How Not To Lose Your A$$ When Deploying Windows Virtual Desktop

Hello my friends.  It’s now July, and Microsoft continues to lurch ever closer to a full, generally available, release of Windows Virtual Desktop in this back half of the year.  Lots of MSPs and hosters are extremely interested in it, with great uptake in the public preview, because ostensibly WVD is a lower cost way to deploy session-based desktops in the public cloud.  But is it really?  In my opinion, Windows Virtual Desktop is only affordable if you are extremely cautious about any extra Azure services you choose to deploy with it.  And, in all cases, stay the hell away from WVD overlays like Citrix Managed Desktop… unless you are an unrepentant spendthrift with money to burn! Let’s dive a little deeper and see why:

Why WVD Is Potentially Cheaper Than Hosting Regular Remote Desktop Services In Azure

In classic RDS deployments inside Azure, you need to allocate additional virtual machine resources to host the supporting Remote Desktop roles (such as the Remote Desktop Gateway server, the Connection Broker, RD Web Access, and Licensing). In some non-highly available deployment scenarios, it’s possible to combine some of these roles onto a single VM but, no matter how you slice it, you will be paying monthly compute costs for these additional VMs.

In Windows Virtual Desktop, Microsoft handles all of the infrastructure roles (Gateway, Broker, Web Access, etc) for you, encapsulating them into highly available Azure PaaS services that serve your tenants alongside all others. This theoretically saves you money, because you are now only paying for the compute costs associated with the session host VMs (e.g. Windows Server or Windows 10 Multisession), plus your RDS CAL or Windows/Office 365 licensing that allows access to the service..

Why WVD Is Not Necessarily Cheaper Than Hosting Classic RDS in Azure

Put simply, what you save by avoiding the compute costs associated with VMs running infrastructure roles, you can easily add back by deploying other “recommended” Azure services.

Hidden Azure Service Costs

For example:

  • Starting an Azure Security Center subscription for Just-In-Time VM Access (approximately $15 per VM per month)
  • Deploying Azure Log Analytics and Azure Monitor to do performance and health monitoring (variable pricing based on data volumes and logs monitored but easily $5 or more per VM per month)
  • Using Azure Active Directory Premium P1 or P2 OR the Enterprise Mobility Suite to provide multi-factor authentication, identity and access management, etc (approximately $3 to $9 per user extra per month)
Extra VMs Needed For Geographically Diverse Clients

There are other factors to consider as well.  As discussed in my blog article, Windows Virtual Desktop does not currently support dual transport protocols for RDP – it is TCP only.  This makes distance between WVD clients and the WVD host pool in a specific Azure region highly relevant.  As I’ve written about at length, one of the greatest improvements ever made to the Remote Desktop Protocol was when Microsoft joined UDP with TCP for more responsive transfer of data, video streams, etc over lossy networks or higher latency/longer distance network links.  If WVD did support UDP transport in RDP to clients, Azure region choice would become less relevant because of the ability of UDP to adapt to those higher latencies caused by geographic distance.

What does this mean?  It means a greater likelihood of an MSP or hoster needing to establish multiple WVD host pools, in different Azure data centers, to serve the needs of geographically disparate clients/companies with worldwide offices.  True, the WVD internals may be able to use intelligent routing via Azure Traffic Manager, especially as Microsoft builds out the WVD control plane into all Azure regions but, until UDP dual transport is added back IMO, performance will suffer.  More host pools equal more money spent on VM compute.

Extra VMs Needed for Validation Host Pools

Update cadences are much faster when you leverage the Windows 10 Multisession OS in your WVD host pools, as compared to server operating systems like 2012, 2016, and 2019.  This means that there is a greater likelihood that a Windows Update might break an existing deployed app.  Microsoft’s answer to this problem is to deploy a validation host pool, which is a special set of VMs that get the Windows 10 updates applied to them first.  These effectively become the “canary in the coal mine”, to alert you to application incompatibilities post update- before all of your users call you up to air their grievances.  However, an additional host pool of VMs is an additional cost to you.

Deploy Citrix Managed Desktop For WVD If You Really Want To Hemorrhage Money Fast

Say No To Citrix Managed Desktop
Want to Lose Money? Deploy Citrix Managed Desktop.

As mentioned in my article on the subject, Citrix Managed Desktop adds another $21 per user per month on top of your Windows Virtual Desktop costs.  That’s an insane level of extra overhead for an MSP, hoster, or SMB company to bear.  Frankly, there’s no need for it- especially if you are smart about what third-party software and services you choose to add to your WVD deployment.  Which leads me to…

Smart Ways To Keep Your WVD Deployment Within Budget

Here are some tips and tricks that you can use to keep WVD costs to the bare minimum, as you host your apps and desktops.

Managing Windows Virtual Desktop On a Budget

The web interface and PowerShell cmdlets for managing WVD are extremely basic and rather feature limited.  On top of that, attempting to monitor WVD by building your own queries with Azure Monitor and Azure Log Analytics gets expensive fast- especially when you factor in staff time to design everything.

Instead, you can publish our Remote Desktop Commander Client as a RemoteApp within one of your WVD host pools, and instantly have a robust management platform for WVD– including shadowing and remote support.  Or, if you don’t want to leverage RemoteApp, you can elect to deploy the new Azure Bastion service– which gives you secure access to all of the WVD VMs in your host pools, and connect to a VM with our Remote Desktop Commander Client installed.  Azure Bastion only costs a flat $68 per month plus data transfer, regardless of how many VMs you need to access from it, and our Remote Desktop Commander Client is free, with optional enhancements via Premium Management Features.  This is certainly much cheaper than paying $15 per VM per month for Just-In-Time access to VMs via raw RDP.

Monitoring Windows Virtual Desktop On a Budget

Of course, if you need to actively monitor your Windows Virtual Desktop deployments, you can leverage our Remote Desktop Commander Suite solution, and pair it with an Azure SQL Database (for data collection and storage).  As opposed to paying hefty data ingestion rates (plus per performance counter and per log monitoring costs via Azure Monitor and Azure Log Analytics), you can rapidly deploy our solution that: a.) already knows what items to monitor out of the box, b.) can monitor performance much more granularly than Azure Monitor, c.) has a built in reporting engine with scheduler, and d.) is priced at a flat $9.99 per WVD VM per month, with volume discounts.  Azure SQL costs for most deployments typically only run $30 to $60 per month, with up to 250 GBs of storage provided.  This is a much more economical way to monitor your infrastructure.  Moreover, if you’re a hoster/MSP/CSP, we offer a special multi-tenant version of our solution that allows you to keep tabs on all of your WVD deployments from a single access point.

Remote Desktop Commander Core Architecture
Remote Desktop Commander Core Deployments Allow You To Centrally Monitor and Report On Multi-Tenant Environments (e.g. MSP Private Clouds and WVD in Azure)
Consider Running Classic RDS in Azure Instead of WVD

Even with the launch of WVD, you can still deploy traditional RDS inside Windows Azure using Server 2012, 2016, or 2019; including the ability to run Office 365 on those server operating systems.  Doing so gives you complete control over the RDS architecture, and allows you to utilize RDP with UDP and TCP to provide a better experience to geographically diverse clients.

Partner With an Azure Expert

The sheer number of Azure services and pricing I covered in this article probably has left you feeling dizzy.  Given the speed at which new Azure services are offered, one of the smartest things you can do is to partner with an Azure services expert like MyCloudIT.

The folks at MyCloudIT constantly stay on top of the different Azure service offerings, and are experts at provisioning only the services you need.  They work hard to keep you within budget and on top of Azure service costs.  They’re also experts at deploying our Remote Desktop Commander Suite solution into RDS and WVD deployments, which they’ve already done for a number of their “RDS in Azure” clients.  Partnering with them is a much smarter option than going with an WVD overlay like Citrix Managed Desktop- at a fraction of the cost.

If you’ll be attending Microsoft Inpire next week, come visit them at Booth 3106 to see both their approach to hosting Remote Desktop Services in Azure AND how our Remote Desktop Commander Suite enhances their management and monitoring offerings. And please tell them Andy from RDPSoft sent you!