Our Client :

Derrick® is a family-owned and operated company with a global presence focused on pioneering fine-separation technology.

Derrick's corporate headquarters, in-house manufacturing facility, and Mining & Industrial are based out of Derrick Corporation in Buffalo, New York, while Oil & Gas Drilling and Underground Construction & Aggregates are run out of its Houston, Texas office.

The Challenge:

• Client uses Navision application and database hosted at Datacenter, through remote management and accessing SSL VPN.
• Previous environment was hosted on Datacenter.
• This application needs to support for multiple countries, and it was very slow through SSL VPN. The SSL VPN cost is very expensive, when users increase to larger number of VPN users and accessibility is very slow.

Our solution:

The total solution built in 25 days and testing done by users for another 10 days on RDS MFA login and Navision application access, Shared Folder access through RDS published shortcuts.

• Create Azure subscription under Southeast Asia Region (Singapore).
• Configure VLAN & Traffic Manager for RDP access routing to other countries – Indonesia, Malaysia, South Africa, Canada, Dubai.
• Assign Storage instance & Bandwidth throttling limits.
• Configure Active Directory under Azure Active Directory (AAD) or Configure Active Directory Server (Navision Users – 35, Non-Navision Users – 29).
• Configure Navision Application Server under DMZ zone. RDS is open for this server and restrict users by two-factor authentication.
• Configure Database Server under internal zone only authorized access to Navision application server. It always to restrict database server RDS access restrict to application server. (Need to confirm from Navision Team).
• Configure Multi-Factor Authentication under AAD for Navision Remote access.
• Configure terminal licenses and assign MFA roles to each license.
• Auto backup configuration of Navision application/database / Navision backup files.

Our Results:

• We can publish required publication on RDS (Remote Desktop Services) environment with customized user ACL permissions through Active Directory.
• MFA authentication can easily assign and maintain on RDS AD users.
• The RDS environment accessibility in multiple countries through published RDS Gateway browser URL can be established stable connection.
• The dependent components for this environment can configure on Azure environment without any issues.
• RDS with MFA access on multiple countries without timeout sessions.
• Desktop shared folder access through Azure file share services.