A U.S. Air Force base purchased vRealize automation as well as installation and configuration professional services. The base faced a unique challenge in that they delivered training to airmen focused on security services. With a full classroom of desks and computers, the customer needed to create a single training environment with numerous sandboxes to allow students to work in an isolated fashion without having to reconfigure the entire setup for each new class. They had also installed VMware NSX, but hadn’t been able to use it yet.
- Classroom environments needed to be set up for segregated use by students with an easy to use and repeatable reconfiguration
- Lack of isolation introduced potential security issues
- VMware NSX was installed, but had remained unused
- Student workspaces were segregated using the microsegmentation and secure networking capabilities provided by NSX.
- Instructors no longer had to spend extra time and resources breaking down or setting up workspaces from scratch, thanks to a fully automated deployment and configuration process. This process now provides full lifecycle management of these training environments.
- Security concerns were eliminated as a result of achieving the appropriate network isolation.
- The customer’s VMware NSX investment was maximized by enabling its integration with vRealize Automation.
U.S. Air Force Base Challenged to Provide Consistent, Secure Training Environment for Students
One mission of the U.S. Air Force is to regularly deliver security training to airmen throughout the country. This particular base offered a traditional classroom setting with desks and computers, set up to allow students to log in and easily access software and virtual servers to execute on lessons.
These classes generally last for three days, Tuesday through Thursday. Setting up VMs for students to use for learning was a tedious process to begin with. When instructors finished classes on Thursdays, they were also required to take everything down and create a new platform environment for the following week’s students.
Further, the customer wanted students to work in their own sandboxes within the environment so they couldn’t disrupt each other’s resources. The instructor needed to isolate students, but still enable them to carry out necessary training activities. This presented a security issue; without the adequate segregation procedure, servers were vulnerable to disruption, which could allow individual machines to be tampered with, or the target server, which would result in corruption to the template the instructor created.
Automating Environment Builds, Enabling Isolation, and Harnessing the Power of vRealize NSX Integration
“Their real business need was being able to automate some of these processes they were still doing manually and make it a repeatable task,” Trey Ransbotham, VMware Consulting Engineer at August Schell said. “The isolation they required needed to enable an environment where the actual learning materials for the students were secured and standard across each machine, without the potential for students to affect one another.”
When August Schell entered the engagement, it was after a Virtual Desktop Infrastructure (VDI) and NSX had been installed. Although NSX had been stood up, it wasn’t being used yet. “vRA has built-in, out-of-the-box ties into NSX. If you know how to integrate them, it unlocks a lot of power,” he continued.
Armed with deep VMware expertise, Ransbotham homed in on the capabilities made possible by vRA and NSX in order to fulfill the customer’s two primary use cases: to provide them a repeatable, automated task for building a virtual classroom and secure the environment by utilizing NSX underneath. “The vRealize NSX integration is what I facilitated to help the customer achieve their goals,” he said.
After enabling the integration between vRA and NSX, Ransbotham used VMware’s service kit to ensure that the deliverable was provided to the customer in a standardized fashion, followed by a comprehensive knowledge transfer session. “I made sure to be thorough in running them through the features of the product and how to configure it and leave them with step-by-step instructions.”
Creating a Safe, Flexible Learning Environment for Airforce-Enlisted Students
“This was a unique engagement because vRA specialists are not typically cross-trained on NSX. Since I’m fortunate to have deep NSX experience, I was able to use it to provide a template for exactly what they’d need to do,” Ransbotham continued.
At the close of the project, ASE ensured that instructors had access to a simple web portal complete with catalogue items they could select from easily. “For the security class, there was a catalogue item that said ‘build student workspace.’ They clicked that, then they could build one student’s workspace upfront and that’d be the template.”
NSX was successfully set up for the ability to create an isolated network exclusively for the use of sandboxes. “They can now create however many environments they want to, based on a template with consistent toolsets, access points, and IP addresses,” he concluded. The environment was set up to automatically destroy itself after four days, lasting only the length of a class, and teachers could easily recreate new workspaces for students.