- Secure, scalable defence-in-depth and compliant AWS foundation
- Availability and continuity in a low cost consumption-based model
- Ongoing management of the Desktop-as-a-Service environment
nib Group is a trusted international health partner, providing health and medical insurance to over 1.5 million Australian and New Zealand residents and health insurance to more than 160,000 international students and workers in Australia.
nib is also Australia’s third largest travel insurer and global distributor of travel insurance through the nib Travel business.
A technologically progressive organisation, nib has driven innovation and efficiency improvements by adopting primarily AWS cloud based services to reduce its reliance on costly and less flexible physical infrastructure.
As part of its efforts to remain at the forefront of technology to enhance its business, nib looked toward implementing a more consistent, secure and scalable solution for its operational users.
This solution needed to provide access to nib systems from various locations around the world and not require a large workload of managing physical infrastructure of its existing Citrix environment.
Through analysis and discussion with long-term professional services partner CMD Solutions, nib undertook a Proof-of-Concept using Amazon Workspaces to determine its suitability for meeting its needs.
The PoC met nib’s expectations for scalability, security and efficiency, and a project was initiated to onboard nib to Amazon Workspaces via the CMD managed Desktop as a Service.
Amazon WorkSpaces is a managed, secure cloud desktop service that allows organisations to provision either Windows or Linux desktops in just a few minutes, and quickly scale to provide thousands of desktops to workers across locations and geographies.
The service is fast and responsive and provides a familiar user experience regardless of location. A pay-as-you-use service, it encourages further efficiencies by removing the complexity of managing hardware inventory, OS versions and patches, and Virtual Desktop Infrastructure.
The project at nib commenced with an on-boarding project that included stakeholder engagement, requirements workshops and information gathering. It was then progressed into infrastructure planning, design, installation and configuration of the AWS foundation environment.
This was built using a multi-account defence-in-depth design. The AWS accounts included tiered subnets for management VPC and separated subnet tiers for VDI Clusters, security groups and Network Access Control Lists to secure network traffic routing.
Identity and access management was established using identity federation back to an on premise Active Directory and was coupled with AWS IAM and Okta.
The hardened operating system environment was used as a secure base to package the applications which were deployed for each of the EUC services -Amazon Workspaces and Amazon Appstream 2.0.
New users, once added to the appropriate Active Directory group, are automatically added to their appropriate workspace, allowing nib to manage user access using traditional methods while gaining the benefits of Lambda automation.
A highly resilient Amazon Workspaces platform was created, ensuring all services are placed across two different availability zones (AZ), so that in the event of an AZ failure, the services automatically restart and will be available in an alternate zone.
Following validation and testing of operational readiness, the project moved into the ongoing Business As Usual mode under the CMD managed Desktop as a Service.
This project has resulted in a secure, scalable, segregated AWS environment that can dynamically and rapidly scale up and down according to demand from users around the world.
The CMD managed DaaS utilising Amazon Workspaces provides availability and continuity in a low-cost consumption-based model, and provides for increases in efficiency using automated environment builds and deployments.
The project reduces nib’s reliance on physical infrastructure, thus lowering costs of licencing and management.
For nib operational users, the new environment means they can now efficiently utilise enterprise systems without direct connect to the network