Skip to content

Academy

Nerdio Manager for Enterprise Case Study: New York City Department of Environmental Protection

Case Study

Learn how the New York City Department of Environmental Protection (NYC DEP) used Nerdio Manager for Enterprise to move 2,000 employees to remote work in a matter of days–90 percent faster than it could have using VPN connections (and without the need for new hardware). 

 

About New York City Department of Environmental Protraction (NYC DEP)

New York City Department of Environmental Protection (NYC DEP) is the agency responsible for moving fresh water in and storm and wastewater out. It also maintains miles of underground pipes and the ecologically rich above-ground drainage systems that naturally handle runoff precipitation from streets and sidewalks. With 9 million residents, the Big Apple is a teeming metropolis. Spread across islands and mainland, the city’s boroughs are connected by bridges, tunnels, and ferries. Moving people across this unique geography is a big enough undertaking for such a populous city. Still, an even more essential job is delivering the 1 billion gallons of fresh drinking water New York City’s residents require every day. That’s water for everything from bathing to baking world-famous bagels and pizza.

Commitment to Virtualization

When COVID-19 hit in 2020, the New York City Department of Environmental Protection (NYC DEP) used Nerdio Manager for Enterprise to move roughly 2,000 employees to remote work in a matter of days—90 percent faster than it could have using VPN connections (and without the need for new hardware). NYC DEP also used Azure Active Directory Application Proxy and Azure Application Gateway to provide more secure remote access to internal applications with multi-factor authentication.

An agency with 19 business units and roughly 5,600 employees, NYC DEP’s scale and scope is huge, and its IT department must support field operations around the clock. Farhan Abdullah, Director of Production Support Services at NYC DEP, says, “Whether it’s water treatment, water supply, or sewer operations if a water main breaks day or night, the IT department is responsible for making sure apps and other resources are up, running, and available.”

To support around-the-clock operations, the IT department runs multiple data centers across the city’s five boroughs, and it continually reassesses how to provide seamless disaster recovery and broad scalability. As part of this strategy, NYC DEP was an early proponent of virtualization and cloud services, and it has stayed true to this commitment. Michael Shum, IT Chief of Staff at NYC DEP, estimates that the agency has moved 40 percent of its workloads to the cloud, with more moved there every day.

“We used Azure Virtual Desktop to provide highly secure remote access 90 percent faster, to 90 percent more employees, than we could have with our legacy systems.” – Cecil McMaster: Deputy Commissioner for Business Information Technology, New York City Department of Environmental Protection.

NYC DEP had relied on Microsoft Azure services for years, since the days of Microsoft Virtual Server. By early 2020, employees used cloud tools like Microsoft Office 365 business productivity apps, and IT staff managed identity and access with Azure Active Directory (Azure AD) Premium. About 2 percent of the agency’s employees worked remotely, using company-issued devices and a VPN connection to sign into an internal portal. The agency wanted more than VPN could offer—faster connection speeds, more robust scalability, and multi-factor authentication to secure employees’ credentials. 

The Shift to Remote Work

In March, when NYC DEP had to switch about a third of its employees to remote work in response to COVID-19, it saw Nerdio Manager for Enterprise as a natural choice for improving remote access because of the agency’s prior investment in Microsoft products. 

IT staff faced a challenge in bringing on 2,500 employees unaccustomed to remote work. The sudden influx of connection requests also slowed the internal portal’s performance significantly. Despite the obstacles, NYC DEP deployed Azure Virtual Desktop in a matter 
of days.

To accelerate adding user accounts on the back end, IT staff deployed Nerdio Manager for Enterprise—a service that empowers IT professionals to automate, optimize, and secure Azure Virtual Desktop deployments. This saved a significant amount of time, reducing a four-and-a-half-week task to just three hours. Nerdio also provides a centralized management interface from which IT staff can quickly troubleshoot access issues.

 “With Nerdio Manager for Enterprise, we were able to access a list of all our employees and add them with a click.”– Vic Kayharee, Cloud Engineer for the Business Information Technology at NYC DEP.

Cecil McMaster, Deputy Commissioner for Business Information Technology at NYC DEP, says, “If we’d had to provide remote access strictly through VPN connections to on-premises resources, we would only have been able to offer maybe one-tenth of the access and performance. We used Azure Virtual Desktop to provide highly secure remote access 90 percent faster, to 90 percent more employees, than we could have with our legacy systems.  Having a dynamic virtual infrastructure that we can configure without having to procure hardware or worry about storage and memory gives us flexibility.”

If we need to add another 50 people, we can do that by clicking a button. – Cecil McMaster, Deputy Commissioner for Business Information Technology at NYC DEP.

Improved Capabilities with Some Help From IT Partners

Using remote, highly secure Microsoft data centers, NYC DEP provides IT infrastructure resiliency and scalability faster to support its employees. Shum says, “We can stand up a new application with Azure services in 90 days versus one to two years, because we don’t have to go buy a server. We no longer have to put in a requisition to get the capital, or worry about government budget cycles, where you’re budgeting a year out.” 

NYC DEP credits support from Microsoft and Nerdio Manager for Enterprise with helping it get through a demanding transition period. Shum says, “I give kudos to Microsoft and Nerdio for supporting us nights, days, and weekends as we moved to remote work. Their investment in us, in this collaboration, got us to the point where we felt comfortable with the Azure Virtual Desktop solution. Getting this project done during COVID-19 was hectic, but we got through it together.”

Remote Work With Greater Scalability, Flexibility, and Security

With VPN, the agency relied on antivirus software installed on employee computers. But, says Shum, “With Azure Virtual Desktop, we manage the antivirus software ourselves, so we can ensure compliance and keep devices updated—as opposed to making sure every single endpoint has the most current protections installed.”

NYC DEP appreciates that employees now have the flexibility of using their personal devices to remotely connect to agency resources, regardless of operating system or endpoint security software. As McMaster points out, agency-secured laptops are scarce due to sudden demand, and many agencies across the country can’t offer remote work options due to device sourcing issues.

Azure Virtual Desktop also supports the agency’s security needs. Abdullah says, “We are comfortable making legacy on-premises apps available through Azure because we can apply Azure AD conditional access policies based on location, device, time of the day, and so on, along with multi-factor authentication.” 

IT staff use Windows 10 multi-session with Azure NetApp files to create roaming profiles with Azure Virtual Desktop. With Windows 10 multi-session, they can deliver a full, scalable Windows 10 desktop experience with virtualized Microsoft 365 apps that run in multi-user scenarios, without needing any additional gateway servers. Kayharee says, “We can publish as many host pools as we need to accommodate our workloads. We only need 21 hosts for about 1,000 employees, instead of procuring a machine for each individual. And in terms of security, we only have to manage 21 hosts to make sure they have the latest security 
updates installed.”

Sharing Lessons Learned and Looking Toward the Future

Today, NYC DEP is getting requests from fellow agencies around the country to share its success story. As of December 2020, a handful of agencies have started using NYC DEP’s suggested best practices and planning approaches.

Abdullah says the experience of taking advantage of the latest features in Azure Virtual Desktop, like faster deployment capabilities, simplified management, and improved security, inspired NYC DEP to consider replacing its desktop computers with a virtual environment. That way, employees will have the same desktop experience whether they work on-premises or remotely. Next, the agency plans to use Azure Log Analytics for native monitoring and alerting, instead of PowerShell commands, and Azure AD Groups to grant access. This will allow NYC DEP to streamline user access based on groups rather than a per-user basis. 

“We can stand up a new application with Azure services in 90 days versus one to two years, because we don’t have to go buy a server. We no longer have to put in a requisition to get the capital.” – Michael Shum: IT Chief of Staff, New York City Department of Environmental Protection.

Download the application today from the Azure marketplace and begin a free 30-day trial: nerdio.co/nmw. 

DOWNLOAD THE CASE STUDY HERE

Find Nerdio in the Azure Marketplace: nerdio.co/nmw

AVD MANAGEMENT

Multi-Cloud and On-Premises Deployment with Azure Stack HCI (Coming Soon)

Deploy Azure Virtual Desktop in Azure and extend the session host VM placement to on-premises and other cloud using Azure Stack HCI. Nerdio Manager automates deployment of session hosts, AVD agent installation, and full integration into the AVD deployment in Azure.

Create a brand new Azure Virtual Desktop environment or allow Nerdio Manager to discover an existing deployment, connecting to existing resources, and manage them.

Deploy Nerdio Manager from Azure Marketplace and configure a new AVD environment with an easy to follow, step-by-step configuration wizard. First group of users can access their AVD desktop in less than 2 hours.

Service providers, system integrators, and consultants can leverage Nerdio Manager’s scripted AVD deployment template. Create complete environments with desktop images, host pools, and auto-scaling in minutes.

Create and manage AVD environments that span Azure regions and subscriptions. Quickly link Vnets and resource groups and manage AVD deployments world-wide from unified portal.

Link multiple Azure tenants under the same Nerdio Manager instance and manage AVD deployments that span Azure AD tenants. User identities and session host VMs can run in separate tenants for maximum flexibilty and security.

Deploy and manage AVD environments that span across sovereign Azure Clouds. Cross-sovereign cloud support allows identity (e.g. users and groups) to be in one Azure Cloud, while session host VMs are in another Azure Cloud.

Management of workspaces, host pools, app groups, RemoteApps & custom RDP settings

Administer every aspect of AVD with Nerdio Manager including workspaces, host pools, application groups, RemoteApp publishing, RDP properties, session time limits, FSLogix, and much, much more. Every Azure service that AVD relies on can be managed with Nerdio Manager.

Deploy and manage AVD session host VMs. Hosts can be created manually or with auto-scaling, deleted on-demand or on a schedule, re-imaged to apply updates, run a scripted action, resized, put into or taken out of drain mode, and more.

Manage user sessions across the entire AVD environment, within a workspace, host pool or on a single host. Monitor session status, disconnect or log off the user, shadow or remote control to provide support, or send user an on-screen message.

End users have the ability to log into Nerdio Manager with their Azure AD credentials and manage their own session, restart their desktop VM, or start a session host if none are started in a host pool. (Ability to resize and re-image own desktop is coming soon.)

Create, link, and manage Azure Files shares including AD domain join. Synchronize Azure Files permissions with host pools, configure quotas, and enable SMB multi-channel. Manage file lock handles and configure Azure Files auto-scaling to increase quota as needed.

Create, link, and manage Azure NetApp Files accounts, capacity pools and volumes. Configure provisioned volume size, monitor usage, and use auto-scaling to automatically adjust volume and capacity pool size to accommodate the needed capacity and latency requirements.

FSLogix configuration can be complex and overwheling, but not with Nerdio Manager. Create one or more FSLogix profiles with all the needed options, point at one or more Azure Files, Azure NetApp Files, or server locations and select from VHDLocations, CloudCache and Azure Blob storage modes.

Multiple identity source profiles can be set up and used automatically on different host pools. Active Directory, Azure AD DS, and Native Azure AD are all supported. Choose the appropriate directory profile when adding a host pool and all VMs will automatically join this directory when being created.

Create a copy of a host pool with all of its settings: auto-scale config, app groups and RemoteApps, MSIX AppAttach, user/group assignments, VM deployment settings, etc. Save time by creating host pool “templates” that can be cloned to any Workspace, Azure region or subscription instead of starting from scratch.

Apply user session time limits at host pool level. Automatically log off disconnected sessions, limit the duration of idle sessions, control empty RemoteApp session behavior and more.

Assign Azure AD users to personal desktops to ensure the user will log into a pre-configured VM. Un-assign personal desktops from users who leave the organization and re-use these VMs for new users.

Pre-configure custom Azure tags for all Azure resources associated with each host pool. Tags can be used for charge-back and cost allocation by host pool.

When creating session hosts using NV-series VMs NVIDIA and AMD GPU drivers are automatically installed.

Move existing host pools from Fall 2019 (Classic) object model to Spring 2020 (ARM) object model. Choose to whether to move or copy user assignments. Existing session hosts are automatically migrated or new ones can be created in the ARM host pool.

Automatically enable and configure AVD integration with Azure monitor. Zero configuration required. Azure Monitor Insights for AVD can be used instead of or in conjunction with Sepago Monitor.

AVD personal desktops to Windows 365 Cloud PC migration (Coming Soon)

Migrate users from AVD personal desktops to Windows 365 Enterprise Cloud PCs using an existing image and user assignment. (Coming soon)

WINDOWS 365 ENTERPRISE MANAGEMENT

Cloud PC License Usage Optimization (Coming Soon)

Cloud PC device lifecycle management

Cloud PC user group assignment

Intune primary user management on Cloud PCs

Migrate AVD personal desktops to Cloud PCs (Coming Soon)

Get Certified