Reinhard's Blog

Decryptonited – a story to get from 0 to VDI in 24 hours

vdi

In the middle of the real world COVID-19 crisis a customer got struck by a cyberattack.
A crypto malware infected a lot of their systems. This malware spread widely throughout the network into many systems. The infection ratio was so high that the customer decided to install everything from scratch.
Protagonists of this play:

  • Customer X, featuring Mr. X and a network engineer
  • Customers IT partner
  • Tobias and I, both comdivision
  • Scenery: everybody in front of his/her own device at home
  • Timeframe: 24 hours

act 1 – 1500 first call

The first call took place with the customer and the IT partner. We got a glimpse of what had happened. X had already shut down everything and started to rebuild the core infrastructure.
After the second call, I had a good impression of the extent and the support needed. After I informed the customer of the prerequisites to get VMware Horizon View running, they fixed it as needed.

act 2 – 1900 base installation

Parallel setup works best. Therefore, my comdivision colleague Tobias joined the scene and we set up an online meeting with the customer. After a quick introduction, we explained what we had in mind with the customers objectives and how to get there quickly, stable, secure and future proof.
Step one: based on their new network setup, we designed a small VMware Horizon View infrastructure. We then explained what features they can leverage, based on their existing license.
As a result, we decided to install two most recent Horizon connection servers and two Unified Access Gateways. The customer’s IT specialist, Mr. X, accompanied the whole process, which was of great help. He was doing that on the fly, based on the information we gathered during the first hour.
Tobias and I installed two Windows 2019 server side by side and all the latest updates available. We also installed some supplemental tools for troubleshooting those systems.

act 3 – 2200 Horizon Connection server installation

Step two: I installed the first Horizon Connection Sever (Standard Server). On the second server Tobias had already staged the installation files during the installation of the first server.
After an operating system reboot and system stabilization, waiting for all services to start, Tobias started the installation of the second Horizon Connection Server (Replica Server). Afterwards we performed the base configuration of our connection servers.
As soon as we had finished all the base setup, we discovered 2 VLANs (IP subnets had the same IP range) in the infrastructure of the customer. This mistake must have happened during the switchover from the existing systems.

act 4 – 2330 Network reconfiguration

We got the network engineer involved and asked him how we should proceed, because we had to move some systems, newly installed of course, between the old to the new VLANs. Another design discussion started. At the end we found a very good solution for the client.
Minor problems have occurred a couple of times during this engagement. No matter how good you plan, you cannot foresee everything. The system forces you to go alternative ways. These changes also implied the clients future access to the Horizon system, because the customer implemented an additional layer of security between the core systems and client network.

act 5 – 0145 UAG deployment

Step three: After these small pitfalls, we started to document the configuration of the UAGs.
The ini-Files from a UAG deployment were modified to fit the prerequisites of the customer’s network. Powershell is a very convenient way to deploy the UAGs, and the ini-File can act as documentation. :-D
After the deployment, we checked the configured features including the HA mode.
During the rollout of the UAGs we created the GoldenMasterVM for the Desktop Pool. Before that, the customer had the incident Full Clone Pools and wanted the same setup as before.

act 6 – 0245 Windows 10 Golden Master

While the operating system installation of Windows 10 was running, we created the Guest OS Customization Profile in vCenter. After the usual preparations for the Golden Master, we converted the VM into a vCenter template and tested the customization profile successfully.
For the access test, a manual pool was created, with the newly deployed manual clone.
Final configurations on the UAGs, which included the Horizon edge service, were carried out.
At last we were ready to test the Horizon infrastructure and simulated a user access.
These tests have been made from another clone from out Golden Master, where the Horizon View Client has been installed since we all were working remotely.
PCoIP, Blast and WebAccess have been tested with success, therefore we started with the installation of the common application stack, the userbase needed on the Golden Master VM.

act 7 – 0415 test round 1

Now with the updated image, we rolled out a pool for testing and all those tests ran well.
Therefore we decided to increase the pool by 10 VMs and let key users test it the next morning.

PAUSE – 0500 end of work, and get a few hours resting time

act 8 – 1200 user feedback incoming …

The next morning started very well for the local admin. Only minor issues were reported back. Most of the issues were profile related, as we used roaming profiles requested by the customer. Some limitations and frequent image updates forced us to search for a better solution. As the customer only has a VMware Horizon View Standard license, he has no access to the Dynamic Environment Manger. Therefore, we decided to use Microsoft FSLogix Profile and Office Container. After some tests with freshly created test users to check FSLogix within a separate test pool.
Our tests have been successful and afterwards we updated the production VMs.

final act – 1400 last appearance

The users gave us a positive feedback regarding the features they now have at hand and the overall performance of the VMs. The staff is happy that they are able to continue their work with the fresh work environment. Good user feedback for us is like thunderous applause for a good play.
The protagonists leave the stage and the curtain falls.