Insurance Client – Secure Desktop

  • Sector: Insurance
  • Partners: Insurance Client

Insurance Client – Secure Desktop

A market leading financial services company approached us to propose a secure desktop solution which would allow them to support their aggressive expansion plans.


Our client is a Venture Capital (VC) backed Insurance Broker whose objective is to acquire other broking business within the UK and consolidate these onto the group platform. The requirement to us consisted of the following:
• Build a secure, scalable cloud platform to initially support 1,500 users, that could grow to support over 3,000 users
• Design, build and deploy a virtual desktop within the cloud platform
• Manage and maintain the virtual desktop, including role related variants
• Integrate the virtual desktop with other business applications which are a mixture of On-premise, Hosted or Software as a Service (SaaS)
• Integrate the virtual desktop with their managed print solution
• Deploy and manage mobile device management for company phones and tablets
• Provide a Group wide IP (MPLS) network integrating the organisations 25 offices with the cloud platform and virtual desktop
• Select and procure a group wide VOIP telephony platform
• Migrate group businesses and end users onto the cloud platform
• Provide a full (ITIL compliant) service management capability for our client

What we did

We addressed these requirements in a phased approach:

Phase 1
We designed a virtual private cloud in AWS to host core services including:
• Active Directory
• Intrusion Detection
• Microsoft Update Servers (WSUS)
• Software Deployment, Management Servers
• Print Servers
• Zero Client Configuration and Management servers

The solution made use of many AWS services including:
• Amazon WorkSpaces
• AWS Directory Service
• CloudWatch
• Identity and Access Management (IAM)
• AWS CloudFormation

Phase 2
This phase focused on two subsidiary companies with approximately 220 users. In this phase we created software packages in Chocolatey to deploy the applications used by insurance broking, risk management, finance, product development and human resource teams within these subsidiaries. In parallel to this, we managed the MPLS network build and connectivity to the 2 sites, along with the internal LAN and Wi-Fi set up. The final activity in this phase was to migrate users, their e-mail accounts and files shares to the new environment. This involved building 220 Workspaces and 145 laptops, removing all existing desktops, and deploying 75 zero client devices across 2 locations. User accounts and permissions were migrated to Okta and Active Directory (AD), email accounts were migrated from a 3rd party hosted exchange server to Office 365 and Mimecast (Journaling) and approximately 3TB of data was migrated from On-premise file servers to an online SaaS file sharing service.

Phase 3
The third phase focused on the group’s largest subsidiary with approximately 285 users, spread across 6 locations. In this phase we created additional software packages to deploy the applications used by application development, underwriting, marketing, business intelligence and senior management teams, again whilst managing the MPLS network extension to the 6 sites, along with the internal LAN and Wi-Fi set up. The final activity in this phase was to migrate users, their e-mail accounts and files shares to the new environment. This involved building 285 Workspaces and 165 laptops, along with deploying 120 zero client devices across 6 locations. As part of this last phase we also deployed mobile device management to 250 business use mobile phones and tablet devices.


All aspects of the project were successfully delivered, providing a new more secure and flexible user environment.

The overall cost to manage the desktop across the migrated user base is significantly lower than for the existing businesses. Adopting a virtual desktop and a cloud first approach to managing the desktop has allowed our client to make savings, whilst doubling the number of supported desktop users.

In conjunction users that have migrated to the new environment now suffer far fewer network and application issues and we have seen a reduction in the number of service cases raised since the new infrastructure went live.


What next?