By Aju Sukumaran, Senior Manager, Information Systems Colleague Experience & Technology (CET); Swapnil Hendre, Director, Solutions Engineering and Design—both VMware
Our IT teams employ the VMware Horizon® virtual desktop infrastructure (VDI) for a variety of mission-critical activities. These include mergers & acquisitions, desktop replacements, bring your own device (BYOD) scenarios, contract and temporary employees, and domain resources access for remote branch office colleagues (full-time employees). This was all accomplished via on-premises deployments until late 2018 when our teams began investigating cloud-based deployments to expand capacity. This prompted an initiative that would combine on-premises solutions with the advantages of multi-cloud ecosystems.
The initiative could not have come at a better time. VMware acquired Carbon Black and 1,250+ new colleagues had to be onboarded within a 30-day timeframe—the lack-of-capacity issue was staring us right in the face. But what technology would be the best fit?
Heads in the clouds
The solution came in the form of the Horizon VMware Cloud™ on AWS. We had already been running a proof-of-concept (POC) deployment in VMware Cloud on AWS and it was highly successful. This gave us a cloud prototype (and its lessons learned) from which to base our Carbon Black efforts. The parameters for the new deployment included the ability to deploy a software-defined data center (SDDC) to host the 1,250+ virtual machines (VMs), to scale up/down seamlessly and elastically, and to have the encryption for the data at rest—as well as all egress and ingress traffic filtered via our security modules.
VMware Cloud on AWS was able to effectively meet our burst capacity requirements within a short period of time, thanks to the ability to deploy a scalable and secure a SDDC with a Horizon stack on top of it. The SDDC deployed with multiple availability zones, and provided a stretched cluster to make it highly available. VMware Cloud also provided a robust feature set, such as VMware NSX® micro-segmentation, to secure the east-west and north-south traffic.
We have enabled real-time backup for the redirected folders and the profiles and for the database. We also enabled a Dynamic Environment Manager to be stored on a shared storage with the replication for the cloud pod architecture (CPA) scenario.
Once the VMware Cloud capacity was procured, we deployed Horizon 7 in native mode. All the external and internal connection servers are deployed behind two pairs of the Unified Access Gateway (UAG). We used the session-based load balancer for the load balancer requirement of the internal and external UAG and connection server (CS) pair.
All the egress traffic is routed via our edge firewall using split route on the desktops, an information security requirement to monitor all the ingress and egress traffic. We opened only the necessary ports towards the internal network, and allowed only PC over IP (PCoIP) and Blast traffic from the internet to access the virtual desktop. VMware internal colleagues access their virtual desktops using VMware Workspace ONE® Intelligent Hub from any managed or unmanaged device—access is protected with adaptive authentication, including dual-factor authentication
A resounding success (in record time!)
VMware Cloud on AWS provided a significantly faster turnaround time than prior solutions. A flexible cost model helped IT strategize a more cost-effective pay-as-you-go infrastructure plan. Plus, a lot of time was saved when compared to the traditional hardware procurement, installation and configurations normally employed.
The result? Within few days IT could deliver the virtual desktops the M&A team requested to onboard the new Carbon Black colleagues. Overall, it was a fairly simple process, and the effort required from the internal IT to configure the Horizon stack and virtual desktop deployment was minimal.
VMware on VMware blogs are written by IT subject matter experts sharing stories about IT’s transformation journey using VMware products and services in a global production environment. Visit our portal to learn more.