Nerdio Explains Microsoft's Windows Virtual Desktop Service
The Microsoft partner's CEO talks about the technology, cost factors and requirements for using Microsoft's new virtual desktop infrastructure service.
Windows Virtual Desktop (WVD), supporting Windows 7 and Windows 10, is currently at the preview stage, with "general availability" expected in the second half of this year. The WVD service promises a truer Windows virtual desktop experience for organizations, allowing them to remotely access hosted applications. As with Microsoft's older Remote Desktop Services (RDS), based on Windows Server, Microsoft will rely on its partner community to support the service.
One of those partners is Chicago-based Nerdio, a provider of IT automation solutions for managed service providers (MSPs). Nerdio has been involved with desktop virtualization for more than 10 years, including the days of Windows Server 2003 and Terminal Services. Later, Nerdio supported RDS and Virtual Desktop, creating an automation platform for MSPs and other channel partners. When Microsoft rolled out a preview of its "Remote Desktop Modern Infrastructure" (RDmi) service, the early name of Windows Virtual Desktop, Nerdio was involved, providing beta testing and product suggestions while also updating its automation platform.
In April, I asked a few questions about the WVD service with Vadim Vladimirskiy, CEO at Nerdio. According to Vladimirskiy, with WVD, Microsoft has largely removed past licensing and technical obstacles, enabling service providers and partners to deliver virtual desktop technology at scale. In the following Q&A, he offers nuances about when organizations might use the service, along with information about its requirements and cost structure.
Were there licensing or technical obstacles in getting to WVD?
Vladimirskiy: There are multiple challenges that WVD resolves. One of them is the licensing challenge for cloud-hosted virtual desktops. There was no easy way of licensing the Windows desktop operating system, so for Windows 7, Windows 8 and Windows 10, Microsoft for the longest time did not allow service providers to use those operating systems in a multitenant hosting environment, including Azure, for some time. So people were forced to use the server operating system with the "desktop experience" that makes it look like a Windows 10 desktop, but under the hood it was a Windows Server virtual machine. So, with Windows 10 Enterprise and now WVD, they've lifted that licensing restriction.
They've also introduced a brand-new version of the Windows 10 Enterprise operating system that allows multiple users to connect to the same virtual machine and have a virtual session. It conceptually works just like RDS does on the server operating system, but it does so on the Windows 10 operating system. You can now have a user using a local desktop, which is Windows 10, and they can log into a virtual desktop, which is also going to be Windows 10. Their experience is going to be identical from one device to another.
Is RDS still relevant, and will it be available, given that Windows Virtual Desktop has emerged?
The answer is, "Yes." RDS is still going to be available on Windows Server 2016 and now Windows Server 2019. And it's actually possible to even use RDS with WVD services. However, I think that the situations and use cases where RDS and a server operating system is going to make sense are going to be very few and the majority of deployments for virtual desktops are going to use Windows 10 because they are just better suited for an end user type of experience.
Why might an organization use RDS instead of WVD?
There are a couple of things that are still unique to RDS. If somebody wants to deploy virtual desktops on-premises, WVD is not an option for them because it's an Azure-only offering. So, if you are doing it on-premises or someone is doing it as a hybrid deployment where some is on-prem and some is in the cloud, they're going to have to use RDS.
But what's really interesting is that if you think about the most common type of application that people use on the virtual desktop, it's obviously Office. And Microsoft actually dropped support for Office ProPlus, which is the one that comes with Office 365 subscriptions, on Windows Server 2019. Any future versions of the Windows Server operating system actually are not going to support the Office 365 version of the Office suite, which is again going to push many more virtual desktop deployments to WVD, because Office ProPlus is such a critical component of a virtual desktop environment. Therefore, the most common deployment will be in Azure with WVD.
"The role of partners really doesn't change much in the WVD world as compared with the RDS world. If anything, it's an exciting technology that's going to make the end user experience better."
Vadim Vladimirskiy, CEO, Nerdio
Microsoft has said that there's no limit to the number of end users supported per virtual machine when using Windows 10 Enterprise Multisession, the OS used with WVD. How does that work, practically speaking?
It's only limited by the amount of infrastructure backing the virtual machine. So, imagine you create a virtual machine that has two CPUs and 8 Gigs of RAM, and you're going to install the Windows 10 Enterprise Multisession on it. You can probably connect a handful of users to it until the performance starts to get really bad because it's a small VM. But because Azure is so flexible, you can then go in and increase this virtual machine from two CPUs and 8 Gigs of RAM to 32 CPUs and 256 Gigs of RAM. Now you are able to have many more users connected to that same virtual machine and you really only had to click a button to change the size of that VM. So, in theory, there is no limit to the number of users you can have on a single VM, but obviously you are going to want to load-balance and spread users out across several virtual machines running Windows 10 Enterprise Multisession. Conceptually, though, there isn't a hard limit on how many sessions a particular VM can handle, if it has enough resources.
Microsoft has indicated that using Windows 7 with the WVD service is single-session only. So each individual has to connect to one virtual machine?
Exactly, then it becomes a one-to-one assignment of users to desktops.
Does that one-to-one Windows 7 connection requirement for WVD entail greater costs?
Microsoft doesn't charge for WVD services outside of a Windows 10 subscription. So, if somebody has a Windows 10 subscription, for example as part of a Microsoft 365 E3, they are entitled to use WVD and there is no additional charge for those services. When you are using Windows 10 multisession, you can assign multiple people to the same VM, which means there's less infrastructure that's needed if averaged out on a per-user basis. But if you are using Windows 7, then you are assigning a VM to each and every user and there is a lot more infrastructure that you are using. Ultimately, the bulk of the cost of using Windows 7 virtual desktops is going to come from the Azure infrastructure that's needed to run those VMs, as opposed to Window 10 Enterprise Multisession where you can put multiple users on the same VM.
To use Windows 7 with the WVD service, does an organization need to use its downgrade rights with Windows 10 Enterprise Multisession?
Exactly, you purchase a Windows 10 license through a subscription and that gives you those downgrade rights or whatever the newest term that Microsoft uses.
Early talk around VDI was that storage was a big issue. Microsoft said that organizations can use their Reserved Instances Azure virtual machine option to save on storage costs. How do the Azure compute, storage and networking costs break down when using the WVD service?
We actually did a cost breakdown that you can find on our blog. There is the licensing piece that's going to be covered with a Windows subscription that's either standalone or part of the Microsoft 365 license. Then there is the WVD management service, which is something that Microsoft runs for the customer and the partner, and there is not an additional charge for it. And what you're left with is the infrastructure, the compute, storage and networking to run the actual desktop VMs themselves.
In the existing RDS world, you either had to give each user a dedicated VM, in which case the amount of infrastructure per user -- the storage and compute and memory -- was pretty expensive. Or, you had to use the multisession capability and place multiple users on the same VM. With WVD, you now also have the capability that Microsoft calls "pooled desktops" or "personal desktops." Pooled desktops is when you have multiple users on the same virtual machine. Personal desktops is when users connect one-to-one (one user per desktop VM). As an example, a Windows 7 deployment would be a personal desktop scenario. From an infrastructure perspective, if you are going to be using pooled desktops, you can really drive up the density of how many users can connect to a single VM, and by doing so, the cost per user goes down dramatically. You may end up in a scenario where your Azure virtual desktop deployment is far less expensive than an on-premises option.
Nerdio has created a Cost Estimator for our partners that lets them go in and model the different scenarios: how many users, how many CPU cores per user you're going to need, what kind of storage each user will have. You can plug in a few of these details, and it will calculate for you what those compute and infrastructure costs are going to look like. And there is also the Azure calculator, which is available through the Microsoft Web site and can also help you do some of that modeling. Besides the licensing, the Azure compute is the single biggest component of cost with WVD.
Our Nerdio for Azure Cost Estimator is really targeted for MSPs and partners to plug in business-level information, and it does the architecture and the costing for Azure on their behalf. So they don't need to be Azure experts. They just fill out how many users, how much total storage, what kind of discounts they get from Microsoft, and it actually builds out an environment for them and tells them their cost per user is going to be X dollars per month.
An organization that purely uses the Azure Active Directory service for its client devices can't use the WVD service, right?
That is correct.
What are the Active Directory requirements for using the WVD service?
We just finished writing an article on this topic. Azure Active Directory, despite the name sounding very similar to Active Directory, is a pure cloud directory service from Microsoft. Both Azure Active Directory (AAD) and Active Directory Domain Services (ADDS) are required for WVD. The Azure Active Directory is where the user accounts reside. When someone logs in with their user name and password, that information lives in Azure AD. However, the desktop virtual machine that is part of that user's environment that they are logging into must be domain-joined, and Azure AD does not support domain services, which means it must be joined to an ADDS.
There are two types of ADDS. There is ADDS, which is the traditional one that everyone knows well. It runs on a Windows Server computer, either in the office or in the cloud -- it's an Active Directory Domain Services role on Windows Server. And having something like that in your Azure subscription running Active Directory would be sufficient for WVD to function. The other option is called "Azure ADDS," which is a service that Microsoft offers that allows you to replicate your on-premises ADDS into Azure ADDS, and that could also be used for WVD.
One of the things that Nerdio does is automate the process of taking an on-premises Active Directory and seamlessly extending it into an Azure environment, making that traditional ADDS available in Azure so that other machines, like the virtual desktops, can join into that hybrid ADDS.
Will IT pros using WVD be disburdened to some degree? They still have to create and manage images, right?
They should be disburdened from a lot of things, specifically if you compare it to an RDS environment. With RDS, you have the "control plane" or the management services -- what actually decides which user goes where. When someone connects and types in their password, the service that decides which desktop VM to pass that connection through to is the Control Plane or Connection Broker. The control plane in RDS is something that IT pros must build, install and manage themselves.
With WVD, the control plane is now part of the Microsoft service that's included with the Windows 10 license. It's hosted in Azure, it's managed by Microsoft, and IT pros just have to know the API and the PowerShell commands to be able to manipulate and control it. There will eventually also be a user interface for it in the Azure portal. They still have to manage the desktop VMs and the images, install software, patch Windows and update Office, and do all of those regular things on the virtual desktop side, but they no longer have to worry about the control plane because the control plane will now be hosted and managed by Microsoft.
Microsoft has described a reverse-connect functionality that's associated with the WVD service. What's that?
With RDS, in order to allow a user to connect into a virtual desktop, you must open ports on the firewall to allow the connections to come from the outside in. With WVD, there's no firewall port that needs to be opened. There's almost nothing to do on the networking side. All you do is install an agent on the VM desktop. That agent reaches out to the WVD service that's managed by Microsoft and registers with that service. Then any user who's entitled to that desktop after they log into the WVD service gets passed through this reverse-connect connection. Instead of having to open an inbound firewall port, this agent on the machine is keeping the connection open and WVD passes this user through.
Can any app be used with the WVD service?
I think the rule of thumb would be that any application that can run in Windows 10 on a physical device should run in a Windows Virtual Desktop environment.
"Any future versions of the Windows Server operating system actually are not going to support the Office 365 version of the Office suite, which is again going to push many more virtual desktop deployments to WVD."
Vadim Vladimirskiy, CEO, Nerdio
How does FSLogix's technology fit with the WVD service? Does it permit roaming profiles to work, as well as OneDrive storage, and were those limitations before?
Yep, that's exactly right. At the simplest level, FSLogix is a profile-management solution, an alternative to roaming profiles and user profile disks. Why do you need roaming profiles? Because when users log into a different desktop VM every day, their desktop and icons and configuration need to be the same -- they don't want to reconfigure their computer every day.
There are all kinds of solutions out there, and FSLogix encapsulates the user profile into a virtual disk file, and puts that file on a file server in the cloud in Azure. When the user logs in, regardless of what VM they are logging into, that virtual disk file gets attached and makes it appear to the operating system as if the user's profile is right there on the C drive. By doing it that way, they're now allowing for things like OneDrive synchronization, which did not work with roaming profiles or user profile disks. They're allowing for indexed search, so when you go to Outlook and you type in something, it's searching it really quickly because of indexing -- that wasn't possible with RDS and user profile disks, and now it's possible through FSLogix.
How will the partner community be affected by the WVD service offering?
The common misconception we hear from people regarding WVD is they think that it's an offer that you can go to Microsoft and buy, which is really not the case. WVD is a set of technologies that Microsoft has made available to both IT pros and partners to deploy virtual desktops in Azure with a great user experience for their customers. You can't go to Azure and buy five virtual desktops. What you can do is go to Azure, get an image for Windows 10 Multisession, sign up for the WVD management service, put it all together, manage it and then resell it to your customer.
The role of partners really doesn't change much in the WVD world as compared with the RDS world. If anything, it's an exciting technology that's going to make the end user experience better, which I think means that there will be more end users and more customers out there who are going to start taking advantage of virtual desktops because of all of the limitations that have now been removed by Microsoft. I think the demand and the market for virtual desktops is bound to explode, and now the partner's role is going to be servicing those end customers on their virtual desktops running in Azure.
Nerdio is an ISV [independent software vendor] and our automation software, Nerdio for Azure, helps MSPs automatically deploy and manage a complete Azure environment, including Windows Virtual Desktop, fully automatically. Normally, if you wanted to deploy WVD, you have to read documentation. You have to use the API and PowerShell. You have to spend hours standing up an environment in Azure. And Nerdio actually does this for you automatically -- no engineering involvement. It's just a couple of clicks. Once this environment is provisioned, there is a single-pane-of-glass management platform where you can go in and manage every customer across every IT component they have -- everything from users and desktops to servers and storage and e-mail, all in one place.
Another important component that makes our platform attractive is the autoscaling. We have an autoscaling technology that takes the Azure infrastructure and right-sizes it based on the user demand. As the user demand during the day grows, the infrastructure will automatically grow and get more expensive. As users start logging off the system, the infrastructure will automatically shrink, making Azure an affordable way of running virtual desktops and IT infrastructure in general.
None of those things are really affected by WVD because WVD is just a new set of technologies to create better virtual desktops in Azure. And Nerdio's technology enables that to be done in the most efficient, simplified and automated way possible.
You asked the question about how does someone know how much it's going to cost, how is it actually deployed and how much infrastructure is needed -- all of those things are really what Nerdio is about. We're all about building software that helps people answer those questions without being Azure experts.
Lastly, what are the main considerations for using WVD that should IT pros should consider?
No. 1, they need to have a subscription to Windows 10 Enterprise, and that's from a licensing perspective.
No. 2, they need an Azure Active Directory tenant, which is generally the same as their Office 365 tenant, so they already have that in most cases.
No. 3, they need an Active Directory Domain Services deployment. It can be one running in Azure or it can be one running on-premises.
No. 4, they need an Azure subscription, which is where they are actually deploying all of these resources -- all of the storage and the VMs and the networking is going to go into an Azure subscription.
And No. 5, they need a file server. The file server is necessary for the FSLogix's profiles to work because they get redirected to a file server.