What does it entail, what does it bring and how much does it cost to operate an AVD? We offer pros and cons based on our experience

What is the essence of AVD? 

AVD is based on RDP protocol (Remote Desktop Protocol). Things you know from RDP farms are hidden in this case and consumed as PaaS. 

Infrastructurethat makes up the AVD is essentially simple: 

• networking (VNET, VPN gateway, ExpressRoute, private endpoints for storage account) 
• hostpools, application groups and other AVD resources 
• virtual machines (AVD guests)  
• storage for profiles 
• image and various installation resources, etc. 
• identity source, for example EntraID 
• monitoring, probably most often Azure Monitor 
• automation in the form of Terraform and CI/CD 

Of course, you can omit some of the items. However, based on our own experience with AVD, we do not recommend it. 

AVD infrastructure (Source: Microsoft)

If you wanted (or had to), you could have AVD directly on your "iron". However, you will unfortunately lose some of the benefits I will describe below. (If you are interested in this topic, visit Azure Virtual Desktop on Azure Stack HCI.) 

Comparing AVD with on-premise 

In your own datacenter, you would probably run Citrix, RDP farm or Horizon. The architecture of these systems is quite similar: gateway, landing portal, connection broker, and the guests themselves, or the profile repository.  

These components usually run on the same HW or VM. AVD has them too. The difference is that they are you don't have to worry. You don't deal with their HA, backups or getting them closer to the user. You only care about the minimum of their configuration and the configuration and image of the guests.  

If you don't need special programs and just use Office, you don't have to worry about the image of your guests. Microsoft will supply it for you. Which of course implies saving money or administrators' time.  

The division of responsibilities is nicely described by the responsibility matrix. (Source: Microsoft) 

AVD components, i.e. the part you manage, can deploy worldwide. The part that Microsoft is in charge of, mainly Gateway, is distributed worldwide automatically. Microsoft calls them Points of Presence. 

We call it geographical freedom. In our experience, this is a huge advantage of AVD, or cloud, over on-premise. Let's demonstrate it with an example. 

The customer needed to securely distribute their applications and data to their users. The problem was that each branch had approximately 20 users and it was neither convenient nor cheap to set up their own data centre in each location. The customer therefore solved the situation by AVD has built a hostpool for each locationwhich was automated by Terraform. 

You can quickly (or more quickly withDevOps) deploy virtually anywhere. You pay only for what you consume. Nothing prevents you from dynamic growth. 

Other (dis)advantages 

What are the other benefits of AVD? 

• Part of M365
  The biggest advantage of AVD over Citrix or even Horizon is that the AVD license is part of the most common M365 licenses - E, F, A and even Business premium. Most larger companies can use AVD straight away and pay only for computing power and data. 
  
  (As usual with Microsoft, there's a catch: users must access AVD from a licensed Windows device, such as an OEM Windows 11 PC. Product page.)
  
• Windows 10/11 multi-session 
  The great advantage of AVD is the possibility of Windows 10/11 multi-session usagethat eliminate the need for Windows server CALs. 
  
• Extended extended security updates 
  Extended security updates are extended by one yearwhich applies to Azure itself. 
  
• Any terminal devices 
  A huge advantage for users is that they can use almost any terminal devices. Windows, MacOS, Android and Linux are of course available. Alternatively, you can use a browser with HTML5 support. 
  
• Flexibility of use 
  You can operate AVD only when you need it. For example, if you need to temporarily allow a large number of users into your environment on a one-off basis, you simply pay only for the resources you use. 

For some, AVD has its own Disadvantages - some applications are simply not suitable to run in the cloud. These are usually older "fat client" applications that connect directly to the database and are very latency-prone. 

How much does an AVD cost? 

Finally, we come to the most important thing for many - and that is the cost of AVD. As I mentioned above, the cost of AVD consists mainly of the cost of: 

• license,  
• computing power,  
• storage,  
• networks,  
• possibly to the source of the identities.  

The total price depends on the number of users, the type of workload and the number of concurrent sessions. 

For the least demanding users, we can get to an amount of about 10 euros per month. But if users require high performance and a graphics card, there's no problem moving around 100 euros per month for the user.  

Neither amount includes the cost of the license to use the AVD. On the contrary, these prices reflect Azure savings plan a Azure reserved instances. Find out more about them in this Cloud Encyclopedia article. 

The final price also includes the cost of maintenance or construction of the environment. AVD is not a maintenance-free environment - you almost always have to take care of the image and possibly solve user problems.  

Another accounting entry may be farm expansion (or complete construction) to the other region if necessary DR (which, fortunately, can be mitigated by using automation).  

The last item on the final AVG bill is monitoringwithout which you could hardly support the environment. The total cost is about 10-15 %. 

AVD Licensing 

You can license AVDs in basically two ways. 

1. Retrieved from M365 licence (E3, E5, A3, A5, F3, Business Premium, Student Use Benefit), Windows Enterprise E3 or E5, Windows Education A3 or A5, or AVD licence. Plus you need to have a licensed endpoint, as mentioned above. You can also use RDS CAL with SA for Windows server or RDS subscription licenses (but this method is only suitable for users who are part of your company - employees, suppliers, etc.). 

2. Take advantage of the so-called. per-user access model, if applicable SAL for Windows server(This model is for when you want to resell AVD as SaaS. It makes a difference whether you publish an app or a desktop to the user.) 

Automation options 

There are several things that can be considered automation. From very basic pseudo-automation in the form of Session host updatewhich should soon be globally available, through pre-made scripts for various tasks to full automation using DevOps (Azure DevOps, Github, etc.) and infrastructure definition in Terraform or Bicep.  

This last solution is ideal for most of our customers as they can benefit from modularity and repeatability. 

Session host update 

Session host update allows you to edit all guests in a guest pool using a common configuration. However, you must have a guest pool created as host pool with a session host configuration. The downside is that you can't achieve failsafe mode this way, but that may not matter in some deployments. 

Scripting 

By scripting you can achieve failover, but it is a rather old-school and unnecessarily laborious solution. In addition, whoever makes the changes must have all the necessary permissions. However, this solution will also find its use. 

DevOps 

And the kicker at the end: automation with Terraform or Bicep, or better yet, with DevOps. When set up properly, it is a fail-safe and easily repeatable solution, which is exactly what we usually want.  

The whole infrastructure is described by Terraform and deployment is done by CI/CD. Of course, you can also automate the release management of the operating system. The endpoint team prepares the image and deploys it once a month. In addition, we can also play with A-B testing - there are no limits to the imagination.  

Are you considering Azure Virtual Desktop and this article didn't help you decide? Write to us - we will be happy to advise you on the next steps.