How to replace outdated VDI solutions with a modern cloud environment? Kooperativa chose a strategy that starts with the Azure landing zone. Thanks to it, they securely moved applications to the cloud and deployed AVD to replace the existing Citrix. The result is a stable, automated and scalable environment for desktops and applications.
„With a well-designed landing zone, we control the entire cloud environment - from governance to security to desktop traffic. AVD works reliably and users are happy with it.“
The Co-operative, a member of the Vienna Insurance Group, is a leading Czech insurance company providing comprehensive services in life and non-life insurance. What made her think about the journey to the cloud and what were her first steps?
Farewell to Citrix
For many years, Kooperativa has been using the Citrix Farm. But as the number of users and devices grew, technical, operational and licensing complications began to emerge. Managing the environment was complex, costs were rising and support for modern devices (e.g. MacOS or BYOD) could not keep up with the demands for flexibility.
That's why the company decided not to go down the path of piecemeal, unsystematic steps, but to start by building a stable and secure foundation in Azure. This became landing zone, which defined the rules, a safe environment and a ready infrastructure for further development - including the deployment of AVD.
Why start with the landing zone?
Moving to the cloud isn't just about moving applications - it's changing the way the company thinks on infrastructure, security, governance and costs.
Without a clearly defined framework, cloud environments can devolve into chaos: inconsistent names, uncontrolled access, unoptimised costs, security risks, etc.
The answer to these challenges is landing zone - methodically designed environment that provides standardization across teams and applications, automation through Infrastructure as Code, safety and operational rules, and scalability for future growth.
Azure landing zone or building the cloud on solid foundations
We started the project a series of workshops, where we defined the requirements for security, identity management, network architecture, backup, monitoring and governance with Kooperativa.
Based on these inputs and according to the methodologies Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF), we were able to prepare the architecture design Azure landing zones. Which steps followed?
Creating an organisational structure
We have designed and created a hierarchy management groups, which reflects the organisational structure of Kooperativa. We have introduced subscription model, that separates development, testing and production. We have set up naming conventions and tagging rules to manage resources and costs efficiently.
Ensuring identity and access
We have integrated the cloud environment with Microsoft Entra ID and set Role-Based Access Control (RBAC) and Conditional Access Policies. Thanks to Privileged Identity Management (PIM), we've streamlined permission management and created a secure framework for access control.
Network topology implementation
We designed and implemented a cloud networking architecture pattern, deployed a centralized firewall (using NVA appliance in high availability) and we have ensured the connection to the on-premise datacenter.
Governance and security settings
We've introduced rules using Azure Policy, that enforce rules for regions, naming, tagging, and other operational parameters. We created blueprints for re-deploying applications. We integrated the environment with Microsoft Sentinel and Defender for Cloud for advanced security analysis.
Ensuring monitoring and backup
We have put into operation Azure Monitor and created Log Analytics Workspace for the collection and analysis of operational data. We connected audit and other security records to the internal SIEM solution using the Event Hub suite of resources. We set up alerting for key metrics and implemented Azure Backup and Site Recovery for backup and restoring critical services.
The well-designed Azure landing zone brought the Co-operative:
This phase was not just a technical project - it was a strategic an investment in the future IT environment of Kooperativa.
Deploy AVD to Azure landing zone
Once the Azure landing zone was ready, it was time to resolve the long-standing issues with running the Citrix farm.
The Co-operative has therefore chosen Azure Virtual Desktop (AVD), offering flexible access to applications, easy scaling, high security and seamless integration with Microsoft 365. How did we proceed?
Design of AVD environment architecture
We have designed the AVD structure to meet the needs of the Cooperativa and the principles of corporate governance. We used components prepared in Azure landing zone - network topology, identity, security policies and monitoring.
Deployment automation with Terraform
The entire AVD environment was deployed as Infrastructure as Code. We created Terraform modules for host pool, session guests (VMs), application groups, workspace and storage for FSLogix profiles. Everything was managed via GitLab CI/CD pipeline with the approval process.
Launching FSLogix profiles
We've configured FSLogix to manage user profiles. The profiles were stored on Azure Files s Kerberos authentication, which enabled seamless roaming and fast user login.
Ensuring administration via Intune
We connected the virtual machines to Entra ID and registered them in Intune. We set configuration policies for security, updates and application management. We used dynamic groups to automatically assign policies.
Verification of functionality in pilot operation
We first deployed AVD to a select group of users to monitor performance, stability, and user experience. Based on the feedback, we made minor adjustments to the configuration and only then did the rest of the insurance company's staff start using AVD.
By deploying AVD on the prepared Azure landing zone, Kooperativa gained:
The project confirmed that consistent planning (paperwork) and subsequent automated deployment of the proposed landing zone is the key to successful implementation of cloud services. And that AVD can be a full replacement for traditional VDI solutions.“
It started with Azure landing zone, it doesn't end with AVD
What have both projects brought to the different teams at Kooperativa - and what can they bring to you?
IT architects:
Management:
End users:
Today, Kooperativa has a modern desktop environment in the cloud. Azure landing zone gives it control over the administration, security and cost. In addition, the seamless coexistence with AVD has spurred the company to consider further development of the cloud.
WANT TO CONTROL THE CLOUD LIKE A CO-OP?
We can help you build a landing zone you can rely on.
