4-page Case Study
Posted: 4/15/2014
Rate This Evidence:

Walsh Group Construction Firm Moves Workloads to Public Cloud to Gain Greater Agility, Scalability

The Walsh Group builds skyscrapers, subways, and bridges, and other big things all over the world. It’s also a leader in using technology to do construction better. Walsh is busy moving significant chunks of its datacenter environment to Microsoft Azure to reduce IT costs and accelerate IT service delivery. Building on the identity and access management foundation of Microsoft Azure Active Directory Premium, Walsh can deliver servers to the business in hours rather than weeks, gain unprecedented scalability, and reduce costs. Employees and contractors have a much simpler application sign-in experience using Microsoft Azure Active Directory Premium, and Walsh enhances data safety. Walsh has big plans for Microsoft Azure and plans to migrate 10 to 15 percent of its on-premises infrastructure into Microsoft Azure each year to sharpen its competitiveness.

The Walsh Group has evolved considerably since its founding in 1898. Its arsenal of building supplies has grown from hammers and nails to multimillion-dollar cranes and datacenters full of servers. Walsh is an industry leader in using technology to work smarter, faster, and more profitably.

Currently in its fourth generation of leadership, The Walsh Group is responsible for some of the largest construction projects in the world, including air traffic control towers, highways, bridges, stadiums, casinos, wastewater treatment plants, rapid transit systems, universities, and correctional facilities. The Walsh Group owns more than US$450 million in capital equipment and employs more than 5,000 engineers and tradespeople.

* The single sign-on capability in Microsoft Azure Active Directory Premium really simplifies life for employees, who are in and out of multiple Walsh applications throughout the day. *

Patrick Wirtz
Innovation Manager, The Walsh Group

Although Walsh depends on modern IT systems to run its business, management wants every possible penny of its capital budget to go to the job-site equipment that supports its core business rather than to servers, storage, and network cabling. In 2010, to trim IT costs and also keep up with rapid business growth, Walsh used Microsoft cloud software to transform its virtualized datacenter into a private cloud environment. This reduced the company’s physical server count by 20 percent and datacenter management costs by $150,000 annually. The move also relieved Walsh IT staff of mundane server setup chores so that they could focus on work that more directly strengthened the business.

By 2013, Walsh was ready to take another leap forward in datacenter efficiency. “With our private cloud, we streamlined a lot of low-level datacenter work, but we wanted to become even more nimble,” says Patrick Wirtz, Innovation Manager for The Walsh Group. “There’s no need for our staff to be fixing broken hard drives and racking servers.” Walsh wanted to accelerate server, storage, and network provisioning so that developers could create and deploy applications faster, especially new mobile applications that would boost the efficiency of front-line workers such as building inspectors and project managers.

Also, even with a private cloud environment, it was difficult for Walsh to scale IT infrastructure, especially at job sites. Every job site begins with a skeletal crew that grows as the project gets underway and then shrinks as the project completes. Yet, the IT staff had to set up the complete IT infrastructure at the project start—when there was only a handful of employees using it.

Walsh knew that the next step in its innovation progression was to incorporate public cloud services into its datacenter strategy. The challenge was finding the right cloud partner and also finding a way to authenticate and authorize users in the cloud. “We have quite a few government contracts that require secure identity management,” Wirtz says. “We needed to ensure that only authorized individuals accessed our network, that employees who had been terminated no longer had access to applications, and that contractors only had access to applications that they are authorized to see. We considered creating a hybrid authentication and authorization system internally, but it would have involved a complex security model and required a great deal of maintenance work.”

The Walsh Group took its first step into public cloud computing in 2013 by subscribing to Microsoft Office 365, which provides Microsoft Office desktop applications and cloud-based business email, videoconferencing, and file sharing from Microsoft datacenters. This move helped Walsh cost-effectively provide communications and productivity applications to not only its 2,800 office workers, but also to its 2,600 construction employees who had never had a Walsh email address before.

* We considered creating a hybrid authentication and authorization system internally, but it would have involved a complex security model and required a great deal of maintenance work. *

Patrick Wirtz
Innovation Manager,
The Walsh Group

Walsh had also experimented with using Microsoft Azure, the Microsoft public cloud platform, for development and test environments, giving each of its developers a Microsoft Azure subscription as a development “sandbox.” Wirtz had watched Microsoft Azure evolve and was impressed with new services that benefited IT operations staff in addition to developers. “When Microsoft Azure first came out, it was very developer-centric,” Wirtz says. “There was not a whole lot available from an IT operations perspective. But today, there’s a lot in Microsoft Azure for the non-developer IT audience. Microsoft is constantly adding new services and features. It’s almost become a full-time job keeping up with Microsoft Azure!”

Cloud Identity Management Solution
For starters, Walsh was eager to explore Microsoft Azure Active Directory, a comprehensive identity and access management cloud solution that can be used to manage cloud-service user accounts, synchronize with on-premises directories, and gain single sign-on across Microsoft Azure services, Office 365, and popular software-as-a-service applications such as Salesforce, DocuSign, Google Apps, and Dropbox.

Wirtz brought in 10th Magnitude, a Chicago-based cloud services provider and Certified Microsoft Azure partner, to help his team create a proof of concept around Microsoft Azure Active Directory Premium, which provides a robust set of capabilities for enterprises with more demanding needs. Their idea: digitize a Walsh basketball court scheduling system.

Walsh loves basketball. The game epitomizes the teamwork that defines the company. Walsh has a basketball court in its Chicago headquarters for employee use, and it’s extremely popular. Scheduling time on the court previously revolved around a whiteboard and lots of frantic phone calls. Walsh had 10th Magnitude build an application that lets employees book time on the court using either a smartphone app or a webpage. The client application, which runs on the Windows 8 operating system, talks to a scheduling database that runs in Microsoft Azure and a corporate human resources (HR) database (containing employee names and credentials) that runs in the Walsh datacenter. 10th Magnitude used Microsoft Azure Active Directory Premium to expose the scheduling database and HR application to employees in a unified fashion.

The basketball court scheduling application was a huge success among employees, and Walsh was pleased with how easy it was to use Microsoft Azure Active Directory Premium and how feature-packed it was. The application demonstrated to Walsh that Microsoft Azure Active Directory Premium could support its mobile application strategy, and it quickly began working with 10th Magnitude to put the technology to work on real mobile business applications.

One was a punch list application used by job-site inspectors. Nearly 1,000 Walsh employees now use Windows 8 or Windows RT–based Surface tablets and a stylus—instead of clipboards—to perform these inspections. They can take photos with the Surface to add to their reports and immediately share the information with contractors. All the data is stored in Microsoft Azure SQL Database, and Microsoft Azure Active Directory Premium performs user authentication and authorization. Ultimately, 3,500 people will use this application.

Walsh is using Microsoft Azure Active Directory Premium in other applications, particularly other mobile applications that automate paper processes. “We have a tremendous number of paper forms in our business, from timesheets to equipment inspection forms, which require a great deal of time to move from place to place,” Wirtz says. “We are taking the authentication layer provided by Microsoft Azure Active Directory and applying that to many other applications.”

Support for Single Sign-On, Usage Reporting
Microsoft Azure Active Directory Premium contains a number of features that Walsh is using to both simplify employee and partner access to applications and better secure data:
  • Employees have single sign-on to all Microsoft and non-Microsoft cloud and on-premises applications from a single screen.

  • Employees can reset their own passwords through the self-service password reset capability in Microsoft Azure Active Directory Premium. Walsh receives a high number of password-related help-desk tickets, and this feature lets employees easily reset their own passwords and get back to work faster. “Turning on this feature was a very simple process,” Wirtz says. “We also really like the write-back capability, which means that a password reset made in Microsoft Azure Active Directory is also made in the corresponding on-premises Active Directory.”

  • Wirtz’s team uses the security reporting feature in Microsoft Azure Active Directory Premium to see which employees are using which applications and devices, from where, and how often. “If my account is based on the west coast and I sign in to a device that is on the east coast, Microsoft Azure Active Directory detects that and raises an alert that there may be a problem,” Wirtz says. “We deal with sensitive government contracts, so we need to ensure the security of our data. We watch our mobile devices very carefully, and having security reporting like this built into our directory system is great.”

  • The Multi-Factor Authentication capability in Microsoft Azure Active Directory Premium augments application access security. After logging on to externally available services by using their user name and password, employees and partners confirm their identity by responding to a phone call or text message.

  • The Walsh IT team also likes the usage reporting feature, which collects data on specific applications that employees use so that the IT staff can better understand the most popular applications and, when appropriate, suggest more secure replacements for user-downloaded applications.

* Microsoft is constantly adding new services and features [to Microsoft Azure]. It’s almost become a full-time job keeping up with Microsoft Azure! *

Patrick Wirtz
Innovation Manager,
The Walsh Group

Big Plans for Public Cloud
In addition to the work it’s doing to use Microsoft Azure Active Directory to enable a new genre of mobile apps, Walsh is using Microsoft Azure Blob Storage to store branch office server data and use the cloud essentially as a caching device for information searches. Walsh uses the Web Application Proxy feature of the Windows Server 2012 R2 operating system to access these cloud-based information stores and all the data in its on-premises Microsoft SharePoint Server 2013 collaboration environment.

“The goal is to provide employees with all the relevant documents when they do an information search,” Wirtz says. “We reinvent the wheel quite often when responding to proposal requests. We can realize a big time savings by having most of this data in Microsoft Azure paired with a smart way to find it.”

Walsh is evaluating the possibility of moving the disaster recovery location for its Oracle-based enterprise resource planning application to Microsoft Azure now that Oracle provides full support for its applications running in Microsoft Azure. This would give Walsh georeplication and redundancy for this critical application and much lower failover management costs.

What makes the Oracle disaster recovery scenario even more appealing for Walsh is the recent introduction of Microsoft Azure ExpressRoute, a service that organizations can use to create private connections between Microsoft Azure datacenters and their own. Microsoft Azure ExpressRoute offers much faster, more secure connections than the connections that are available over the public Internet.

Walsh could use Microsoft Azure ExpressRoute to boost the connection speed between its main datacenter and regional offices and the nearest Microsoft Azure datacenters. “Microsoft Azure ExpressRoute would essentially make Microsoft Azure part of our private network,” Wirtz says. “We would get better performance, better bandwidth usage, and better security.”

Walsh has aggressive plans to continue moving workloads into Microsoft Azure. “Until recently, our philosophy was private cloud first and public cloud second,” Walsh says. “But we’ve switched to public cloud first and private cloud second. Whenever we can put something in Microsoft Azure, we will. We expect to move 10 to 15 percent of our IT assets into Microsoft Azure each year going forward.”

By making Microsoft Azure a more significant part of its datacenter strategy, The Walsh Group has been able to speed up the development and deployment of productivity-boosting applications and give the IT staff more time to focus on core strategic objectives. Walsh has infinitely better and more precise infrastructure scalability, which reduces costs. The company is using Microsoft Azure Active Directory Premium to simplify employee access to applications while ensuring data safety. All these capabilities make Walsh more competitive, profitable, and successful.

* We also really like the write-back capability, which means that a password reset made in Microsoft Azure Active Directory is also made in the corresponding on-premises Active Directory. *

Patrick Wirtz
Innovation Manager,
The Walsh Group

Gain Greater Agility and Business Focus with Faster Resource Delivery
Because of the ready accessibility of Microsoft Azure compute and storage resources and the fact that authentication can now be replicated to many applications, Walsh can develop and deploy applications faster. “With Microsoft Azure, the compute, storage, and networking resources that we need are just a mouse-click away,” Wirtz says. “We’ve gone from a two- to three-week lead time for resources to a one-day lead time.” The Walsh IT group no longer needs to track how much storage and compute power it has on hand and doesn’t have to procure, install, and maintain so much hardware.

In addition to having ready access to needed infrastructure resources, Walsh developers have access to the latest version of the Microsoft Visual Studio development system and to the established authentication and authorization functions available in Microsoft Azure Active Directory Premium. “Having repeatable processes in place for authentication and authorization really helps our developers work faster and more consistently,” Wirtz says.

From an IT operations perspective, Wirtz appreciates features such as the georeplication of Microsoft Azure datacenters, which relieves his staff of disaster recovery worries. “The less time we spend dealing with server redundancy and backup issues, the more time we’re able to spend on our vision and strategy,” Wirtz says.

Improve Infrastructure Scalability, Lower Costs
With Microsoft Azure, Walsh can avoid overprovisioning job-site infrastructure at the start of jobs and can instead deploy precisely the resources needed at the time, scaling at the click of a button and saving a lot of time and money. “We have a hard time justifying IT costs to the business,” Wirtz says. “Our management doesn’t care that we spend a week deploying servers; it just wants to know that we’re delivering applications to the business when it needs them and doing so cost-effectively. Microsoft Azure helps us do that.”

Wirtz’s staff can also more precisely charge business units for Microsoft Azure services used, which is difficult to impossible in the on-premises datacenter. “In a private cloud, it’s difficult to break out the portion of a host server or a network that a particular internal customer is using,” Wirtz says. “But with Microsoft Azure, we can charge business units for the IT resources they use down to the penny, and we can charge them less, because we’ve removed the work of deploying and caring for the infrastructure. Being aware of IT costs and their usage also helps business units understand the true cost of IT and be more conservative in their requests.”

Then there are outright savings that come from using intelligent software. “With employees using the self-service password reset feature in Microsoft Azure Active Directory Premium, we’ve been able to reduce help-desk costs by $20,000 annually,” Wirtz says.

* With Microsoft Azure, the compute, storage, and networking resources that we need are just a mouse-click away. We’ve gone from a two- to three-week lead time for resources to a one-day lead time. *

Patrick Wirtz
Innovation Manager,
The Walsh Group

The punch list application lets one inspector do the work that previously required two people on-site and lets the inspector immediately share quality issues with contractors. When rolled out broadly, this application will result in significant savings.

Deliver Better Employee Experience, Enhance Security
By using Microsoft Azure Active Directory Premium, the IT team provides easier application access for employees and higher data security for Walsh. “The single sign-on capability in Microsoft Azure Active Directory Premium really simplifies life for employees, who are in and out of multiple Walsh applications throughout the day, and for customers and partners, who also use our applications,” Wirtz says. “If an employee leaves Walsh, we can centrally and immediately cut off their access to all of our services at the same time, no matter where these applications are running.”

Also, with Microsoft Azure Active Directory Premium, Wirtz’s staff doesn’t have to manage the authentication and authorization layer. As the company takes on more government contracts that require higher levels of sign-on security, Microsoft Azure Active Directory and Multi-Factor Authentication will become even more important, as it both reduces the company’s on-premises malware attack surface and relieves the Walsh IT staff of monitoring the company firewall around the clock.

Be More Competitive
By reducing IT costs, making employees more efficient, and making it easier for partners and customers to connect to the applications they need, Walsh can be more competitive. “An agile, low-cost IT infrastructure has a direct bearing on our profitability and our success,” Wirtz says. “Our team can deliver IT services that the business needs much faster, which gets projects underway sooner, and Microsoft Azure services are more cost-effective than on-premises infrastructure. Every penny we squeeze out of IT overhead is money that goes to our bottom line or to other strategic projects. We are just beginning to scratch the surface of ways that we can use Microsoft Azure to run our business more effectively and profitably.”

Microsoft Azure
Microsoft Azure is an open and flexible cloud platform that enables you to quickly build, deploy and manage applications across a global network of Microsoft-managed datacenters. You can build applications using any language, tool or framework. And you can integrate your public cloud applications with your existing IT environment.

For more information on Microsoft Azure, go to:

For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers in the United States and Canada who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:

For more information about 10th Magnitude products and services, visit the website at:

For more information about The Walsh Group products and services, call (312) 563-5400 or visit the website at:

Solution Overview

Organization Size: 5000 employees

Organization Profile

The Walsh Group is a Chicago-based construction firm that builds airports, highways, stadiums, and other large-scale projects. It employs more than 5,000 engineers and tradespeople.

Business Situation

Walsh wanted to augment its private cloud environment with public cloud computing to gain even faster IT resource delivery, better scalability, and lower costs. It sought the fastest path to public cloud.


Walsh chose Microsoft Azure because of its rich and varied offerings, beginning with Microsoft Azure Active Directory Premium, a cloud identity and access management solution.


  • Gain greater agility and business focus with faster IT resource delivery
  • Improve IT scalability, lower costs
  • Deliver better employee experience, enhance security
  • Be more competitive

Software and Services
  • Microsoft Azure
  • Microsoft Azure Active Directory
  • Microsoft Office 365
  • Windows Server 2012 Datacenter
  • Microsoft System Center 2012 R2
  • Microsoft Azure Multi-Factor Authentication
  • Microsoft Azure SQL Database

Vertical Industries
Architecture, Engineering & Construction

United States

Business Need
  • Cloud & Server Platform
  • Business Continuity
  • Disaster Recovery
  • Cost Containment

IT Issue
Cloud Services


10th Magnitude