.

Advantage #3: Clean Start

Going the L&S route provides for a good refresh of the entire environment. You’re getting a new internal domain, fresh GPOs, new infrastructure, and a clean AD forest. In addition, you’ll be running all servers on the latest OS and user desktops will be running Windows 10 natively, rather than a Server OS built to look like Win10.

In summary, going the L&S route can be a good way of bringing a client who was running on a legacy environment into the modern age of technology.

Migration Path

Now let’s look at the practical order and steps we usually see these Azure migrations take. In order to provide the least amount of disruption to end-users, the Infrastructure & GPOs are typically pulled over to the new Azure environment first. After that’s been thoroughly tested and confirmed to work, the end-users are then migrated over to the new environment and everything on-premises is done away with.

Step #1: Infrastructure

The first step when migrating the infrastructure is to select which servers will be migrated as a whole and which server will get built new in Azure. After this you’ll migrate the servers specified to get lifted into Azure by leveraging the Azure Migrate tool. The servers you selected to build new in Azure, you’ll use the Nerdio native Data Mirroring tool to transfer the data from the older server onto the new server in Azure. During this phase, you’ll also configure the AVD pools and any dedicated desktops that will get provisioned for new users.

Step #2: GPO

Migrating the policies from on-premises into Azure is pretty straightforward. You can either export them from on-premises and import them into the Azure environment or use the on-premises GPOs as a template and build them new in Azure manually.

After migrating both the infrastructure & GPOs to Azure, the on-premises environment should still be fully functional. This means that from a quality assurance standpoint you’ll be able to setup and configure everything in the cloud before moving to the user import phase. This allows you to test LOB applications, ensure GPOs are applying, and overall thoroughly test the environment to ensure that end-users have a great first impression. Once this is complete, you’re ready to move to the User migration phase.

Step #3: Users

The final piece in the migration is to import users over into Azure. This includes breaking their connection with the current on-premises AD and adjusting the management piece to the AD in Azure. One thing to keep in mind is that the migration will require a password reset for each user and can take sometimes 72 hours to enable dirsync. We recommend initiating the process EOD Thursday or Friday (if doing it over the weekend) to provide enough time for the resync to conclude and users to get fully configured for the workday on Monday.

One important thing to note is that the process of breaking the user’s connection with the current on-premisesises AD does not cause any disruption, but that’s the piece that can take around 72 hours to complete. That timeframe is subjective and is something only Microsoft can speed up, however starting this on Thursday or Friday during work hours won’t cause any disruptions for the end-user. The only thing that will change is general user administration tasks such as password resets and user adjustments will need to be executed from the Office portal, rather than on-premises AD. 

Once users are syncing with the AD in Azure, they will populate as eligible users to be imported through the Nerdio Admin Portal. That piece is where the password reset comes in and is the first place where end-users might be negatively impacted if enough foresight hasn’t been applied.

That’s it! At this point you’ve configured the infrastructure in the environment, you have it managed by the appropriate GPOs, and users have been migrated over and are operating smoothly in the new environment. Everything has been fully tested and it’s all backed up and totally secure.

Helpful Tools

As the final section, I thought it would be beneficial to highlight a few Nerdio native tools that are quite helpful when transitioning from on-premises to the cloud.

Bulk Add/Update Tools

One of the most underutilized Nerdio tools is the Bulk Add/Update tools. These are used most effectively during the import/configuration phase and for bulk changes after the fact. Our bulk add/update tools provide a comprehensive Excel spreadsheet to populate with various changes including new resource assignments, password resets, and adjusting Office licensing. You can make all these changes on one sheet, then upload that to the Nerdio Admin Portal and our script will run through the list and make all the changes in an automated fashion. 

AVD Pool Templates

If you have an existing deployment with Nerdio then you realize how valuable our pool templates are for making bulk application/software changes for whole groups of users in a quick and automated fashion. 

Data Mirroring Tool
I’ve mentioned this several times already, but it’s worth mentioning again here because it makes the data migration piece of deployments so simple and easy. It can be located under the “Onboarding” tab in the Nerdio Admin portal. 

Final Thoughts

As we’ve seen, the L&S strategy for environment migrations is less expensive, more secure, and provides a more dynamic and flexible work environment than a Hybrid AD solution. When at all possible, we recommend utilizing this Azure migration strategy. 

Interested in learning more? Contact us to chat more about your L&S migration questions.

Free White Paper Download!

Nerdio Manager for MSP Case Study: Chelsea Technologies


Discover how this large US-based Managed Service Provider saves significant time and money using Nerdio Manager for MSP’s automatic management and deployment of AVD, and powerful backup and auto-scale capabilities. 

About Chelsea Technologies 

Chelsea Technologies is a Managed Service Provider (MSP) in the United States and has provided business technology solutions to the global financial industry for over 25 years. They help clients navigate complex technical issues and focus on creating the infrastructure that helps clients succeed. Typical clients include hedge funds, banking institutions, and private equity firms. From startups to those with billions of dollars under management, Chelsea Tech also serves clients in other sectors that rely on their technical and business expertise, such as aerospace, law firms, and many others. 

The Situation 

Working with clients in complex and often highly regulated industries, Chelsea Technologies needs to ensure the highest standards of network uptime, hardware reliability, data integrity, and application stability. 

As a trusted partner to their clients, Chelsea Technologies works tirelessly to meet clients’ business and technology requirements, creating solutions that meet their needs in an IT landscape that is constantly evolving. Building native Azure Virtual Desktop (AVD) environments was proving time and resource intensive. The complexities of Microsoft Azure resulted in a limit on the number of engineers who had the skills to deploy it correctly. Chelsea Technologies needed to be able to use those engineers’ time efficiently and expand their ability to bring the advantages of AVD to clients. As it became apparent that they would need a partner to help drive success, they researched their options, looking for the right tool to help drive its growth. 

“We were migrating everything to Azure, and we really needed a tool that was right for the job – powerful, yet easy for our team to deploy and manage,” said Justin Vashisht, Professional Services Director for Chelsea Technologies. 

The Solution

After previewing Nerdio Manager for MSP, it became clear to Vashisht and the Chelsea Tech team that the ease of deployment, auto-scaling technology, and potential for cost-savings were the kinds of solutions they needed to successfully leverage their engineering talent and manage internal resources. Nerdio Manager for MSP held other attractive features as well, including built-in backup and audit trail capabilities, which, Vashisht noted, would be helpful for clients in highly regulated industries, like financial services and aerospace, among others. “This is especially important to clients in financial services and highly regulated clients for whom everything must be tightly monitored and controlled,” said Vashisht. 

Since initially partnering with Nerdio over two years ago, the Chelsea Tech team has continued to work with Nerdio Manager for MSP, which launched in public preview in January 2021. This solution enables them to get the most from the technology and their most critical assets– their technical staff.  

“For example, we have a client with over 250 users with AVD, and our help desk is managing it through the Nerdio platform. I didn’t have to worry about creating a custom portal, spending time testing it, and all the associated details. Nerdio provides it all to me in a single pane of glass. That represents substantial savings and reduced burden right there.” 

“Nerdio Manager for MSP is seamless, and it will allow me to migrate the rest of my clients over. Nerdio hit the sweet spot for us,” – Justin Vashisht, Professional Services Director for Chelsea Technologies. 

The Results

Auto-scaling is a standout feature for the team at Chelsea Technologies. The ability to automate what can be a labor-intensive and costly process saves time and effort, and the cost savings is a game-changer.  

“We have several large, expensive VMs. With Nerdio Manager for MSP, I can scale them down at 7:00 pm and scale them back up at 7:00 am. I get savings by automatically detecting usage and demand. You can’t put a price on that. Actually, yes, you can! It makes a big difference,” Vashisht said.

“There are so many details that come into play when building a secure Azure infrastructure. With all that complexity, human error is a reality of life. Nerdio Manager for MSP handles all those intricacies. It does everything for me. To set up a VPN takes minutes, not hours.” – Justin Vashisht, Professional Services Director for Chelsea Technologies. 

The knowledge-sharing and resources made available by Nerdio have made a real impression on Chelsea Tech.  “The videos and blogs on the Nerdio Academy are clear,
concise, and very helpful. It’s almost like getting a graduate degree in Azure,” said Vashisht. “The Nerdio team has increased the value of the platform for us. They’re knowledgeable about the MSP space, and understand the challenges we face. That’s why we continue to invest in the platform.” 

During Chelsea Tech’s deployment of Nerdio Manager for MSP, the key differentiator has been the ease with which Nerdio was able to immediately onboard and scale its solution, especially considering the challenges the Chelsea Tech had faced with clients going through painful digital transformations. 

Implementing Nerdio Manager for MSP has been a great success for Chelsea Tech. “If you’re looking to take an organization from a legacy, on-prem, physical server mindset and looking to jump into the cloud and accelerate the process, it would normally take six months to a year to do it right,” he said.

“With Nerdio, you can dive right in. The console is great and Nerdio is very forgiving as a platform, so implementation is easy.” – Justin Vashisht, Professional Services Director for Chelsea Technologies. 

Vashisht has straightforward advice for anyone considering Nerdio Manager for MSP: “If you’re looking to get into Azure, look no further than Nerdio. It will make your life easier.”


Find Nerdio in the Azure Marketplace: nerdio. co/nmm


Nerdio Manager for Enterprise Case Study: Petrofac

Case Study

Learn how an energy company deploys, manages and cost-optimizes Azure Virtual Desktop company-wide with Nerdio Manager for Enterprise quickly and easily.


About Petrofac

United Kingdom-based global company Petrofac provides services to energy companies that deploy large teams across the globe. The company helps design and build complex structures for deployment on job sites, providing engineering, construction, procurement, and administrative services. In its quest to support remote work, Petrofac began planning an Azure Virtual Desktop deployment in late 2019. Little did the company know that the project would become a bedrock for its remote workers when the COVID-19 crisis forced widespread remote work practices a few months later. Even though employees at some locations are now able to access their office buildings, the engineering team continues to use Azure Virtual Desktop with Microsoft Azure NetApp Files, a fully managed cloud service. Petrofac attributes survivability during a multinational lockdown, enhanced performance, and falling costs to its deployment of these critical Microsoft services. 

Petrofac was working on digital transformation when the COVID-19 crisis increased the urgency of the initiative. The compute demands created by thousands of engineers working on bulky 3D image files on specialized desktop devices added complexity. But the company’s pivot to remote work with Azure Virtual Desktop solved that problem and created other benefits. The resulting performance gains sped up timelines, and engineers can now work anywhere. Increased scalability saves operational budget, too. Most importantly, business continues smoothly regardless of challenging times. 


Meshing complex needs across the globe 

Petrofac is largely an engineering company, depending on its talent to deliver construction plans and schema for complicated processes. Those 3D workloads are complex enough in isolation: they’re demanding, comprise large files, and engineers generally need graphical interfaces to work on them. Add globally distributed engineering teams to this data-intensive enterprise, and it’s easy to understand the challenges of supporting that functionality at scale. Vladimir Krdzic, Chief Digital Officer at Petrofac, decided to set the organization on a digital transformation path. “Many of our engineers had been doing the same work for decades and were entrenched in very traditional methods,” he says. “I wanted Petrofac to become a more agile and flexible company that would also attract millennial workers to join our team.” 

The complex 3D models that engineers create require specialized desktop devices that cost at least four to five times that of a standard office device often much more. An even bigger challenge lies in the demanding workloads inherent to those models millions of central processing unit (CPU) and graphics processing unit (GPU) cycles. That dictated a culture of working onsite because every office that works on the same engineering model must sync to the application database daily. This requires bandwidth that isn’t available in many homes in India, where most of the Petrofac engineering team is based. Many engineers don’t have fiber connections, and productivity can suffer in regions where frequent power outages take down internet connections at inopportune moments. 

Adding to these demands, large 3D files must be shared between teams that are spread across the globe. Every revision must go through a review cycle, from engineering teams in Mumbai to reviewers in Dubai, possibly cycling back and forth tens to hundreds of times. Other external parties such as Petrofac joint venture partners or clients also need to access the files, and when they store them on personal devices, the amount of data in play grows further. 

With multiple concurrent joint ventures, Petrofac often found itself in the position of having to work with companies across multiple continents, creating what Krdzic considers an operational and security burden. “It was time-consuming and unstable; it had the potential to increase cyber-exposure issues,” he says. 

We’re using Azure Virtual Desktop to spin up projects very quickly and add as many users as we need without file synchronization issues. That means faster time to market for us. – Vladimir Krdzic: Chief Digital Officer Petrofac

Coordinating people and data 

While version control issues might be annoying when collaborating on a Microsoft Word document, getting out of sync when collaborating on a 3D file can result in unnecessary costs for Petrofac if engineers need to rework files. “Our files ping pong between departments and offices, with people in different disciplines layering their contributions to the work on top of each other,” explains Krdzic. “It’s essential that we have everyone focused on the same version to avoid errors and the high cost of rework.” 

That need for tight coordination is complicated by the need for highly skilled contract engineers during peak periods of engineering demand. Petrofac relies on contractors to keep projects on schedule when its own teams are at capacity. Because Petrofac engineering teams depended on onsite infrastructure, the company’s choice of contractors has until now been dictated by their proximity to a Petrofac office. If no one in the vicinity was available, that could affect deadlines. 

Krdzic needed power and flexibility to bring his vision for agility and centralized governance home. “My strategy was to create an engineering platform that would enable our engineers to work from anywhere, anytime,” he says. When his team began to deploy Azure Virtual Desktop, the Petrofac transformation took off. 

Deploying not just a solution, but a better way of working 

The team immediately went to work to deploy Azure Virtual Desktop with an FSlogix user profile, the recommended user profile for the service. It added Microsoft 365 management and set up Azure NetApp Files to enable file storage on Azure—a perfect fit for the bulky 3D engineering files that require a high-performance environment. Because Azure NetApp Files is a high-performance, low-latency, and scalable solution, it’s highly cost-effective for Petrofac’s demanding but fluid production needs. Petrofac specified NVv3-series virtual machines, which are designed to support GPU-accelerated graphics and virtual desktops. The increased RAM in the series gives engineers the performance they need for graphics-intensive work. 

We definitely see the positive impact on performance, especially with the complex setups inherent to our business. The flexibility to scale to demand and keep business continuity is helping us navigate through difficult times. – Vladimir Krdzic: Chief Digital Officer Petrofac

The team added Nerdio Manager for Enterprise to automate Azure Virtual Desktop management, which further contributed to cost savings. Nerdio Manager for Enterprise fits perfectly into the Petrofac platform as a service environment because it runs in the company’s tenant, helping ensure that data never leaves its Azure subscription. The team uses the dynamic host pool feature to quickly deploy vast pools for user data, easily scaling to demand with Azure Auto-scale. The team set it to scale in resources after business hours, taking advantage of its ability to scale out as needed during business hours for maximum cost savings storage costs through its advanced auto-scaling capabilities. 

Finding that old habits might die easily, after all 

If Petrofac management had any misgivings about converting engineering teams to Azure Virtual Desktop, they were soon put to rest. Krdzic describes the former method for setting up a 3D-modeling project for engineers as a lengthy, complicated, and expensive endeavor. Separate instances of the project had to deploy to multiple geographic locations with secure connections between those instances and strictly controlled user access. Petrofac made an immediate impact with its Azure Virtual Desktop deployment. “We no longer need to replicate the same model between four or five different offices with our new environment,” says Krdzic. “We’re using Azure Virtual Desktop to spin up projects very quickly and add as many users as we need without file synchronization issues. That means faster time to market for us.” 

The solution is popular not just for all these reasons. No longer facing often lengthy commutes, the engineers are delighted with the new freedom to work anywhere and better work-life balance. It’s a game-changer for them and the company. Krdzic’s team has received rave reviews for the solution and its fast work in rolling it out. “Within three weeks, we had all our projects and engineers up and running because we had already tested Azure Virtual Desktop,” says Krdzic. “It was a big win because we achieved a lightning-fast deployment of something that had been culturally and technically unimaginable four or five months earlier.” 

The project received an unexpected nudge to hasten the timeline when much of the world went into lockdown. The Petrofac IT team had just completed a series of successful proof of concepts and simulations. “The COVID-19 crisis forced our hand,” says Krdzic. “It made us run faster, and we got much more sponsorship and support for our digital transformation. 

That was the silver lining in a very gray cloud. Now we’ve achieved our number one goal of mobility for our engineering teams.” Petrofac was perfectly placed to achieve the survivability it needed when the world abruptly changed. It was realizing significant cost savings at the same time while also taking advantage of better performance. “We definitely see the positive impact on performance, especially with the complex setups inherent to our business,” adds Krdzic. “The flexibility to scale to demand and keep business continuity is helping us navigate through difficult times.”

Within three weeks, we had all our projects and engineers up and running because we had already tested Azure Virtual Desktop. It was a big win because we achieved a lightning-fast deployment of something that had been culturally and technically unimaginable four or five months earlier. – Vladimir Krdzic: Chief Digital Officer Petrofac

Download the application today from the Azure marketplace and begin a free 30-day trial: 


Find Nerdio in the Azure Marketplace:

Nerdio Manager Case Study: M.Holland

Case Study

Learn how a billion-dollar plastic company used Nerdio Manager to transition to the cloud quickly and easily.


About M.Holland

From healthcare to cars, plastics play a critical role in most of the products we use daily, and M. Holland plays a critical role in the plastics industry. Founded in 1950 and headquartered in Northbrook, Illinois, M. Holland is a leading international distributor of thermoplastic resin. The company helps suppliers identify and leverage the most strategic channels to markets around the world, while also offering sourcing and supply chain solutions. Its product line includes materials that can fit virtually every application, manufacturing process, and market.  

M. Holland does over $1 billion in annual sales and sells to more than 4,000 customers. Since 1950, the company has grown steadily through both organic growth and numerous acquisitions. Most important for M. Holland is the deep, on-going relationships that it establishes with clients, through a consultative approach and a focus on long-term partnerships. 


Although M. Holland has been in business in the United States since its founding in 1950, it has recently increased its presence around the world, with branches in Mexico, Puerto Rico, and expansion plans for Europe and Asia. However, the company was reaching the limits of its mostly on-premises IT solutions. Its 350+ employees around the world need access to business-critical systems around the clock. The company’s growth and expansion plans meant that it could no longer afford to have all its IT infrastructure located on premises.  

Over the years, M. Holland had built its IT infrastructure around an on-premises Microsoft stack, but that wasn’t keeping up with their requirements in today’s more agile business environment. “With our existing systems, if our office went down, our company was dead in the water,” said Vincent Rocco, System Administrator, M. Holland Company.  “We started a transition to more cloud-based systems because we need to keep the business running 24/7, 365 days a year. Our business couldn’t stop if the office went down.” 


Although M. Holland has been in business in the United States since its founding in 1950, it has recently increased its presence around the world, with branches in Mexico, Puerto Rico, and expansion plans for Europe and Asia. However, the company was reaching the limits of its mostly on-premises IT solutions. Its 350+ employees around the world need access to business-critical systems around the clock. The company’s growth and expansion plans meant that it could no longer afford to have all its IT infrastructure located on premises.  

“Azure Virtual Desktop is a no brainer for us,” – Vincent Rocco, System Administrator, M. Holland Company.

Over the years, M. Holland had built its IT infrastructure around an on-premises Microsoft stack, but that wasn’t keeping up with their requirements in today’s more agile business environment. “With our existing systems, if our office went down, our company was dead in the water,” said Vincent Rocco, System Administrator, M. Holland Company.  “We started a transition to more cloud-based systems because we need to keep the business running 24/7, 365 days a year. Our business couldn’t stop if the office went down.” 


For M. Holland, Nerdio Manager is a key component for its transition to more cloud-based solutions. It’s made overall management of M. Holland’s virtual environments much more efficient and easier. 

Using Microsoft’s native solutions for managing virtual disks can be cumbersome. According to Rocco, the company would have to go through multiple steps, from creating an image, stopping it, prepping it, deallocating it, and then imaging it.  

“Since day one, Nerdio Manager has made Azure Virtual Desktop incredibly simple,” said Rocco. “The biggest value for us has been Nerdio’s ability to do master image creation.” 

“I had many issues when I tried to do it natively through Microsoft,” he said. “That’s why we went with Nerdio Manager.” 

In addition, M. Holland cites Nerdio’s extensive online, always-available technology resources as a key to easy deployment and ongoing management. “Nerdio has incredible training videos,” said Rocco. “If you want to learn anything, they have a video about it.” 

By using Nerdio Manager, M. Holland has been able to turbo-charge their transition to AVD, creating an IT environment that’s much more robust, secure, and available than their previous on-premises solutions. It’s enabling more effective support and easier management of functions like master image creation to help M. Holland continue to grow their business. But for Rocco, it’s not just about what Nerdio Manager for WVD can do for his company, it’s also personal. “Someone with limited knowledge like me can come in, learn Nerdio, and be an Azure WVD guru,” he said. “It’s great.”

But for Rocco, it’s not just about what Nerdio Manager can do for his company, it’s also personal. “Someone with limited knowledge like me can come in, learn Nerdio, and be an AVD guru,” he said. “It’s great.”

“I couldn’t have done what I’ve done without Nerdio and got my company to the point that we’re at without Nerdio,” – Vincent Rocco, System Administrator, M. Holland Company.

Download the application today from the Azure marketplace and begin a free 30-day trial: 


Find Nerdio in the Azure Marketplace:

Nerdio Manager for Enterprise Case Study: Velocity EU

Case Study

Learn how UK-based Velocity EU used Nerdio Manager for Enterprise for Enterprise to migrate 1,400 higher education users to the cloud in just a week.  


About Velocity

Velocity EU is at the forefront of helping all types of organizations deploy managed, remote computing and communications services to employees, partners, and users. As its name suggests, Velocity EU’s business model is focused on scalability and speed.  

Velocity EU started in 1998 using Microsoft Windows Terminal Server to connect a thousand users to a FoxPro database. Since then, they have developed deep expertise in remote desktop solutions and unified communications. Over the years, Velocity has helped hundreds of companies, from enterprises to educational institutions to small businesses, rapidly deploy integrated data and communications workspaces.  

Velocity’s products, such as Velocity Cloud Desktop, seamlessly integrate a corporate phone system (or PBX) with a managed corporate desktop. Velocity Cloud Desktop is a Microsoft Windows-based solution that enables companies to easily deploy and manage Windows 10 cloud desktops anywhere. The solution is a combination of Microsoft AVD, a communications platform, hardware devices, and a managed environment. The product is supplied as a managed subscription service that includes everything a user needs to operate their virtual desktop. 

Velocity’s solutions, including Velocity Cloud Desktop, are designed to enable remote workers to set up and start using fully integrated cloud desktop and communications capabilities in minutes. It is a capability that ended up being very important at the start of 2020. 


When the Covid-19 pandemic hit in the spring of 2020, Velocity’s integrated products were perfect solutions for remote work and enabling remote access to business-critical systems. While the solutions were ideal for any company, large or small, that wanted to securely enable remote workers, Velocity recognized that it needed to immediately assist educational institutions to find ways to keep students learning remotely.  

“On the day the pandemic started shutting organizations down, our phones were ringing off the hook,” said Al Green, CCO, Velocity EU, Inc. “We needed to help our higher education customers figure out how to scale up remote access with limited budgets and technology limitations.” 

A perfect example of this situation was BSix Brooke House College. BSix is a central London college with approximately 1,400 students and 200 staff. It offers instruction in a range of levels and subjects, including vocational courses. 

When the pandemic hit in March 2020 and it became apparent that students and staff would have to be working remotely for months or longer, BSix recognized it needed to completely revamp how it delivered its services. Specifically, it needed to find a way to rapidly (in a matter of weeks) provide a comprehensive remote learning environment that would support its students and teachers.  

“At the time, none of us expected the demand for enabling remote connections to be so urgent,” said Green. “Or how quickly we’d need to deliver those systems. Our customers were asking for something the next day, or the next week.” 

An additional challenge for BSix is that like many other educational institutions, it had not traditionally designed its internal systems and communications architecture around remote learning. Instead, it had focused on on-premises hardware and software. BSix had about 1,000 traditional desktop computers and about 40 mobile devices. For telephone communications, the college was entirely dependent on a legacy PBX phone system located on premises. The only existing remote connectivity the college had was a virtual private network (VPN) implemented via Zscaler for a limited number of staff. Scaling up this solution was prohibitive because of cost and technology limitations.  

However, the college was lucky in that, in conjunction with Velocity, it had already started to put in place a hybrid architecture with good connectivity and hardware that could enable a migration to full cloud infrastructure. The infrastructure was based on the Microsoft stack, from Microsoft Windows to Microsoft Active Directory, Microsoft Azure, Office 365, SharePoint, and more. The college relied upon on-premises file storage and additional client/server applications to manage and deliver the curriculum.  

To survive the pandemic and support its students, BSix needed to migrate its existing on-premises IT infrastructure to a cloud-based infrastructure through which it could redeploy those 1,000 traditional desktops as cloud-based virtual services to students and teachers. It also needed to find a way to enable cloud-based telephone communications in a scalable and cost-effective way.  

And, to top it off, all this had to be done almost instantly.  


To get started, BSix engaged Velocity to help them design an integrated, cloud-based infrastructure that would support remote learning and teaching, as well as seamlessly integrate telephone communications.  

While Velocity had plenty of experience in the education, health care, and enterprise markets enabling remote workers, it never had to do it in such a compressed timeframe.  

The first part of the solution was straightforward. Velocity first examined cloud-based options for BSix, including Amazon Workspaces. However, since BSix was already using Microsoft solutions, Velocity made the recommendation to move the existing college desktop computers to Azure Virtual Desktop (AVD) running on Azure to provide a virtualized Windows environments for remote students and staff.  

Migration to the Cloud 

In a short period of time, Velocity was able to migrate all of BSix’s existing applications (including bespoke ones) into the new AVD environment. It also moved all the college’s teaching resources from the on-premises network to a cloud-based SharePoint instance, enabling all remote teachers and students to access them. 

Another consideration for BSix was how to enable digitally challenged students who didn’t currently have access to a computer. To manage that, Velocity procured, supplied, and deployed three hundred laptops for low-income students. It also supplied two hundred new managed laptops for BSix staff. 

On the telecom side, Velocity was also able to transition BSix from their legacy PBX platform to a fully managed, cloud-based PBX solution that worked seamlessly across many multiple remote locations.  

But once Velocity had the infrastructure, hardware, and telephone infrastructure figured out, it still had a critical challenge ahead to meet BSix’s requirement for getting students and staff back up and effective in the new virtual learning environment as fast as possible.  


While the new cloud infrastructure could support a thousand or more virtual users, Velocity needed to find a way to quickly scale up the deployment and management of those users and virtual environments. Otherwise, BSix would have to invest enormous amounts of resources in time and staff to manage each of the 1,000+ virtual Windows desktop instances. 

Using the native Microsoft capabilities would provide a solution for BSix, but one that would require significant time and resources. Another alternative would be to use Velocity’s internal automation toolkit in combination with expanded internal and technical support, but with time constraints so tight, and the need to get students and teachers back up and engaged with the educational process as quickly as possible, it wasn’t an ideal solution. 

Additional analysis provided Velocity with a third alternative: to partner with the best automation tool vendor and partner closely with them. That’s the route that Velocity chose. 

“After careful evaluation of automation vendors and tools, we decided that the Nerdio Manager for Enterprise platform was the best solution for BSix,” said Green. “Nerdio is comprehensive, and it did exactly what we needed.” 


For Velocity and BSix, a key part of coming up with a solution was leveraging  Nerdio Manager for Enterprise’s capabilities for easily and automatically deploying and managing Microsoft virtual desktops. “Nerdio was on the same page with us. We engaged right away with key people at Nerdio and were able to get it to do everything we needed it to do,” said Green.   

The results were almost immediate. Even under rapidly changing circumstances brought on by the pandemic, Velocity was able to use Nerdio Manager for Enterprise and the Microsoft stack of technologies to deploy a proof-of-concept within twenty-four hours for a complete re-platforming of BSix’s core systems from an on-premises architecture to a cloud-based architecture. 

After careful testing and analysis, BSix gave Velocity the authorization to proceed with the full project. 

Within one week, Velocity had used Nerdio Manager for Enterprise to scale BSix’s cloud deployment to a full production of 1,400 users. 

The project was tremendously successful, and all students and teachers were able to complete the rest of the year with full, integrated access to BSix’s educational systems.  

“Nerdio was a core part of our success story with BSix college,” said Green. 

In fact, the unexpected transformation to a cloud-based infrastructure was so successful, that BSix has extended the project with Velocity to additionally replace all its desktop computers with AVD terminals in areas of heavy use, such as libraries and labs.  

In addition, BSix has also chosen to standardize their desktop delivery going forward on the Velocity Cloud Desktop platform.  

“Our customers absolutely love the cloud-based solution using Nerdio Manager for Enterprise,” said Al Green. “The fact that everything we now deliver going forward for them will be based on AVD just demonstrated how successful this solution has been.”  

Download the application today from the Azure marketplace and begin a free 30-day trial: 


Find Nerdio in the Azure Marketplace:

Nerdio Manager for Enterprise Case Study: Newfoundland and Labrador Centre for Health Information

Case Study

Learn how an information technology and eHealth service company deployed 1,700 remote desktops for critical healthcare workers in just five days using Nerdio Manager for Enterprise . 


About Newfoundland and Labrador Centre for Health Information

Newfoundland and Labrador Centre for Health Information (NLCHI) supports healthcare organizations across the province with IT services. In response to COVID-19, the organization had to enable remote work quickly. In five days, NLCHI deployed Azure Virtual Desktop (AVD) to 1,700 healthcare workers, who connect to their Windows desktops and apps with their own devices. Using Windows 10 Enterprise multi-session, the organization saves compute costs by enabling 32 users to connect to a session host instead of just two. 

The Newfoundland and Labrador Centre for Health Information (NLCHI) provides quality information to health professionals, the public, researchers, and health system decision-makers in Newfoundland and Labrador in Canada. Through collaboration with the health system, NLCHI is helping build a smarter, more connected healthcare system by developing data and technical standards, maintaining key health databases, and supporting health research. The province is divided into four regional health authorities (RHAs): Labrador-Grenfell Health, Central Health, Western Health, and Eastern Health. 

NLCHI’s staff of 175 supports 20,000 healthcare workers with solutions such as hospital information systems, an electronic health record (EHR) system that authorized healthcare providers to securely access essential patient data, and an electronic medical record (EMR) program that is digitizing clinician offices across the province. In the end, all of these machines and roles need to be maintained, patched, kept free from viruses. 

Moving to remote work and the cloud amid the COVID-19 pandemic

In early 2020, roughly 400 of the province’s 20,000 healthcare workers regularly worked remotely using VPN connections and corporate laptop computers. Thanks to its e-health focus, NLCHI had recently established a single Microsoft 365 tenant for itself and the four RHAs, including Microsoft Teams. The rest of its IT infrastructure was mostly on-premises.

In early March 2020, when the province confirmed its first cases of COVID-19, NLCHI had to respond quickly to keep healthcare services running. At the same time, it had to configure new COVID-19 intensive-care unit (ICU) wings and deploy solutions in long-term care facilities (NLCHI provided 500 iPads and various apps to help patients connect with family and health providers). Robert Drover, Director of NLCHI, says, “Case counts and admissions accelerated overnight. It was a critical situation and we needed to enable remote work for as many workers as possible; staff responsible for acquiring personal protection equipment are just as essential as ICU physicians and nurses to keep services running.”

Fast deployment, cost savings, and minimal training requirements 

NLCHI contacted Microsoft, which suggested Azure Virtual Desktop for providing remote access. Rodney Keough, Data Center and Unified Communications Manager at NLCHI, recalls late night and early morning calls with Microsoft to determine how to set the service up for NLCHI and the four RHAs with their different requirements. ”Robert contacted me on a Sunday night. We built out the main controllers in Microsoft Azure by Thursday morning, when we brought on the first pilot group from Eastern Health. In five days, we had about 1,700 people using the new Azure Virtual Desktop platform, with peak usage at 3,700 people.”

To reduce its resource requirements, NLCHI used Windows 10 Enterprise multi-session, a Remote Desktop Session Host that allows multiple concurrent interactive sessions. 

NLCHI created materials explaining how employees could access their remote desktops by using their own personal devices. Keough says, “Beyond creating an announcement email and a couple of support documents, there was no more training required. The experience is intuitive, just like the desktop workers are already used to.”

NLCHI also worked with Nerdio to set up Nerdio Manager for Enterprise — an enterprise solution to help automate management, optimization, and security of Azure Virtual Desktop deployments. The organization used Nerdio Manager for AVD, which works with NLCHI’s four Azure Active Directory P1 deployments, to create an image for itself and for each RHA, and automatically deploy them to each domain. “We also deployed servers with credentials and connected them to Azure file stores quickly using the Nerdio interface,” says Keough.

To make its Azure spend more efficient, the organization uses Azure Reserved Virtual Machine Instances to manage costs across predictable workloads. It also uses auto-scaling in Nerdio Manager for Enterprise to handle its fluctuating needs (at the end of each workday, the organization scales down from 30 servers to just one). “The ability to scale down automatically helps us save on compute costs for Azure; that’s not something that was available in our traditional datacenter model. We built a sustainable solution that’s fiscally responsible and will help us recover some of its costs,” says Keough.

Instead of two users per CPU, we can enable 32 users to connect to one session host, and all get equal performance and a full desktop experience… It cuts our costs by a factor of 30.  Rodney Keough: Data Center and Unified Communications Manager, Newfoundland and Labrador Centre for Health Information

Flexibility, security, and a new direction for IT

The organization benefits from the flexibility it gained around devices. Keough says, “We don’t have to secure workers’ computers with encrypted drives and security updates because the devices are just acting like a thin client, in the sense that they’re providing the connection to our virtual desktop infrastructure.” Drover points out that while NLCHI doesn’t anticipate increased funding or resources, expectations from and requirements for its IT services keep growing. “Azure Virtual Desktop and Nerdio Manager for Enterprise will help us automate and improve our services quickly to keep up with demand,” he says.

NLCHI sees virtualization as an opportunity to rethink how it procures and delivers devices—and provides a desktop experience for workers. The organization won’t have to image new computers for remote workers, and it can focus more on identity management and security. Workers won’t need different usernames and passwords for various applications but will instead have a single Microsoft identity that IT staff can manage across the environment. Keough says, “Next, we can look at using Microsoft Intune mobile device management across the entire organization like we’re doing for the 500 new iPads.”

The organization is also looking into migrating its entire remote desktop environment to Azure Virtual Desktop, and using the service for application delivery. “Azure Virtual Desktop enlightened us about the power of Azure—we’re looking at it as part of our data center portfolio, and we’re evaluating more application-level and server-level workloads to migrate to the service,” says Keough.

Drover sees the Azure Virtual Desktop deployment as changing the organization’s strategy around what it can achieve. “We’ve advanced our capabilities quickly, achieving in nine months what would have taken us 5 or 10 years to do previously. We’re seeing intrinsic benefits that make us more effective, efficient, and responsive,” he says.

In summary, Keough says, “We chose Azure Virtual Desktop paired with Nerdio Manager for Enterprise because of the close collaboration and trust that we have with Microsoft. The companies have the best interests of our organization and our patients, clients, and residents in mind. Our workers can use their own devices to access internal resources while we still maintain our security principles. The fit is phenomenal when it comes to performance and flexibility.”

“We’ve advanced our capabilities quickly, achieving in nine months what would have taken us 5 or 10 years to do previously. We’re seeing intrinsic benefits that make us more effective, efficient, and responsive. ”  Robert Drover: Director,  Newfoundland and Labrador Centre for Health Information

Download the application today from the Azure marketplace and begin a free 30-day trial:


Find Nerdio in the Azure Marketplace:

10 Most Common Azure Mistakes Made by IT Professionals

In this article, we are going to focus on the top 10 most common mistakes we see our partners make in Microsoft Azure. Let’s jump right in: 

1. Selecting Non-optimal VM Sizes for Servers and Session Hosts 

There are many use cases for virtual machines (VMs) in Azure. Some examples of roles that VMs are typically used as domain controllers, file servers, application servers, database servers, remote desktop session hosts, and Windows Virtual Desktop (WVD) hosts.  

It is very common for someone unfamiliar with VM families and SKUs to randomly pick any VM size that is similar in core count and memory required for their needs. However, it is important to know there is a big difference, for example, between D2sv3 and DS3v2. Although VM SKUs look similar, perhaps even the same in core count and memory, it is important to understand the differences and pick the right one. Picking a non-optimal VM size can cause negative pricing ramifications and degraded performance and sometimes even both.  

Domain Controllers  

For domain controllers, it is very common to use a B-series machine since these machines provide significant value and will give you the performance a typical domain controller needs.  

File Servers  

For file servers, this can be quite tricky as CPU, core, and memory aren’t the only things to consider. Picking the right storage type and size is equally as important when optimizing performance on a file server (more on this in point in number 3 below). A typical VM size to select might be a D2asv4 or a DS3v2 for larger premium disks.  

Application Servers  

For application servers, referring to the recommended system requirements from your vendor is your best bet. Common VM families used here are the DASv4 or EASv4 types. There is also a difference between hyper-threaded cores and non-hyper threaded cores. For example, a DASv4 machine family uses hyper-threaded cores while the DS2_v2 does not. Performance on the DS2_v2 would be better since they will perform like physical cores rather than virtual cores. Checking with your application vendor to see what they recommend is the right thing to do.  


For AVD, session hosts, or RDS servers, it’s a good idea to use a machine that has a higher CPU core count to allow some room for bursting. It is also a good idea but not absolutely required to use an E series machine. E series machines have double the memory for only 15% more cost. The memory will come in handy if you have users using a lot of browser tabs or opening a lot of Office documents. Even NV series VMs would offer a performance boost as NV VM’s have a GPU attached to the machine which could offset some load from the CPU allowing you the ability to put more users on a session host.  

 2. Using a Deprecated Virtual Machine Family 

This topic is related to those Azure environments that have been around for a while. When an environment has been in Azure for any length of time, it is common to see that environment running on the Azure Classic platform rather than the modern Azure Resource Manager (ARM) model. When we see that, there is a high likelihood that the VMs were configured a long time ago and no maintenance has been done to resize the machine to use modern hardware. Azure does deprecate VMs over time by either not offering them anymore or making the cost increase, which incentivizes you to resize to a more modern, better-performing VM that actually costs less.  

If you are inheriting an Azure environment or reviewing an Azure environment that has been built a few years ago, you may find VMs running on older VM SKUs. It is a good idea to resize them to the current VM SKUs. You’ll see much better performance and likely at a much lower cost. A win-win situation!  

3. Using Premium SSDs on VMs That Can’t Handle the Full Potential of the Disk 

Oftentimes, when reviewing a quote or build that a partner brings to us, it’s common to see that premium SSDs are used everywhere. While premium SSDs are best in class in terms of speed and SLA, it is also important to consider the VM SKU being paired with the premium disk. Not all VM sizes can take full advantage of the premium disk you give it. If you look at Microsoft’s premium SSD documentation, you will notice that the larger the premium disk is, the more IOPs and MB/s throughput that disk is capable of. However, what most people don’t know is that each VM SKU can only handle a maximum IOPS and MB/s throughput. This means that if you assign a very large premium disk—let’s use a 4TB premium SSD (7500 IOPS) as an example–and pair it with a D2sv3 VM, the VM documentation shows that the VM can only take advantage of a disk with IOPS that will max out at 3200 IOPS. The VM would never be able to take full advantage of the full capability of that premium disk and you are therefore wasting money if higher performance is what you are looking to achieve.  

Make sure you select a VM that is properly sized to take full advantage of the premium disk you assign to it by picking a VM that has greater IOPs and MB/s throughput than all the combined disks assigned to that VM. 

4. Using Standard HDDs for Heavy Production Workloads 

Quite the opposite can also happen. We will see mission-critical workloads being assigned standard HDDs or standard SSDs. All mission-critical workloads should be using a premium SSD disk. Your workload performance will certainly increase compared to a standard SSD or standard HDD. The rule of thumb is that if the disk serves data to an end-user, make it premium. With that said, make sure you follow #3 above and size your VM appropriately for the disk.  

5. Selecting the Wrong Tier or Azure Files and Not Allocating Enough Storage  

When using Azure files for mission-critical workloads such as hosting FSlogix profiles for RDS or WVD, I see the use of standard tier Azure files used. The challenge will always be the speed of WVD if you select anything but premium tier storage for Azure files. However, just selecting premium is not good enough. You also must allocate a decent quoting size to get the IOPS you are looking for. Azure files’ formula for IOPs is 400 IOPS, +1 IOPS per GB you assign to the Azure files share. This means that if you want more IOPS (up to 100,000) you must allocate more GBs to the share. Performance degradation can come from not using premium tier storage and not allocating enough storage quota to your Azure files share.  

6. Forgetting to Order Reserved Instances on Virtual Machines 

Reserved Instances are an absolute must when it comes to cost control and saving money in Azure. To read more about Reserved Instances, read this article. A very high percentage of partners do not opt-in for Reservations for their VMs. Without Reserved Instances, your Virtual Machines are running at the pay-as-you-go rate, which is the absolute most expensive way to pay for Azure. I believe partners are so busy that they either forget to do it, or don’t know how to do it. If you are working with a CSP Distributor, you need to contact them to order and lock in your Reserved Instances and make sure every running VM is covered by a Reserved Instance.  

7. Forgetting to Toggle Azure Hybrid Benefit 

Equally as important is purchasing the licenses required for Azure Hybrid Benefit and not forgetting to TOGGLE the switch on each VM to take advantage of AHB.  

Similar to Reserved Instances, partners often forget to do this as well. Renting an OS or SQL license from Azure is by far the worst way to acquire the necessary Windows licensing for your VM.  

Purchasing the licenses isn’t all you need to do. You must tell Microsoft that you own a compatible license for Azure for them to give you the appropriate discount. 

8. Improperly Licensing Microsoft SQL Server 

If you have applications using SQL on Azure VMs, it is very important to understand how SQL can be licensed in Azure. Unlike on-premises where you can license SQL by the User and CAL model, you cannot do this in Azure. SQL can only be licensed under the Core model, and you must purchase a minimum of 4 cores per SQL Standard instance regardless of if your machine is under 4 cores. Core licenses are sold in packs of 2.  

There are currently two supported models of purchasing SQL licenses under the Core model in Azure:  CSP Software Subscription SQL Server 2 Core Pack (1 year or 3 years) and OPEN license for SQL Server per Core model with Software Assurance. 

If you don’t have either of these two types of licenses, you may not use this in Azure. The licenses will need to be repurchased under the correct licensing program.  

It is also important to take advantage of Azure Hybrid Benefit for SQL Server licensing. Over a 3-year term, renting the SQL Server license under the Pay as you Go model will cost you over $3,000 for a 4 Core SQL Server compared to bringing your own license under the CSP or OPEN license with Software Assurance program and taking advantage of Azure Hybrid Benefit. The drawback is that it is an upfront payment vs renting it month to month. 

9. NSG Inbound Outbound Rules 

Understanding how Network Security Groups (NSG) work is important to the security of your Azure environment. NSGs are like your stateful firewall. They can be set to ALLOW or DENY traffic to your virtual network in Azure. Most NSG’s are misconfigured, thereby giving full access to the outside world on all ports or specific ports such as 80, 443 or 3389. Hunker down and learn how NSGs work as getting it wrong can pose a huge security risk to your network and frustrate you when traffic does not flow, you cannot connect, and cannot seem to figure out why.  

10. Not Patching your VMs Running Azure 

Believe it or not, when VMs are deployed in Azure, there is a high likelihood the VMs aren’t patched like machines that are running on-premises. A virtual machine running in Azure is no more secure or less secure than a VM running on-premises. It is very important to install your RMM tools and anti-virus software on VMs running in Azure as well. Treat them the exact same way and put them on the same patch schedule as a VM running on-premises. Do not neglect your VMs in Azure as they too need to be safe and treated with care.  

Azure even has a Windows Update Manager service that you can enroll your VMs to that will help patch your machines if you don’t feel like using your RMM tool to do the job. Here is how to enroll your VM and use Update Manager.   

These are the 10 most common Azure mistakes we see partners make. Keeping these points in mind when you are working with Azure will help you be more successful. And, of course, we are always here to help assist you. 

If you’d like to schedule a demo of how Nerdio Manager for Enterprise can help your business save up to 75% on Azure compute and storage costs and drastically lower the time it takes to deploy WVD, click the button below. 

Free White Paper Download!

Nerdio Manager for Enterprise Case Study: Naylor

Case Study

Learn how a global association organization saved 50% on Azure Virtual Desktop deployment time compared to using the Azure Portal to deploy AVD. 


About Naylor Association Solutions

For more than fifty years, Naylor Association Solutions has helped trade and professional associations build and maintain strong and profitable relationships with their members. Naylor offers a comprehensive suite of solutions that engages members and generates non-dues revenue. The suite includes offerings that focus on communications strategies, print and digital communications, full-service event management, advertising, sponsorships and exhibit sales, career centers, online learning, association management, and member management software. 

Naylor is headquartered in McLean, VA with additional offices across the United States and Canada. The company provides services and solutions to over 1,800 associations in more than one hundred industries. 

The Situation

Like many organizations, Naylor had primarily deployed on-premises solutions over the years. Its twenty-five IT personnel supported approximately four hundred employees spread across multiple locations.

More recently, Naylor had started gradually moving toward a more hybrid architecture with some Microsoft 365 cloud-based virtual solutions in addition to its existing, on-premises solutions. However, when a potential security issue arose in 2020, the company significantly sped up its transition to a cloud-based infrastructure, built around Microsoft’s VDI capabilities. 

“As we ramped up our investments in cloud-based infrastructure, we realized we wanted a more centralized way to manage everything,” said Rob Armstrong, IT Support Specialist for Naylor. “We wanted a simpler solution than Microsoft’s native offering.”

The Solution

Based on a recommendation from its Dell hardware contact, Naylor reached out to Nerdio to start an evaluation of Nerdio Manager for Enterprise. What the company found, impressed them.

“Nerdio is a fantastic product,” said Armstrong. “The level of support we’ve received from Nerdio has been incredible. We’ve literally received responses within 15-20 minutes on product and configuration questions.”

To evaluate Nerdio, Naylor did a compare-and-contrast analysis between Nerdio and existing Azure functions to decide if there was enough value to implement it. 

“Our team was really attracted by Nerdio’s ease-of-management,” said Armstrong “We had lots of things coming together that we needed to deploy quickly and Nerdio Manager for Enterprise was a way to do that with more ease than  Azure’s native solutions. There were also some things that Azure can’t do and Nerdio can, and that’s just one reason it’s been so helpful to us. Overall, Nerdio Manager for Enterprise is definitely easier than Azure’s built-in portal options.” 

The Results

As a result of its initial analysis, Naylor deployed Nerdio Manager for Enterprise in late 2020 and relies on it for day-to-day management and monitoring of its business-critical Azure Virtual Desktop deployments. 

The results for Naylor have been superb. Not only has Nerdio Manager for Enterprise made overall management of its virtual environment easier, but it’s allowed Naylor to limit its spending on Azure each month. Nerdio Manager for Enterprise enables Naylor to manage Azure costs closely and optimize the money it spends.

“The use case for Nerdio Manager for Enterprise is very strong. The dollars that you spend compared to the efficiency you receive is well worth it.” – Rob Armstrong, IT Support Specialist at Naylor.

Naylor relies heavily on Nerdio’s Desktop Auto-Scaling and Ephemeral OS Disks functions, which enable Naylor to create new virtual machine images each morning for use by employees during the day and then when people log off at night, shutting them down to 
save money. 

“Cost is always a concern,” said Armstrong. “We’ve found that the Cost Estimator tool built into Nerdio is really helpful for budgetary purposes. We always want to keep an eye on costs and keep the minimal number of hosts running. Nerdio’s auto-scaling and other features definitely help us control costs so they fit our needs.”

In addition to saving money, Nerdio has also enabled Naylor to increase its level of security in a straight-forward way. “Using Nerdio, it is super-quick and simple to change the local user accounts that are deployed for VMs,” said Armstrong. “There’s no need to slough through the Azure screens to figure out what’s what.”

For Naylor, implementing Nerdio Manager for Enterprise has been a win that enables it to serve its association members more efficiently and effectively. In practical terms, the solution not only saves Naylor money that might be spent on inefficient virtual environments, but it also saves considerable time that would otherwise be spent by technicians managing various settings or using native Azure tools.

“I’d say Nerdio Manager for Enterprise has saved us between 33-50% of the deployment time that would be needed in native Azure environment,”  – Rob Armstrong, IT Support Specialist at Naylor.

“Specifically, in our ability to scale deployments and make mass changes to our AVD environment more efficiently. In addition, a lot of the more granular options that Nerdio provides simply aren’t available in the Azure Portal. The more you use Nerdio, the more valuable it will be.”

Download the application today from the Azure marketplace and begin a free 30-day trial:


Find Nerdio in the Azure Marketplace:

Nerdio Manager for Enterprise Case Study: New York City Department of Environmental Protection

Case Study

Learn how the New York City Department of Environmental Protection (NYC DEP) used Nerdio Manager for Enterprise to move 2,000 employees to remote work in a matter of days–90 percent faster than it could have using VPN connections (and without the need for new hardware). 


About New York City Department of Environmental Protraction (NYC DEP)

New York City Department of Environmental Protection (NYC DEP) is the agency responsible for moving fresh water in and storm and wastewater out. It also maintains miles of underground pipes and the ecologically rich above-ground drainage systems that naturally handle runoff precipitation from streets and sidewalks. With 9 million residents, the Big Apple is a teeming metropolis. Spread across islands and mainland, the city’s boroughs are connected by bridges, tunnels, and ferries. Moving people across this unique geography is a big enough undertaking for such a populous city. Still, an even more essential job is delivering the 1 billion gallons of fresh drinking water New York City’s residents require every day. That’s water for everything from bathing to baking world-famous bagels and pizza.

Commitment to Virtualization

When COVID-19 hit in 2020, the New York City Department of Environmental Protection (NYC DEP) used Nerdio Manager for Enterprise to move roughly 2,000 employees to remote work in a matter of days—90 percent faster than it could have using VPN connections (and without the need for new hardware). NYC DEP also used Azure Active Directory Application Proxy and Azure Application Gateway to provide more secure remote access to internal applications with multi-factor authentication.

An agency with 19 business units and roughly 5,600 employees, NYC DEP’s scale and scope is huge, and its IT department must support field operations around the clock. Farhan Abdullah, Director of Production Support Services at NYC DEP, says, “Whether it’s water treatment, water supply, or sewer operations if a water main breaks day or night, the IT department is responsible for making sure apps and other resources are up, running, and available.”

To support around-the-clock operations, the IT department runs multiple data centers across the city’s five boroughs, and it continually reassesses how to provide seamless disaster recovery and broad scalability. As part of this strategy, NYC DEP was an early proponent of virtualization and cloud services, and it has stayed true to this commitment. Michael Shum, IT Chief of Staff at NYC DEP, estimates that the agency has moved 40 percent of its workloads to the cloud, with more moved there every day.

“We used Azure Virtual Desktop to provide highly secure remote access 90 percent faster, to 90 percent more employees, than we could have with our legacy systems.” – Cecil McMaster: Deputy Commissioner for Business Information Technology, New York City Department of Environmental Protection.

NYC DEP had relied on Microsoft Azure services for years, since the days of Microsoft Virtual Server. By early 2020, employees used cloud tools like Microsoft Office 365 business productivity apps, and IT staff managed identity and access with Azure Active Directory (Azure AD) Premium. About 2 percent of the agency’s employees worked remotely, using company-issued devices and a VPN connection to sign into an internal portal. The agency wanted more than VPN could offer—faster connection speeds, more robust scalability, and multi-factor authentication to secure employees’ credentials. 

The Shift to Remote Work

In March, when NYC DEP had to switch about a third of its employees to remote work in response to COVID-19, it saw Nerdio Manager for Enterprise as a natural choice for improving remote access because of the agency’s prior investment in Microsoft products. 

IT staff faced a challenge in bringing on 2,500 employees unaccustomed to remote work. The sudden influx of connection requests also slowed the internal portal’s performance significantly. Despite the obstacles, NYC DEP deployed Azure Virtual Desktop in a matter 
of days.

To accelerate adding user accounts on the back end, IT staff deployed Nerdio Manager for Enterprise—a service that empowers IT professionals to automate, optimize, and secure Azure Virtual Desktop deployments. This saved a significant amount of time, reducing a four-and-a-half-week task to just three hours. Nerdio also provides a centralized management interface from which IT staff can quickly troubleshoot access issues.

 “With Nerdio Manager for Enterprise, we were able to access a list of all our employees and add them with a click.”– Vic Kayharee, Cloud Engineer for the Business Information Technology at NYC DEP.

Cecil McMaster, Deputy Commissioner for Business Information Technology at NYC DEP, says, “If we’d had to provide remote access strictly through VPN connections to on-premises resources, we would only have been able to offer maybe one-tenth of the access and performance. We used Azure Virtual Desktop to provide highly secure remote access 90 percent faster, to 90 percent more employees, than we could have with our legacy systems.  Having a dynamic virtual infrastructure that we can configure without having to procure hardware or worry about storage and memory gives us flexibility.”

If we need to add another 50 people, we can do that by clicking a button. – Cecil McMaster, Deputy Commissioner for Business Information Technology at NYC DEP.

Improved Capabilities with Some Help From IT Partners

Using remote, highly secure Microsoft data centers, NYC DEP provides IT infrastructure resiliency and scalability faster to support its employees. Shum says, “We can stand up a new application with Azure services in 90 days versus one to two years, because we don’t have to go buy a server. We no longer have to put in a requisition to get the capital, or worry about government budget cycles, where you’re budgeting a year out.” 

NYC DEP credits support from Microsoft and Nerdio Manager for Enterprise with helping it get through a demanding transition period. Shum says, “I give kudos to Microsoft and Nerdio for supporting us nights, days, and weekends as we moved to remote work. Their investment in us, in this collaboration, got us to the point where we felt comfortable with the Azure Virtual Desktop solution. Getting this project done during COVID-19 was hectic, but we got through it together.”

Remote Work With Greater Scalability, Flexibility, and Security

With VPN, the agency relied on antivirus software installed on employee computers. But, says Shum, “With Azure Virtual Desktop, we manage the antivirus software ourselves, so we can ensure compliance and keep devices updated—as opposed to making sure every single endpoint has the most current protections installed.”

NYC DEP appreciates that employees now have the flexibility of using their personal devices to remotely connect to agency resources, regardless of operating system or endpoint security software. As McMaster points out, agency-secured laptops are scarce due to sudden demand, and many agencies across the country can’t offer remote work options due to device sourcing issues.

Azure Virtual Desktop also supports the agency’s security needs. Abdullah says, “We are comfortable making legacy on-premises apps available through Azure because we can apply Azure AD conditional access policies based on location, device, time of the day, and so on, along with multi-factor authentication.” 

IT staff use Windows 10 multi-session with Azure NetApp files to create roaming profiles with Azure Virtual Desktop. With Windows 10 multi-session, they can deliver a full, scalable Windows 10 desktop experience with virtualized Microsoft 365 apps that run in multi-user scenarios, without needing any additional gateway servers. Kayharee says, “We can publish as many host pools as we need to accommodate our workloads. We only need 21 hosts for about 1,000 employees, instead of procuring a machine for each individual. And in terms of security, we only have to manage 21 hosts to make sure they have the latest security 
updates installed.”

Sharing Lessons Learned and Looking Toward the Future

Today, NYC DEP is getting requests from fellow agencies around the country to share its success story. As of December 2020, a handful of agencies have started using NYC DEP’s suggested best practices and planning approaches.

Abdullah says the experience of taking advantage of the latest features in Azure Virtual Desktop, like faster deployment capabilities, simplified management, and improved security, inspired NYC DEP to consider replacing its desktop computers with a virtual environment. That way, employees will have the same desktop experience whether they work on-premises or remotely. Next, the agency plans to use Azure Log Analytics for native monitoring and alerting, instead of PowerShell commands, and Azure AD Groups to grant access. This will allow NYC DEP to streamline user access based on groups rather than a per-user basis. 

“We can stand up a new application with Azure services in 90 days versus one to two years, because we don’t have to go buy a server. We no longer have to put in a requisition to get the capital.” – Michael Shum: IT Chief of Staff, New York City Department of Environmental Protection.

Download the application today from the Azure marketplace and begin a free 30-day trial: 


Find Nerdio in the Azure Marketplace:

Nerdio Manager for Enterprise Case Study: Kaplan

Case Study

Learn how a global enterprise organization deploys, manages, and cost-optimizes Azure Virtual Desktop company-wide with Nerdio Manager for Enterprise quickly and easily. 


About Kaplan

Kaplan is a global provider of educational and career services for individuals, schools, and businesses. Founded in 1938 in Brooklyn, NY as a test prep company, Kaplan now has operations in nearly 30 countries and serves one million-plus students and thousands of educational and corporate clients. It’s known for expanding access to education and pioneering digital learning technologies. In addition to prepping students for high stakes exams, Kaplan offers undergraduate and graduate degrees and helps universities enroll new international students, build online programs, and create new career readiness programs for students. 

Kaplan’s Metis business is a leading provider of data science skills training for individuals and businesses. Kaplan is also a leading provider of professional instruction for licensing exams for attorneys, physicians, and nurses. Kaplan’s IT team works constantly to ensure access and productivity for all its users. 

The Situation

Responsible for all end-user computing for Kaplan, the Technology Services team is comprised of desktop services, desktop engineering, service desk and identity and access management for Kaplan’s teams throughout North America. In particular, the desktop engineering portion of the team maintains their complex and vital virtual desktop environments. 

The use of virtual desktops has been part of Kaplan’s business continuity blueprint. The IT team’s goal is to keep widely dispersed users running despite myriad complications, natural disasters, power and connectivity or other technical issues.  

The COVID-19 pandemic caused a substantial increase in the number of users needing to work from home in a secure environment. From the onset of public health restrictions in March of 2020, Kaplan’s IT team prepared for the challenges to come by seeking options for secure remote work. This need for flexibility also necessitated rapid deployment of a scalable technical solution. “We had to fast-track the ability for people to work from home in a secure environment, so we scaled up virtual desktops,” said Chad Marino, Executive Director, Technology Services, Kaplan North America.  

This included the remote use of company-issued laptops connecting to Kaplan resources through a VPN or virtual desktop. The company’s call center -which primarily used on-premises desktops– were able to use personal computers through virtual desktop technology.

The Solution 

When IT leadership was looking for the best way to implement its virtual desktop plans, they reviewed several alternatives, including Microsoft Azure Virtual Desktop (AVD). As a Microsoft Azure customer, Kaplan knew that AVD was well-suited to their needs. While very familiar with its usability strengths, the team was also focused on managing costs. The ability to easily scale to the users’ peaks and valleys was an important factor in this regard.  

In choosing the most effective solution in terms of AVD deployment, management, and cost-optimization, Kaplan reviewed many options. With recommendations from Microsoft, combined with their own research, the Kaplan team held a “bake-off” pitting Nerdio against a similar product on the market. 

“We were blown away by Nerdio Manager for Enterprise’s capabilities in our demo. Our internal team was excited to show off all it could do,”– Chad Marino, Executive Director, Technology Services, Kaplan North America.

The Results 

Nerdio Manager for Enterprise has exceeded expectations as Kaplan’s chosen solution. Its enterprise-level features supply the automation, management, scalability, and cost optimization that are critical to the virtual desktop initiative at Kaplan. Nerdio offers keen insight into how the system is working: how many users are connected, statistics around CPU utilization, latency, and login times, which are all extremely valuable as the Kaplan team manages the enterprise’s virtual desktop environments.   

“From a pain-point perspective, Nerdio Manager for Enterprise’s auto-scaling is a key functionality. We couldn’t have done what we needed to do without that,” Marino said.

“We’ve never had the kind of visibility we get with Nerdio,”– Chad Marino, Executive Director, Technology Services, Kaplan North America. 

“Our Nerdio team has been great as we continued our evaluation and we scaled this out to a large number of users,” according to Marino. “We wanted to make sure it could do everything we needed; solid automation without administrative headaches. And again, the cost was so important. We wanted to make sure we could turn on machines when we needed them and turn them off when we didn’t – without the constant involvement of our IT team,” he continued.

Nerdio Manager for Enterprise can save enterprise organizations up to 75% on Azure compute and storage costs through its advanced auto-scaling capabilities. Download the application today from the Azure marketplace and begin a free 30-day trial:


Find Nerdio in the Azure Marketplace: