Category Archives: vShield

VMware View 5 Setup and Configuration with vShield

I have slowly been working on getting a 10-user pilot going for View in our 10 computer lab.  I have been working on other projects quite a bit, and haven’t had a whole lot of time, but finally had about 8 hours over 2 days to get it setup and going.

The hardware I am using for this is a HP DL360 G5 with 32GB RAM, and 6 146GB 15k drives with dual quad core 2.5ghz Xeons.  In my rough calculations I did a few months ago, i figured this would be perfect size to host the two or three VM’s for the vCenter, Composer, Connection, and vShield servers, along with 10 virtual desktops.

Connection Server = 2 vCPU, 4GB
vCenter and Composer =  2vCPU, 4GB
vShield Manager =  1vCPU, 3GB
(10) Windows 7 Virtual Desktops = 2 vCPU, 2GB
This totals out to 31GB of the total 32GB capacity

I ended up purchasing a View 5 Premier Bundle Starter Kit ($2,500) which includes most everything you need to get a pilot going for 10 virtual desktops, including the server side VMware software.  We already had the Windows 7 Enterprise licensing, and the Server 2008 R2 licensing so nothing was needed for Microsoft licensing.  In order to take advantage of vShield we were going to integrate it into TrendMicro OfficeScan AV which is already rolled out the company for our main AV solution.

VMM-VU5-PR-STR-C
VMM-VU5-PR-STR-G-SSS-C

Our PC’s are replaced every 6 years, and in order to justify VDI for the computer lab it was pretty simple.  Replace 10 PC’s at $1000 each for $10,000, or roll out VDI using existing PC hardware and existing spare server, for $2,500, for cost savings of $7,500.  The overall long-term goal is to roll-out VDI to the entire company, so a pilot is definitely needed to show proof of concept.

  1. Install ESXi onto DL380 G5
  2. Install vCenter in a virtual machine with SQL Express DB
  3. Patch ESXi host
  4. Setup additional DB in SQL Express for View Composer
  5. Install View Composer and attach to DB
  6. Install and Configure View Connection Server
  7. Create Windows 7 Enterprise x64 base image
  8. Create 10 linked clones from base image
  9. Install and Configure vShield Manager ova template
  10. ThinApp applications and rollout to Desktop Pools

 

vShield Setup with OfficeScan
Download Deep Security Virtual Appliance 8.0
Download  FilterDriver-ESX-5.0
(15) TrendMicro OfficeScan VDI Plug-in License $250

ThinClient vs Reusing Thick Clients
Our computer lab consists of Dell Vostro PC’s in which we will be installing Windows Thin PC OS onto it and booting into in order to boot the View Client.  We looked into other choices such as ThinStation, Windows PE, or a basic linux install, the problem with that is the maintenance and learning curve and troubleshooting of learning something new.

After installing TPC onto a Dell Vostro, I logged in and installed VMware Tools.  At this time, its not going to be joined to the domain.  As I was installing this, some thoughts started rolling through my head:

  1. How do we manage windows updates on these without being joined to the domain?
  2.  How is AV going to be handled on the TPCs?
  3. How can we lock down TPC further so only troubleshooting tools and View Client work?
  4. Can we discard any changes made at reboot? Write Filters
  5. How do we manage the images and TPC?  SCCM supports TPC, and WSUS also
  6. What does ThinPC allow to be run? Remote Desktop Clients, Management, Security, Media Player applications only
  7. Do we need to keep an active Software Assurance agreement to keep TPC?
  8. Applocker, block IE, Media Player, etc