4-page Case Study
Posted: 8/31/2012
Rate This Evidence:

Menzies Aviation Aviation Company Improves Identity, Access Management with Latest Operating System

Menzies Aviation is a global provider of passenger, ramp, and cargo handling services. Its rapid global expansion through business acquisitions contributed to an increasing number of employees and devices, a growing amount of data, and a complex network—complicating employee authentication, identity, and information access management. Menzies Aviation deployed Windows Server 2012 so that IT staff can use its centralized, flexible tools to build an easily managed employee identity framework. The company can easily control employee access to file data, enhance data security, and achieve compliance—all from its two, UK-based data centers. Also, Menzies Aviation can virtualize its Active Directory Domain Services infrastructure, so IT staff can quickly clone virtual domain controllers, reducing the time it takes to integrate new businesses into the network and minimizing service disruption.

Menzies Aviation is a global provider of passenger, ramp, and cargo handling services. Through a combination of organic growth, acquisitions, and the development of niche opportunities, Menzies Aviation is now a major force in the international ground handling industry. Operating at more than 132 airports in 34 countries and supported by a global team of more than 17,000 people, Menzies Aviation serves more than 500 airline customers that handle more than 800,000 flights and 1.7 million tons of cargo annually.

Maintaining the flexible, reliable, and secure IT infrastructure that is necessary to support the company’s global operations is an ongoing challenge. Menzies Aviation accomplishes this with a lean IT team of 70 people, 16 of whom work at two data centers in the United Kingdom that are configured in an active-active design. One is in Middlesex, England, and the other is in Hampshire, England. Menzies Aviation worked with longtime partner Dell, a member of the Microsoft Partner Network, to complete the data center project in 2007 and improve business continuity and customer service level agreements. Together, there are 300 Dell PowerEdge 2950, R710, and R720 servers across the two data centers. Menzies Aviation uses a Cisco network and an EqualLogic storage solution. Menzies Aviation maintains a VMware-based virtualized environment that includes 350 virtual machines that run mission-critical business systems.

“We support our entire global operations from the United Kingdom, so our systems have to be flexible enough to connect to our customers’ varied infrastructures at locations that range from Heathrow Airport in London to Cozumel Airport in Mexico,” says Martin Gallington, Senior Vice President of IT at Menzies Aviation. “We are growing rapidly, so we need to ensure that our data centers are scalable and cost effective. That means we are always striving for more density; the more virtual machines we can host on our infrastructure, the better.”

These challenges are compounded by the sheer volume of operational data that Menzies Aviation captures and processes every year to analyze operations and prove that it is adhering to service level agreements (SLAs). “If our systems go down, it could have a direct impact on our customers and their customers,” says Justin Apps, Head of Enterprise Architecture at Menzies Aviation. “That is a lot of responsibility for our small data center team.”

* We are number two in the world. We want to be number one. With Windows Server 2012, we can grow our business, reduce costs, and deliver the SLAs that our customers demand. *

Martin Gallington
Senior Vice President of IT, Menzies Aviation


To ensure optimal service, system administrators constantly monitor mission-critical business systems at both data centers, such as the customs and excise checks solution. “If that fails, we could delay planes. We could delay cargo deliveries,” says Apps. “So we are always looking for innovative developments in data center solution monitoring and management tools.”

The Challenges of Rapid Growth
Menzies Aviation manages its complex, distributed environment by using Active Directory Domain Services, the directory service that is an integral feature of the Windows operating system. At Menzies Aviation, Active Directory functions as a central location for network administration and security through a network of 12 domain controller servers. An Active Directory domain controller authenticates and authorizes all users and computers in a Windows network.

Menzies Aviation IT staff has to cope with the effects of rapid growth. As the company wins new customers and acquires more businesses, its network constantly evolves. From the two data centers, network administrators have to rapidly deploy new domain controllers and adjust network topology accordingly, so they wanted to simplify this process as much as possible. “We have been working hard to consolidate Active Directory domains on Windows Server 2003 and tidy up the infrastructure after our acquisitions,” says Apps. “But there is still a lot of work to be done.”

“Every time we bring a new company into Menzies Aviation, we have to quickly upgrade our network and integrate new devices, systems, and data stores into our environment, while ensuring proper access control to company resources for new employees,” says Gallington. “As we add employees—who need access to diverse systems and resources on the corporate network—it becomes more challenging to maintain a cohesive identity and access framework.”

One way to address these challenges is to virtualize Active Directory. However, Menzies Aviation system administrators have been wary about putting Active Directory in a virtual environment because of problems that may arise when they try to restore a domain controller from an image backup and the new image isn’t recognized by the domain controller. “We wanted to virtualize Active Directory, but it can sometimes introduce corruption into the network, which is bad for business,” says Alan Yin, Senior Engineer in the Enterprise Systems Team at Menzies Aviation.

Security Challenges
In the aviation industry, data security is paramount. Menzies Aviation must protect confidential customer information, such as timetables, passenger lists, and cargo contents and delivery schedules to ensure passenger and crew safety. Yet Menzies Aviation employees need to access this information from anywhere—servers, desktop computers, portable laptops, mobile devices, and email stores—and share it appropriately. The company’s user access policies must comply with strict aviation and government regulations. In a global, rapidly changing environment with high staff turnover, it’s a challenge for Menzies Aviation to control access to information. To meet this challenge, IT staff has to correctly configure the right security policies for a large number of files stored on eight file servers in the data centers.

“Anywhere we can improve our access control mechanism would help us keep our data secure and comply with aviation industry and government regulations,” says Gallington. “We have to make sure that every employee who logs on to any computer can only see the information he or she is supposed to see.”

So when Dell suggested that Menzies Aviation participate in the Rapid Deployment Program (RDP) for the Windows Server 2012 operating system, the company decided to investigate the new identity and access management improvements in the latest Windows operating system from Microsoft.

* We tried hard to push Windows Server 2012 to its limits. But here we are running the beta—it’s working, it’s fast, and we can’t break it. *

Justin Apps
Head of Enterprise Architecture, Menzies Aviation

“Dell recommended Menzies Aviation for the Windows Server 2012 RDP as there was a strong desire to innovate and lead the industry, while meeting the business need to improve security and reduce costs,” says Terry Storey, Senior Global Architect, Microsoft Strategist at Dell. “Everything aligned to begin testing on the beta, then on the release candidate code, meeting the Menzies Aviation project and Windows Server 2012 RDP timelines.”

Menzies Aviation sought to centrally manage employee identity and access to information based on business and compliance needs. It chose the Identity and Access Management scenario in the RDP so that IT staff can benefit from improvements to Active Directory and the introduction of Dynamic Access Control, a file-system authorization mechanism.

“Why the RDP? There is always pressure to reduce costs,” says Apps. “At the same time, service quality, customer safety, and data security are all paramount. The RDP gives us the ability to test the latest operating system from Microsoft and see how we can use it to reduce costs without impacting service or safety. Dell has been our technology partner for 10 years now, so we were excited to participate. We were able to work closely with Microsoft, which has been a great experience.”

IT staff also like the simplified licensing that comes with a Microsoft solution. “The licensing is amazing,” says Apps. “It’s another reason that I can see us moving to Hyper-V across the infrastructure. We can buy a Windows Server 2012 Datacenter license with Software Assurance and get the software, virtual machines, and System Center 2012—without buying all of those pieces separately, like we do with VMware. We get more value out of every pound we spend on IT.”

Improvements in Active Directory
With Windows Server 2012, Menzies Aviation IT staff at the data centers can more easily perform Active Directory administrative tasks by using the Windows PowerShell 3.0 command-line interface and scripting language. It is now easier to safely clone a virtual domain controller by using a new domain controller promotion wizard that is integrated into Server Manager, the management interface that comes with Windows Server 2012. And because Active Directory is aware of changes in a virtualized environment, a virtual domain controller is able to detect when snapshots are applied.

Managing Employee Access to Files
Active Directory is an integral component of Dynamic Access Control, a more flexible and powerful way to manage employee access to files on New Technology File System (NTFS) volumes. Instead of managing file security at the individual file level, Menzies Aviation system administrators can save time by defining central file-access policies at the domain level that apply to every file server in the domain. Classification information is automatically saved with the file itself, so that it is directly available for all applications, including the operating system. System administrators can use Dynamic Access Control to improve control over access to file data, including unstructured data, regardless of where the information resides. They can also define and configure centralized audit policies in Active Directory that can be applied across multiple servers.

The Menzies Aviation team worked with Dell to deploy one physical and one virtual Windows Server 2012 domain controller hosted on a Dell PowerEdge R720 server running Hyper-V virtualization technology. “The small deployment is in our production environment,” says Apps.

“We only ran into a couple of minor issues; in fact, the workarounds were just small tweaks that we had to make to our configurations,” says Storey. “For instance, we changed how we point to an Active Directory–integrated Domain Name System [DNS] server to join a node to one of the Hyper-V clusters. This would not work if the node joining to the cluster was also a domain controller server, but by pointing to an external DNS server, we resolved the issue.”

The RDP gave Menzies Aviation a chance to evaluate other features and capabilities of Windows Server 2012, including:

  • IP Address Management (IPAM): Used to discover, administrate, and monitor the company’s Dynamic Host Configuration Protocol (DHCP) and DNS servers, collect IP address data in one place, and build a historical survey of IP address usage and server configuration changes. Menzies Aviation can use the IPAM feature to monitor and manage the IP address infrastructure on its increasingly complex corporate network, reducing the risk of IP address conflicts.

  • Storage Space: A Windows Server 2012 storage subsystem. This storage virtualization platform allows fast and easy provisioning of storage pools, and the virtual hard disks that they host. With this feature, Menzies Aviation gains flexibility in how IT staff can allocate and configure storage in the data center.

  • “Shared nothing live migration: Used to migrate a virtual machine from one Hyper-V host to another Hyper-V host that isn’t part of the same cluster, and shares no storage, with zero downtime.

  • Hyper-V: Enhanced to provide greater support for performance intensive scenarios and increased virtual machine density: up to 4,000 virtual machines per cluster. This feature means that Menzies Aviation can improve on virtualization density and reduce costs by making the most out of its existing infrastructure.

  • RemoteFX GPU and vGPU: Used to improve remote text and three-dimensional graphics content presentation across high-latency and low-bandwidth networks, leveraging software and hardware based graphics processing units (GPUs). With this feature, Menzies Aviation can provide rich, useable data access for remote and mobile employees.

“We tried hard to push Windows Server 2012 to its limits,” says Apps. “But here we are running the beta—it’s working, it’s fast, and we can’t break it. As soon as the RTM [release to manufacturing] version is available, we will start to replace our other domain controllers with Windows Server 2012.”

To manage its Windows Server 2012 environment in the RDP, the Menzies Aviation team also participated in the Technical Adoption Program (TAP) for Microsoft System Center 2012 Service Pack 1. “System Center 2012 is the perfect package deal,” says Apps. “Centralized monitoring, and virtual and physical machine management, all in a single license make this a very simple, attractive alternative to the third-party management tools we use today. We plan to deploy System Center 2012 globally as soon as possible.”

By the time Menzies Aviation entered the Windows Server 2012 RDP, global expansion had contributed to a proliferation of employees and devices, an explosion of data, and an increasingly complex network—complicating employee authentication, identity, and access management. With Windows Server 2012, the company found the centralized, flexible, and powerful tools that IT staff can use to build an easily managed, identity framework to control employee access to file data and achieve compliance.

* I‘ve been a huge advocate for VMware. With Windows Server 2012 and the latest version of Hyper-V, all of that changes. *

Justin Apps
Head of Enterprise Architecture, Menzies Aviation

And with improvements to Hyper-V, the company now has the option to virtualize its Active Directory infrastructure to reduce management overhead and simplify the acquisitions that are key to its growth. The combination of Dell PowerEdge R720 servers, Windows Server 2012, and System Center 2012 gives Menzies Aviation reason to rethink its current VMware virtualization strategy. This new IT platform also offers a simplified IT environment that will help the company control costs while improving service.

“When we started virtualizing about seven years ago, VMware was our only option,” says Apps. “Since then, I‘ve been a huge advocate for VMware. With Windows Server 2012 and the latest version of Hyper-V, all of that changes. In fact, we are preparing for a big infrastructure refresh and there’s a good chance that we will begin to transition away from VMware. In its place? Windows Server 2012 with Hyper-V.”

Improves Identity and Access Management to Boost Security
With Dynamic Access Control and Active Directory in Windows Server 2012, Menzies Aviation can centrally manage access to information across the enterprise independently from the structure of its file systems. This capability helps reduce the risk of security breaches, even as the company acquires new employees, adds more computers, and accumulates more data.

“We have a lot of data across the globe, but with Active Directory and Dynamic Access Control, we can make sure the right people get access to the right data and help keep our information secure,” says Yin. “Let’s say someone starts a new job in finance; as soon as their information is entered into Active Directory, they have access to the right files, no matter where they are located. We can also improve security by assigning specific roles to system administrators to administer different parts of Active Directory so that they don’t change something outside of their scope of expertise.”

With Dynamic Access Control, Menzies Aviation can create global audit policies that target specific employees and specific information wherever it resides, making it easier to prove compliance with aviation industry regulations. Now IT staff can define employee access to information at an enterprisewide level, independent from the structure of its file systems.

Increases Business Agility to Support Growth
When Menzies Aviation upgrades to Windows Server 2012 globally, the company can take advantage of simplified Active Directory management through Windows PowerShell scripts to accommodate new employees, computers, and network design. The upgrade itself is expected to have minimal impact on the business. “We are currently on Windows Server 2003. We want to go to Windows Server 2012 with its new Active Directory,” says Apps. “We can upgrade to that now simply and smoothly, and decommission out of the older domain structures.”

* We have a lot of data across the globe, but with Active Directory and Dynamic Access Control, we can make sure the right people get access to the right data and help keep our information secure. *

Alan Yin
Senior Engineer, Enterprise Systems Team, Menzies Aviation

When Windows Server 2012 is fully deployed, Menzies Aviation can explore the benefits of moving Active Directory into a virtualized environment to quickly clone virtual domain controllers. This would significantly reduce the time it takes to integrate new businesses into the corporate network, minimizing service disruption. “Windows Server 2012 and Hyper-V brought so much more security to virtualizing Active Directory that we now have the confidence to think about virtualizing it,” says Yin. “Whenever we can remove physical infrastructure, we gain in agility.”

And the increased virtual machine density that Menzies Aviation can achieve with Hyper-V and Dell PowerEdge R720 servers means the company can quickly scale to meet growing demands on its IT infrastructure as it wins new contracts and acquires new companies. “We can bring new servers online and take them offline quickly and adjust memory and processors accordingly,” says Apps. “We get the control we need and can design our environment for growth. That’s a powerful benefit.”

Using System Center 2012 for virtual machine management will help the company become even more scalable and agile. “If we need six virtual machines right now, it’s not a problem,” says Yin. “With System Center 2012, this can be done in minutes, rather than the traditional way of building servers, which would take half a day each. It’s crazy the amount of things you can monitor. You can go so far into the virtual machine that it’s hard to believe.”

Simplifies IT Platform
With Windows Server 2012, System Center 2012 and Dell PowerEdge R720 servers, Menzies Aviation gains a simplified, yet comprehensive IT platform to help the company centralize management and reduce costs by streamlining vendors and retiring third-party products. During the RDP, Menzies Aviation was impressed with the level of commitment it received from Microsoft, which sets the stage for a closer long-term relationship, similar to the one it enjoys with Dell. With more interoperable technologies from fewer vendors, Menzies Aviation can simplify IT management for its central data center staff.

“To contain costs, we want a small team of experts in our data centers, so we need an integrated platform,” says Gallington. “We are really excited by Windows Server 2012 and System Center 2012 because they enable us to reduce the number of third-party technologies and partners that we have to deal with. We are number two in the world. We want to be number one. With Windows Server 2012, we can grow our business, reduce costs, and deliver the SLAs our customers demand.”

Windows Server 2012
Windows Server drives many of the world’s largest data centers, empowers small businesses around the world, and delivers value to organizations of all sizes in between. Building on this legacy, Windows Server 2012 redefines the category, delivering hundreds of new features and enhancements that span virtualization, networking, storage, user experience, cloud computing, automation, and more. Simply put, Windows Server 2012 helps you transform your IT operations to reduce costs and deliver a whole new level of business value.

For more information, visit:

For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers in the United States and Canada who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:

For more information about Menzies Aviation products and services, call 44 (0) 208 7579261 or visit the website at:

Solution Overview

Organization Size: 17000 employees

Organization Profile

From corporate offices in Middlesex, United Kingdom, Menzies Aviation oversees a rapidly growing airline passenger and cargo handling company that employs more than 17,000 people.

Business Situation

As the company expands, IT staff must incorporate new businesses into the network and manage additional employee identities and information access policies from its UK-based data centers.


Menzies Aviation is deploying the Windows Server 2012 operating system to take advantage of improvements in Active Directory Domain Services and to use the Dynamic Access Control feature.


  • Improves identity and access management to boost security
  • Increases business agility to support growth
  • Simplifies the IT platform

  • Server: Dell PowerEdge R720
  • Storage: EqualLogic
  • Network: Cisco

Software and Services
  • Windows Server 2012
  • Active Directory Domain Services
  • Microsoft System Center 2012
  • Microsoft Hyper-V
  • Windows Server Dynamic Access Control

Vertical Industries

United Kingdom

Business Need
Cloud & Server Platform