31 March 2020
During the Enhanced Community Quarantine (ECQ), Nexus set up a POC for Azure Windows Virtual Desktop for one of the Philippines' top financial institutions. After less than two weeks of POC, company can now enable its employees to work efficiently and securely with their personal computers at home.
App Dev Manager Gary Ciampa shares an example of how Azure Windows Virtual Desktop Infrastructure helped a retail customer avoid service disruption and quickly respond to enable a remote workforce.
In response to COVID-19, a Microsoft “retail domain” customer needed to solve an acute capacity issue, to provide “work-from-home” computing services to thousands of employees. The solution exploited Azure services to include Azure Active Directory, Azure ExpressRoute and Azure Virtual Desktop Infrastructure. The following article details the situation as it relates to COVID-19 response for the customer and their creative solution to solve the immediate business challenge.
The COVID-19 global pandemic has touched the life of nearly every individual, family or business around the world and directly impacted our lives. Johns Hopkins University Center for Systems Science and Engineering maintains a website which enumerates COVID-19 metrics and statistics aggregated from international health organizations, governments, and non-governmental organizations. As of this writing, Antarctica is the only continent around the world which is not directly impacted by COVID-19.
In efforts to “flatten the curve”, reduce exposure and ultimately mitigate loss of life, national governments, states, municipalities and businesses have rightly issued policies and guidance to contain COVID-19, which include “social distancing” and liberal “work from home” policies. These work from home policies have shifted the focus of IT organizations. The primary question is: How to satisfy the dynamic requirements, related to dramatic shifts in capacity, network, security and governance when a significant percentage of employees are not protected by layered security policies associated with on-premises services and a physical presence on campus?
Throughout the 21st century, technology and engineering organizations have been inundated with the panacea of cloud computing, cloud storage, capacity on demand and enumerable attributes of cloud services. As it turns out, while the “cloud” may not be able to solve “world hunger”, Azure Windows Virtual Desktop Infrastructure (VDI), may in fact serve as the nexus to solve the real, immediate and business critical situation to respond to COVID-19 for their employees.
A Microsoft “retail” customer recently implemented a successful deployment of Azure Windows Virtual Desktop to satisfy the immediate need to implement a sustained “work-from-home” policy. The initial plan was to enable “on-premises” services and capacity to satisfy the business requirements. However, several blocking factors were identified early in the decision-making process to preclude on-premises services: physical network capacity to support thousands of concurrent VPN connected users, physical compute capacity to service virtual users, and finally, physical security and governance on how to manage and audit a distributed workforce. Using Azure VDI pools, the customer was able to design and implement a scalable solution within four hours from initial concept to a pilot deployment. The Azure VDI service was rolled out to several hundred users during the initial phase two days later and continues expansion as business units are added to the service.
To be precise, there were several key elements in the scenario worth emphasizing:
- Azure Active Directory (AD) hybrid identity
- Azure ExpressRoute
These two services were already active and successfully integrated with customer on premises services, which greatly streamlined the implementation. Imagine the possibilities Azure offers by pre-positioning Azure AD and ExpressRoute to respond to critical business requirements. It’s important to consider how these services could work as a preemptive measure to mitigate and respond to IT challenges that emerge every day.
In regard to Azure VDI deployment, a few technical tidbits related to the configuration of the pool, which are informative to your decision-making process:
- Determine the type and usage for the OS associated with physical compute server. In this case, the choice was “Windows 10 Enterprise Server multi-session”
- Determine the applications required for the VDI desktops, RDP only, O365, etc
- Evaluate usage, size of the compute nodes. In this use case, the servers were used as “jump hosts” to on-premises resources, therefore a “light” size was preferred
- Evaluate load-balancing preferences, “breadth-first (scale sessions horizontally)” or “depth-first” (sessions are saturated on a node until the session limit)
- User session limits per host, another words, high density or low density user usage patterns
Items to emphasize regarding these options, Azure VDI pools may be configured dynamically, therefore, you don’t require a perfect configuration during initial deployment. Compute node size, pool size, load-balancing and session limits will need to be adjusted as the service matures and, as workload waxes and wanes based on usage patterns.
A few resources for further investigation may be found here:
In response to COVID-19, this retail customer was able to implement a critical business work-from-home policy using Azure VDI pools, auto-scale capacity on-demand to meet dynamic usage requirements, exploit existing Azure Active Directory and Azure ExpressRoute investments to provide seamless access to corporate compute services. The Azure VDI services were designed and implemented within hours, with zero disruption to services and near zero capital investment. Azure security and audit policies were already in place and approved by corporate governance and compliance organizations, therefore affording a natural solution to the business.
Thank you to the team that devised, validated the approach and assisted with the implementation, including Scott St. Martin and Sean Greenbaum, Microsoft Professional Development Engineers. Their technical expertise, assistance and collaboration were invaluable to this effort.
Contact us for more info and if you want to scale up your remote workforce!
+63 917 852 4653, +63 908 886 9563;