Deploying ArcGIS Enterprise on Azure with Azure Virtual Desktop (AVD)

Background

The Bureau of Land Management’s (BLM) Geospatial Business Platform (GBP) is a mission-critical enterprise GIS solution that supports national land, environmental, and permitting workflows, as well as decision-making across the agency. GBP is the largest geospatial hosting platform across the Department of Interior, comprised of over 800 servers, including 300 geodatabases that host over 10,000 map services for the agency. This platform supports more than 3,500 users across all BLM states and offices, with external-facing map services receiving more than 1 million unique views daily.

To meet growing demands for scalability, security, and remote access—while aligning with the Department of the Interior’s Cloud First initiative—GBP transitioned from on-premise infrastructure to Microsoft Azure. This transition integrated ArcGIS Enterprise and Azure Virtual Desktop (AVD) to deliver scalable, cloud-based access for more than 900 concurrent users.

NexGen supported the BLM through this massive migration, including environment setup and large-scale data migration from legacy systems. We assumed a lead role in the operational lifecycle of the AVD environments to ensure scalability, security, and consistent end-user performance.

Challenges

NexGen was tasked with migrating more than 8 petabytes of geospatial data and hundreds of servers to the Azure platform—all while maintaining uninterrupted access to essential services. Remote users needed reliable, high-performing access to ArcGIS Pro and ArcGIS Desktop across multiple geographic locations.

The complexity of patching, scaling, and maintaining nearly 1,000 virtual desktops and servers monthly required a highly standardized and automated approach to minimize operational risk, reduce configuration errors, and ensure compliance with federal security mandates such as OAuth and multi-factor authentication.

NexGen was tasked with managing a solution that remained agile and secure while meeting evolving federal compliance mandates across diverse production and training environments while sustaining high system availability.

Solution

NexGen successfully deployed ArcGIS Enterprise on Azure Government Cloud using a hybrid IaaS and PaaS model, fully integrated with BLM’s Active Directory for secure, centralized access. NexGen reinforced security using Zero Trust principles, integrating OAuth for multi-factor authentication (MFA) and numerous automated solutions to move the platform into a Continuous Authority to Operate (cATO). NexGen assumed full responsibility for the ongoing operations and monthly rebuild of over 980 Azure Virtual Desktop (AVD) instances, including a core production pool of 900 desktops. 

Leveraging an immutable infrastructure model, NexGen rebuilds virtual desktops monthly, ensuring each instance is deployed from a standardized, hardened baseline image. This approach eliminates manual configuration errors, reduces operational risk through automation, and enforces consistency across all environments. We refined and now maintain a suite of automated deployment scripts originally co-developed with federal partners. These scripts are adapted continuously to reflect current environmental requirements. NexGen fully owns script execution and oversees the automated deployment pipeline.

A summary of our key responsibilities include:

• Patch Management: acquiring, validating, bundling, and aligning patches to deployment scripts

• Environment Hygiene: removing deprecated assets and archiving legacy patch sets

• Scaling and User Pool Management: dynamically adjusting capacity and session host availability

• Training Environment Support: provisioning and maintaining isolated environments for specialized use cases

• Continuous System Monitoring: System performance and availability are monitored using Azure Monitor, Microsoft Defender, and Splunk, maintaining 99.98% uptime.

Results

• Operationalized a secure, high-availability AVD environment supporting 900+ concurrent users

• 30% reduction in infrastructure costs

• Maintained 99.98% uptime across monitored systems

• Improved remote performance and user satisfaction

• Enhanced automation, standardization, and risk posture

• Modern, scalable, and secure AVD environment supporting BLM’s national mission

• Supported the foundation for a DevOps-aligned, script-driven operational model

This engagement reflects NexGen’s expertise in automating, standardizing, and minimizing risk in large-scale enterprise GIS environments—paving the way for broader DevSecOps adoption within BLM’s GIS enterprise infrastructure.

About NexGen:

NexGen Technologies (NexGen) provides the people, processes, and solutions that help make innovative IT transformation possible across your systems and applications.

 We specialize in delivering top-tier IT support services, specifically tailored for the unique needs of the federal government. Our dedicated team combines cutting-edge technology with deep industry expertise to ensure your projects meet the highest standards of quality and security.

For more information, please contact NexGen at info@nexgeninc.com or (720) 377-1800.