Learn how the New York City Department of Environmental Protection (NYC DEP) used Nerdio Manager for Enterprise to move 2,000 employees to remote work in a matter of days–90 percent faster than it could have using VPN connections (and without the need for new hardware).
About New York City Department of Environmental Protraction (NYC DEP)
New York City Department of Environmental Protection (NYC DEP) is the agency responsible for moving fresh water in and storm and wastewater out. It also maintains miles of underground pipes and the ecologically rich above-ground drainage systems that naturally handle runoff precipitation from streets and sidewalks. With 9 million residents, the Big Apple is a teeming metropolis. Spread across islands and mainland, the city’s boroughs are connected by bridges, tunnels, and ferries. Moving people across this unique geography is a big enough undertaking for such a populous city. Still, an even more essential job is delivering the 1 billion gallons of fresh drinking water New York City’s residents require every day. That’s water for everything from bathing to baking world-famous bagels and pizza.
Commitment to Virtualization
When COVID-19 hit in 2020, the New York City Department of Environmental Protection (NYC DEP) used Nerdio Manager for Enterprise to move roughly 2,000 employees to remote work in a matter of days—90 percent faster than it could have using VPN connections (and without the need for new hardware). NYC DEP also used Azure Active Directory Application Proxy and Azure Application Gateway to provide more secure remote access to internal applications with multi-factor authentication.
An agency with 19 business units and roughly 5,600 employees, NYC DEP’s scale and scope is huge, and its IT department must support field operations around the clock. Farhan Abdullah, Director of Production Support Services at NYC DEP, says, “Whether it’s water treatment, water supply, or sewer operations if a water main breaks day or night, the IT department is responsible for making sure apps and other resources are up, running, and available.”
To support around-the-clock operations, the IT department runs multiple data centers across the city’s five boroughs, and it continually reassesses how to provide seamless disaster recovery and broad scalability. As part of this strategy, NYC DEP was an early proponent of virtualization and cloud services, and it has stayed true to this commitment. Michael Shum, IT Chief of Staff at NYC DEP, estimates that the agency has moved 40 percent of its workloads to the cloud, with more moved there every day.
“We used Azure Virtual Desktop to provide highly secure remote access 90 percent faster, to 90 percent more employees, than we could have with our legacy systems.” – Cecil McMaster: Deputy Commissioner for Business Information Technology, New York City Department of Environmental Protection.
NYC DEP had relied on Microsoft Azure services for years, since the days of Microsoft Virtual Server. By early 2020, employees used cloud tools like Microsoft Office 365 business productivity apps, and IT staff managed identity and access with Azure Active Directory (Azure AD) Premium. About 2 percent of the agency’s employees worked remotely, using company-issued devices and a VPN connection to sign into an internal portal. The agency wanted more than VPN could offer—faster connection speeds, more robust scalability, and multi-factor authentication to secure employees’ credentials.
The Shift to Remote Work
In March, when NYC DEP had to switch about a third of its employees to remote work in response to COVID-19, it saw Nerdio Manager for Enterprise as a natural choice for improving remote access because of the agency’s prior investment in Microsoft products.
IT staff faced a challenge in bringing on 2,500 employees unaccustomed to remote work. The sudden influx of connection requests also slowed the internal portal’s performance significantly. Despite the obstacles, NYC DEP deployed Azure Virtual Desktop in a matter
To accelerate adding user accounts on the back end, IT staff deployed Nerdio Manager for Enterprise—a service that empowers IT professionals to automate, optimize, and secure Azure Virtual Desktop deployments. This saved a significant amount of time, reducing a four-and-a-half-week task to just three hours. Nerdio also provides a centralized management interface from which IT staff can quickly troubleshoot access issues.
“With Nerdio Manager for Enterprise, we were able to access a list of all our employees and add them with a click.”– Vic Kayharee, Cloud Engineer for the Business Information Technology at NYC DEP.
Cecil McMaster, Deputy Commissioner for Business Information Technology at NYC DEP, says, “If we’d had to provide remote access strictly through VPN connections to on-premises resources, we would only have been able to offer maybe one-tenth of the access and performance. We used Azure Virtual Desktop to provide highly secure remote access 90 percent faster, to 90 percent more employees, than we could have with our legacy systems. Having a dynamic virtual infrastructure that we can configure without having to procure hardware or worry about storage and memory gives us flexibility.”
If we need to add another 50 people, we can do that by clicking a button. – Cecil McMaster, Deputy Commissioner for Business Information Technology at NYC DEP.
Improved Capabilities with Some Help From IT Partners
Using remote, highly secure Microsoft data centers, NYC DEP provides IT infrastructure resiliency and scalability faster to support its employees. Shum says, “We can stand up a new application with Azure services in 90 days versus one to two years, because we don’t have to go buy a server. We no longer have to put in a requisition to get the capital, or worry about government budget cycles, where you’re budgeting a year out.”
NYC DEP credits support from Microsoft and Nerdio Manager for Enterprise with helping it get through a demanding transition period. Shum says, “I give kudos to Microsoft and Nerdio for supporting us nights, days, and weekends as we moved to remote work. Their investment in us, in this collaboration, got us to the point where we felt comfortable with the Azure Virtual Desktop solution. Getting this project done during COVID-19 was hectic, but we got through it together.”
Remote Work With Greater Scalability, Flexibility, and Security
With VPN, the agency relied on antivirus software installed on employee computers. But, says Shum, “With Azure Virtual Desktop, we manage the antivirus software ourselves, so we can ensure compliance and keep devices updated—as opposed to making sure every single endpoint has the most current protections installed.”
NYC DEP appreciates that employees now have the flexibility of using their personal devices to remotely connect to agency resources, regardless of operating system or endpoint security software. As McMaster points out, agency-secured laptops are scarce due to sudden demand, and many agencies across the country can’t offer remote work options due to device sourcing issues.
Azure Virtual Desktop also supports the agency’s security needs. Abdullah says, “We are comfortable making legacy on-premises apps available through Azure because we can apply Azure AD conditional access policies based on location, device, time of the day, and so on, along with multi-factor authentication.”
IT staff use Windows 10 multi-session with Azure NetApp files to create roaming profiles with Azure Virtual Desktop. With Windows 10 multi-session, they can deliver a full, scalable Windows 10 desktop experience with virtualized Microsoft 365 apps that run in multi-user scenarios, without needing any additional gateway servers. Kayharee says, “We can publish as many host pools as we need to accommodate our workloads. We only need 21 hosts for about 1,000 employees, instead of procuring a machine for each individual. And in terms of security, we only have to manage 21 hosts to make sure they have the latest security
Sharing Lessons Learned and Looking Toward the Future
Today, NYC DEP is getting requests from fellow agencies around the country to share its success story. As of December 2020, a handful of agencies have started using NYC DEP’s suggested best practices and planning approaches.
Abdullah says the experience of taking advantage of the latest features in Azure Virtual Desktop, like faster deployment capabilities, simplified management, and improved security, inspired NYC DEP to consider replacing its desktop computers with a virtual environment. That way, employees will have the same desktop experience whether they work on-premises or remotely. Next, the agency plans to use Azure Log Analytics for native monitoring and alerting, instead of PowerShell commands, and Azure AD Groups to grant access. This will allow NYC DEP to streamline user access based on groups rather than a per-user basis.
“We can stand up a new application with Azure services in 90 days versus one to two years, because we don’t have to go buy a server. We no longer have to put in a requisition to get the capital.” – Michael Shum: IT Chief of Staff, New York City Department of Environmental Protection.
Download the application today from the Azure marketplace and begin a free 30-day trial: nerdio.co/nmw.
Find Nerdio in the Azure Marketplace: nerdio.co/nmw