Authors: Edwin B and Shrikant S.

Releasing second blog in this series of Secure Accelerated EUC, we believe this data will give you initial guidance on your assignments in Digital workspace stream.

The first blog in this EUC series covered the concepts of a Secure Accelerated Workspace. The link to that work is found here: http://vcloudmakers.com/secure-accelerated-euc

This blog will cover configuration of supporting infra, compute & networking, create base images. We will also configure horizon connection server & create desktop pools, unified access gateway to access the desktops, enroll windows devices into Workspace ONE UEM.

Refer below component diagram from the techzone.vmware.com site. This will give idea on the components that form the VMware Workspace ONE & VMware Horizon Reference architecture. # Reference component diagram

Ref: VMware Workspace ONE & VMware Horizon RA from techzone.vmware.com

Below is the sample topology diagram in the lab.# Logical diagram lab components

This diagram gives logical information on how the networks are designed & how the components are placed in POC lab.

# Minimum Hardware requirement

Component	Requirement
Servers	3 vSAN ready nodes For information on compatible vSAN Ready Nodes, see the VMware Compatibility Guide.
CPU Cores Per Host	Aligns with minimum requirements for vSAN Ready Nodes. For more information, refer to the VMware vSAN Documentation.
Memory Per Host	256 GB
Shared Datastore	Aligns with minimum requirements for vSAN Ready Nodes. For more information, refer to the VMware vSAN Documentation.
NICs Per Host	Two 10 GbE (or faster) NICs

# Sizing Compute & Storage resources

Refer below the standard information on the resources sizing. Configure the components as required for your POC.

Compute and storage requirements for each component are key considerations when considering how to size for the solution. Check here

NTP should be configured on all these windows machines**

Refer VMware Product Interoperability matrix here

Virtual Machine	vCPU	Memory	Storage	No. per deployment
vCenter Server appliance Refer here	8	28 GB		1
NSX Manager	8	24 GB		1
Horizon Connection Server Refer here	4	12 GB	100 GB	1
Horizon Enrollment Server Refer here	4	12 GB	100 GB	1
Unified Access Gateway (Standard)	2	4 GB	20 GB	1
Microsoft SQL Server for Horizon Refer here	2	8 GB	50 GB + 50 GB	1
App Volume Manager Refer here	4	8 GB	100 GB	2 per Pod
Airwatch Cloud Connector Refer here	2	4 GB	50 GB	2 (1000 – 10000 users)
Workspace ONE Access connector Refer here	4	6 GB	50 GB	Sizing for up to 1000 users, 2 (Windows connector version 19.03) as we need for Horizon components
Intelligence Collection Service (ETL) Connector Refer here	4	8 GB	50 GB
Golden Image (Base Image) VM Refer here				1

Note:

View Composer linked clones and persistent disks are deprecated. The feature still exists within the packaging, but we do not recommend starting any new projects with linked clones. More details.

# Supporting OS for Horizon Connection Server

Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop. Refer here

Tested Operating Systems Refer here

# We have used Windows 10 Enterprise Evaluation Build 19042 in the lab

# License requirements

License	Supported version	Required/Optional
Horizon Connection server	Valid license for VMware Horizon to install Horizon Connection Server > Release notes here > Horizon Product Page – Refer to COMPARE & PURCHASING section > Horizon Subscription Feature Comparison link here > Horizon Perpetual Feature comparison link here > VMware Store link is here (Contact GTAM for additional data on license requirement)	Required
VMware Workspace ONE	> Workspace ONE Product page – Refer to Price & Compare section here > Workspace ONE feature comparison link here (Contact GTAM for license requirement)	Required
VMware vCenter Server	Refer here (Contact GTAM for license requirement)	Required
VMware vSAN	Refer here (Contact GTAM for license requirement)	Required

# Networking requirement

Refer links for some more info

https://techzone.vmware.com/resource/network-ports-vmware-horizon#about-this-guide

https://kb.vmware.com/s/article/1027217

https://kb.vmware.com/s/article/80706

VLAN Requirement	Function	MTU	Routable
Management Network	1600	Yes
vMotion Network	1600	Yes
vSAN Network	1600	Yes
Horizon Component Network	1600	Yes
Unified Endpoint Manager Network	1600	Yes

Functions	Routable	Quantity	Notes
Management Network Subnet	Yes	/24 Subnet	One IP address per host VMkernel adapter.One IP address for the vCenter Server Appliance.Four IP addresses for NSX-T Manager. Four when performing NSX-T Manager clustering of 3 nodes and 1 virtual IP (VIP).One IP for Active Directory VMTwo IP addresses for NSX-T EdgesIP addresses for Tier 0 uplinks
NAT Network Subnet	Yes	As per deployment	This will be used for configuring NAT rules on Tier 0 for enabling communication between internal subnets & management network
DHCP	No	/24 Private IP addresses	This will assign IPs to desktops provisioned on internal segment
Horizon Component Subnet	No	/24 Private IP addresses	This can be used for Horizon management components & connectors
Unified Endpoint Manager Network	No	/24 Private IP addresses	This can be used for Unified access gateway

# Environment infrastructure design

A variety of external services are required.

Service	Purpose
Active Directory (AD)	Provides user authentication & management
Domain Name Services (DNS)	Provides forward and reverse name resolution for the various components in the solution.
Network Time Protocol (NTP)	Synchronizes time between the various components.
Dynamic Host Configuration Protocol (DHCP)	Provides automated IP address allocation for VXLAN Tunnel Endpoints (VTEPs) and NSX-T host VTEPs.
Certificate Authority (CA)	Microsoft CA for certificate authentication, SSO & email-protection.
Microsoft Key management Service	To activate Windows (and Microsoft Office) licenses in a VDI environment

# This being POC we have not configured CA & used windows evaluation version iso’s

Check information on Preparing Active directory here

Check information on DNS configuration best practices here

Check information on DHCP configuration best practices here.

Check vSphere Design here

Check NSX-T Data Center Design here

# SNAT & DNAT rules are written to enable the communication between internal components & management components.

# As per the topology diagram, different segments were created under Tier 1 router for UAG, Connection server, desktop pools etc.

# DHCP Configuration is enabled on the segment where desktop will be created.

# Solution design

# Installing Horizon components

Complete the high-level tasks to install Horizon and configure an initial deployment. Click here for documentation.

Refer Horizon Configuration here

# Created Automated Desktop Pool with Floating assignment & Dedicated assignment.

# Installing Unified Access Gateway

Deploy & Configure Unified Access Gateway as per your design. Refer here

# Created single NIC UAG configuration in this lab topology.

# Integration between Unified Access Gateway & Horizon Connection Server

Disable Gateway Services on Horizon Connection Server. Refer here

Connect to Horizon Resource through Unified Access Gateway. Refer here

# Integration between Workspace ONE UEM instance to the Workspace ONE Access tenant

# Install the AirWatch Cloud Connector and connect Workspace ONE UEM to Active Directory

AirWatch Cloud Connector Install steps here

Integrate Active Directory with Workspace ONE UEM Refer here

# Enrolling Windows 10 Devices into Workspace ONE UEM

# We have performed this operation using below approach

Workspace ONE Intelligent Hub for Windows 10 Enrollment Refer here

That’s it for this blog, hope this is helpful.

In next blogs we’ll cover more on platform integrations between Workspace ONE & Horizon Components & other interesting content.

Stay tuned !!

# Appendix

Please see the link to customer stories which you can search on by technologies and industry

# Reference

https://techzone.vmware.com/

Use cases here

A variety of external services are required.

Share this: