Nexval Simplifies AWS Windows Workload Solution for a desktop-based environment

Nexval Group is an organization having deep domain expertise and knowledge in US Mortgage Banking Solutions and Real Estate Finance industry along with our capabilities in Application Software Solutions, Consulting Solutions and Business Support Services focus on maximizing value and reducing costs for our customers.

The Nexval team has achieved a prominent position as an expert Software Development and BPO Company attracting some of the best managerial, analytical and development brains in the industry. The company founders have many years of experience in building high-value enterprises with a history of rapid growth and profitability.

The primary focus areas were to optimize the current architecture to better sustain their use case.Nexval has a Windows based desktop application which was deployed on an on-premise infrastructure. The challenges faced on this infrastructure were-

1. Multiple Single Points of failure in terms of Networking and Scalability.
2. Increased cost of maintenance due added cost of Windows CAL licenses.
3. Expensive migration strategy for a VDI / Multi Desktop approach.
4. There was no scope to enable a multi user interface for the application.
5. Remote users had no access to the desktop application.
6. No scope for maintaining backups of the database and other application files.
7. Multi User environment for enabling Work from home was not in place.

To address these requirements, Nexval engaged with Workmates to implement the application infrastructure on the AWS Cloud and also make it compliant with secure, high-performing, resilient, and have an efficient infrastructure for their applications.

1. Workmates prepared an AWS account to create all the infra in Mumbai Region
2. All the servers will be places in the private subnet and they will have non-routable IPs over the internet attached to it.
3. Servers can be accessed only over SSLVPN. All the VPN users will be provided with secured keys for accessing the servers.
4. All the servers will be bind with SSL VPN server and remote user will use an SSL VPN client for accessing the server
5. To enable a multi session interface for the application, we deployed a middleware that had the option to extend, RemoteApp Services within Microsoft Windows.
6. This allowed us to create multiple RDP users without having to add/purchase CAL (Client Access Licenses.
7. We deployed Microsoft SQL server 2019 Standard edition on the virtual machine for the database layer.
8. Workmates enabled SQL Server management studio locally for each user to connect to the database server via the SSL VPN tunnel.
9. This allowed the database administrators to leverage Named Pipes TCP without having to expose network traffic over the public internet.
10. The middleware which was deployed earlier, was further secured using an encrypted network layer via the SSL VPN so that local users could concurrently take access of the application server.
11. Workmates enabled Work-From-Home workstations using AWS Workspaces.
12. We created a simple AD, mapped to a domain name as DNS, “zillow.nexval.com”.
13. This was further used to create individual workspace machine for individual user, up to 75 users.
14. Each of these users used the AWS Workspaces desktop client to access their respective cloud workstations and perform their daily activities.
15. Furthermore, to ensure proper security for RDP user names and passwords we used Systems Manager Parameter Store to avoid the risk of losing unique passwords.
16. We also used Systems Manager maintenance windows to occasionally update the Windows OS via Patch Manager and Systems Manager maintenance windows.
17. All monitoring is made available using AWS Enterprise tool CloudWatch.
18. We have implemented Infra backup i.e AMI & Snapshots and Native database and code backups.
19. All the infra and DB backup is stored on s3 storage service with 15 days retention and can be accessible at any point of time.
20. We have automated all the backup and recovery with our own scripts.
21. Workmates will provision automate server recovery if any failure happens at server level.
22. CloudTrail for recording changes in AWS infra maintain 90 days logs without any additional cost.

• AWS IAM role-based access control to restrict users to only the required resources.
• Access to the EC2 server access is restricted to certain roles and IAM user and is accessible inside the VPC network only.
• All EC2 and Workspaces are hosted within private networks thereby avoiding public IP exposure.
• Deep visibility into API calls are maintained through AWS Cloud Trail, including who, what, and from where calls were made. All user related activities are tracked and logged.
• For any Administrative task Remote user have need to connect to VPN client for accessing the servers.
• All the RDP/SSH port are bound with OpenVPN server, also default ports will be changed to the custom port.
• SSL Certificate mapped onto the Application Load Balancer using ACM.
• Encryption enabled both in rest and transit using KMS and ACM

1. The desktop Application is configured in private and is exposed through and SSL VPN for user accessibility thereby ensuring security.
2. We have been able to provision a highly available and secured environment. After moving to AWS customer had achieved 100% Uptime.
3. Users able to connect from anywhere using secure connectivity.
4. All users in Nexval have satisfactorily been using their workstations from cloud using local networking.
5. All provisioned infra running with maximum efficiency without any down time.
6. Users have given wonderful feedback after we have completely redesigned the architecture.