Replace RDS server with mass Windows 11

[ensojel]

Hi,

Because of some data security requirements from customers and local policies, my company is hosting RDS servers at Azure and has all their users open remote desktop connections to work. We have recently acquired a new company that is now using AWS Workspaces.
These two environments are very expensive (more than 100k euro / year just to grant remote desktop for our ~100 users).
I was thinking about replacing everything with a dedicated server running a RDS servers.
But after some more thoughts, I figured that I could save performance and reduce complexity by simply running 100 Windows pro VMs on a Proxmox instance. The VM configuration would be centralized with EntraID. The price of the Windows pro license would anyways be close to the price of the RDS CALs and I would not even have to install a Windows Server...

Do any of you ever did something like that or is that idea completely delusional?

 

[FrankList80]

Hi, VDI is a very "special beast". There is a reason Citrix and the RDS "fronts" exist i would assume. Some questions come to my mind:

• Do you have the bandwidth if hosted OnPrem?
• How does 100 full-fletched VMs react when taliking to Azure-AD?
• What happens when all want to fetch an Update? (I remember local Windows-Update Servers)
• 100 WIndows-VMs need (even when idling) some "serious" Hardware, especially when all used during Office-Hours
• GPu Support?
• How big is your OPS team for these VDIs?
• Security: What about MFA? Can Entra-ID do this?

TLDR: 300K for 100 FTE in 3 years is money. Indeed. Nonetheless Special Vendors exist there for a reason i fear. This is my experience. Let the license not fool you.

Way Forward: IF (big IF) you have the "appetite" (aka Management Backing) for a C H A N G E (big word i know), you could try to find different user Groups and server them differently e.g. with a Guacamole Front (did this for SME) - but also here: Load Balancing.

If you -could- identify e.g. a Webmail/Office-Online user group you could serve them with KASM (not affiliated), so you might get less than 100 VDI users. But again: appetite of the organisation for any change is key.

What P.S: Not affiliated: there is Virtual Cable from Spain, which might have a feasible alternative more towards a Linux kind of Solution.

 

[ensojel]

Hi Frank,

Thank you for all these insights, they will allow me to think this more thoroughly.
One thing I did not mention was that i would not host it in my own premises, but through a dedicated instance rented at a professional hosting company (OVH). There, I can get a machine with 144 threads, 512gb of RAM and 20tb of RAID storage for ~1k/month. My users won't be using apps that require a lot of performance, so I guessed that 1 thread per VM, and 2 for the bigger users would be enough. And if I figure it is not enough, I could split the load on two servers, and it would still be way cheaper than what we currently have (and I don't need GPU).
The guaranteed bandwidth at OVH is 1Gbps, but I can get up to 10Gbps if needed, but again, I think that 1Gbps is enough for 100 users that will anyways never be connected simultaneously.

Deployment and re-initialization of VMs could be semi-automated through unattend.xml files and proxmox CLI.

Anyways, these are just thoughts for now, I am just trying to find the best cost-optimized solution as I don't plan to move my users twice!

 

[ensojel]

About 2FA and securing the connection, I was thinking about running a small linux distro with Wireguard VPN. All the users would have to connect to the VPN to access the machines.

 

[cwt]

Deploying 100 VMs with a total of 144 threads available will be a painfully user experience. Windows itself will shred most of the single vCPU for nothing. And even if the users won‘t use any special software simple things like browsers or office suites will be terrible slow. That’s where RDS servers have their big advantage. Much horsepower which is always available up to the point where everyone is connected but it will scale much better then a single/dual vCPU VM. Yes, license costs are higher but it‘s a different story and architecture.
I personally would split such an environment in more than one single PVE. If it fails, nobody could connect. The same for one RDS server.

 

[guruevi]

Note the licensing does not change much. The retail licensing is not licensed for VDI/VDA use - you need to add on the VDA license to your Windows license which is about $150/year/VM in addition to your Windows and Azure O365 licenses. You end up with $15k/year + your Windows licenses + your O365 license for Active Directory CAL and you still need a server + SQL license + CALs for things like SCCM.

I have found out you always get to about the same price when you want to use the Microsoft ecosystem.

 

[ensojel]

Thank you guruevi for bringing that up, that is indeed disappointing :/

So I looked it up and indeed Windows 11 pro retail does not allow to be ran in a VM... but from what I could read online, if I buy Windows Server Datacenter edition, even if I don't install it, that would give me the right to run any Windows 11 retail on my servers. That adds a good 20k to my setup, but it is a one-time fee, so it is not that bad as I would still pay half the price of a cloud setup.

 

[guruevi]

Yes. A Windows Server Datacenter Edition for each node and for each 16 cores in that node. So depending on what you get, in my case 96 cores per node, I would still need 50+ server licenses in a cluster. You seem to want a 144 thread (72 cores) per node so 5 licenses per node (depending on how you retail).

There are n core SKU and then you need RDS CAL for each user or device. So I would say depending on the reseller, you have $15k/node/y and for 100FTE, you’d be at $12k/y depending on your retailer, again, don’t forget the SCCM + its SQL Server + CAL if you’re going to be managing 100 VMs. Each VM still needs a Windows 11 Enterprise license too ($15k/y). Also make sure you license any backup hosts or redundancy you will need and your O365/AAD license would be $25k/y.

Again, you’re not getting away from spending oodles of money with Microsoft. RDS and cloud VDI exists solely because of the negotiated low licensing costs, otherwise VDI with throwaway images on hardware would be so much easier. Microsoft Windows 11/2025 has been structured explicitly so that the licensing in Azure or on-premises will come out to be exactly the same, which means running your own hardware is just additional overhead which may or may not be beneficial depending on your storage and bandwidth needs.

If you like my company have an organizational license (fixed cost per FTE per month) we can trade in our Windows and SQL licenses for the equivalent in Azure credits (so I can get 16 cores per server license for “free” in Azure with their standard GB of storage per core or run it on-prem).

 

[EllerholdAG]

So I looked it up and indeed Windows 11 pro retail does not allow to be ran in a VM...

Are you sure? Do you have a link to the source please?

 

[floh8]

My suggestion is to use TS-Plus. A cheap full- featured Terminalserver - ontop of a windows client is also possible. Buy dedicaded hardware and install more than one TS-Plus server for HA and Loadbalancing. So u can save money for windows client licenses, win server licenses, access cals and rds cals.

 

[guruevi]

Note that licensing does not change anything regardless of the software you use. TS-Plus is just an add-on for RDS in that sense. Multi-user Windows client would still be considered a 'server' to Microsoft.

 

[floh8]

Note that licensing does not change anything regardless of the software you use. TS-Plus is just an add-on for RDS in that sense. Multi-user Windows client would still be considered a 'server' to Microsoft.

No. One can use it also on a windows 11.

 

[alexskysilk]

The price of the Windows pro license would anyways be close to the price of the RDS CALs and I would not even have to install a Windows Server...

As others pointed out, this isnt actually an option (at least not a valid one licensing-wise.) Its also a whole lot less efficient than a handful of terminal services hosts; I would pause here to discuss WHAT your clients use on their remote sessions; there may be more efficient/less costly ways to solve.

 

[guruevi]

No. One can use it also on a windows 11.

Yes, you can USE it on Windows 11, but you must still LICENSE that Windows 11 install as a Windows Server with RDS + CAL.

The EULA clearly states that any software that uses more than 2 simultaneous "sessions" must pay for RDS licenses, TS-Plus specifically modifies the registry and turns your WIndows install into a Windows RDS server which is only legal if you pay for the appropriate licenses. TS-Plus makes no claim that it is selling you a legitimate Windows Server RDS license, it quite clearly completely avoids that topic.

 

[floh8]

Yes, you can USE it on Windows 11, but you must still LICENSE that Windows 11 install as a Windows Server with RDS + CAL.

The EULA clearly states that any software that uses more than 2 simultaneous "sessions" must pay for RDS licenses, TS-Plus specifically modifies the registry and turns your WIndows install into a Windows RDS server which is only legal if you pay for the appropriate licenses. TS-Plus makes no claim that it is selling you a legitimate Windows Server RDS license, it quite clearly completely avoids that topic.

No, you are wrong. TS-Plus let one decide if one will use RDS or TS-Plus Software Code. As attachment yourself see the statement from TS-Plus to this topic.

 

[guruevi]

That’s a very carefully crafted letter and does not really address the issue: yes you are allowed to use TSPlus to connect to Windows.

No, you are not allowed to connect more than 1 user + 1 admin user to Windows client. The examples in the letter are large organizations that all have Windows Enterprise agreements, Windows Server and CAL for RDS, SQL etc is already included for all users in those agreements - that is where you want to spend $75/user/month+ and literally license any Microsoft product.

TS-Plus is basically Guacamole, just because you use Guacamole as a portal, doesn’t give you an unlimited RDS license, and RDS will not function after the (30?) day trial license period regardless of what portal you put in front of it.

Can you install Apache, LogMeIn on Windows client: yes, can you use it to connect multiple users to separate sessions: no, unless you have purchased the required licenses.

 

[cyruspy]

Hi,

Because of some data security requirements from customers and local policies, my company is hosting RDS servers at Azure and has all their users open remote desktop connections to work. We have recently acquired a new company that is now using AWS Workspaces.
These two environments are very expensive (more than 100k euro / year just to grant remote desktop for our ~100 users).
I was thinking about replacing everything with a dedicated server running a RDS servers.
But after some more thoughts, I figured that I could save performance and reduce complexity by simply running 100 Windows pro VMs on a Proxmox instance. The VM configuration would be centralized with EntraID. The price of the Windows pro license would anyways be close to the price of the RDS CALs and I would not even have to install a Windows Server...

Do any of you ever did something like that or is that idea completely delusional?

last time I checked, you were not allowed to virtualize Windows (non server) without paying VDA licenses