A Technology Journey
There are a few things that should be configured to ensure the best possible user experience when it comes to a Virtual Desktop Infrastructure (VDI). After all, if the users cannot use it or are logging endless incidents, then we have failed our customer.
Continue reading “VMware Horizon Best Practices”This post will contain a listing of Group Policies, in no particular order, that I like to set up. For reference, I generally follow C_ for computer objects and U_ for user objects. If there is a policy that applies to both, I will use CU_.
I like to get these built before I add computer objects to the domain, but sometimes that does not happen. If you add a computer object before a policy is created, you can wait for the policy to apply by default, reboot the computer or server two times (one to obtain the policy and the other to apply), or force an update by using gpupdate on the new computer or server.
For my domain, I am going to use Microsoft Windows Server 2022 and build two domain controllers (DC1 and DC2) in a new forest called aaronrombaut.com. The domain controllers will provide critical services such as Domain Name System (DNS), authentication, and time services to other domain joined computers and servers. VMware Horizon (and other products) components (VMware Horizon and VMware App Volumes) rely on domain joined Windows Servers still, so without domain controllers, there would be no VMware Horizon Virtual Desktop Infrastructure (VDI) to build.
Continue reading “MyLab: The Domain Controller”A database is required for quite a few components used in VMware Horizon. For this Service, I am going to install Microsoft SQL Server 2019 Standard Edition as this is compatible with both VMware Horizon and VMware App Volumes.
To ensure compatibility in the future, check the VMware Product Interoperability Matrix.
Continue reading “MyLab: The Database”I am a strong proponent to securing an infrastructure with customer-signed Transport Layer Security (TLS) certificates internally and only using third party certificates where absolutely necessary for external services.
For this service, I am going to build a two-tier Microsoft certificate authority (CA) using Windows Server 2022. One virtual machine will be a root authority and the other will be an intermediate CA where the certificates will actually be provisioned from. It is recommended to shut down and remove the Root CA, but I am only going to shut down (and not remove) the Root CA virtual machine in my lab.
Continue reading “MyLab: The Certificates”I am choosing to install a Microsoft Windows File Server to hold shares for the domain as well as VMware Dynamic Environment Manager (DEM) configuration files and user profile information.
Continue reading “MyLab: The Files”