We brought together Azure Virtual Desktop (AVD) and Nerdio Manager to deliver a complete enterprise-scale Desktop as a Service (DaaS) solution.
INDUSTRY
Telecommunications
SERVICES WE PROVIDED
Azure Virtual Desktop, Nerdio Manager Enterprise, Infrastructure as Code (IaC), Azure Landing Zone, GitHub Actions.
Key Takeaways
Company Overview
One of Australia’s largest telecommunication companies and operates a number of leading mobile and internet brands.
The client provides mobile, internet, business and fixed network solutions to consumers, small and medium businesses, government, corporate enterprises and wholesale customers. They also offer a comprehensive portfolio of fixed and mobile products in the Australian telecommunications market.
The client operates a mobile network with over 5,000 sites covering more than 20 million Australians, and is one of Australia’s largest fixed voice and data networks and a 5G mobile network that is currently being rolled out.
”“With Azure Virtual Desktop, our employees get the flexibility of accessing their virtual desktops and applications from geo-approved locations. The multi-session capability of AVD helps our employees to gain feature-rich capabilities of Windows and achieves significant cost savings.”
Internet service provider manager
The Problem
As the COVID-19 global pandemic struck, it increased remote working requirements for the organisation as a whole and highlighted several risks:
- Solution scalability
- Regional availability
- Disaster Recovery capabilities
- Group policy and control over the virtual desktop environment.
To address the risks, the client engaged us in March 2022 to deliver a viable global support solution for geographically dispersed employees. Mantel Group has a proven track record of delivering enterprise-scale Azure Landing Zones for AVD and implementing the best virtual desktop experience through our acceleration framework for AVD and Nerdio.
The Solution
We worked extensively with the client’s Windows System Administration team to determine the use cases and right components of Azure to support the AVD deployment. We converted the outcomes of the assessment into actionable items for the design process.
Using our AVD Acceleration Framework, we combined best practice with our extensive multi-industry experience to deliver a design that meets the client’s requirements. Terraform was used to implement the AVD solution to ensure deployments are efficient and repeatable. During the build phase, the team demonstrated our commitment to delivering outcomes and expertise in order to help the client’s own networking teams establish their first on-premise connectivity to Azure cloud.
The client listed the following key business requirements of the AVD solution
- Security and regulation – Keep data and organisational resources safe while enabling the appropriate level of access by a variety of the organisation’s users.
- Elastic workload – Scale AVD to provide reliable access to services on demand
- Remote employees – Optimise user experience when connecting to AVD, the user connections are directed to AVD through Microsoft edge locations
Our AVD solution was tailored to meet the security, user experience and compute costs reduction needs of the business. User sign-in to AVD is fast as a result of the containerisation of user profiles by using FSLogix. At sign-in, the user profile container is dynamically attached to the AVD environment. The user profile is immediately available and appears in the system exactly like a native user profile.
The solution provides centralised security management for user’s desktops with Azure Active Directory which also makes it easy to enable different forms of multi-factor authentication to secure user sign-ins. AVD improved remote desktop security by using reverse connect technology, which is a more secure connection type than the Remote Desktop Protocol.
Nerdio Manager is integrated with the client’s AVD environment to simplify AVD management. Windows administrators can use Nerdio’s scripted, automated functions to deploy and manage virtual desktop workloads. Multi-session hosts allow multiple concurrent users to share a single VM which significantly reduces long-term operational costs without compromising on user experience.
Key Products or Services Used
- Azure Virtual Desktop
- Nerdio Manager Enterprise
- Terraform
- GitHub Actions
- Specific to Azure Landing Zone
- Hub-spoke network topology to isolate workloads and allow central control over network security.
- ExpressRoute gateway as the entry point of the hub virtual network which connects to on-premises networks.
- Virtual network peering to exchange network traffic between hub and spoke virtual networks using the Azure backbone without the need for a router.
- Joined AVD Virtual Machines with Active Directory, allowing users in specific AD groups to access AVD VMs.
- FSLogix containers to manage AVD profiles which eliminated network delays associated with files copying and simplified the overall management of the storage environment.
- Deployed Azure Firewall to restrict access to Azure resources in AVD spoke networks to specific IP addresses and authorised users.
The Outcomes, Results and Benefits
Users can connect to their published Windows desktop and applications using the AVD HTML5 web client which provides the best user experience. The client now has the flexibility to host VMs near apps and services that connect to their datacenter so that users can stay productive and have an excellent user experience.
Data and apps are separated from the user’s laptop and run on a remote server in the client’s controlled and secured AVD environment. Administrators have the tools to automate VM deployments, manage VM updates and provide disaster recovery minimising the ongoing management overhead of the solution (about 4 operational resources). Azure monitor is in place for monitoring and alerts on critical Azure resources e.g. Express Route. This provides a single interface to identify issues for administrators and the client can integrate this into its change management system for additional efficiency.
The client wisely invested in building a robust Virtual Desktop solution with Azenix, as they are prolific users of Microsoft’s portfolio of products such as Windows, Microsoft 365 and Active Directory. We designed an enterprise-scale landing zone architecture that enabled AVD to be set up and easily maintained with the ability to facilitate additional workloads in the future. Virtual desktops can be assigned to users within minutes (a reduction of deployment time by 50%). By combining the powerful AVD functionalities with an exceptional Nerdio manager, the business has significantly reduced operational costs and overhead.