The EUCSE lab is maintained by Adam Matthews, Charlie Hodge and Joe McDonald. The idea being…. to create a bespoke environment that we can use for testing, demonstrations and fulfilling those weird and wonderful use cases that customers like to throw at us.

The postings on this blog are our own and don’t necessarily represent the positions, strategies, or opinions of our respective employers. 

Below is a time line, outlining the steps we took to get this lab to where it is today.

Our story

2018
September 1

THE IDEA: We should build a lab….

THE IDEA: We should build a lab….

It always begins with an idea…

In our case, the three of us all had our own separate labs with different, unique, use cases for customer demonstrations and troubleshooting. So instead of borrowing each other’s environments to perform demo’s, we thought, why not combine these together into one SUPER lab. So there we have it, the seed for the EUCSE lab environment was sown.

October 4

Planning

Planning

Choosing where to host our lab was very important. This will definitely be the first hurdle for any mobility professional, who’s in the early stages of building that utopian lab!

After a lot of discussion and convincing. We managed to persuade Adam that we should stop hosting this under his TV cabinet. Although it was all powered by his cluster of Intel NUC’s, his internet wasn’t the most reliable and we didn’t want to see his electricity bill go up!

Lets get this in the cloud……

We now rent a dedicated server with Online.net this provides us with increased networking speeds and more hardware power required to add the entire EUC stack into our environment.

October 5

Configuring the dedicated server

Configuring the dedicated server

After ordering the Store-1-S server we decided to provision it with esxi. This allows is to run multiple servers and network configurations suitable for our different scenarios and use cases.

October 6

We need a way to project plan!

We need a way to project plan!

With the excitement building and dedicated box spun up, we decided to project plan the lab. Assigning each of us parts of the environment to configure and a way to log what’s been completed so far was essential to create a well rounded lab without work being done twice!

Incomes trello! https://trello.com

We’re using tello to log the items that need to be configured, along with completed actions and aspects that need to be done. The nice thing about this product is that  it’s free and multiple members can be added to one ‘board’.

October 7

Preparing our environment

Preparing our environment

With our plan in place and tasks assigned out, it was time to begin the configuration. As we planned to have individual servers for our console, devices services, database, AD and vIDM connector, we needed to implement a DMZ/Internal network scenario with only the required ports open. For this, we implement a free Sophos UTM 9. This Linux based firewall allows us to protect traffic between the DMZ and the internal network.

October 8

Redirecting traffic and certificates

Redirecting traffic and certificates

Now our firewall is in place. We need to distribute our traffic to the relevant server and add our SSL certs around the traffic. So that we don’t have to buy individual public DNS entries for each server, Adam setup a HA proxy behind the firewall that transforms http traffic to https and adds our wildcard cert created from letsencrypt.org.

October 9

Workspace One UEM Install

Workspace One UEM Install

Now that we have our firewall and our HA Proxy in place, we can proceed with the Workspace One UEM installation. To do this we spun up all the required servers within esxi; SQL server 2016 and 2 Windows Server 2016 boxes. This allows us to install the database, console and devices server on their own boxes. This can all be done by following this guide.

October 10

AD setup and configuration

AD setup and configuration

Within almost all PoC’s, customers require some level of AD integration. This may be domain users and/or certificates so it seemed a no brainer to add Active Directory Domain Services into our environment. This has been done by adding the server and DNS roles to a new server and joining all the servers to the domain. This allows us to sync our users into Workspace One UEM and to help administer the environment.

October 15

vIDM Setup and Integration

vIDM Setup and Integration

The final part of our initial setup leads us to vIDM. This allows us to demonstrate identity management with device compliance. To accomplish this we need our own vIDM tenant, integrated with our AD and our Workspace One UEM instance. To do this we managed to secure https://eucse.vmwareidentity.eu and configure it with the vIDM connector and UEM integration (page 10).

October 17

Monitoring the environment

Monitoring the environment

To make sure we monitor the environment and maintain it’s up time, Adam has implemented uptime robot. This allow us to get real time notifications on our environment and the individual components of the lab. You can view the status of all the aspects here: https://blog.eucse.com/lab-status/

October 23

Addition Components

Addition Components

Now that our environment has been setup and monitored, we decided to start building use cases to demo to customers. On top of this, we’ve also added some additional components to the lab. This blog, rocket chat and direct okta integration are some of the items that we’ve added.

November 6

VMworld 2018

VMworld 2018

The Lab was used to demonstrate VMware Workspace ONE, including OKTA integration at the VMware booth in the Solutions Exchange. We used this as there was heavy demand from customers and partners to see the integration in action, and our existing demo platform is yet to fully release OKTA Identity Cloud support we showcased what the partnership could look like.

See more at https://blog.eucse.com/workspace-one-okta-integration/

November 12

Upgrade from 9.7 to 1810

Upgrade from 9.7 to 1810

Upgraded our lab environment from 9.7 to 1810 to enable additional features. Release Notes.

December 10

Seamless Sign On for VMware

Seamless Sign On for VMware

Late November 2018, Adam and Charlie used the Lab as a testing ground to help deliver True SSO to VMware’s 20k+ enrolled Windows 10 and macOS estate. After VMware IT enabled SSO in browser for Workspace ONE, the missing piece of the puzzle was resolving the certificate picker asking us to select certs EVERY time we logged in. Our solution was tested and rolled out to all VMware enrolled machines at the beginning of December, just under 2 weeks from start to finish! See the macOS and Windows posts here.

2019
February 24

Blog Gaining Traction

Blog Gaining Traction

Our attempts at blogging increased at the beginning of 2019, with a plan to become a source of information and assistance across the End User Computing / VMware Workspace ONE community. Growing to nearly 1000 views in Feb 2019 and counting!

May 11

Launch of Resources Page

Launch of Resources Page

We’ve added a new resources page to help people out there find the relevant and useful documentation that they require around End User Computing. This has been extremely well received and we’re constantly adding to it. Especially the community section!

September 17

Upgrade to 1907

Upgrade to 1907

UEM instance upgraded to 1907.

2020
August 11

Lab updated to 20.7 (Finally!)

Lab updated to 20.7 (Finally!)