Desktop and Application Streaming
Seamless and secure end-user computing at Intuit with Amazon WorkSpaces
About Intuit
Intuit is the global financial technology platform that powers prosperity for 100 million customers with Intuit TurboTax, Credit Karma, QuickBooks, and Mailchimp. Intuit’s range of interconnected products and services deliver personalized AI-driven experiences at scale for a diverse customer base, including small and medium-sized businesses (SMBs), self-employed individuals, freelancers, individual taxpayers, and tax professionals. With $14 billion in revenue and more than 18,000 employees, Intuit operates across 20 offices in nine countries, including the United States, Canada, UK, Israel, France, Ireland, Australia, Singapore, and India.
Intuit and Amazon WorkSpaces
A team of Intuit engineers and specialists from various departments put in 9 months of hard work to make the Amazon WorkSpaces launch a success, supporting their internal workforce and external partner product experts. Intuit’s internal workforce is comprised of full-time employees, including contractors. In contrast, partner product experts are external “customer care” agents who offer specialized support for products such as TurboTax and QuickBooks, using company-provided laptops or their own devices (BYOD).
Intuit’s internal workforce of badged employees is given company-issued laptops for hybrid or fully remote work. Partner product experts work from home offices or partner locations around the world, often seasonally and during unconventional hours, using their own devices (BYOD). Partner product experts also use Amazon Connect, an omnichannel cloud contact center, to provide product support and enable better customer experiences.
Managing endpoint security
Ensuring the security and privacy of Intuit’s data is a top priority, leading the company to embark on an initiative to improve security of end-user computing devices. As Intuit evaluated solutions for these use cases, they needed to ensure functional requirements were met, including: end-to-end encryption, agility to quickly scale during times of peak demand (e.g., tax season in the United States), consistent availability for employees and product experts working across time zones worldwide, and high performance to ensure quality customer experiences on telephony support calls. Developers use company-issued laptops running local virtual machines to develop Microsoft Windows applications such as QuickBooks Desktop.
Improving agility, performance, and security using Amazon WorkSpaces
Intuit selected WorkSpaces to provide a secure, managed Desktop-as-a-Service (DaaS) offering for their “Cloud PC” initiative. To provide a reliable and performant solution, Intuit deployed WorkSpaces into four AWS regions. By distributing end-users across four regions, Intuit improved availability and eliminated risks associated with a single region dependency. In addition, by spreading the solution across multiple regions, Intuit was able to place WorkSpaces resources closer to the end users’ geographic location, enabling a better experience by reducing latency when connecting to WorkSpaces.
The four regions are then broken into two pairs: the United States WorkSpaces environment hosted in AWS US West (Oregon) and US East (Ohio), and the Asia-Pacific (APAC) WorkSpaces environment hosted in AWS Asia Pacific (Singapore) and Asia Pacific (Sydney). The two pairs use WorkSpaces Cross-Region Redirection and Multi-Region Resilience features that offer a cost-effective and easy-to-manage business continuity solution with less than 30-minute recovery time objective (RTO) using standby WorkSpaces in the failover region. This feature provides the business continuity strategy that Intuit’s Partner Product Experts require to reliably support customers globally. Multiple AWS accounts connected through AWS Transit Gateway provide network connectivity to third-party applications, tools, infrastructure services, and security solutions for WorkSpaces.
In compliance with Intuit’s security standards, WorkSpaces integrates with their existing SAML (security assertion markup language) IdP (identify provider) with multi-factor authentication for login. Within WorkSpaces, security and management agents such as data-loss prevention (DLP), OS and application patching, privilege escalation, real-time web visibility, unified endpoint management, digital employee experience, and anti-malware and detection allow full control of the endpoint.
Intuit WorkSpaces architecture using Multi-Region Resilience
Partner product experts use a custom contact center solution built with Amazon Connect to provide customer care. During testing of the application on WorkSpaces, the team identified an opportunity to enhance audio performance. With help from Amazon Connect Specialist, Intuit improved audio performance by enabling the Amazon Connect Audio Optimization feature in WorkSpaces that offloads the audio to be processed by the local client endpoint, providing native-quality audio. AWS Solutions Architects and Intuit engineers implemented a solution using conditional logic to evaluate whether Amazon Connect is running in a WorkSpaces instance. If so, the solution disables the audio in the WorkSpaces Amazon Connect Contact Control Panel (CCP) and enables it on the client endpoint. By addressing this issue, partner product experts can continue to enjoy a consistent user experience during the migration to WorkSpaces, regardless of whether they are using a laptop or a WorkSpaces instance.
Scaling a secure end-user compute solution
By deploying WorkSpaces, Intuit saw a significant positive impact on security and operational efficiency. Currently, with a few hundred users in production, WorkSpaces provides Intuit with the capability to scale up and accommodate the expected deployment to tens of thousands of end users by 2025.
With a centrally managed solution, Intuit has more control over their endpoints, from patch management to deploying data security controls that improve the security posture of endpoints connecting to the corporate network. By removing the dependency on virtual private networks (VPN) previously used on endpoints, Intuit expects to reduce licensing cost and operational overhead, while improving the end-user experience with faster start-up and load times of tools used every day to support customers.
“With Amazon WorkSpaces, we’ve successfully enabled Windows development on macOS endpoints and eliminated unmanaged local virtual desktops for our workforce, opting for a more secure approach. Additionally, we’ve furnished our Partner Product Experts with a robust virtual desktop experience, ensuring consistency and enhancing our overall security measures.”
– Hieu Giap, Principal Systems Engineer, Intuit.
According to Hieu, engaging stakeholders early, tracking decisions systematically, understanding limitations, and customizing solutions in collaboration with the AWS End User Computing team, were key drivers of success. In addition, efficient chargeback management and staying focused on core objectives are crucial strategies.
“Our collaboration with AWS has been exceptional. Right from the early stages, they were deeply involved and closely aligned with our team from the design phase through the proof of concept and all the way to the production rollout. AWS’s dedication and technical subject matter expertise played a pivotal role in the success of this project.”
– Hieu Giap, Principal Systems Engineer, Intuit.
Daniel Cil is a Senior Solutions Architect on the AWS Strategic Accounts team where he helps customers overcome challenges at scale. He has over 20 years of supporting defense, financial services, health and life sciences, and retail customers. | |
Aqsa Mughees is a Product Marketing Manager, End User Computing at AWS. She is passionate to learn new things and help create a difference through marketing and technology. She loves to play Tekken, watch thriller movies, enjoy good food, and go on vacations. |