EUCZero Trust Journey 2021 Getting StartedIntroduction to the Zero-Trust Journey Labs

Introduction to the Zero-Trust Journey Labs

Welcome to the EUC-Livefire: Zero Trust Journey session. The scenario you will be working on this week is a company called EUC-Livefire. They are a very dynamic Organization and have traditionally been on-premise but have recently moved part of their Organization into the cloud due to the recent COVID-19 lockdown. They have critical data and customer records stored in their database and hence are being proactive in hardening their endpoints and reducing the attack surface. You are tasked with the goal to implement Zero Trust framework in their Workspace ONE environment to secure both on-premise and cloud components. 

During this course, you will be implementing the security capabilities available in VMware Products specifically Workspace ONE, Carbon Black and NSX-T.  On each day, you will focus on one of the below pillars of Zero Trust framework and experience the journey to secure their environment,

Day 1: Device Trust

Day 2: Secure Access

Day 3: Transport Security

Day 4: Application Trust 

The objective of this chapter is to introduce to class resources.

Please take the time and document all the URL's and Credentials for the resources you will be using this week

Your Resource Information

  1. On your Laptop / Desktop
    • Open a Browser and enter the following URL
      • https://vmwarelearningplatform.com/livefire
      • Select LOGIN/REGISTER
      • Next to Username
        • enter your registered username with the Livefire teams
      • Next to Password
        • Enter your VLP password,
          • If you dont know your VLP Password, select Forgot Password?
      • Select LOGIN
  1. In the Labs area
    • Under ALL LABS,
      • Scroll down until you find Digital Workspace - Zero Trust
      • Select ENROLL
  1. In the Enrollments area
    • Expand LAB DETAILS
      • Take a moment to Read the details
    • Select START THIS LAB
  1. Accessing your resources
    • You have two choices as to how you will access your labs
      • The first option is direct access using the VLP Admin Console
      • The second option is RDP .
        • Check your email for the following
          • You should receive and email entitled Livefire-HaaS-VRO (DO NOT REPLY)
          • Open the email and notice there is an attachment
          • Download the attachment
      • Please Note in YOUR email the details
        • To connect to the RDP server
        • Login to the VM (This will be your ControlCenter server)
  1. In your Downloads folder
    • Select and right-click the Livefire Desktop.rdp shortcut
      • Open with your preferred RDP client
    • In your username area : enter
      • YOUR email details to connect to the RDP server Username
      • YOUR email details to connect to the RDP server Password
    • Select OK
  1. In your RDP client session
    • If the login to the ControlCenter fails
    • Ensure the username is [email protected]
    • Ensure the password is VMware1!
    • Select the Sign In arrow
  1. In the VLP interface
    • On the left of the page, select CONSOLES
    • Note the Tier1 virtual machines as mentioned earlier in the LAB Architecture

Colour Code Convention

  • Everything in BOLD BLACK is something to look for, it could be a heading or title providing you context to an area you need to configure or launch
  • Everything in BOLD GREEN is an area to select or click on
  • Everything in BOLD BLUE is something to type in

Part 1. Overview of our On-premise and SaaS resources

On-premise resources

  • The following resources in your lab environment are representative of what the EUC-Livefire organisation "On-premise' resources.
    1. Active Directory Domain Controller and DNS services.
      • Server Name is ControlCenter and the Active Directory Domain is EUC-Livefire.com
    2. Connector Server
      • A dedicated Windows server called ws1.euc-livefire.com, this is dedicated for the Workspace ONE Access & UEM AirWatch connector.
    3. Horizon Infrastructure
      • A Horizon Connection server - Horizon.euc-livefire.com (Installed and Configured)
      • An Enrollment server - TrueSSO.euc-livefire.com (not installed or Configured)
      • An Instant Clone desktop pool with 3 Windows 10 Desktops
      • A RDSH server configured manually for Published Applications
        • This RDSH-01a server serves to purpose of a IIS web server and File services server in VMware Tunnel lab
    4. Unified Access Gateway servers
      • One UAG server dedicated to VMware Tunnel functionality  (deployed, but not configured)
      • One UAG server dedicated to Horizon based
    5. NSX-T infrastructure - nsxmgr-01a.euc-livefire.com (Deployed and Configured)
      • Managing the 172.16.10.x network which will represents internal communications in our POD environment
      • Managing the 172.16.20.x network which represents DMZ based communications in our POD environment
      • Managing the 172.16.30.x network which represents External communications in our POD environment
      • In addition we are also using the 192.168.110.x and 192.168.110.x IP address ranges as internal networks
    6. Client resources
      1. Windows 10 desktop .
        • W10Ext01a.euc-livefire.com (This will be used for enrollment into UEM , VMware Tunnel, NSX-T micro-segmentation and Horizon labs
      2. Android Device
        • You will be asked to enroll an Android Device, you can either bring your own version of Android or deploy the Android Emulator on a physical laptop. This deployment is optional and we offer a step by step guide on how to do this

Cloud SaaS resources

You will also be able to login with the same email address you logged in the VLP portal on the SaaS Workspace ONE UEM console. .

  • A SaaS Instance of WorkspaceONE UEM (formerly known as VMware AirWatch)
  • A Saas Instance of Workspace ONE Access
  • A Saas instance of VMware Carbon Black

Part 2: Registration of your SaaS Tenants for Workspace ONE UEM

Section 1.

This section takes you through the registration process for your lab resources. You will login to a SaaS tenant of  Workspace ONE UEM.  

In addition you will login and gain access to what will represent your on-premise  components.  

 

  1. Open a browser on your local machine, navigate to https://cn-livefire.awmdm.com
    • Use the credentials provided to login :
      • Username: YOUREMAILADDRESS
      • Password: VMware1!

Section 2. Workspace ONE Access

  • Open the email Workspace ONE Access Tenant Administration Notification
  • Select the URL next to Set Password URL:
  • Type in a password. (keep it simple) VMware1!
  • Document your Workspace ONE Access Tenant URL , Username and Password

 

Section 3 : Carbon Black

  • In your email, select the Activate Your VMware Carbon Black Account
    • Select Activate Now
    • In the Create Password window, enter your password. (suggestion, keep it simple) VMware1!
    • Select Accept
    • Select Back to Sign in
    • On the
    • On the End User Agreement window, select I accept
  • On your Laptop / Desktop
    • In your Zero Trust Datasheet document your Saas Tenant url information, username and password
    • Login and test all your Saas Tenants.
    • Bookmark your Tenant URLs

Part 3: Accessing your Horizon Landing desktop

  1. On your laptop ensure you have the Horizon Client deployed, if necessary go to https://tinyurl.com/2e85y2k9
    • Download and Install the appropriate operating system Horizon Client
  1. Once the Horizon client is installed on your laptop
    • Select the + Plus sign in the top left hand corner
    • In the VMware Horizon Client window under Enter the name of the Connection Server
  1. On the VMware Horizon Clientnext to
    • Username: enter your assigned [email protected]
    • Password:enter your assigned Lab password
    • Select Login

XX - Fetch from the excel sheet. 

  1. On your Horizon Desktop
    • Select and right-click the DW-RDP Shortcut
    • Select Edit`
  1. In the Remote Desktop Connection next to
    • Computer: enter your complete custom Ip address to your vPOD (Remember to note this IP Address down)
    • When prompted for the password for [email protected], enter VMware1!
    • Select OK
    • Select Yes
  1. You are now on your ControlCenter server
    • This is the center point of the lab environment.
    • Notice you have a Remote Desktops folder. (You will RDP to the majority of your resources
  1. On your ControlCenter server desktop
    • Open your Chrome Browser
      • Notice you have shortcuts to several resources via the chrome browser

Part 4: Introduction to the Livefire Company

Overview of the Company

Livefire as an Organization was found in 2003, It  started off a revolutionary approach to financial investment. The Organizations headquarters are in New York USA. The company has branches across the USA and now employs just under 6400 users.

This Organization requires a kickstart into the Zero Trust Journey and you will assist in Pilot demonstrating a range of Zero Trust solutions from the VMware Workspace ONE Portfolio

As a consulting firm you will test a Zero Trust Pilot strategy with using the Marketing, Help Desk and IT Support Teams. In your testing you are welcome to conduct tests using accounts representative of roles in these departments

  • We have the following accounts for the respective departments
    • For Marketing
    • For Sales
      • Jill Verneo                                    email is [email protected]
      • Mark Debio                                  email is m[email protected]
    • For IT Support we have the following accounts
    • For Help Desk

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.