Case Study:

Ross & Baruzzini Implements Custom AWS Landing Zone Solution

SHI devises a multi-partner strategy and empowers a global workforce of remote end users


Customer Profile

Ross & Baruzzini, Inc. – A leading consulting and design firm.


Ross & Baruzzini needed a repeatable, multi-account solution to address security, compliance and governance at scale. The customer needed a repeatable, multi-account solution to address security, compliance and governance at scale.


ITAM and Licensing
Data Center

SHI devised and implemented an AWS Landing Zone solution that aligned to the Well-Architected Framework utilizing AWS native services.




The solution empowered remote workers with a desktop experience congruent with that of an on-premises employee.

  • Reduced configuration drift through DevOps pipelines
  • A repeatable strategy for account provisioning with consistent detective and preventative guardrails
  • Reduced manual configuration through repeatable, codified, continuous deployments
  • Empowered remote workforce through AWS WorkSpaces and AppStream 2.0
  • Enabled the migration and future growth of over 400 AWS workspaces


Ross & Baruzzini – A 65+ year-old consulting and design firm supporting diverse industries needed a native, multi-account strategy that aligned with AWS best practices and produced consistent results. The customer was looking for both a technology advisor and partner with a specialized skillset to implement this strategy and solution at scale. The customer also needed to deliver a remote desktop experience and desktop applications to a global workforce of remote end users while minimizing administrative overhead. They required a partner familiar with deploying Desktop as a Service (DaaS) solutions who could help them leverage the services offered by AWS.

Utilizing their existing relationship, Ross & Baruzzini tasked SHI with developing and implementing a solution to address their needs for a Landing Zone and DaaS services.


SHI designed and implemented a solution to codify and parametrize the proposed AWS Landing Zone Solutions as well as resultant application, service and image deployments via Jenkins. Each of these activities are represented as DevOps pipelines in the form of Jenkins jobs and live within a job repository in AWS CodeCommit. This allows the customer to quickly instantiate their entire AWS infrastructure and auxiliary DevOps infrastructure as part of a completely separate environment – in a fraction of the time of a traditional, non-codified deployment. Furthermore, the customer can control deployments to all children accounts under their AWS Organization from one central location.

To ease adoption and developer integration, the solution was architected to take advantage of AWS native services for preventative and detective guardrails. The adoption of native security and logging services enabled tracking and logging events without the headache of custom, third-party product integration. The utilization of AWS WorkSpaces and AppStream 2.0 allowed for secure, global distribution of desktop and desktop application streaming services with minimal administrative efforts.

SHI empowered Ross & Baruzzini through paired working sessions, assisting with:

  • Deploying a Landing Zone to address security, compliance and governance at scale strategy
  • Codified infrastructure provisioning as well as application, service and image deployments
  • Ensuring consistent idempotent deployments through CI/CD pipelines
  • Elimination of developer fatigue due to native integrations through native services

SHI initiated the engagement by deploying a hardened, multi-account structure consisting of AWS native security, monitoring and logging services, as well as establishing network connectivity between AWS resources where necessary. During the on-site meeting, SHI interviewed key stakeholders and contributors to assess the organization’s business requirements. SHI developed a cohesive Landing Zone strategy with consideration for the customer’s current workflow, regulatory requirements, and overarching, multi-account strategy as it related to governance.

SHI reduced defects caused by manual intervention, eased remediation, and improved flow into production by codifying all operations against the customer’s AWS account. SHI deployed Jenkins and created a repo in AWS CodeCommit to store Jenkins jobs. SHI also deployed and validated an application pattern using an infrastructure provisioning pipeline, pulling from templates within the customer’s repository for reusability. This allowed the customer to stand up environments and deploy resources in a predictable, idempotent manner. An image factory was deployed through pipelines to bake Amazon Machine Images for use with configuration management tooling.

To empower their remote workforce and grant them a seamless user experience, SHI deployed AWS WorkSpaces and AppStream 2.0. – assisting the customer in retaining existing workflows and practices by integrating their Nasuni and Centrify implementations with WorkSpaces. The integration allowed the customer to access their data in Nasuni cloud, as well as access and secure their workspaces with Centrify. SHI provided a robust remote desktop experience and validated the use of programs such as Revit and CAD.


Adoption of an AWS Landing Zone afforded the customer a repeatable, codified strategy designed to address security, compliance and governance at scale. The solution enabled the ability to define policies, such as detective and preventative guardrails that can be implemented on each account within the customer’s AWS Organization.

Codifying their entire deployment process, from infrastructure provisioning to application, service and image deployments, allowed the customer to be nimble in the cloud space and cemented best practices for a more mature DevOps practice. The solution is more manageable as each deployment is predictable. With the new deployment processes and pipelines, Ross & Baruzzini’s application stack can be deployed reusing the same parametrized scripts.

Adopting AWS WorkSpaces and AppStream 2.0 allowed Ross & Baruzzini to grant access to remote desktop services and applications to a large subset of their remote users – over 400 users! This solution enabled users to access GPU intensive applications without the need for heavy resource administration, while utilizing their existing Centrify Cloud solution.