Sign in Subscribe
Azure Virtual Desktop

Rethinking AVD Backups: Are You Paying to Protect Disposable VMs?

Stop wasting money backing up disposable session hosts. Here's why.

Rethinking AVD Backups: Are You Paying to Protect Disposable VMs?
Blog Table of Contents

Table of Contents

In Summary - TL;DR

  • Trusted Launch VMs now support Standard Azure Backup policies via CLI/PowerShell, reducing backup costs for Azure VMs.
  • AVD session hosts are disposable by design and architecture should be designed to redeploy hosts by golden images rather than backed up.
  • User profiles and data belong outside of session hosts, think FSLogix, OneDrive and SharePoint.
  • Avoiding backing up session hosts cuts Azure Backup charges, making AVD more cost-effective and easier to justify.

Introduction

Backup strategy is often overlooked when deploying Azure Virtual Desktop, especially for session hosts. But with the recent changes to Azure Backup support for Trusted Launch VMs, now is a good time to reassess whether you're paying to protect workloads that were never meant to be permanent.

Microsoft recently announced that Trusted Launch VMs can now use Standard Azure Backup policies when configured via CLI or PowerShell. This is a welcome change, particularly as Enhanced policies come at a higher cost and were previously the only option for Trusted Launch VMs.

This blog post explores what's changed, why it matters for AVD design and whether backing up your session hosts is even necessary.

Let's get into it! 🔍

What's New with Azure Backup & Trusted Launch

Microsoft has quietly lifted a frustrating limitation. Trusted Launch VMs no longer require Enhanced backup policies. Standard Backup policies can now be used to backup Trusted Launch VMs!

💡
However, there is a catch! If you plan to use Standard Azure Backup policies for Trusted Launch VMs; you're going to need to use Azure CLI or PowerShell. It's not available in the GUI presently.

In my opinion, this is a smart move from Microsoft. Enhanced policies are great for higher-end workloads but they have an increased cost. For AVD session hosts, which are disposable, that extra spend rarely makes sense.

Thinking more broadly within the Azure space, this change gives your organisation and customers a cheaper, more flexible backup option for Trusted Launch VMs. It's not yet available in all regions, and requires scripting/CLI; but for cost-conscious architects, this opens the door to more efficient designs.

Note: If you've already enabled Trusted Launch on a VM using Enhanced backup, you can't roll back from Standard. BUT - you can now migrate from Standard to Enhanced policies natively within the Azure portal.

Cost - Standard vs Enhanced Backup Policies

When comparing Standard and Enhanced backup policies, the price gap is smaller than many expect!

A Standard policy for a single 128 GiB server with a retention period of 7 days, 4 weeks, 12 months and 1 year lands at approx. £14 per month. Switching that same workload to an Enhanced policies increases the cost to around £19 per month (Based on UK South pricing at the time of writing).

If you implement more frequent backups, for example one every four hours; the Enhanced policy only increases by a few pence!

For genuinely critical workloads, the uplift is modest between Standard and Enhanced backup policies. The cost increase is also insignificant to the cost of downtime, data loss, or a ransomware demand.

🔑
The key is deciding whether the workload actually justifies that higher level of protection. For AVD session hosts, the answer is usually no.

Session Hosts Are Disposable: AVD by Design

In a well-architected AVD environment, session hosts are not meant to be permanent. The design should support repeatable, scalable and rapid redeployment of hosts from usually a golden image. This is faster, more predictable and more cost-efficient than restoring from a backup.

Why Backups For Session Hosts Rarely Make Sense

  • AVD hosts can be redeployed quickly from a golden image.
  • Application deployment methods mean new hosts are ready for use without manual reconfiguration.
  • The principle of disposable hosts has been a best practice since on-premises RDS and Citrix days, continuing into modern cloud VDI.
💡
Use MSIX App Attach, Intune or Pre-Installed Apps within the golden image to support this approach!

Profiles and Data Should Never Reside On Session Hosts

  • FSLogix profile containers ensure user settings and preferences roam across hosts.
  • OneDrive and SharePoint Online store user and company data in online, cloud-based solutions.
  • Data separation ensures that losing a session host has zero impact on business continuity.

When Backups Do Make Sense

  • Application data that supports AVD should be hosted on dedicated application servers or services.
  • If hosted on servers, these servers are prime examples for backup, as they contain persistent data or configurations not stored elsewhere.

Backing up disposable session hosts not only adds unnecessary cost but also diverts budget away from protecting workloads that truly matter.

Why Not Backing Up Session Hosts Supports AVD Cost Justification

With AVD session hosts not requiring a backup, this simplifies budgeting and lowers ongoing OpEx (Operational Expenditure, read ongoing IT costs).

When evaluating AVD for your organisation or your customers, the cost per user is often the key justification metric. So much so, that I have previously suggested whether AVD should be considered as an employment cost...

By not backing up session hosts, organisations avoid ongoing charges for Azure Backup services, which keeps the AVD environment cost to a minimum. Music to the Finance departments ears.

Imagine a 30-user AVD, across 3 servers at 128 GiB each, you'd be saving approx. £540 a year; for just architecting correctly!

Backup Priorities in AVD

  • Session Hosts: Designed to be disposable. Backups are rarely justified given the speed and predictability of redeployment from golden images. Backing these hosts adds unnecessary cost and management overhead.
  • User Profiles and Data: Profiles should roam via FSLogix containers. User data should live in OneDrive, SharePoint Online, or other cloud storage, all of which have their own robust backup and recovery mechanisms.
  • Application Data and Configuration: Persistent application data and critical configurations should reside on dedicated application servers or managed services. These are the appropriate backup targets in an AVD environment.
  • Cost Impact: Backing up disposable VMs wastes budget that could be better allocated toward other services e.g. cybersecurity.

Final Thoughts

Azure Virtual Desktop changes how your customers approach virtual desktop infrastructure and associated costs. Whilst Trusted Launch backup policy improvements are welcome, the biggest wins come from understanding what not to backup.

AVD hosts should be viewed as disposable components of a resilient infrastructure. Rebuilt quickly using golden images rather than restored from backups, with profiles and data separate to reduce reliance on session hosts.

Backing up every session host may be the safest-sounding option, but it’s rarely the smartest.

Read next

Comments ()