Modernizing VDI using Amazon WorkSpaces Core with the New Mexico ERB

NMERB was running its VDI from two physical data centers that used VMware Horizon on Cisco UCS blades with aging “spinning disks.” Managed by VMware vCenter, the on-premises environment was approaching its end of life, requiring costly hardware upgrades of over $100,000. The agency’s IT staff reported latency of anywhere between 100 and 2,000 milliseconds and sluggish sessions, making routine tasks inefficient and unpleasant. “Having individuals click on an email and wait 30 seconds for it to actually interact and respond was just unacceptable,” says Josh Craft, senior IT systems administrator at NMERB. Logins also stretched to 10 minutes, and broader hardware failures, such as systemic system outages, were increasingly disrupting services.

For an agency that is responsible for paying retiree checks each month, the stakes couldn’t have been higher. With 70 percent of its user base on VDI, $100 million in payments became imperiled, putting the financial well-being of tens of thousands of former educators at risk. Also, with its VMware’s broader uncertainty surrounding vendor transitions, the team recognized the urgent need to quickly move to a more stable foundation. “I was going in to work every day concerned that the ERB data center was about to fall off a cliff,” says Craft. “We needed to make sure that those educators who helped us when we were kids still had member benefits.”

With most of the pension administration system’s environment already on AWS, NMERB went all in and moved its 40 servers and VDI infrastructure to Amazon WorkSpaces Core, which offers cost-effective, simple, flexible cloud desktop infrastructure and APIs for VDI software. What began as an urgent rescue became a strategic migration, modernizing NMERB’s legacy desktop infrastructure into a secure, scalable environment that has reduced cost volatility and paved the way for future innovation.

While performing user-acceptance testing for its new pension administration system, NMERB needed 10 test desktops. Using Amazon WorkSpaces Core, it provisioned all 10 in less than 35 minutes—a turnaround time that was impossible to achieve on the legacy system. The quick response demonstrated the stability of cloud-hosted VDI and led to a full migration that NMERB completed in just 3 months.

To preserve continuity, NMERB integrated Amazon WorkSpaces Core with Horizon 8 by Omnissa, an AWS Partner, which provided the same Blast Extreme protocol and connection servers that its employees were familiar with. This hybrid model empowered the agency to bring its own Windows 11 image, licenses, and applications, helping make sure that the user experience—desktop appearance, icons, and workflows—remained unchanged even as the underlying infrastructure relocated to AWS. It also took advantage of AWS-provided licensing options for simplified management.

Behind the scenes, NMERB rebuilt its WorkSpaces Core environment on two Horizon connection servers and one edge server on Amazon Elastic Compute Cloud (Amazon EC2), which offers secure and resizable compute capacity, facilitating rapid system recovery. Elastic Load Balancing (ELB), a load balancer service for distributing network traffic to improve application scalability, was used to tie together multiple healthy instances, virtually eliminating single points of failure without the expense of on-premises appliances. “I no longer have this roller coaster of spending,” says Kevin Swinson, chief information officer at NMERB. “We just pay for what we use.”

The new VDI environment runs inside a private cloud network, with network flow logs and session telemetry centralized in Amazon Simple Storage Service (Amazon S3)—object storage built to retrieve any amount of data from anywhere—for monitoring and analysis. The security team can now query logs for suspicious activity and investigate incidents more effectively. The result is improved visibility and resiliency across systems that had previously failed during outages.

The improvement in the user experience was dramatic. Sign-on and session launch times were reduced by more than 90 percent, transforming the daily experience for employees and contractors by dropping from 10 minutes to a matter of seconds. Latency that once caused 30-second delays for basic actions has been virtually eliminated, while support requests for desktop issues have dropped sharply. Users now benefit from a more intuitive experience opening emails, loading pages, and uploading documents. Telephony services, once disrupted by data center failures, have remained stable since backend services moved to AWS, providing stability that the agency can trust.

This resiliency has freed up time for the IT staff to work on system improvements, security-hardening, and innovation. But perhaps most importantly, it has improved employees’ work-life balance. “We’re now able to sleep at night,” says Craft. “Management’s vision is for the IT staff to work an eight-to-five schedule, which is almost unheard of, and that’s happening a majority of the time using AWS.”

NMERB is preparing to deploy a highly available FortiGate firewall through AWS services to strengthen traffic inspection and enforce consistent security policies across all locations, including a new building in Santa Fe. With centralized telemetry and cost-effective proof-of-concept testing, the agency can evaluate and adopt new security tools quickly. NMERB is also exploring new Amazon WorkSpaces Core features as they are released, such as streamlined image management, to further simplify operations and improve the end-user experience.

What began as a last-minute effort to keep monthly membership benefits flowing has become the foundation for a more secure, scalable desktop environment. As one of the few agencies operating fully on AWS in New Mexico, NMERB provides a modernization blueprint for other state government entities, demonstrating how one heavy lift can reap a bounty of benefits. “We started with using AWS as a life raft and discovered a stable new foundation,” says Swinson. “Once you’re past that learning curve, it’s great to be here. I’d encourage any other agency to do it any day of the week.”