When the COVID-19 pandemic struck, the San Jose-Evergreen Community College District needed to act fast to ensure that its 20,000 students could continue their studies unabated. Job One was finding a way for its 665 administrators, staff, and full-time faculty perform their essential roles from off-campus locations. That meant creating a remote workforce: providing remote access to the technology, tools, and applications they rely on to help support the student body.
Within a matter of days, SJECCD identified the major challenges it needed to navigate – many of which were impacting institutions across the higher education landscape. VPN solutions hadn’t been fully deployed and had to be scaled up. The use of unmanaged devices and unknown WIFI connections created security concerns. There was the potential that employees could unwittingly utilize malicious browser plug-ins. And there simply wasn’t enough hardware to support shifting the entire workforce to remote locations at the same time.
SJECCD needed a solution that could address all of these issues – and do so without significantly adding to the financial and logistical burdens the pandemic was already creating. Working hand-in-hand with its partners at Ferrilli, it selected Azure Windows Virtual Desktop for Remote Employees because it checked all the right boxes.
There were no up-front capital costs. There were no termination fees. SJECCD would pay only for the aspects of the solution that it used. The district was already using Microsoft Office 365. Most important, Azure WVD was able to provide staff with on-campus applications and file sharing capabilities in the most secure way possible.
Of course, selecting the right solution was only part of the equation. In order to keep students on the path to success, the system had to be implemented the right way – and that’s precisely what SJECCD accomplished by emphasizing the following considerations:
1. Planning it out.
From the outset, SJECCD knew exactly how it would deploy virtual services. It created its Azure resources first and paid careful attention to the regions in which they would be used (to ensure they were available in each area). The district considered factors like site-to-site tunneling for accessing internal resources, and it assessed what it was currently doing with identity access management to gauge whether Axure AD Connect would be required for set-up. It also created a worksheet, subnets, and naming conventions that it knew would work for the SJECCD environment – as going back and making changes in these areas simply would not be an option.
2. Starting with the right pieces in place.
SJECCD also recognized that there were essential items that had to be in place before it got started. It developed active directories of tenants and domain services. It secured its Azure subscription and Windows 10 Enterprise User subscriptions for every WVD user. And it also established a file server of NetApp files to store user profiles. All too often, these steps are overlooked. Had that happened in this instance, there is no way SJECCD could have implemented Azure WVD as quickly and effectively as it did.
3. Aligning with user need.
SJECCD wanted to ensure that its solution provided what users need, so it approached the implementation with its users top of mind. It started small, focusing on one host pool and one session host a time – which enabled it to get the system up and running, see how it was working, and make changes as needed. It examined how users would connect to the environment and how resources would be handed back to them to make decisions on session limits, load balancing, and pooled vs. personal host pools. And it defined its workspaces and app groups based on how users would access resources and applications.
4. Managing costs.
While price was a primary consideration is selecting Azure WVD in the first place, SJECCD took additional steps to ensure its dollars were being spent as efficiently as possible. It set up Azure monitor logs to understand what its costs would be based on recent usage patterns. It chose to only run services during working hours. And it carefully considered the eligible Windows and M363 licenses that would be needed to access WVD – looking at other products that might make sense to build in and what could become available simply by upping its Microsoft subscription.
5. Focusing on security.
Security is, of course, the top priority in any remote work environment – so SJECCD leveraged Azure WVD to go above and beyond in this critical area. It utilized conditional access and multi-factor authentication to secure tenants even further. It locked down session hosts using group policies, so that users cannot access PowerShell or command prompts. It utilized Azure Bastion to provide more secure, seamless RDP and SSH access through the Azure portal. And it maintains audit logs to stary up on what’s happening in its WVD environment and leverages the data it collects to make security decisions moving forward.
A smooth implementation and a semester saved.
By following the steps above, SJECCD was able to provide its people with the ability to access their desktops, applications, and files from anywhere – and with the dollars it saved it was able to help provide the secure, provisioned hardware they needed to do it. At the same time, it built a remote work capability whose utility will far outlast the pandemic as administrators, faculty, and staff work in new and different ways in the future.
But most important of all, it empowered its people to keep students on the path to success, even in the face of a pandemic that ground other businesses and industries to a halt. With the right solution and an effective, efficient approach to implementation, SJECCD succeeded in creating a remote workforce and stepping up when its students needed it most. As a result, their scholarship didn’t miss a beat.
If you have questions or concerns about setting up a remote workforce at your institution, Ferrilli is here to help. We’re mission-driven to helping higher ed succeed! Get in touch with us today to start a conversation.