How much will Windows Virtual Desktop cost? How will this impact my MSP business? To answer these questions, we’ll break down all the sub-components of WVD and compare them to competing solutions like Remote Desktop Services (RDS).
The three associated costs for WVD are as follows:
- Azure Infrastructure
Windows Virtual Desktops support two types of desktops: personal and pooled. The associated consumption cost for Azure resources depend on several factors. Nerdio’s Azure Cost Estimator will help you to better determine the exact associated costs and any potential “what-if” scenarios.
Keep in mind that the cost is largely the same as if you were using RDS to deliver Windows desktops using “desktop experience” instead of the native Windows 10 look from WVD.
- Windows Virtual Desktop Management Service
With WVD, it’s no longer a necessity to install and manage any RDS roles (i.e., RD License Server, RD Web, RD Webclient, RD Connection Broker, and RD Gateway), as they are now part of WVD Management Service hosted in Azure. This means that the previous associated costs are now eliminated, as Microsoft has now taken over the responsibility.
- Software Licensing
You can purchase a Windows 10 Enterprise license subscription via Microsoft 365 (E3, E5, A3, A5, Business), Windows (E3, A3, A5, Business), or Windows 10 Enterprise VDA.
Here‘s a table that better illustrates the associated costs with WVD versus RDS:
|Windows Virtual Desktop||RDS Virtual Desktops in Azure|
|Azure infrastructure to support desktop virtual machines (session hosts)|
Compute, storage and networking
Roughly the same in both deployment scenarios (assuming AHU)
WVD Management Service
RDS Roles (e.g. LS, Web, GW, etc.)
Windows 10 Enterprise subscription
Windows Server and RDS subscription
You’ll need the following five items to get started with WVD:
Subscription to Windows 10 Enterprise for each WVD user.
WVD Management Service and Windows 10 desktop OS are licensed via a subscription to Windows 10 Enterprise. Microsoft 365 (E3/E5/A3/A5/Business) and Windows (via CSP - E3/E5/A3/A5) licenses can be used for WVD, but Windows 10 Professional, OEM, or any non-subscription version of Windows cannot use WVD.
You can purchase a subscription to these products through any channel - CSP, EA, MCA, and so on - and the same per-user subscription license enables the assigned user to connect to multiple WVD desktops whether they’re Windows 10 Enterprise multi-session, single-session, or even Windows 7.
Azure Active Directory (AAD) tenant.
To deploy and manage WVD as an admin and assign users to applications and desktops, there must be an Azure AD (AAD) tenant.
AAD is Microsoft’s cloud directory service that is the highest-level object in the hierarchy when dealing with Microsoft Cloud services (O365, D365 and Azure). Everything ties to an AAD tenant and is generally associated to a unique domain name: tenant.onmicrosoft.com. It may also be referred to as “Directory” or “Account”.
If you are already using Office 365, then you have an Azure AD tenant. An AAD tenant gets created when you sign up for Office 365 and that’s the tenant you’ll need to deploy WVD. You’ll need a Global Administrator account that has access to the AAD tenant as well.
An AAD tenant is free and is a directory of users, groups, contacts, and other services. The members of an AAD tenant can be paid and there are paid add-ons for AAD. The good news is that as far as WVD is concerned, it’s quite simple: your Office 365 tenant is your Azure AD tenant in almost all scenarios since that’s where the user objects that will be assigned to desktops reside.
Active Directory Domain Services (AD DS) deployment.
While Azure AD is a container of user objects, the actual WVD session hosts – the virtual machines running Windows 10 Enterprise multi-session – must join an Active Directory Domain Services (AD DS) forest.
The terminology can be somewhat confusing, so let’s clear it up.
- Active Directory Domain Services (AD DS) – what is often called “Active Directory.”
- Plain, vanilla Active Directory role on a traditional Windows Server machine that is managed with tools like Active Directory Users and Computer, Sites and Services, Domains, and Trusts.
- Contains user, group, contact, and computer objects.
- Traditional Windows desktops and servers join AD DS.
- Users and Groups can be synchronized with Azure AD using ADConnect.
- Azure Active Directory (AAD) – Microsoft Cloud Directory services.
- Despite its similar name to traditional Active Directory, this is a different service that is hosted by Microsoft and is the top-level object in Microsoft Cloud (O365, D365 and Azure).
- Contains user, group, and contact objects.
- Windows 10 computers can join AAD, but older operating system machines cannot.
- Can be synchronized with an AD DS via ADConnect tool so the same username and password can be used for both.
- Azure Active Directory Domain Services (AAD DS).
- An Azure-hosted, Microsoft-managed AD DS.
- Most of the same capabilities as traditional, on-premises AD DS with some limitations due to lack of administrative access to the actual domain controller--Microsoft manages that.
- Synchronizes with AAD, which is synchronized with on an on-premises AD DS, and allows VMs running in Azure to join it regardless of the type of Windows OS they’re running.
If a visual aid is more your style, we have a handy infographic that explains the whole Windows Virtual Desktop structure and how it interacts with Azure right here: Windows Virtual Desktop Architecture
WVD requires that the session host VMs (desktop VMs) is joined with either AD DS or AAD DS. This means that you must have an Active Directory deployment accessible to the WVD session host VMs, as you can’t use AAD alone for a WVD deployment.
In summary, with WVD you’ll need both AAD (contains user objects) and AD DS (contains computer objects). AD DS should be synchronized with AAD via ADConnect for best user experience.
You can find a much more in-depth article on Windows Server Active Directory, Azure AD, Azure AD DS, and Nerdio’s Hybrid AD here.
The next thing you’ll need is somewhere to create and run your WVD session-host VMs that will serve as a desktop in the Windows 10 Enterprise multi-session OS. This requires an Azure subscription.
An Azure subscription can be purchased via any channel: CSP, EA, MCA, etc. Typically, this Azure subscription will be inside of the Azure AD tenant mentioned above.
The subscription will contain the following:
- WVD Management Service
- WVD Tenant will be registered and added to the Azure subscription.
- Inside of the WVD Tenant you will create Host Pools.
- Inside of Host Pools you will have session hosts – Windows 10 VMs.
- During Public Preview, the WVD Management Service is available only in the East US 2 region. Once WVD is Generally Available, this service will be scaled out to other regions.
- WVD Tenant will be registered and added to the Azure subscription.
- Windows 10 VMs and infrastructure
- Session hosts are VMs with Windows 10 Enterprise multi-session OS installed.
- Each VM will have an OS and sometimes data disks. These disks can use any managed disk in Azure (Standard HDD, Standard SSD, Premium SSD).
- There will be a Virtual Network and subnets with VMs connected to those subnets.
- There will be internet connectivity and bandwidth transfer costs.
- Network ports don't need to be open for inbound traffic like you need with RDS. WVD uses an agent installed on each session host VM that leverages Reverse Connect technology to establish connectivity without opening any inbound ports.
- Session hosts can be running in any Azure region.
- Since WVD desktop users originate at the WVD Management Service first and then get routed to the VM running the desktop, it’s important to keep the VMs and Management Services as close as possible – preferably in the same Azure region.
One of the exciting new features of WVD is the profile management technology that came with the acquisition of FSLogix. WVD desktop users’ Windows profiles are held in VHD files and stored on a file server independent of the Windows 10 session-host VMs. This means that if a user is assigned to a non-persistent desktop, the profile - including the Windows Search cache - can follow the user no matter what virtual desktop VM they log into.
To use this new functionality, there must be a file server accessible to the session-host VMs to store these profile disks. It’s best to have the file server and desktop VMs in the same Azure region, so that the connectivity is fast and provides a good end-user performance. It will eventually be possible to use Azure Files instead of a file server, but for now, a Windows file server VM is recommended.
Keep these points in mind before diving into a deployment – it'll save time and help make the process go smoothly. It’ll also allow for a properly architected infrastructure, directory, and licensing to ensure that your users will love the performance, usability and flexibility of their new virtual desktops in Azure.
Head to the next page for a guide on how to deploy a Windows Virtual Desktop pilot in just two hours, and how it integrates multi-factor authentication.