The University of Westminster has three main campuses in central London and a student base of around 20,000. The university has been actively progressing their use of Public Cloud to continue to adopt and adapt to suitable and sustainable services.
As part of adapting to challenges surfacing from the COVID pandemic, the Information Systems and Support (ISS) Department undertook a small proof of concept (PoC) to test and validate the Amazon AppStream 2.0 service. During this review they were able to realise the benefits of delivering key applications to any computer without the need for provisioning and operating the hardware.
The next steps for the University were to extend the PoC and overcome the outputs found that constrained the first PoC, including integrating with their business services and on premise file storage. The solution must therefore provide an intuitive experience for academics and students to access the application, build, and save files as if they were at the appropriate workstations within the campus. To enable this, the solution must be; secure, integrated to the network, able to approve the application license, integrated to existing central access control solution, and deployed to ensure the application runs with the right amount of compute and memory.
Given these parameters they chose to prove the solution on two key applications, Unity for the School of Computer Science and AutoCad for the School of Architecture and Cities.
The University of Westminster worked with CirrusHQ, a leader of consultancy services on AWS within Education, to provide a tailor-made version of the AWS Partner Guided Onboarding (GO) Program delivered virtually to the team.
The GO program by AWS enables customers to have a dedicated set of workshops to deliver one of six education aligned workloads on AWS. An AWS Consulting Partner walks through this process with the customer on-site with further support for a month while they try out the service. This was a great fit for the University of Westminster to continue to trial the solution, extend the outcomes and success criteria, ‘free of charge’ by AWS via CirrusHQ.
Given the global pandemic, CirrusHQ tailored their program to be delivered virtually to the University, providing all the workshops remotely, and more concisely, for the AppStream service. The structure of the program was developed by CirrusHQ in conjunction with the University to gain the most from virtual meetings, avoid webinar fatigue and focus on delivering meaningful outcomes from the project.
These stages allowed full engagement with both teams , and the right level of hands-on experience from the University teams, with support when needed from CirrusHQ:
- Initial kick-off meeting, agree deliverables and capture success criteria
- Build out solution on AppStream
- Workshop 1, virtual meeting, to go through the service, demonstrate the solution and walk through the technical build
- Provide access, build up understanding and/or follow-up questions/clarifications
- Workshop 2, virtual meeting fora question and answer session to support the understanding and next steps
- Period to continue to test and extend out additional functionality
As a result of the initial kick-off meeting, CirrusHQ agreed to deliver an Appstream environment which could be used for students to access Unity and AutoCad applications remotely. A site-to-site VPN connection is required to authenticate users via an on-premise active directory and to validate application licences via an on-premise licence server. All network architecture was managed via CloudFormation.
The following Architecture diagram demonstrates the instrustructure and AWS services utilised.
A key aspect of the solution was to ensure that security was locked down while providing a seamless process for end users accessing the solution. Working with the Security, Networking, and Enterprise teams at the University, a secure site-to-site VPN connection was established to facilitate communication. Then each AppStream fleet was secured via a specific security group and deployed into private subnets in a multi-az configuration. Internet access was facilitated via a NAT Gateway to prevent connections being externally being initiated. The end users gained authentication and authorisation via Azure Active Directory which allowed direct access only to the applications via a link within their office 365 application portal.
In addition, AppStream was configured to separate the two specified applications into purpose built fleets. Each fleet was reviewed to ensure that the application had appropriate CPU and memory available to ensure performance and costs were considered. In addition, the fleets were set to remain available during working hours only to reduce costs further while testing occurred during the length of the Program.
Finally, the solution integrated to the university’s on-premise licence server, ensuring the validation and access to each user, while also complying with their provisioning and auditing of all applications bought by the University. Integrating the licence server to AppStream was one of the key success factors to then enable the team to move this towards production.
As a result of the Program and Solution that CirrusHQ provided to the University of Westminster, they now have an integrated AppStream joined seamlessly and securely to their network. They shared this knowledge further within the University to share greater knowledge of the benefits of AppStream as a result.
This successful solution proves how end-users can now gain access to critical applications, with the right licenses, and not be bound by the hardware within the campus. The benefits of flexibility will ensure ongoing semesters can be completed,minimising any further impact from the global pandemic and provide greater options once a ‘new normal’ resumes.