For Performance and Fun!
Author: Eric Vasbinder
Besides server-side applications, customers often have large numbers of client applications that are critical for their business. For example, Microsoft Office, Spreadsheet Server, Bluebeam, and the Vista client itself. The deployment model for these client side applications may vary greatly for customers, with some customers preferring to keep those applications installed and running on the workstations of each end user, while other customers would prefer to centrally manage and deploy those client side applications as either published applications or as part of a Virtual Desktop, using tools like Citrix or Microsoft AVD.
Initially, in our older, legacy Trimble ERP clouds, such as Viewpoint For Cloud (VFC) and Viewpoint Enterprise Cloud (VEC), we provided hosting of not just our own products, but third party products as well, including server side and client side applications. These client side applications would be hosted on our Trimble cloud, along with the Vista client itself, for convenience and performance as they would be in the same region as where Vista was hosted, keeping distance and latency low.
However, as we have moved into our latest ERP Cloud offering, Trimble Construction One (TC1), Trimble has determined that, with only one set of exceptions, we will no longer host third party applications in our cloud, both on the server and client side.
With our Vista Remote Link (VRL) connection method for the Vista client, customers can often use local workstations to host all client-side applications, including the Vista client app, SSMS, Microsoft Office, Acrobat and Bluebeam, etc. Unfortunately, in some circumstances, for performance reasons it is better to host the client side Vista application and certain third party client applications (e.g. Insight Spreadsheet Server), in the same datacenter region as Vista. In these circumstances, Trimble allows for some, limited client side applications to be hosted in our cloud AVD / RDP servers, improving performance. However, though that does provide better performance, there are sometimes usability and authentication complexities associated with the fact that our servers are not in the same AD domain.
Given all of the above, we have seen another option successfully used with those customers who have client side applications that need to integrate with cloud hosted Vista in a high performance way: customer managed AVD in the same Azure region.
Let's take a look at the two options for AVD / RDP to determine which is the best for your use case, comparing the two options for AVD / RDP: Customer Hosted and Trimble Hosted
There are some critical items to know when trying to determine where client side applications should be experienced. Specifically, one should know the architectural differences between a customer managed and hosted AVD implementation, vs. the offering from Trimble.
In this scenario, the customer sets up an Azure tenant of their own, assuming one does not already exist. Within this customer hosted tenant, the customer's IT team will set up an AVD instance with the appropriate session hosts. These session hosts are joined to the customer's actual Entra ID / Azure AD domain. This will enable the customer's end users to sign into the AVD / RDP Session using their own, familiar, on-premise AD credentials.
Within these customer managed session hosts, the customer's IT staff will install and maintain all client-side integrations. These include, but are not limited to, the Vista client application itself, Insight Spreadsheet Server, Adobe Acrobat, Blue beam, a web browser of the customer's choice, and Microsoft Office.
In this, alternate, deployment model, Trimble staff will set up an AVD/RDP session host for use by the customers and users. For security reasons, this session host may not be federated at the operating system level to the customers Azure AD / Entra ID domain. As such, in order for end users to log into sessions on Trimble managed RDP session hosts, those end-users will need to set up, track, and manage a separate set of Trimble specific domain credentials. These credentials can be managed through the Cascade portal: Cascade Portal: Adding and Importing Users
With this deployment model, customers will connect to their Trimble application servers using either:
VRL (Vista client only)
LAN connection method over an IPSEC VPN (Vista client only)
HTTPS
Direct ODBC (rare) over an IPSEC VPN or TLS Database Endpoint (TLS VPN)
Mostly used for third-party client-side applications such as SSMS, Crystal reports builder, or the SSRS reports builder
Due to these clients being physically hosted upon a session host in the same region as the Vista server, network latency should be less than 10 ms, ensuring acceptable performance.
With this deployment model, customers will connect to their Trimble application servers using either:
LAN connection method (Vista client only)
HTTPS
Direct ODBC (rare)
Mostly used for third-party client-side applications such as SSMS, Crystal reports builder, or the SSRS reports builder
Due to these clients being physically hosted upon a session host in the same resource group as the Vista server, network latency should be less than 10 ms, ensuring acceptable performance.
The primary use case for this, specific, deployment model is for customers to create a thin client experience for their end-users to be resistant to any low latency situations across their entire user base. The number of users in this deployment model could thus range from just a few up to hundreds of users.
An important item to keep in mind is that this deployment model will allow for any number of third-party client-side applications to be hosted on the same session host as the Trimble applications with no restrictions.
The primary use case for this deployment model is for a small number of customer end users who have significantly substandard network latency and connectivity to be able to efficiently use their Trimble client-side applications with appropriate performance. In normal scenarios, this might be anywhere from 3 to 5 satellite Internet users or remotely connected jobsites.
This method is intended to be a BACKUP for instances where customer managed AVD is not possible.
Please note, Trimble AVD may only be used for Trimble client-side applications, Adobe Acrobat, Microsoft Office, Insight Spreadsheet Server, and a web browser. It may not be used to host various client-side applications such as third-party estimating tools, third-party invoicing tools, and more.
No Extra Credentials
Since the AVD session hosts are in the customer's active directory domain, a separate set of credentials are not necessary for end-users to log into the session hosted self.
No Double Login
As mentioned above, since there is no separate set of domain credentials in this deployment model. The customer, once logged in for the day into their own workstation, should not be prompted yet again to sign into the session host.
Preserves same low latency / high performance
As the customer manage session hosts are in the same Azure region as the Trimble server, network latency should be kept to a minimum, thus ensuring high performance.
Can peer network
It is possible to join the session host network resource group in the customer's Azure tenant to the customer's existing cloud IaaS or on premise infrastructure
Can control updates
The customer's IT staff has complete control over rolling out client-side application updates, including updates for Insight Spreadsheet Server, Bluebeam, Microsoft Office, and more.
Can install any software you desire
There are no limits to the client-side software packages that may be installed in these AVD session hosts, as they are within your (the customer) management purview.
Can use either Vista VRL or Vista LAN (over VPN)
Any Vista client connection mechanism may be used, unlike the Trimble AVD instances where VRL is not an option.
No additional charge for OS and terminal server VMs
Additional charges do apply per each client side hosted application other than Trimble client-side apps that is to be installed
Out of the Box
Trimble session hosts for AVD may be provisioned during the pre-go live cloud testing process, eliminating the need for your IT staff to set up and manage AVD instances.
Additional costs
There will be additional costs to set up and AVD instance in the appropriate region, along with potential VM usage charges depending upon the deployment model of RDP that is chosen in Azure
Management Overhead
There will be management overhead necessary to manage, maintain, and control updates for the installed third-party applications.
Lack of update control
Customers will have no ability to manually install updates two client-side applications, and must depend upon Trimble staff availability, or coordination with third-party vendors to ensure that updates are applied
Cannot install most third party client software
For security and compliance reasons, Trimble does not allow for most third-party software packages to be installed on our AVD session hosts.
End users will have double logins
End users will need to authenticate twice to access their Vista client: once to access the Trimble AVD host and once to login to the actual Vista application.
End users will have a new, additional login
Due to the inability to federate at the OS level between our session hosts and a customer's active directory domain, it is necessary to set up each end-user who will be accessing our Trimble managed AVD session hosts with a new, additional active directory account in our Trimble domain.
Cannot peer network to customer network
For security and compliance reasons it is impossible for Trimble to use network peering to physically join a customer's network to our AVD session hosts in our cloud resource groups.
Cannot Use VRL
Only the LAN connection method is available for the Vista application in this deployment model
Based on the significant balance of advantages in favor of customer managed AVD instances, hosted in Azure, in the same data center region as the Vista server, we strongly recommend customer hosted and managed AVD instances. Thus, any customers with more than a few users with latency concerns should ideally set up their own, customer managed Azure AVD session host in the same region as Vista.
The following list is a high-level sketch of how a customer might implement their own managed AVD instance in the same Azure region as Vista:
If you do not already have an account with Microsoft with your own Azure tenant, we recommend that you reach out to your Microsoft partner or account manager, or you may manually set up your own Azure tenant as part of the following step.
Create the appropriate AVD managed service and ensure that the appropriate network resource groups are in place for this AVD session host in your Azure tenant
Note that the appropriate network resource groups will be necessary in order to, in a following step, configure TLS or IPSEC VPN connectivity to the Vista server. This would mostly be used for third-party client-side applications such as SSMS.
Install your buildout of client-side applications: including but not limited to Vista, a web browser, Microsoft Office, SSMS, Crystal Reports Builder, Bluebeam, etc.
Work with your Trimble team to ensure that network connectivity for TLS, IPSEC VPN, Vista VRL, and HTTPS to Vista Web are all set up.
changelog
Monday, 20 April 2026 at 01:24PM:
Initial Posting