Get Started

Cybersecurity Services

Cybersecurity Services
vCISO / Fractional CISO
Offensive Security & Penetration Testing
Incident Response & Digital Forensics
Cybersecurity Awareness
CMMC Compliance

Managed IT Services

Help Desk & End User Support
NOC (Server/Network RMM)
MDR/XDR (AI-Assisted SOC)

Professional Services

Remote Deployment and Operations
Staff Augmentation
AI & Automation Consulting

Solutions

Infrastructure & Security
Cloud & Data Center
Data Protection & Backup/DR
Zero Trust Security
Remote Workforce & Endpoints
Virtual Desktops & Apps (VDI)
Unified Communications
Mobility Solutions
SaaS Protect Microsoft
SaaS Protect Google

Industries

Federal Government
State and Local Government
Healthcare
Education
Critical Infrastructure
All Industries

Partners

Microsoft
Hitachi
Nutanix
FileCloud
Google
Commvault
Dell EMC
Login VSI
Omnissa
HPE
TURBO.NET
Red Hat
All Partners
Microsoft
Google
Omnissa
Hitachi
Commvault
HPE
Nutanix
Dell EMC
TURBO.NET
FileCloud
Login VSI
Red Hat
All Partners

Insights

Blog
Z7 Cyber Intelligence
Case Studies
Capability Statement

About

Why Z7 Solutions
Contract Vehicles
Careers
Contact Us
Back to Case Studies

State Entity Transforms Legacy VDI Into a Cloud Ready, Intelligent, Containerized EUC (Full Version)

Case Study, Phase 2

State Entity Transforms Legacy VDI Into a Cloud Ready, Intelligent, Containerized EUC Platform

Executive Summary

After the successful cleanup and standardization of its on premises Horizon 8 environment in Phase 1, a major State Entity partnered with Z7 Solutions to take the next step. The goal was not only to keep the environment stable, but to modernize it for cloud, hybrid work, and continuous improvement.

Z7 engineered a staged move from Horizon 8 on premises to Horizon Cloud on Azure Gen 1, and then to Gen 2. The team implemented a hybrid FSLogix and DEM profile strategy, modernized application delivery with Turbo containers, migrated endpoint security from Carbon Black to SentinelOne, and improved experience across Wyse thin clients, Chromebooks, and laptops. Omnissa Intelligence and HaloPSA were used to drive analytics based operations.

The result is a cloud enabled, containerized, and security modernized EUC platform that delivers faster logons, fewer incidents, and a better user experience, while giving the agency more flexibility for future initiatives.

Customer and Context

Organization

State economic development agency (State Entity)

Environment

Two main data centers, Horizon based VDI estate, and a mix of Wyse thin clients, Chromebooks, and Windows laptops and desktops.

Phase 1 Outcome

Stabilized and standardized Horizon 8, fully retired Citrix, cleaned up AD and GPO, and strengthened DR.

Phase 2 builds directly on that foundation and aligns to Z7 capabilities in cloud and virtualization, end user computing, automation and AI, cyber resilience, and business continuity.

Challenge

Once the environment was stable, the State Entity needed to move from a purely on premises mindset to something more flexible and future proof.

Business and operational drivers included:

  • Heavy reliance on physical data centers and hardware refresh cycles.
  • Limited ability to scale quickly for remote and hybrid work.
  • Ongoing problems with profile persistence, PDF defaults, Teams and Zoom performance, and printing, especially from Chromebooks and Wyse endpoints.
  • Gold image sprawl and fragile application packaging that made change risky.
  • Carbon Black agents that consumed resources and generated false positives in VDI.
  • A desire to base decisions on telemetry and patterns rather than one off incidents.

The agency needed an EUC platform that was cloud aware, container capable, and supported modern security and analytics, without disrupting daily operations.

Environment wide

  • Citrix remained partially in production. This meant duplicate tool sets and unnecessary licensing cost.
  • App Volumes and DEM were used without clear rules, which caused random application failures.
  • Active Directory was full of stale objects. Group policies were layered, conflicting, and hard to maintain.
  • DR was limited to basic backups, with no real confidence in recovery.
  • Help desk teams were handling a high volume of tickets related to logons, profiles, printing, and session stability.

The mandate to Z7 Solutions was clear:

Fix Horizon, retire Citrix, standardize the environment across both sites, and keep production VDI on premises, using cloud only for backup and DR.

Z7 Solution

1. Horizon On Premises To Horizon Cloud on Azure, Gen 1 and Gen 2

Z7 designed and executed a controlled path into Horizon Cloud on Azure.

  • Enabled Horizon Cloud on Azure Gen 1 to introduce cloud elasticity and reduce dependency on physical hardware.
  • Identified limits in the Gen 1, appliance based approach, such as slower updates and vendor dependent fixes.
  • Moved the agency to Horizon Cloud on Azure Gen 2, which provides a cloud native control plane, faster brokering, tighter integration with Azure identity and telemetry, and better scale for hybrid work.

Horizon Cloud Gen 2 now acts as the backbone of the EUC stack for both cloud and on premises workloads.

2. Modern Profile Architecture Using FSLogix and DEM

To resolve chronic profile instability and logon issues, Z7 implemented a hybrid profile design.

  • Introduced FSLogix profile containers in place of roaming and traditional local profiles.
  • Continued to use DEM for granular user and application settings.
  • Tuned GPO sequencing and FSLogix settings to fix printer persistence, Number Lock resets, taskbar and icon behavior, Chrome and Adobe default handling, and Teams and Zoom performance.

Pools that use FSLogix saw a reduction in profile related tickets of roughly 25 to 40 percent and produced a more predictable logon experience.

3. Application Modernization With Turbo Containers

To reduce image size and support consistent application behavior across cloud and on premises, Z7 introduced Turbo for application streaming and packaging.

  • Implemented Turbo SaaS and packaging studio for the agency.
  • Rebuilt critical applications such as Adobe and PDF tools, browsers, Office, productivity apps, CAD, and line of business applications as Turbo containers.
  • Resolved long standing Adobe and PDF default issues and licensing conflicts.
  • Designed containers so they can be delivered to Horizon Cloud (Gen 1 and Gen 2), Horizon on premises, and AVD pools.

The shift to containers greatly reduced gold image regressions and made it easier to test and roll out application updates.

4. Endpoint Modernization Across Wyse, Chromebooks, and Windows Devices

Z7 addressed the diversity of endpoints so that the Horizon experience would feel consistent.

Wyse Thin Clients

  • Upgraded ThinOS firmware to improve stability.
  • Fixed USB redirection, audio breaks, and peripheral drops.
  • Standardized Horizon client versions in line with Horizon Cloud Gen 2.

Chromebooks

  • Resolved remote printing and profile persistence issues.
  • Aligned Chrome identity and policies so users could launch Horizon reliably.

Windows Laptops and Desktops

  • Continued patching, hardening, and Group Policy optimization through ongoing managed services.

5. Security Modernization From Carbon Black To SentinelOne

To improve security and reduce impact on performance, Z7 led a transition from Carbon Black to SentinelOne.

  • Removed Carbon Black agents and replaced them with SentinelOne.
  • Validated SentinelOne behavior inside gold images and Turbo containers.
  • Tuned allow lists and policies to avoid conflicts with FSLogix, Turbo, and Horizon Cloud.

This provided stronger, behavior based detection with fewer false positives and lower resource utilization in VDI pools.

6. Intelligence Driven Operations With Omnissa Intelligence and HaloPSA

Z7 helped the agency move from reactive incident handling to analytics guided operations.

  • Used Omnissa Intelligence for device experience scoring, performance telemetry, anomaly detection, and policy drift insights.
  • Used HaloPSA for ticket classification, trend analysis, root cause mapping, and SLA tracking.

Together, these tools allowed Z7 and the agency to:

  • Group issues into patterns, such as profiles, printing, apps, endpoints, security, Group Policy, or Horizon.
  • Prioritize tuning of FSLogix, DEM, Turbo containers, Wyse and Chrome clients, and SentinelOne policies.
  • Measure the impact of changes over time and continuously refine configuration.

Measured Outcomes

Across test groups and production pools, the agency saw concrete improvements.
  • Average logon times in Horizon Cloud Gen 2 are roughly 20 to 30 percent faster than in the pre cloud Horizon environment.
  • Profile, application, printing, and peripheral issues in FSLogix enabled pools dropped by about 25 to 40 percent.
  • Turbo containers eliminated many regression patterns that used to appear after traditional image updates.
  • SentinelOne improved overall security posture while using fewer resources than Carbon Black.
  • Wyse and Chromebook reliability improved significantly after firmware and client changes.
Over a 24 month period, recurring issue categories were reduced by roughly 30 to 50 percent, freeing staff to focus on proactive work rather than repeat incidents.

Strategic Impact

Taken together, Phase 1 and Phase 2 form a complete EUC transformation story.

  • Phase 1 focused on stabilization and cleanup. Z7 rescued a failed Citrix to Horizon migration, standardized Horizon 8 on premises across two data centers, retired Citrix, and remediated identity, policy, and DR issues.
  • Phase 2 focused on modernization and agility. Z7 delivered Horizon Cloud on Azure Gen 2, a hybrid FSLogix and DEM profile strategy, Turbo containers, SentinelOne, endpoint modernization, and intelligence driven operations.

The State Entity now operates a modern, reliable, and secure EUC platform that is ready for new workloads, new services, and continued modernization without a complete re architecture.

Share This: