The EUCSE lab is maintained by Adam Matthews, Charlie Hodge and Joe McDonald. The idea being…. to create a bespoke environment that we can use for testing, demonstrations and fulfilling those weird and wonderful use cases that customers like to throw at us.
The postings on this blog are our own and don’t necessarily represent the positions, strategies, or opinions of our respective employers.
Below is a time line, outlining the steps we took to get this lab to where it is today.
THE IDEA: We should build a lab….
It always begins with an idea…
In our case, the three of us all had our own separate labs with different, unique, use cases for customer demonstrations and troubleshooting. So instead of borrowing each other’s environments to perform demo’s, we thought, why not combine these together into one SUPER lab. So there we have it, the seed for the EUCSE lab environment was sown.
Choosing where to host our lab was very important. This will definitely be the first hurdle for any mobility professional, who’s in the early stages of building that utopian lab!
After a lot of discussion and convincing. We managed to persuade Adam that we should stop hosting this under his TV cabinet. Although it was all powered by his cluster of Intel NUC’s, his internet wasn’t the most reliable and we didn’t want to see his electricity bill go up!
Lets get this in the cloud……
We now rent a dedicated server with Online.net this provides us with increased networking speeds and more hardware power required to add the entire EUC stack into our environment.
We need a way to project plan!
With the excitement building and dedicated box spun up, we decided to project plan the lab. Assigning each of us parts of the environment to configure and a way to log what’s been completed so far was essential to create a well rounded lab without work being done twice!
Incomes trello! https://trello.com
We’re using tello to log the items that need to be configured, along with completed actions and aspects that need to be done. The nice thing about this product is that it’s free and multiple members can be added to one ‘board’.
Preparing our environment
With our plan in place and tasks assigned out, it was time to begin the configuration. As we planned to have individual servers for our console, devices services, database, AD and vIDM connector, we needed to implement a DMZ/Internal network scenario with only the required ports open. For this, we implement a free Sophos UTM 9. This Linux based firewall allows us to protect traffic between the DMZ and the internal network.
Redirecting traffic and certificates
Now our firewall is in place. We need to distribute our traffic to the relevant server and add our SSL certs around the traffic. So that we don’t have to buy individual public DNS entries for each server, Adam setup a HA proxy behind the firewall that transforms http traffic to https and adds our wildcard cert created from letsencrypt.org.
Workspace One UEM Install
Now that we have our firewall and our HA Proxy in place, we can proceed with the Workspace One UEM installation. To do this we spun up all the required servers within esxi; SQL server 2016 and 2 Windows Server 2016 boxes. This allows us to install the database, console and devices server on their own boxes. This can all be done by following this guide.
AD setup and configuration
Within almost all PoC’s, customers require some level of AD integration. This may be domain users and/or certificates so it seemed a no brainer to add Active Directory Domain Services into our environment. This has been done by adding the server and DNS roles to a new server and joining all the servers to the domain. This allows us to sync our users into Workspace One UEM and to help administer the environment.
vIDM Setup and Integration
The final part of our initial setup leads us to vIDM. This allows us to demonstrate identity management with device compliance. To accomplish this we need our own vIDM tenant, integrated with our AD and our Workspace One UEM instance. To do this we managed to secure https://eucse.vmwareidentity.eu and configure it with the vIDM connector and UEM integration (page 10).
Monitoring the environment
To make sure we monitor the environment and maintain it’s up time, Adam has implemented uptime robot. This allow us to get real time notifications on our environment and the individual components of the lab. You can view the status of all the aspects here: https://blog.eucse.com/lab-status/
Now that our environment has been setup and monitored, we decided to start building use cases to demo to customers. On top of this, we’ve also added some additional components to the lab. This blog, rocket chat and direct okta integration are some of the items that we’ve added.
The Lab was used to demonstrate VMware Workspace ONE, including OKTA integration at the VMware booth in the Solutions Exchange. We used this as there was heavy demand from customers and partners to see the integration in action, and our existing demo platform is yet to fully release OKTA Identity Cloud support we showcased what the partnership could look like.
Upgrade from 9.7 to 1810
Upgraded our lab environment from 9.7 to 1810 to enable additional features. Release Notes.
Seamless Sign On for VMware
Late November 2018, Adam and Charlie used the Lab as a testing ground to help deliver True SSO to VMware’s 20k+ enrolled Windows 10 and macOS estate. After VMware IT enabled SSO in browser for Workspace ONE, the missing piece of the puzzle was resolving the certificate picker asking us to select certs EVERY time we logged in. Our solution was tested and rolled out to all VMware enrolled machines at the beginning of December, just under 2 weeks from start to finish! See the macOS and Windows posts here.