Archive | August, 2021

My top sessions for VMworld 2021

31 Aug

VMworld 2021 is right around the corner, and it’s time to have a personally curated list prepared for the sessions. The following category sessions I am most excited about. Note I am excited about more sessions than I can include in this blog post, but you get the idea of my direction 🙂 Though I am not speaking, I know the amount of effort to prepare the deck/recording based on my previous 3 VMworld speaking engagements. Good Luck, speakers!

  • End User Services
  • Multi Cloud
  • VMware Code

End User Services

Architecting Multi-Cloud Horizon [EUS1547]

Learn how to architect multi-cloud VMware Horizon deployments. This technical session will cover the deployment options and platforms available, including Horizon, Horizon Cloud Service on Microsoft Azure, Horizon on VMware Cloud on AWS, Horizon on Azure VMware Solution, and Horizon on Google Cloud VMware Engine. Find out how Horizon Control Plane Services, such as Universal Broker and Image Management Service, aid in both administration and user access.

Speakers:
Chris Halstead, Senior Staff Architect, VMware
Hilko Lantinga, Staff Architect, VMware
Richard Terlep, Staff Architect, EUC Technical Marketing, VMware
Darren Hirons, Lead Solutions Engineer – Digital Workspace, VMware

Back to Our Future: Community Roundtable on the VDI Admin Role Development [EUS2461]

A VDIscover Experience session. The life of a VDI admin requires expertise across many areas of IT and as a result, can be very rewarding. But how does what you’re doing today translate to a career path in desktop and app virtualization in the future? Join this roundtable of community VDI experts, hosted by VMware’s Brian Madden and Ron Oglesby, to gain insights on how the VDI admin role will develop in the future and what you should be focusing on to develop skills that can make you stand out in the VDI space, including security, cloud, SaaS, and more.

Speakers:
Joris Adriaanse, Business Development Manager, FONDO.
Ron Oglesby, Staff Architect, VMware
Brian Madden, Distinguished Technologist, VMware
Maarten Caus, EUC architect, ITQ

Blasting your way into the Extreme with VMware Horizon [EUS1834]

Ever wondered where the “Extreme” bit from Blast Extreme is referring to? In this session, seeing is believing. You will witness VMware Horizon hosting insanely intensive workloads, from cloud gaming and immersive VR training to movie making and warfighting simulation. We will show what it takes to extend VMware Horizon beyond your typical VDI use cases and into the realms of media production, gaming, simulation, training and more. You will also learn how customers are utilising VMware Horizon, Blast Extreme and more to deliver next generation services during a global pandemic. Oh, and did we mention that we will show you some demos which will blow you away? This is a must-see session for any EUC enthusiast!

Speakers:
Matt Coppinger, Director, Product Management, EUC, VMware
Spencer Pitts, Chief Technologist, VMware
Johan Van Amersfoort, Technologist EUC, ITQ

Create, Automate, and Optimize a Windows Image for Horizon [EUS1549]

This technical session led by VMware End-User Computing Technical Marketing will be a deeper dive into the key elements of creating and optimizing Windows for use as a VMware Horizon desktop or RDSH host. This process is critical to the success of any virtual desktop infrastructure (VDI) or published application project, and is often skipped or misunderstood. All steps of the process will be covered, including how to add automation. This session will include several demos showing the process of creating an optimized Windows VDI image.

Speakers:
Graeme Gordon, Senior Staff EUC Architect, VMware
Hilko Lantinga, Staff Architect, VMware

Disaster Recovery with Multi-Cloud Horizon [EUS1548]

Learn how to design VMware Horizon to provide disaster recovery (DR) capabilities to enable availability, recoverability, and business continuity. This session will explore the strategy, different deployment options for recovery sites, options for user access, and considerations for data replication and failover.

Speakers:
Richard Terlep, Staff Architect, EUC Technical Marketing, VMware
Graeme Gordon, Senior Staff EUC Architect, VMware

Horizon Cloud Service on Microsoft Azure: Nuts and Bolts [EUS2489]

So, is it the year of virtual desktop infrastructure (VDI)? A profound yes. The events of this year meant that business had to pivot rapidly to a remote model (telework). And one platform that helped many businesses, small to large, is VMware Horizon Cloud Service on Microsoft Azure. In this session, you will see what is needed to get an environment up and running very quickly.

Speakers:
Linus Bourque, Principal Instructor, VMware
John Krueger, Principal Instructor, VMware

Multi-Cloud VDI Beyond the Reference Architecture: Field-Tested Practices [EUS1961]

A VDIscover experience session. The public cloud, especially a VMware-based public cloud service, is an ideal place to run virtual desktops and published application workloads. But deploying an end-user computing solution into a hybrid or multi-cloud scenario adds new considerations and complications that impact user experience. In this session, VMware End-User Computing technologists Sean Massey and Dan Berkowitz will join with leading community members to discuss the key considerations and field-tested practices for delivering a good user experience in hybrid or multi-cloud VDI environments.

Speakers:
Daniel Berkowitz, Sr. Architect, VMware
Sean Massey, Staff Multi-Cloud Solutions Architect, VMware
Eduardo Molina, EUC Practice Director, AHEAD
Johan Van Amersfoort, Technologist EUC, ITQ
Simon Long, VMware Engineer, Google Cloud Center of Excellence, Google

Accelerate Your VDI Management with vRealize Operations [MCL1899]

This session provides an understanding of why VDI and app management matters more than ever today, and how to create a digital foundation that supports ever-changing business requirements. We will focus on the new VMware vRealize Operations Management Pack for Horizon and how it can help organizations overcome today’s distributed challenges.

Speaker:
Thomas Bryant, Sr. Product Line Marketing Manager, VMware

Multi-Cloud

App Modernization Deep Dive with VMware Cloud on AWS and VMware Tanzu [MCL2290]

Application modernization is top of mind for all enterprises that want to deliver value to their customers quickly. However, many organizations struggle to begin their application modernization journey due to a variety of reasons including legacy systems, lack of knowledge of the application, and application dependencies. In this session we will show how organizations can leverage VMware Tanzu and VMware Cloud on AWS to discover, analyze, and map dependencies, convert to containers and ultimately deploy a modernized application on an API driven infrastructure, while still realizing the TCO benefits that come with VMware Cloud on AWS.

Speaker:
William Lam, Senior Staff Solution Architect, VMware

Automate and Improve Day 2 Operations with vSphere Lifecycle Manager [MCL1274]

VMware vSphere Lifecycle Manager enhances the way administrators plan and execute VMware ESXi lifecycle operations. Reducing the amount of time required to update and upgrade your systems is imperative as the number of systems and environments grow. This talk details the features and capabilities of vSphere Lifecycle Manager, including newly added support for VMware NSX-T and VMware Tanzu. If you are looking to further automate vSphere Lifecycle Manager with VMware PowerCLI, we will provide the information and examples needed to get started. vSphere lifecycle management has never been easier.

Niels Hagoort, Staff Technical Marketing Architect, VMware
Jatin Purohit, Sr. Technical Marketing Manager, VMware

Azure VMware Solution Best Practices for Implementation and Migration [MCL3114S]

Join us for an interactive discussion on best practices when implementing, migrating and managing your Azure VMware Solution environment. Learn from our Azure VMware Solution experts and their experiences working closely with customers throughout deployment, including how to optimize for different scenarios and how to leverage the best of VMware and Azure services.

Jeramiah Dooley, Principal Cloud Advocate, Microsoft
Shannon Kuehn, Cloud Advocate, Microsoft

Azure VMware Solution: Deployment Deep Dive [MCL2036]

In this session, we will discuss planning and deployment of Azure VMware Solution beyond the quick start. We will cover planning for network addressing, connectivity, integrating into an existing Azure hub and spoke or virtual WAN deployment, configuring monitoring and management, and establishing governance controls.

Jeremiah Megie, Principal Cloud Solutions Architect, VMware
Steve Pantol, Sr. Technical Marketing Architect, VMware

Azure VMware Solution: Lessons Learned and Trends from Customer Deployments [MCL2004]

In this session, we will share lessons learned from Microsoft and VMware architects about best practices through many customer deployments and migrations to Azure VMware Solution. We will focus on deployment, security, network, migration, infrastructure components (e.g., LDAP/DNS), disaster recovery, and day 2 operations design decisions and recommendations. Specifically, we will demonstrate how architecture considerations translate from on premises to the cloud without sacrificing design principles or technology investments already in place. Migration is just one part of the customer’s modernization journey. We will also show how current applications can take advantage of native Azure services.

Emad Younis, Director, Multi-Cloud Center of Excellence, VMware
Trevor Davis, Senior Technical Specialist, Microsoft

VMware Code

Managing your Horizon Environment Using the Python Module for Horizon [CODE2747]

Learn how to get started with Python and the VMware Horizon REST API to automate desktop and RDS pool CRUD (create/read/update/delete) operations. Find out about the basic principles of the Python module for Horizon and what it takes to get started with your automation project in a session full of demo’s

Speaker:
Wouter Kursten, Professional Services Engineer, ControlUP

Pitfalls of Infrastructure as Code (And How to Avoid Them!) [CODE2758]

Are you looking to start your journey into Infrastructure as Code? Or have you already jumped in head-first? Either way, this session is for you! We’ll talk about many of the common pitfalls of IaC, and how you can avoid them. From infrastructure pitfalls, to coding pitfalls, we’ll go over all kinds of things that you may not have thought of yet. Get your questions ready, because I’m here to help you be successful in your IaC journey!

Speaker:
Tim Davis, DevOps Advocate, env0

Live Coding: Terraforming Your vSphere Environment [CODE2755]

Infrastructure as code is the process of managing infrastructure in a file or a set of files rather than manually configuring resources in a user interface. This session is going to take a live look at how to make the process of getting starting with infrastructure as code in a VMware vSphere environment as easy as possible using HashiCorp Terraform, the de facto standard for infrastructure as code.

Speaker:
Kyle Ruddy, Sr Technical Marketing Manager, HashiCorp

vSAN

A Field Guide to Health Check vSAN to Operate, Upgrade and Transform [MCL1825]

Your data is the most critical part of a solution. Ensuring predictability and technical security is a daily part of the system administrator’s role. Join this deep-dive session with Paul McSharry, a VCDX certified architect from the Critical Accounts Program, to discuss and be guided through what is needed for a production VMware vSAN platform health check. Based on field experience with some of VMware’s largest vSAN and VMware Cloud Foundation strategic customers, ask questions and take away a checklist to review before upgrades and significant changes to keep your data safe. Understand the architectural design choice impacts with 6.7 and 7.x, review the data path, and discuss useful KPIs that can be monitored to ensure you get the most value of your vSAN deployment.

Speaker:
Paul McSharry, Principal Architect, VMware

VMware vSAN – Dynamic Volumes for Traditional and Modern Applications [MCL1084]

In this session, Duncan and Cormac will explore the possibilities of using VMware vSAN for traditional virtual machine applications as well as new modern/containerized applications. They will look at how vSAN continues to evolve and at some of the more recent features. In particular, they will discuss vSAN File Service, which can now be used to deliver both NFS and SMB file shares, while continuing to offer block storage at the same time. They will also demonstrate how vSAN File Service integrates with the VMware vSphere container storage interface (CSI) in Kubernetes to dynamically provision read-write-many volumes for Pods that need shared storage. The session will incorporate some common how-tos, best practices, and gotchas to avoid to enable you with the smoothest experience possible with vSAN File Service.

Speakers:
Duncan Epping, Chief Technologist, VMware
Cormac Hogan, Chief Technologist, VMware

Disaggregating Storage and Compute with HCI Mesh: Why, When, and How [MCL1683]

There are multiple use cases for disaggregating Hyperconverged Infrastructure (HCI) storage. Common scenarios include environments with disproportionate requirements for compute and storage resources and architectures with limited local storage capacity, e.g., blade servers. HCI Mesh with vSAN provides a simple method for scaling compute and storage resources independently. You will learn why HCI storage disaggregation is beneficial, how HCI Mesh works, and what use cases to consider. There will be demos and we will also show examples of business-critical application design, tiering and scaling storage, and recommendations for successful implementation.

Speakers:
John Nicholson, Staff Technical Marketing Architect, VMware
Peter Flecha, Sr Technical Marketing Architect, VMware

I hope you will find these sessions list helpful in your journey, and please do let me know if I have missed out on exciting sessions.

Thanks,
Aresh Sarkari

Script to install CrowdStrike Sensor and VMware App Volumes snapvol.cfg exclusions for CrowdStrike Sensor

20 Aug

If you are planning to deploy CrowdStrike Sensor (CS Sensor) within your virtual desktop (Windows 10) or server operating(Remote Desktop – Windows Server 2016), then continue reading. In this post, we will take a look into the following topics:

  • Scripted silent install of CrowdStrike Sensor
  • Process exclusions for VMware App Volumes – Writable Volumes (snapvol.cfg)

Script to install CrowdStrike Sensor

Pre-requisites:

  • Based on your requirements, a complete range of silent switches can be found here – How to Install CrowdStrike Falcon Sensor | Dell US
  • Create a folder called C:\Temp\Sensor and place all the CS Sensor EXE within this folder.
  • Make sure to read the installer log files after the install is completed.
  • We use the proxy details as the virtual machines don’t have direct internet access.
  • Look for the exit code = 0 = success
#############################################################################################
# Install Crowd Strike Sensor to the Golden Image on Windows 10 and Windows Server 2016/2019
# Look for Exit Code 0 = Success
# Comment or Un-comment the Agent that does not apply to your environment
# Author - Aresh Sarkari - https://twitter.com/askaresh
#############################################################################################

###################################################################
#                    Declare Variables                            #
###################################################################

#Sensor Names
$CSSensorName = "WindowsSen*"

#The sensor installer Location
$TempInstallPath = "C:\Temp\Sensor"

#Log Files location
$CSSensorlogFile = "C:\Temp\Sensor\CSSensor.log"

###################################################################
#                    EXE Arguments Arrary for CS Sensor           #
###################################################################
# Modify any Installer switches related to the sensor here.
# Dell Article covering all silent switches 
# https://www.dell.com/support/kbdoc/en-us/000126124/how-to-install-crowdstrike-falcon-sensor
# Proxy switches if your endpoints dont have direct Internet Access
# Log Files w.r.t to installation is generated in C:\Temp\*

# Crowd Strike Sensor Arguments
$CSArguments = @(
    "/install"
    "/quiet"
    "/norestart"
    "CID=YOUDIDGUIDWILLGOHERE-EG"
    "ProvToken=YOURTOKENNUMBER"
    "GROUPING_TAGS=TAG1,TAG_VDI"
    "ProvWaitTime=3600000"
    "APP_PROXYNAME=proxy.whateverproxy.com"
    "APP_PROXYPORT=80"
    "VDI=1"
	"/log"
    $CSSensorlogFile
)

###################################################################
#                    Main                                        #
###################################################################

# Install Crowd Strike Sensor
Write-Host "Installing the Crowd Strike Sensor" -ForegroundColor Green
$CSSensorPath = (Get-ChildItem -Path $TempInstallPath | Where-Object {$_.name -like $CSSensorName}).Fullname
$CSSensorInstall = (Start-Process -Filepath $CSSensorPath -Wait -ArgumentList "$CSArguments" -PassThru)
$CSSensorInstall.ExitCode

Start-Sleep 20

Git Hub scripts/CSSensor-Install at master · askaresh/scripts (github.com)

Process exclusions for VMware App Volumes

It is advisable you add the CrowdStrike process exclusions within the VMware App Volumes – Writable Volumes templates on snapvol.cfg. Here is the detailed guidance on how to modify the snapvold.cfg – Using the VMware App Volumes snapvol.cfg File to Customize Writable Volumes | VMware End-User Computing Blog. These two processes are visible within the Task Manager.

#Crowdstrike Exclusions
exclude_process_name=CSFalconService.exe
exclude_process_name=CSFalconContainer.exe

A big thanks to Jishan for the numerous testing cycles! I hope you will find this script and exclusions useful to install the CrowsStrike Sensor. A small request if you further enhance the script or exclusions, I hope you can share it back with me?

Thanks,
Aresh Sarkari

VMware App Volumes – AD Domain – LDAPS Configuration/Certificate Renewal

19 Aug

The Enterprise Root CA certificate was coming close to expiry, and we had to replace the certificate on VMware App Volumes Manager. In this blog post, we will take a look into the following topics:

  • How to identify the Microsoft Enterprise Root CA
  • How to generate the Root Certificate *.cer
  • Convert the certificate *.cer to *.pem format for App Volumes Manager
  • Replace the certificate within the App Volumes Manager
  • Configuring the App Volumes Manager for LDAPS

How to identify the Microsoft Enterprise Root CA

On any domain-joined box where you have the Active Directory administrative tools installed, open the adsiedit.msc and change the Naming Context to Configuration partition.

Adsiedit Connection

Navigate to the below path Under Certification Authorities, and you’ll find your Enterprise Root Certificate Authority server.

CN=Certification Authorities,CN=Public Key Services,CN=Services,CN=Configuration,DC=askaresh,DC=dir
Active Directory – Configuration Partition

How to generate the Root Certificate *.cer

Log into the Root Certification Authority server with Administrator Account. Go to Start > Run > and type Cmd, and press on Enter button. Enter the following command:

certutil -ca.cert C:\Temp\rootca_cert.cer

Convert the certificate *.cer to *.pem format for App Volumes Manager

I typically use OpenSSL to convert all my certificates. Copy the rootca_cert.cer certificate into Folder – C:\OpenSSL-Win32\bin and run the following command to convert the certificate to PEM.

openssl x509 -in root_cer.cer -out adCA.pem

Note – We want the exported name to be adCA.pem as App Volumes Manager needs that name during setup.

Replace the certificate within the App Volumes Manager

Depending upon the number of AV Managers, you will have to repeat the steps:

  • Copy the adCA.pem on each App Volumes Manager server, to the /config directory where the App Volumes Manager is installed. The default installation location for App Volumes Manager is C:\Program Files (x86)\Cloud Volumes\Manager.
  • Restart the App Volumes Manager servers.

Configuring the App Volumes Manager for LDAPS

You only need to perform these steps on one App Volumes Manager per POD as the configurations are central on a SQL Database.

  • Login to the App Volumes Manager and go to Configuration – AD Domains – Select the Domain – Edit or New depending upon your requirements
  • Enter the Domain Name, Service Account Username, Service Account Password and Select Secure LDAPS. The port number is 636.
  • Click on Update
App Volumes Manager – AD Domains

I hope you will find these steps helpful to replace or configure the VMware App Volumes Manager with LDAPS.

Thanks,
Aresh Sarkari

Reference Links

Export Root Certification Authority Certificate – Windows Server | Microsoft Docs

Find the name of Enterprise Root CA server – Windows Server | Microsoft Docs

Configure CA Certificates in App Volumes Manager (vmware.com)