Hosted agents allow you to run automated builds using VSTS without bringing your own build infrastructure.

This can be useful, if on-premises hardware is expensive, or if you are looking to move to a more platform-based model.
There are also a number of drawbacks you may want to consider, which I am going to outline in this article.

What software is available on VSTS’ hosted agents?

A list is maintained on GitHub for all hosted agent types: Find out more ->

Can I install additional tools on the fly?

You certainly can, but you need to consider the potential impact on your builds/releases/test executions.

  • More time spent per run
  • Potential flakiness introduced by the ad-hoc install process
  • No other jobs can be completed by the agent while it installs tools at the beginning of a run

What about performance?

The hosted agents are shared infrastructure. After each run, agents are re-imaged and join a queue of machines waiting for the next job.
Because of this queuing mechanism it can take some time for jobs to be allocated.

For activities that run in parallel you need to consider the number of cores available on the hosted machines. (2 at the time of writing)
Parallel test executions for example may end up being a lot slower than on a beefy 16-core machine on premises.

Can I log onto the boxes?

No. The queue-like design prevents this. On the flip side, you always get the exact same, predictable build image to use.

Can I run XAML builds?

Hosted XAML builds have been discontinued and you will need to bring your own on-premises XAML controller.

Can I drop to my local NuGet server, file share, or any other server in my premises?

You could, but it would be really insecure. Hosted agents run on a range of IP addresses in the VSTS region that your account sits in.
They cannot access your premises via VPN or ExpressRoute, so the only option would be to allow access to services you need hosted agents to write to from the internet. (or at least the entirety of the Azure region that the account sits in)

Even if your machines sit in Azure, traffic will come from outside their VNet from an unknown IP address.

In short: You can, but please don’t.

But how do I do package management then?

Use a hosted alternative (for example the one built into VSTS) or a private NuGet server that supports OAuth/Azure AD integration.

How does the cost of a private agent and a hosted agent compare?

Prices can be found in the marketplace for both hosted and private options.

As you will see, you do not actually pay for agents but for concurrency.
If you only want to run one build/release/test run at a time, then 1 agent is sufficient.

If you have not bought any hosted CI/CD in the marketplace, then some limits around daily execution time will apply.