Introduction to the Zero-Trust Journey Labs
Welcome to the EUC-Livefire: Zero Trust Journey session. The scenario you will be working on this week is a company called EUC-Livefire. They are a very dynamic Organization and have traditionally been on-premise but have recently moved part of their Organization into the cloud due to the recent COVID-19 lockdown. They have critical data and customer records stored in their database and hence are being proactive in hardening their endpoints and reducing the attack surface. You are tasked with the goal to implement Zero Trust framework in their Workspace ONE environment to secure both on-premise and cloud components.
During this course, you will be implementing the security capabilities available in VMware Products specifically Workspace ONE, Carbon Black and NSX-T. On each day, you will focus on one of the below pillars of Zero Trust framework and experience the journey to secure their environment,
Day 1: Device Trust
Day 2: Secure Access
Day 3: Transport Security
Day 4: Application Trust
The objective of this chapter is to introduce to class resources.
Please take the time and document all the URL's and Credentials for the resources you will be using this week
Your Resource Information
- On your Laptop / Desktop
- Open a Browser and enter the following URL
- https://vmwarelearningplatform.com/livefire
- Select LOGIN/REGISTER
- Next to Username
- enter your registered username with the Livefire teams
- Next to Password
- Enter your VLP password,
- If you dont know your VLP Password, select Forgot Password?
- Enter your VLP password,
- Select LOGIN
- Open a Browser and enter the following URL
- In the Labs area
- Under ALL LABS,
- Scroll down until you find Digital Workspace - Zero Trust
- Select ENROLL
- Under ALL LABS,
- In the Enrollments area
- Expand LAB DETAILS
- Take a moment to Read the details
- Select START THIS LAB
- Expand LAB DETAILS
- Accessing your resources
- You have two choices as to how you will access your labs
- The first option is direct access using the VLP Admin Console
- The second option is RDP .
- Check your email for the following
- You should receive and email entitled Livefire-HaaS-VRO (DO NOT REPLY)
- Open the email and notice there is an attachment
- Download the attachment
- Check your email for the following
-
Please Note in YOUR email the details
- To connect to the RDP server
- Login to the VM (This will be your ControlCenter server)
- You have two choices as to how you will access your labs
- In your Downloads folder
- Select and right-click the Livefire Desktop.rdp shortcut
- Open with your preferred RDP client
- In your username area : enter
- YOUR email details to connect to the RDP server Username
- YOUR email details to connect to the RDP server Password
- Select OK
- Select and right-click the Livefire Desktop.rdp shortcut
- In your RDP client session
- If the login to the ControlCenter fails
- Ensure the username is [email protected]
- Ensure the password is VMware1!
- Select the Sign In arrow
- In the VLP interface
- On the left of the page, select CONSOLES
- Note the Tier1 virtual machines as mentioned earlier in the LAB Architecture
Colour Code Convention
- Everything in BOLD BLACK is something to look for, it could be a heading or title providing you context to an area you need to configure or launch
- Everything in BOLD GREEN is an area to select or click on
- Everything in BOLD BLUE is something to type in
Part 1. Overview of our On-premise and SaaS resources
On-premise resources
- The following resources in your lab environment are representative of what the EUC-Livefire organisation "On-premise' resources.
-
Active Directory Domain Controller and DNS services.
- Server Name is ControlCenter and the Active Directory Domain is EUC-Livefire.com
-
Connector Server
- A dedicated Windows server called ws1.euc-livefire.com, this is dedicated for the Workspace ONE Access & UEM AirWatch connector.
-
Horizon Infrastructure
- A Horizon Connection server - Horizon.euc-livefire.com (Installed and Configured)
- An Enrollment server - TrueSSO.euc-livefire.com (not installed or Configured)
- An Instant Clone desktop pool with 3 Windows 10 Desktops
- A RDSH server configured manually for Published Applications
- This RDSH-01a server serves to purpose of a IIS web server and File services server in VMware Tunnel lab
-
Unified Access Gateway servers
- One UAG server dedicated to VMware Tunnel functionality (deployed, but not configured)
- One UAG server dedicated to Horizon based
-
NSX-T infrastructure - nsxmgr-01a.euc-livefire.com (Deployed and Configured)
- Managing the 172.16.10.x network which will represents internal communications in our POD environment
- Managing the 172.16.20.x network which represents DMZ based communications in our POD environment
- Managing the 172.16.30.x network which represents External communications in our POD environment
- In addition we are also using the 192.168.110.x and 192.168.110.x IP address ranges as internal networks
-
Client resources
- Windows 10 desktop .
- W10Ext01a.euc-livefire.com (This will be used for enrollment into UEM , VMware Tunnel, NSX-T micro-segmentation and Horizon labs
- Android Device
- You will be asked to enroll an Android Device, you can either bring your own version of Android or deploy the Android Emulator on a physical laptop. This deployment is optional and we offer a step by step guide on how to do this
- Windows 10 desktop .
-
Active Directory Domain Controller and DNS services.
Cloud SaaS resources
You will also be able to login with the same email address you logged in the VLP portal on the SaaS Workspace ONE UEM console. .
- A SaaS Instance of WorkspaceONE UEM (formerly known as VMware AirWatch)
- A Saas Instance of Workspace ONE Access
- A Saas instance of VMware Carbon Black
Part 2: Registration of your SaaS Tenants for Workspace ONE UEM
Section 1.
This section takes you through the registration process for your lab resources. You will login to a SaaS tenant of Workspace ONE UEM.
In addition you will login and gain access to what will represent your on-premise components.
- Open a browser on your local machine, navigate to https://cn-livefire.awmdm.com
- Use the credentials provided to login :
- Username: YOUREMAILADDRESS
- Password: VMware1!
- Use the credentials provided to login :
Section 2. Workspace ONE Access
- Open the email Workspace ONE Access Tenant Administration Notification
- Select the URL next to Set Password URL:
- Type in a password. (keep it simple) VMware1!
- Document your Workspace ONE Access Tenant URL , Username and Password
Section 3 : Carbon Black
- In your email, select the Activate Your VMware Carbon Black Account
- Select Activate Now
- In the Create Password window, enter your password. (suggestion, keep it simple) VMware1!
- Select Accept
- Select Back to Sign in
- On the
- On the End User Agreement window, select I accept
- On your Laptop / Desktop
- In your Zero Trust Datasheet document your Saas Tenant url information, username and password
- Login and test all your Saas Tenants.
- Bookmark your Tenant URLs
Part 3: Accessing your Horizon Landing desktop
- On your laptop ensure you have the Horizon Client deployed, if necessary go to https://tinyurl.com/2e85y2k9
- Download and Install the appropriate operating system Horizon Client
- Once the Horizon client is installed on your laptop
- Select the + Plus sign in the top left hand corner
- In the VMware Horizon Client window under Enter the name of the Connection Server
- type https://desktop.livefire.dev
- Select Connect
- On the VMware Horizon Clientnext to
- Username: enter your assigned [email protected]
- Password:enter your assigned Lab password
- Select Login
XX - Fetch from the excel sheet.
- On your Horizon Desktop
- Select and right-click the DW-RDP Shortcut
- Select Edit`
- In the Remote Desktop Connection next to
- Computer: enter your complete custom Ip address to your vPOD (Remember to note this IP Address down)
- When prompted for the password for [email protected], enter VMware1!
- Select OK
- Select Yes
- You are now on your ControlCenter server
- This is the center point of the lab environment.
- Notice you have a Remote Desktops folder. (You will RDP to the majority of your resources
- On your ControlCenter server desktop
- Open your Chrome Browser
- Notice you have shortcuts to several resources via the chrome browser
- Open your Chrome Browser
Part 4: Introduction to the Livefire Company
Overview of the Company
Livefire as an Organization was found in 2003, It started off a revolutionary approach to financial investment. The Organizations headquarters are in New York USA. The company has branches across the USA and now employs just under 6400 users.
This Organization requires a kickstart into the Zero Trust Journey and you will assist in Pilot demonstrating a range of Zero Trust solutions from the VMware Workspace ONE Portfolio
As a consulting firm you will test a Zero Trust Pilot strategy with using the Marketing, Help Desk and IT Support Teams. In your testing you are welcome to conduct tests using accounts representative of roles in these departments
- We have the following accounts for the respective departments
- For Marketing
- Fernando Dusello email is [email protected]
- Tom Marios email is [email protected]
- For Sales
- Jill Verneo email is [email protected]
- Mark Debio email is [email protected]
- For IT Support we have the following accounts
- Kim Markez email is [email protected]
- Rowan Tunjay email is [email protected]
- For Help Desk
- Kevin Ikin email is [email protected]
- Sandra Palmores email is [email protected]
- For Marketing
0 Comments
Add your comment