As this site is only new and there is very little content, I would like to outline what i’m currently documenting and will soon be posted up. In my role I tend to focus on EUC and architecture, so there will be a heavy focus on this. I will create additional categories in addition to my Home Lab details for EUC, SDDC, Automation and general training resources for career development within the VMware space.
Building my home lab
This blog will outline the configuration and installation of my home lab environment. How I designed the lab, what my considerations were and the setup details. I have built a custom ESXi ISO image with drivers and configurations already included for the SuperMicro E200 servers. I will share this with the community. As I build my home lab I am documenting the specific configurations for networking, security, automation, VDI, airwatch…etc These documents will all be posted up soon.
The VMware Validated Design – Automated Deployment Tool
If you haven’t seen the VMware Validated Design (VVD), this is semi-complete design that is pre-validated by VMware. If you are not aware of the VVD you can find the documentation here: https://www.vmware.com/support/pubs/vmware-validated-design-pubs.html. In addition to the VVD documentation, VMware Professional Services and select partners have access to an in-house deployment tool that automates the entire SDDC deployment, including vCenter, VSAN, NSX, vRealize Automation, LogInsight, vRealize Operations Manager, Site Recovery Manager, vRealize Orchestrator and vRealize Business. There deployment tool can deploy the entire SDDC stack in 1/2 day, however the underlying configuration details are quite complex to get to this stage. As I go through the process in my home lab, I will detail these complexities and capabilities for your interest.
Do you use 2-Factor Authentication to access your environments? VMware have released a built in 2-Factor authentication capability to vIDM called VMware Verify. Rather than typing in a code that gets generated from your personal token in order to authenticate, VMware Verify uses push notifications to an app on your mobile devices. This means that your 2-Factor auth is as simple as accepting the notification on your mobile. I will detail the configuration process to set-up VMware Verify with vIDM.
User-Cert 2-Factor Authentication with vIDM and Horizon Access Points
One of my customers had a fairly unique use-case with their Horizon VDI external access requirements. The requirement was fairly simple, they wanted to lock down physical devices to be the only devices capable of connecting from the internet to their internal VDI environment. These devices were provisioned by the business and supplied to the external users. The business wanted to ensure that only their approved devices were able to be connected to their classified environment. Working with a colleague, Anthony Urquhart, we assigned CA signed certificates to the devices and the Horizon Access Points would accept these as a form of 2-Factor authentication without any notification or inconvenience to the end user. If a device without an approved certificate attempted to connect, the user would be declined a connection before they are prompted for credentials.
Horizon Access Point Architecture and API
I am often asked by customers and colleagues to assist with deploying Horizon Access Point and how they should be connected. VMware recommend a 3 NIC configuration, however this is often not a suitable configuration for any customer running a DMZ. I will detail how to architect and deploy Horizon Access Points using various methods including the API.
Horizon Access Point integration with vIDM, Horizon and AirWatch
Horizon Access Point 2.8 is fully capable of providing a single unified access point to broker external connections to Horizon, vIDM and AirWatch. When Access Point 2.9 was released it was re-named to the Unified Access Gateway to accomodate this new capability. I will document the deployment and configuration of Horizon Access Points to allow the consolidation of external access brokering to a single point of entry.
Horizon DaaS, if you haven’t heard about it before is a multi-tenant capable VDI solution that is geared towards Service Providers. I have worked with a number of large VDI Service Providers and will document the capabilities, configuration, common pitfalls and any other considerations when implementing and using Horizon DaaS.