Arquitectura en la Nube: REST API de Horizon para la Automatización de Ambientes

Como profesionales de TI, sabemos que la automatización es una herramienta fundamental para el funcionamiento eficiente y seguro de nuestros ambientes de tecnología. En el contexto de la nube, la automatización se vuelve aún más importante ya que los servidores y aplicaciones se encuentran en entornos virtuales y se pueden desplegar en diferentes ubicaciones geográficas.

En este artículo, exploraremos el REST API de Horizon, un powerful tool for automating the deployment and management of virtual desktop infrastructure (VDI) and application environments. We will discuss the benefits of using REST APIs, how to authenticate and execute REST calls, and provide examples of how to use the Horizon REST API to automate tasks such as deploying and managing desktops and applications.

Benefits of Using REST APIs

—————————–

Using REST APIs offers several benefits for our automation efforts:

### 1. Platform independence

REST APIs allow us to integrate with different platforms and systems without the need for native integrations. This means we can use a single set of APIs to interact with multiple systems, making it easier to manage and maintain our automation scripts.

### 2. Version control

Since REST APIs are defined using standard protocols such as HTTP and JSON, we can easily version control our API calls and track changes over time. This helps us maintain a history of our API calls and identify any issues or errors that may arise.

### 3. Scalability

REST APIs are highly scalable, allowing us to integrate with large-scale systems and applications without worrying about performance degradation. This is especially important in the cloud environment, where resources can be easily scaled up or down as needed.

How to Authenticate and Execute REST Calls

—————————————-

To use the Horizon REST API, we need to authenticate our requests first. We can do this by including a valid authentication token in our API calls. Here’s an example of how to authenticate and execute a REST call using Postman:

1. Download the Postman collection for the Horizon REST API from .

2. Import the collection into Postman and select the appropriate authentication method (e.g., username and password, OAuth, etc.).

3. Include the authentication token in the request headers or query parameters, depending on the API endpoint.

4. Execute the REST call by sending a GET, POST, PUT, or DELETE request to the appropriate endpoint.

Examples of Using the Horizon REST API

—————————————–

Now that we have authenticated and executed our first REST call, let’s explore some examples of how to use the Horizon REST API to automate tasks such as deploying and managing desktops and applications:

### 1. Deploying Desktops

We can use the `POST /rest/desktops` endpoint to deploy new desktops. Here’s an example of a POST request using Postman:

“`bash

POST /rest/desktops

Content-Type: application/json

{

“name”: “My Desktop”,

“description”: “My desktop for testing purposes”,

“template”: “path/to/desktop/template.vm”

}

“`

This will create a new desktop with the specified name and description, and use the specified template to deploy it.

### 2. Managing Applications

We can use the `GET /rest/applications` endpoint to retrieve a list of all applications in our Horizon environment. Here’s an example of a GET request using Postman:

“`bash

GET /rest/applications

Accept: application/json

“`

This will return a JSON array of all applications in our environment, including their name and description.

### 3. Updating Desktop Properties

We can use the `PUT /rest/desktops/{desktopId}` endpoint to update the properties of an existing desktop. Here’s an example of a PUT request using Postman:

“`bash

PUT /rest/desktops/1234567890

Content-Type: application/json

{

“name”: “My Desktop – updated”,

“description”: “My desktop for testing purposes, updated”

}

“`

This will update the name and description of the desktop with the specified ID.

Conclusion

———-

In this article, we have explored the REST API of Horizon and how to use it to automate tasks such as deploying and managing desktops and applications. We have discussed the benefits of using REST APIs, how to authenticate and execute REST calls, and provided examples of how to use the Horizon REST API.

By leveraging the power of REST APIs, we can easily integrate our Horizon environments with other systems and automate many of the repetitive tasks involved in managing virtual desktops and applications. This not only saves us time and effort but also helps ensure consistency and reliability across our environment.

Agustín Malanco es un VCDX #141 con una nueva serie de artículos sobre las nuevas capacidades que se nos entregaron con vSphere 7. En este primer artículo, se centra en la creación de perfiles de configuración para nuestras instancias de vCenter con vCenter Profiles.

Desde hace mucho tiempo, los clientes de VMware han tenido peticiones para poder estandarizar y tener un método de configuración declarativo para vCenter Server, logrando tener claro el estado final de configuración entre las instancias de vCenter. Con vCenter Profiles, podemos exportar la configuración existente de vCenter y cubrir los siguientes casos de uso:

1. Crear un perfil básico para pruebas

2. Crear un perfil a partir de la configuración actual

3. Verificar la configuración actual vs el perfil creado

Para interactuar con vCenter Profiles, podemos usar dos métodos:

1. GUI de vCenter Server ( Development Center > API Explorer)

2. API de REST ( endpoint y API de Appliance)

Para crear un perfil básico para pruebas, podemos buscar la llamada de API “ApplianceVcenterSettingsV1ConfigCreate” en el API Explorer. La respuesta nos dará una estructura del body, que podemos usar en conjunto con la configuración actual para crear un perfil.

Para crear un perfil a partir de la configuración actual, podemos hacer una llamada GET a la siguiente ruta:

“`

https:///api/appliance/vcenter/settings/v1/config

“`

La respuesta nos dará la configuración actual de vCenter, que podemos utilizar para crear un perfil.

Para verificar la configuración actual vs el perfil creado, podemos hacer una llamada GET a la siguiente ruta:

“`

https:///api/appliance/vcenter/settings/v1/config/tasks

“`

La respuesta nos dará el ID del task, que podemos utilizar para consultar el resultado.

En este ejemplo practico, hemos creado un perfil básico para pruebas y lo hemos utilizado para verificar la configuración actual vs el perfil creado. También hemos utilizado Postman para interactuar con el API de vCenter Profiles.

Esperamos que este ejemplo práctico les haya dado una idea de cómo comenzar a hacer uso de los diferentes APIs de vCenter Profiles. ¡Hasta el próximo artículo!

Assignable Hardware in vSphere 7: A Game Changer for I/O Virtualization

Introduction

In the ever-evolving world of virtualization, VMware has consistently introduced innovative features to enhance the capabilities of its vSphere platform. One such feature is Assignable Hardware, which was introduced in vSphere 7 and has revolutionized the way we approach I/O virtualization. In this blog post, we will explore the benefits and drawbacks of using Assignable Hardware, as well as compare it to existing I/O virtualization technologies such as SR-IOV and VMDirectPath I/O.

Benefits of Assignable Hardware

1. Improved scalability: Unlike SR-IOV and VMDirectPath I/O, which are limited by the number of VFs (virtual functions) and PCIe slots on a server, respectively, Assignable Hardware allows for more flexible scaling.

2. Increased flexibility: With Assignable Hardware, we can now assign hardware devices directly to virtual machines (VMs), giving us more control over the allocation of resources.

3. Better availability: By decoupling VMs from specific servers, we can use DRS (Distributed Resource Scheduler) to analyze the availability of resources across the cluster and ensure that VMs are always running on the most suitable host.

4. Enhanced security: With Assignable Hardware, we can now assign devices with specific security policies to VMs, ensuring that sensitive data is protected.

Drawbacks of Assignable Hardware

1. Limited device support: Currently, only a few hardware devices are supported by Assignable Hardware, such as NICs and HBAs (Host Bus Adapters).

2. Complex configuration: Setting up Assignable Hardware can be more complex than other I/O virtualization technologies, requiring careful planning and configuration.

3. Potential performance overhead: Some users have reported a slight performance overhead when using Assignable Hardware, although this is not always the case.

Comparison to Existing Technologies

1. SR-IOV (Single Root I/O Virtualization): SR-IOV uses hardware identifiers to assign devices to VMs, providing direct access to PCIe devices. However, it is limited by the number of VFs and PCIe slots on a server.

2. VMDirectPath I/O (Dynamic VMDirectPath I/O): VMDirectPath I/O provides direct access to hardware devices for VMs, but like SR-IOV, it is limited by the availability of PCIe slots and VFs.

3. VMDirectPath I/O (Non-Dynamic): Non-dynamic VMDirectPath I/O is similar to dynamic VMDirectPath I/O, but it does not provide the same level of flexibility and scalability.

Conclusion

Assignable Hardware in vSphere 7 represents a significant leap forward in I/O virtualization technology. With its improved scalability, increased flexibility, better availability, and enhanced security, Assignable Hardware is an essential tool for any organization looking to optimize their virtualization environment. Although it has some limitations, such as limited device support and potential performance overhead, the benefits of Assignable Hardware far outweigh the drawbacks. As the technology continues to evolve, we can expect to see even more innovative features and capabilities emerge in future versions of vSphere.

Arquitectura en la Nube: Una Visión Profunda de File Services en vSAN

Introducción

La nueva capacidad de File Services en vSAN ha generado mucho interés en la comunidad de tecnología de la información. En este artículo, exploraremos esta característica y cómo puede beneficiar a los administradores de VMware. Además, analizaremos cómo File Services puede ayudar a los usuarios a aprovechar al máximo el potencial de su cluster de vSAN.

File Services en vSAN: ¿Qué es y cómo funciona?

File Services es una característica que permite aprovisionar exportaciones de NFS y shares de SMB sobre un cluster de vSAN. Esto significa que los usuarios pueden acceder a sus datos como si fueran un sistema de archivos tradicional, pero con la ventaja adicional de que todo se encuentra en la nube y puede ser administrado de manera centralizada.

El proceso de aprovisionar File Services en vSAN es relativamente sencillo. Primero, los administradores deben crear un nuevo objeto de File Service en su cluster de vSAN. Luego, pueden configurar el exports de NFS y shares de SMB que deseen. Finalmente, los usuarios pueden acceder a sus datos mediante la interfaz de usuario de vCenter o directamente desde la consola de commandes de ESXi.

VDFS: El sistema de archivos distribuido detrás de File Services

Para entender cómo funciona File Services en vSAN, es importante tener una idea general de cómo works VDFS (Virtual Disk File System). VDFS es un sistema de archivos distribuido que se encuentra sobre vSAN. Es decir, que los datos se almacenan en la nube y pueden ser accedidos desde cualquier lugar del mundo.

VDFS utiliza una técnica llamada “posix” para presentar un sistema de archivos POSIX compuesto por múltiples nodos. Esto significa que los usuarios pueden acceder a sus datos como si fueran un sistema de archivos tradicional, pero con la ventaja adicional de que todo se encuentra en la nube y puede ser administrado de manera centralizada.

FSVM: El agent VM que habilita File Services

Para habilitar File Services en vSAN, los administradores deben crear un nuevo tipo de VM llamada FSVM (File Service Virtual Machine). Esta VM se encarga de presentar los puntos de acceso de protocolo para el cliente de NFS o SMB. En otras palabras, la FSVM actúa como un servidor de archivos que los usuarios pueden acceder desde cualquier lugar del mundo.

El proceso de crear una FSVM es relativamente sencillo. Los administradores deben seleccionar un host ESXi y crear una nueva VM. Luego, deben instalar el software de File Services y configurar los parámetros de la VM. Finalmente, la FSVM estará lista para utilizarse.

Endpoint Controller: El componente que mantiene la salud del servicio

Para garantizar la disponibilidad y el rendimiento de File Services, vSAN utiliza un componente llamado Endpoint Controller. Este componente se encarga de monitorear la salud de los servicios y manejar el failover en caso de que una FSVM no esté brindiendo el servicio adecuado.

En resumen, File Services en vSAN es una característica poderosa que permite a los administradores de VMware aprovechar al máximo el potencial de su cluster de vSAN. Con la capacidad de aprovisionar exportaciones de NFS y shares de SMB, los usuarios pueden acceder a sus datos como si fueran un sistema de archivos tradicional, pero con la ventaja adicional de que todo se encuentra en la nube y puede ser administrado de manera centralizada. Además, el uso de VDFS y FSVM garantiza la disponibilidad y el rendimiento del servicio, lo que ayuda a los administradores a proporcionar una experiencia de usuario más segura y eficiente.

As a consultant at ITQ, I have gained extensive knowledge and experience in the field of End User Computing over the past decade. In recent years, I have also delved into the world of Cyber Security, and since 2018, I have been awarded the VMware vExpert status every year. In 2020, I was honored to be part of the first vExpert EUC subprogram, and in addition to that, I am also part of the vExpert Security subprogram since 2021. When I’m not working or spending time with my family, I enjoy sports and grilling on my BBQs.

In this blog post, I will explain how to enable Carbon Black Cloud Workload Protection by installing and configuring the server appliance. I will use my home lab environment and an ITQ Carbon Black Cloud test environment that I have access to.

First, we need to download the CBCW server appliance .ova file from my.vmware.com. After downloading the .ova file, open your vCenter management console and start “Deploy OVF Template”. Select the Local File radio button and click Upload Files. Select your downloaded CBCW Server Appliance .ova file and click Next to continue.

Enter the name of the CBCW Server Appliance and click Next. Select the cluster or host where you want to deploy the appliance and click Next. Click Next again, and then accept the license agreement and click Next. Select a datastore, select Thin Provision, and click Next. Finally, click Finish to start the installation.

The deployment of the server appliance is pretty straightforward. For the configuration, we start by powering on the CBCW Server Appliance and opening the management page in a browser. Open a browser and enter the FQDN of the Server Appliance. Log in with the root account and your created password.

First, we need to configure some settings before we can connect the appliance to the cloud. We need to configure time settings by clicking the General tab, clicking Edit, entering the IP address of your NTP server, and clicking Save. Next, we need to register the vCenter Appliance by selecting the Registration tab, clicking Edit, entering the vCenter FQDN in the SSO Hostname field, and clicking Save.

After that, we can create an API key for the CBCW Server Appliance to use. To do this, we need to head back over to the CBCW Management page. On the management page, click the Edit button at the VMware Carbon Black Cloud section. Enter the Carbon Black Cloud URL and create a unique Appliance name. Copy/paste the Org Key, API ID, and API Secret Key from the Carbon Black Cloud Management page and click Save.

Finally, we can check the active connection in the CBC Management page by going to Settings > API Access > API Keys and clicking the link in the API key name.

That’s it! With these steps, you have successfully enabled Carbon Black Cloud Workload Protection in your environment. Your system administrators and security officers/analysts can now monitor the environment for possible threats through the Carbon Black Cloud- and vCenter Management pages. If you are interested in Carbon Black Cloud Workload Protection and want a demo or need help with the installation or configuration, feel free to contact me in any way.

As a system administrator, you can now monitor for vulnerabilities and inventory status in the vCenter Management Console after deploying the sensors. Here you can also deploy the sensors onto the virtual machines. To open the Carbon Black overview, click Menu > Carbon Black. Here you will find a summary of your Appliance Health, Inventory status, and possible Vulnerabilities. In this case, we want to enable a sensor, so click on the Inventory tab and select Not Enabled. Select a virtual machine of choice and click on Enable. To start the sensor installation on that VM. You will be prompted with a popup where you have the ability to configure some advanced settings. For now, we want to install the sensor with a default configuration, so click on Enable to continue. The installation will take a couple of minutes. You can click on the Enabled tab and refresh your page until your selected VM is shown.

Another way to enable a sensor or multiple sensors is through the CBC Management page. Open the management page and go to Inventory > VM Workloads > Not Enabled. Here you will find an overview of not enabled virtual machines. Select a virtual machine, click the orange Take Action button, and select Install Sensor. Just as in vCenter, a popup will be shown to specify some advanced settings. We still want to use the default configuration, so click Install to start the installation. After a couple of minutes, click on the Enabled tab to view your newly installed sensor.

You can also install the sensors by using a .MSI file. Probably not a big surprise, but yes you can also install the sensor by using a .MSI file you can download from the CBC Management page. On the VM Workload page, you have a Sensor Options button in the top right of the screen. Click on it and select Download Sensor Kits. A popup will appear where you can choose to download the installation file for the Operating System of choice. Since I only use Windows virtual machines, I download the Windows 64-bit Download kit. After you have clicked the download button, a .MSI file will be downloaded onto your computer for further use.

There are also various parameters available to install the sensor silently, check out the documentation for that. Below is the default command line to use just the basic settings. By using the various methods you have many options to install the Carbon Black sensor. I personally would prefer the MSI option to automatically install it when creating a virtual machine, especially from a VDI perspective.

Interested in how the Carbon Black sensor works in a (non-persistent) VDI environment? Keep an eye out for my next blog!

As a consultant specializing in End User Computing and Cyber Security, I’ll guide you through the process of securing non-persistent VDI desktops with VMware Carbon Black. In my previous blog post, I discussed how to deploy the Carbon Black sensor in a non-persistent VDI environment. In this article, I’ll delve deeper into the configuration of the VDI policy and sensor settings for accurate information about your VDI desktops.

Before we begin, it’s essential to understand that this article is focused on non-persistent VDI environments. If you have a persistent VDI environment, please refer to the VMware Carbon Black documentation for specific guidance.

Creating a VDI Policy

————————

To ensure accurate information about your VDI desktops, we need to create a VDI policy in the Carbon Black Management page. Here’s how to do it:

1. Log in to the Carbon Black Management page and go to Enforce > Policies.

2. Click “New Policy” and enter a name for the policy, an optional description, set the target value to “Medium,” and enter a Sensor UI Message.

3. On the “Prevention” tab, configure the following bypass rules:

* **Program FilesVMware**

* **SnapVolumesTemp**

* **SVROOT**

* **SoftwareDistributionDataStore**

* **System32SpoolPrinters**

* **ProgramDataCarbonBlack**

4. On the “Sensor” tab, configure the following settings:

* Set the “Device ID” to “Unique ID”

* Set the “VM Name” to the name of your VDI pool

5. Save the policy and apply it to the desired endpoints.

Configuring Sensor Settings

——————————

Now that we have created a VDI policy, let’s dive into the sensor settings configuration:

1. On the “Sensor Options” page, under “Manage Sensor Settings,” click “Edit.”

2. Under “Delete sensors that have been deregistered for,” set the duration to 24 hours (or consult with your stakeholders for the appropriate duration).

3. Click “Save” to apply the changes.

Auto-Deregistration and Auto-Delete Sensors

—————————————

To keep our management page clean and tidy, we’ll enable auto-deregistration and auto-delete sensors. Here’s how:

1. On the “Sensor Options” page, under “Manage Sensor Settings,” click “Edit.”

2. Under “Auto-Deregister,” set the duration to 24 hours (or consult with your stakeholders for the appropriate duration).

3. Under “Auto-Delete sensors that have been deregistered for,” set the duration to 24 hours (or consult with your stakeholders for the appropriate duration).

4. Click “Save” to apply the changes.

Deleting Unused Sensors

————————

To keep our management page clean and tidy, we’ll auto-delete unused sensors. Here’s how:

1. On the “Inventory” page, under “Endpoints,” select the desired endpoint.

2. Click “Sensor Options” and select “Manage Sensor Settings.”

3. Under “Delete sensors that have been deregistered for,” set the duration to 24 hours (or consult with your stakeholders for the appropriate duration).

4. Click “Save” to apply the changes.

Conclusion

———-

With these configuration steps, your non-persistent VDI desktops are now fully secured by VMware Carbon Black. By following these instructions, you’ll have a clean management page with accurate information about every running VDI. Remember to consult with your stakeholders for the appropriate duration for auto-deregistration and auto-delete sensors.

If you have any questions or are interested in VMware Carbon Black, feel free to contact me in any way. My name is Age Roskam, and I work as a Consultant at ITQ. Over the last decade, I’ve gained a lot of knowledge and experience in the field of End User Computing and Cyber Security. In recent years, I’ve also been awarded the VMware vExpert status every year. In 2020, I received the honor to be part of the first vExpert EUC subprogram, and in addition to that, I’m part of the vExpert Security subprogram since 2021. When I’m offline, I enjoy family, sports, and grilling on my BBQs.

Installing Carbon Black Sensors with VMware Workspace ONE UEM

In my previous blogs, I discussed how to install the Carbon Black sensor in a non-persistent VDI environment and securing our virtual infrastructure. Now it’s time to focus on physical devices such as corporate laptops and desktops, as well as BYOD policies within companies. In this blog post, we will explore how to install the Carbon Black sensor on mobile devices managed by VMware Workspace ONE UEM.

Preparation

Before we begin, make sure you have access to VMware Workspace ONE UEM and have downloaded the Carbon Black MSI installer from the Carbon Black Cloud management page.

Step 1: Installing the Sensor

Log in to the Workspace ONE UEM management page, go to APPS & BOOKS > Native, and click on the Add button. Select the Application File option, and then upload the Carbon Black MSI installer. Once the upload is complete, leave the Supported Processor Architecture set at 32-bit since we are installing the sensor on Windows 10 64-bit devices.

Step 2: Deployment Options

In the Deployment Options tab, we need to adjust a few settings to ensure correct installation of the sensor. We need to add the COMPANY_CODE parameter to the command line, which should look like this:

msiexec /i “installer_vista_win7_win8-64-3.6.0.1979.msi” /qn COMPANY_CODE=”7PRI————#E8″

After entering the correct command line, click Save & Assign to continue.

Step 3: Assignment Group

Create a Windows 10 assignment group to deploy applications to Windows 10 devices. For the App Delivery Method, select Auto to force the application to be installed automatically. Also, disable Notifications, allow user install deferral, and the application will not be shown in the App Catalog. You can set these options as you like; click Save to continue.

Step 4: Publish the App

Click Publish to finish creating the native app in Workspace ONE UEM. Now that we are ready, the application will immediately be pushed to all devices in the assignment group. Since we disabled all notifications and visibility in the App Catalog, the Carbon Black sensor is silently installed on the device.

Verifying Installation

There are a couple of ways to check if the installation was successful and the sensor is up and running:

1. Open the task manager on the device, and check if the Carbon Black processes are running.

2. You can also check the Workspace ONE UEM console. Click Devices > Select a device, and click on the Apps tab.

3. And of course, you can check if the device is shown on the Carbon Black Cloud management page. Open the management page and go to Inventory > Endpoints (in this example, I used a virtual “laptop,” so I’m checking the VM Workloads page).

As we have seen, installing the Carbon Black sensor through VMware Workspace ONE UEM is straightforward and easy. The ease of deploying the sensors in all various ways makes Carbon Black a joy to use. If you are interested in a demo, feel free to contact me or keep an eye out for more on Carbon Black and Workspace ONE Intelligence!

Hi, my name is Age Roskam, and I work as a Consultant at ITQ. Over the last decade, I’ve gained a lot of knowledge and experience in End User Computing and Cyber Security. Since 2018, I’ve been awarded the VMware vExpert status every year. In 2020, I received the honor to be part of the first vExpert EUC subprogram, and in addition to that, I’m part of the vExpert Security subprogram since 2021. When I’m offline, I enjoy family, sports, and grilling on my BBQs.

As a Consultant at ITQ, I have gained extensive knowledge and experience in End User Computing (EUC) and Cyber Security over the past decade. In 2018, I was awarded the VMware vExpert status, and I have been part of the vExpert EUC subprogram since 2020. As a security enthusiast, I am always looking for ways to improve my skills and stay up-to-date on the latest technologies. In this blog post, I will guide you through the steps for creating a custom connector in VMware Workspace ONE Intelligence that can send messages to your Microsoft Teams channel(s).

To follow along with this blog post, you will need a Workspace ONE Intelligence tenant, a Microsoft Office 365 subscription with Teams, and Postman to create and modify the API. I am using my VMware TestDrive environment and a Microsoft 365 Developer account for this tutorial.

Step 1: Create an Alerts Channel in Workspace ONE Intelligence

In my Microsoft 365 Developer environment, I have created a new Team and some additional channels to simulate a SOC team. In the alerts channel, I want Workspace ONE Intelligence to post any new Carbon Black alerts with a severity of 6 or higher. To set this up, I’ve created the following Automation in Workspace ONE Intelligence:

1. Go to Integrations > Outbound Connectors > Add Custom Connector.

2. Copy the webhook URL into the Base URL field, and select No Authentication in the Auth Type field. Click Save to add the connector.

3. Click on the … (dots) of the Microsoft Teams connector and select View Actions.

4. Drag the created JSON file to the upload field to import the Microsoft Teams API.

Step 2: Import the Microsoft Teams JSON File

To import the Microsoft Teams JSON file, follow these steps:

1. Click here to download the Microsoft Teams JSON file from the EUC samples page on Github.

2. Import the JSON file into Postman.

3. Insert the webhook URL in each of the POST requests.

4. Click on the … (dots) at the Microsoft Teams level and select Export.

5. Leave it on the default Collection v2.1, click on the Export button, and save the JSON file on your computer.

Step 3: Create an Automation in Workspace ONE Intelligence

To set up an automation that sends a message to Microsoft Teams when a new Carbon Black alert with a severity of 6 or higher is detected, follow these steps:

1. Go to Automations > Add > Custom Workflow.

2. Select Category > Carbon Black > Carbon Black Threats.

3. In the Filter (IF) field, select Carbon Black Severity Score > Greater Than or Equal To > 6.

4. In the Action (Then) field, enter a message you want to send to the teams channel. I used the following message: “An alert with Severity Score ${carbonblack.threat.threatinfo_score} has been raised for ${carbonblack.threat.deviceinfo_devicename} in the Carbon Black Console.”

5. Click Test to start the test.

6. Select one of the alerts found and click Next (if you don’t see any alerts, change the filter to a lower severity).

7. The text in the text field should automatically be adjusted, click Test to launch send the message to Microsoft Teams.

8. Open your teams channel and see the result!

I hope this blog post has been informative and helpful. If you have any questions or comments, please let me know. When I’m offline, I enjoy spending time with my family, playing sports, and grilling on my BBQs.

Building an RDSH Farm in Horizon: A Step-by-Step Guide

In this blog post, we will guide you through the process of creating an RDSH (Remote Desktop Session Host) farm in Horizon 8 (2212), with a focus on the new feature “Published Apps On Demand”. This feature allows users to access published applications on demand, without the need for a dedicated application server.

Prerequisites:

Before we begin, there are a few prerequisites you need to be aware of:

1. You need an RDSH server with Horizon installed.

2. It is recommended to have the DEM (Desktop and Application Management) and App Volumes Agent installed as well.

3. Create a snapshot of your VM before proceeding, as this is required for cloning.

Creating an RDSH Farm:

To create an RDSH farm, follow these steps:

1. Open the Horizon management console and navigate to Farms.

2. Click “Add” to start creating a new farm.

3. Leave the “Automated Farm” setting on default, and click “Next”.

4. Select your vCenter Server and click “Next”.

5. Leave the “Storage Optimization” settings as default, as we don’t use vSAN in our lab. Click “Next”.

6. Enter a Farm ID and specify any additional settings if desired. For this blog, we will leave these settings default. Click “Next”.

7. Choose a Naming Pattern and select the maximum number of machines you want to create in your farm. Click “Next”.

8. Specify the VM and snapshot of the VM you have created. Select the location where you want the cloned VMs to land. Click “Next”.

9. Select your Instant Clone Domain Account and the OU where the computer objects need to be created. Click “Next”.

10. Review your selected settings, then click “Submit” to start the cloning process.

Monitoring the Cloning Process:

After submitting your settings, you can monitor the progress by selecting your farm. When the cloning process is successfully finished, the state should be “Published”.

Navigating to the RDS Hosts Tab:

To see the hosts you’ve created, navigate to the “RDS Hosts” tab in the Horizon management console.

Conclusion:

In this blog post, we have demonstrated how to create an RDSH farm in Horizon 8 (2212) with the new feature “Published Apps On Demand”. We have also covered the prerequisites and the step-by-step process for creating a farm. We hope this guide has been informative and helpful for you. If you have any questions, feel free to contact us.

About the Author:

Hi, my name is Age Roskam, and I work as a Consultant at ITQ. Over the last decade, I’ve gained a lot of knowledge and experience in the field of End User Computing, and in recent years, also in the world of Cyber Security. Since 2018, I’ve been awarded the VMware vExpert status every year. In 2020, I received the honor to be part of the first vExpert EUC subprogram, and in addition to that, I’m part of the vExpert Security subprogram since 2021. When I’m offline, I enjoy family, sports, and grilling on my BBQs.