Select Page

Horizon and Workspace ONE Architecture for 250k Users Part 1

Disclaimer: This article is based on my own thoughts and experience and may not reflect a real-world design for a Horizon/Workspace ONE architecture of this size. The blog series focuses only on the Horizon or Workspace ONE infrastructure part and does not consider other criteria like CPU/RAM usage, IOPS, amount of applications, use cases and so on. Please contact your partner or VMware’s Professional Services Organization (PSO) for a consulting engagement.

To my knowledge there is no Horizon implementation of this size at the moment of writing. This topic, the architecture and the necessary amount of VMs in the data center, was always important to me since I moved from Citrix Consulting to a VMware pre-sales role. I always asked myself how VMware Horizon scales when there are more than only 10’000 users.

250’000 users are the current maximum for VMware Horizon 7.8 and the goal is to figure out how many Horizon infrastructure servers like Connection Servers, App Volumes Managers (AVM), vCenter servers and Unified Access Gateway (UAG) appliances are needed and how many pods should be configured and federated with the Cloud Pod Architecture (CPA) feature.

I will create my own architecture, meaning that I use the sizing and recommendation guides and design a Horizon 7 environment based on my current knowledge, experience and assumption.

After that I’ll feed the Digital Workspace Designer tool with the necessary information and let this tool create an architecture, which I then compare with my design.

Scenario

This is the scenario I defined and will use for the sizing:  

Users: 250’000
Data Centers: 1 (to keep it simple)
Internal Users: 248’000
Remote Users: 2’000
Concurrency Internal Users: 80% (198’400 users)
Concurrency Remote Users: 50% (1’000 users)

Horizon Sizing Limits & Recommendations

This article is based on the current release of VMware Horizon 7 with the following sizing limits and recommendations:

Horizon version: 7.8
Max. number of active sessions in a Cloud Pod Architecture pod federation: 250’000
Active connections per pod: 10’000 VMs max for VDI (8’000 tested for instant clones)
Max. number of Connection Servers per pod: 7
Active sessions per Connection Server: 2’000
Max. number of VMs per vCenter: 10’000
Max. connections per UAG: 2’000 

The Digital Workspace Designer lists the following Horizon Maximums:

 

Horizon Maximums Digital Workspace Designer

Please read my short article if you are not familiar with the Horizon Block and Pod Architecture.

Note: The App Volumes sizing limits and recommendations have been updated recently and don’t follow this rule of thumb anymore that an App Volumes Manager only can handle 1’000 sessions. The new recommendations are based on “concurrent logins per second” login rate:

New App Volumes Limits Recommendations

 

Architecture Comparison VDI

Please find below my decisions and the one made by the Digital Workspace Designer (DWD) tool:

Horizon ItemMy DecisionDWD ToolNotes
Number of Users (concurrent)199'400199'400
Number of Pods required2020
Number of Desktop Blocks (one per vCenter)100100
Number of Management Blocks (one per pod)2020
Connection Servers required100100
App Volumes Manager Servers802024+1 AVMs for every 2,500 users
vRealize Operations for Horizonn/a22I have no experience with vROps sizing
Unified Access Gateway required22
vCenter servers (to manage clusters)20100Since Horizon 7.7 there is support for spanning vCenters across multiple pods (bound to the limits of vCenter)

Architecture Comparison RDSH

Please find below my decisions* and the one made by the Digital Workspace Designer (DWD) tool:

Horizon ItemMy DecisionDWD ToolNotes
Number of Users (concurrent)199'400199'400
Number of Pods required2020
Number of Desktop Blocks (one per vCenter)20401 block per pod since we are limited by 10k sessions per pod, but only have 333 RDSH per pod
Number of Management Blocks (one per pod)2020
Connection Servers required100100
App Volumes Manager Servers142024+1 AVMs for every 2,500 users/logins (in this case RDSH VMs (6'647 RDSH totally))
vRealize Operations for Horizonn/a22I have no experience with vROps sizing
Unified Access Gateway required22
vCenter servers (to manage resource clusters)440Since Horizon 7.7 there is support for spanning vCenters across multiple pods (bound to the limits of vCenter)

*Max. 30 users per RDSH

Conclusion

VDI

You can see in the table for VDI that I have different numbers for “App Volumes Manager Servers” and “vCenter servers (to manage clusters)”. For the amount of AVM servers I have used the new recommendations which you already saw above. Before Horizon 7.7 the block and pod architecture consisted of one vCenter server per block:

Horizon Pod vCenter tradtitional

That’s why, I assume, the DWD recommends 100 vCenter servers for the resource cluster. In my case I would only use 20 vCenter servers (yes, it increases the failure domain), because Horizon 7.7 and above allows to span one vCenter across multiple pods while respecting the limit of 10’000 VMs per vCenter. So, my assumption is here, even the image below is not showing it, that it should be possible and supported to use one vCenter server per pod:

Horizon Pod Single vCenter

RDSH

If you consult the reference architecture and the recommendation for VMware Horizon you could think that one important information is missing:

The details for a correct sizing and the required architecture for RDSH!

We know that each Horizon pod could handle 10’000 sessions which are 10’000 VDI desktops (VMs) if you use VDI. But for RDSH we need less VMs – in this case only 6’647.

So, the number of pods is not changing because of the limitation “sessions per pod”. But there is no official limitation when it comes to resource blocks per pod and having one connection server for every 2’000 VMs or sessions for VDI, to minimize the impact of a resource block failure. This is not needed here I think. Otherwise you would bloat up the needed Horizon infrastructure servers and this increases operational and maintenance efforts, which obviously also increases the costs.

But, where are the 40 resource blocks of the DWD tool coming from? Is it because the recommendation is to have at least two blocks per pod to minimize the impact of a resource block failure? If yes, then it would make sense, because in my calculation you would have 9’971 RDSH users sessions per pod/block and with the DWD calculation only 4’986 (half) per resource block.

*Update 28/07/2019*
I have been informed by Graeme Gordon from technical marketing that the 40 resources blocks and vCenters are coming from here:

App Volumes vCenters per Pod

I didn’t see that because I expect that we can go higher if it’s a RDSH-only implementation.

App Volumes and RDSH

The biggest difference when we compare the needed architecture for VDI and RDSH is the number of recommended App Volumes Manager servers. Because “concurrent logins at a one per second login rate” for the AVM sizing was not clear to me I asked our technical marketing for clarification and received the following answer:

With RDSH we assign AppStacks to the computer objects rather than to the user. This means the AppStack attachment and filter drive virtualization process happends when the VM is booted. There is still a bit of activity when a user authenticates to the RDS host (assignment validation), but it’s considerably less than the attachment process for a typical VDI user assignment.

Because of this difference, the 1/second/AVM doesn’t really apply for RDSH only implementations.

With this background I’m doing the math with 6’647 logins and neglect the assignment validation activity and this brings me to a number of 4 AVMs only to serve the 6’647 RDS hosts.

Disclaimer

Please be reminded again that these are only calculations to get an idea how many servers/VMs of each Horizon component are needed for a 250k user (~200k CCU) installation. I didn’t consider any disaster recovery requirements and this means that the calculation I have made recommend the least amount of servers required for a VDI- or RDSH-based Horizon implementation.

Workspace ONE UEM – Data Security, Data Privacy and Data Collection

A lot of businesses are getting more and more interested in a Unified Endpoint Management solution like Workspace ONE UEM. While EMM is pretty clear to everyone, UEM is far away from this status. During the meetings with customers about Workspace ONE we often hear concerns about “cloud” and the data which is being sent to the cloud.

Since this information about data privacy, data security or data collection regarding Workspace ONE is not easy to gather, I decided to make this information available here.

This topic is very important, because more businesses are open now to talk about cloud and hybrid solutions like Workspace ONE where the management backend is managed by VMware and only a few components need to be installed on-premises in your own data center:

Workspace ONE UEM SaaS Architecture

With the release of Workspace ONE UEM 1904 VMware started to publish “SaaS only releases“. Before this announcement an on-premises customer would get the on-prem installers three to four weeks after a new SaaS release has been made available. That’s why it’s clear that a lot more customers are having the same questions and requests when it comes to a cloud-based solution.

Of course, as we strive to bring you more cloud services at a faster pace, we will continue to add value with innovations in both our On-Premises and cloud offerings.

As a result, we are making a change to how we deliver Workspace ONE UEM beginning with Workspace ONE UEM Console 1904, which will be SaaS only release.

Which data are collected from users and devices? Who has access to this data?

  • By default, the solution only collects information necessary to manage the device, such as the device status, compliance information, OS, etc.; our solution may collect (if configured by administrator) or users may input data considered to be sensitive
  • The solution collects a limited personal data which includes user first and last name, username, email address, and phone number for user activation and management. These fields can be encrypted at rest in the solution database (AES 256). Customers may collect additional data points in the following matrix (as configured by the customer administrator): https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/1904/UEM_Managing_Devices/GUID-AWT-DATA-COLLECT-MATRIX.html
    • VMware automatically collects certain information when you use or access Online Properties (“VMware websites, online advertisements or marketing emails “) or mobile apps. This information does not necessarily reveal your identity directly but may include information about the specific device you are using, such as the hardware model, operating system version, web-browser software (such as Firefox, Safari, or Internet Explorer) and your Internet Protocol (IP) address/MAC address/device identifier. We also automatically collect and store certain information in server logs such as: statistics on your activities on the Online Properties or mobile apps; information about how you came to and used the Online Property or mobile app; your IP address; device type and unique device identification numbers, device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL), broad geographic location (e.g. country or city-level location) and other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser. Please refer to the VMware Privacy Notice for additional information.
  • VMware manages access to the SaaS environment while customers manage administrative and end-user access through the solution console
    • Access to the SaaS environment is technically enforced according to role, the principle of least privileges and separation of duties
    • Customers manage access entitlements for administrative and end users
  • VMware defines customer data related to the solution and/or hosted service in the VMware Data Processing Addendum

Is it possible to prevent data collection of specific information?

  • Customer administrators use granular controls to configure what data is collected from users and what collected data is viewable by admins within the Workspace ONE console. Use granular role-based access controls to restrict the depth of device management information and features available to each administrative console user.
  • For Workspace ONE UEM configure Collect and Display, Collect Do Not Display, and Do Not Collect settings for user data:
    • GPS Data
    • Carrier/Country Code
    • Roaming Status
    • Cellular Data Usage
    • Call Usage
    • SMS Usage
    • Device Phone Number
    • Personal Application
    • Unmanaged Profiles
    • Public IP Address
  • Customer administrators can choose whether to display or to do not display the following user information:
    https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/1904/UEM_Managing_Devices/GUID-AWT-CONFIGUREPRIVACYSETTINGS.html
    • First Name
    • Last Name
    • Phone Number
    • Email Accounts
    • Username

 Is the data in the cloud encrypted?

  • Yes – Certificate private keys, client cookie data and tokens are encrypted in the solution database with a derived AES 256-bit symmetric encryption with an IV.
    • Customers can enable encryption at rest for user first name, last name, email and phone number
    • We do not store AD/LDAP passwords in our database
  • VMware Content Locker, VMware Boxer and VMware AirWatch App Wrapping solutions use AES 256-bit encryption to secure data on mobile devices
  • Data between the web console (management console and Self Service Portal) and device is encrypted using HTTPS and is not decrypted at any point along the path
    • VMware leverages a 2048-bit key in the SaaS environment
    • An application server controls communication between the web console and the database to limit the potential for malicious actions through SQL injection or invalid input: No direct calls are made to the database
  • All sensitive interactions between AirWatch nodes (AirWatch hosting servers and the VMware Enterprise Systems Connector), between VMware AirWatch Agent and the AirWatch solution are accomplished using message level encryption. For these message level interactions, the AirWatch Cloud uses 2048-bit RSA asymmetric key encryption using digital certificates.
  • We encrypt AD/LDAP credentials on the device via AES 256-bit and store them in the device keychain (internal memory)

I hope this short article helps everyone to get the information they require for a Workspace ONE UEM SaaS project. I shared the same information with several customers from different businesses and so far all legal departments accepted the statements and moved forward with their project with Workspace ONE UEM. 🙂

VCP-DW 2018 Exam Experience

On the 30th November 2018 I passed my VCAP7-DTM Design exam and now I would like to share my VCP-DW 2018 (2V0-761) exam experience with you guys.

I’m happy to share that I also passed this exam today and I thought it might be helpful, even a new VCP-DW 2019 exam will be released on 28th February 2019, to share my exam experience since it’s still a pretty new certification and not that much information can be found in the vCommunity.

How did I prepare myself? To be honest, I almost had no hands-on experience and therefore I had to get the most out of the available VMware Workspace ONE documentation. I already had basic knowledge for my daily work as a solution architect, but it was obvious that this is not enough to pass. The most of my basic knowledge I gained from the VMware Workspace ONE: Deploy and Manage [V9.x] course which was really helpful in this case.

If you check the exam prep guide you can see that you have to study tons of PDFs and parts of the online documentation. 

Didn’t check all the links and documents in the exam prep guide but I can recommend to read these additional docs:

In my opinion you’ll get a very good understanding of Workspace ONE (UEM and IDM) if you read all the documents above. In additional to the papers I recommend to get some hands-on experience with the Workspace ONE UEM and IDM console.

As VMware employee I have access to VMware TestDrive where I have a dedicated Workspace ONE UEM sandbox environment. I enrolled an Android, iOS and two Windows 10 devices and configured a few profiles (payloads). I also deployed the Identity Manager Connector in my homelab to sync my Active Directory accounts with my Identity Manager instance which enables also the synchronization of my future Horizon resources like applications and desktops.

I think that I spent around two weeks for preparation including the classroom training at the AirWatch Training Facility Milton Keynes, UK.

The exam (version 2018) itself consists of 65 multiple choice and drag & drop questions and I had 135 minutes time to answer all questions. If you are prepared and know your stuff then I doubt that you will need more than one hour, but this could change with the new VCP-DW 2019. 🙂

I’m just happy that I have a second VCP exam in my pocket and now I have to think about the next certification. My scope as solution architect will change a little. In the future I’m also covering SDDC (software defined data center) topics like vSphere, vSAN, NSX, VMware Cloud Foundation, Cloud Assembly and VMC on AWS. That’s why I’m thinking to earn the VCP-DCV 2019 or the TOGAF certification.

VCAP7-DTM Design Exam Passed

On 21 October I took my first shot to pass the VCAP7-DTM Design exam and failed as you already know from my this article. Today I am happy to share that I finally passed the exam! 🙂

What did I do with the last information and notes I had about my weaknesses from the last exam score report? I read a lot additional VMware documents and guides about:

  • Integrating Airwatch and VMware Identity Manager (vIDM)
  • Cloud Pod Architecture
  • PCoIP/Blast Display Protocol
  • VMware Identity Manager
  • vSAN 6.2 Essentials from Cormac Hogan and Duncan Epping
  • Horizon Apps (RDSH Pools)
  • Database Requirements
  • Firewall Ports
  • vRealize Operations for Horizon
  • Composer
  • Horizon Security
  • App Volumes & ThinApp
  • Workspace ONE Architecture (SaaS & on-premises)
  • Unified Access Gateway
  • VDI Design Guide from Johan van Amersfoort

Today, I had a few different questions during the exam but reading more PDFs about the above mentioned topics helped me to pass, as it seems. In addition to that, I attended a Digital Workspace Livefire Architecture & Design training which is available for VMware employees and partners. The focus of this training was not only about designing a Horizon architecture, but also about VMware’s EUC design methodology.

If you have the option to attend classroom trainings, then I would recommend the following:

I had two things I struggled with during the exam. Sometimes the questions were not clear enough and I made assumptions what it could mean and that the exam is based on Horizon 7.2 and other old product versions of the Horizon suite:

  • VMware Identity Manager 2.8
  • App Volumes 2.12
  • User Environment Manager 9.1
  • ThinApp 5.1
  • Unified Access Gateway 2.9
  • vSAN 6.2
  • vSphere 6.5
  • vRealize Operations 6.4
  • Mirage 5.x

But maybe it’s only me since I have almost no hands-on experience with Horizon, none with Workspace ONE and in addition to that I’m only 7 months with VMware now. 🙂

It is time for an update, but VMware announced already that they are publishing a new design exam version called VCAP7-DTM 2019 next year.

What about VCIX7-DTM?

 In part 2 of my VCAP7-DTM Design exam blog series I mentioned this:

Since no VCAP7-DTM Deploy exam is available and it’s not clear yet when this exam will be published, you only need the VCAP7-DTM Design certification to earn the VCIX7-DTM status. I have got this information from VMware certification.

This information is not correct, sorry. VMware certification pulled their statement back and provided the information that you need to pass the VCAP6-DTM Deploy exam, as long as no VCAP7-DTM Deploy is available, to earn the VCIX7-DTM badge.

I don’t know yet if I want to pursue the VCIX7-DTM certification and will think about it when the deploy exam for Horizon 7 is available.

What’s next?

Hm… I am going to spend more time again with my family and will use some of my 3 weeks vacation time to assemble and install my new home lab.

Then I also have a few ideas for topics to write about, like:

  • Multi-Domain and Trust with Horizon 7.x
  • Linux VDI Basics with Horizon 7.x
  • SD-WAN for Horizon 7.x
  • NSX Load Balancing for Horizon 7.x

These are only a few of my list, but let’s see if I really find the time to write a few article. 

In regards to certification I think I continue with these exams:

This has no priority for now and can wait until next year! Or…I could try the VDP-DW 2018 since I have vacation. Let’s see 😀

Unified Endpoint Management – The Modern EMM

I was touring through Switzerland and had the honor to speak at five events for a “Mobility, Workspace & Licensing” roadshow for SMB customers up to 250 employees. Before I started my presentation I have always asked the audience three questions:

  • Who knows what MDM or EMM (Mobile Device Management or Enterprise Mobility Management) is?
  • Have you ever heard of Unified Endpoint Management (UEM)?
  • Does the name Airwatch or Workspace ONE ring any bells?

This is my thing to know which people are sitting in front of me and how deep I should or can go from a technical perspective. And I was shocked and really surprised how many people have raised their hands – only between 1 and 5 persons in average. And the event room was filled with 50 to 60 persons! I don’t know how popular EMM and UEM are in other countries, but I think this is a “Swiss thing” when you work with smaller companies. We need to make people aware that UEM is coming! 🙂

That’s why I decided to write an article about Enterprise Mobility Management and how it transformed or evolved to the term Unified Endpoint Management.

The basic idea of Mobile Device Management was to have an asset management solution which provides an overview of the smartphones (at the beginning iPhones were very popular) in a company. Enterprises were interested for example to disable Siri and ensure that corporate mobile phone devices were staying within policy guidelines. In addition, if you could lock and wipe the devices, you were all set.

However, business needs and requirements changed and suddenly employees wanted or even demanded access to applications and content. Here we are talking about features like mail client configuration, WiFi certificate configuration,  content and mobile application management (MAM) and topics like containerization and identity management also became important – security in general. So, MDM and MAM were part now of Enterprise Mobility Management.

Vendors like VMware, Citrix, MobileIron and so on wanted to go further and offer the same management and configuration possibilities for operating systems like Windows or Mac OS. If I recall correctly this must have been between 2013 and 2017.

One of the biggest topics and challenges for this time were the creation of so called IT silos. There are many reasons how IT silos were built, but in the device management area it’s easy to give an example. Let’s say that you are working for an enterprise with 3’000 employees and you have to manage devices and operating systems like:

  • PCs & Laptops (Windows OS)
  • MacBooks or Mac OS in general
  • Android & iOS devices
  • Virtual apps & desktops (Windows OS)

A typical scenario – your IT is deploying Windows OS mit SCCM (Configuration Manager), Mac OS devices are not managed, IT is using JAMF or does manual work, EMM solution for iOS and Android and for the VDI or server based computing (Terminal Server) environment the responsible IT team is using different deployment and management tools. This is an example how silos got build and nowadays they prevent IT from moving at the speed of business. VMware’s UEM solution to break up those silos is called Workspace ONE UEM.

The EMM or mobility market is moving into two directions:

 

Today, it’s all about the digital workspace – access ANY application, from ANY cloud, from ANY device and ANYTIME.

People need app access to mobile apps, internal apps, SaaS apps and Win32 (legacy) apps. On the other hand we want to use any device, no matter if it’s a regular fat client, the laptop at home, wearables or a rugged or IoT device. If you combine “App Access” and “UEM” then you will get a new direction called “Digital Workspace”. Again, this means that Digital Workspace is just another name for the combined EUC (end-user computing) platform.

UEM is a term which has been introduced by Gartner as a replacement for the client management tool (CMT) and Enterprise Mobility Management.

Gartner defines Unified Endpoint Management as a new class of tools which function as an unified management interface – a single pane of glass. UEM should give enterprises the possibility to manage and configure iOS, Android, Mac OS and Windows 10 devices with a single unified console. With this information I would call UEM as the modern EMM.

Modern Management – Windows 10

Why is Windows 10 suddenly a topic when we talk about UEM? Well, Microsoft has put a lot efforts in their Windows 10 operating system and are providing more and more APIs that allow a richer feature set for the modern management approach – the same experience and approach we already have with mobile device management. Microsoft is seeking  to simplify Windows 10 management and I have to say that they made a fantastic job so far!

Modern Management, if it’s with VMware Workspace ONE UEM or with a competitor’s product, is nothing else than going away from the network-based deployment to a cloud-based deployment.

Traditional means staging with SCCM for example, apply group policies, deploy software packages and perform Windows Updates on a domain-joined PC.

Modern means that we have the same out-of-the-box experience (OOBE) with our Windows 10 devices compared to an iPhone as an example. We want to unbox the device, perform a basic configuration and start consuming. By consuming I mean install all the apps I want wherever I am at the moment. If it’s a less secure network at home, at friends, on a beach, train or at the airport.

Modern also means that I receive my policies (GPOs) and basic configuration (WiFi, E-Mail, Bitlocker etc.) over-the-air across any network. And my device doesn’t need to be domain-joined (but it can). Windows Updates can also be configured and deployed directly from Microsoft or still with WSUS.

Mix Physical and Virtual Desktops with Modern Management

VMware’s vision and my understanding of modern management means that we can and should be able to manage any persistent desktop even if it’s a virtual machine. During my presentation I told the audience that they could have Windows 10 VMs in their on-premises data center, on AWS, Azure or even on a MacBook.

This use case has NOT been tested by VMware yet, but what do you think if we can manage the recently announced Windows Virtual Desktops (WVD) which are only available through Microsoft Azure? I hope to give you more information about this as soon as I have spoken to the product management.

But you see where this is going. Modern management offers us new possibilities for certain use cases and we can even easier on-board contractors or seasonal workers if no separate VDI/RDSH based solution is available.

And let’s assume that in 2018/2019 all new ordered hardware are pre-staged with a Windows 10 version we ask for. For a virtual persistent desktop this is most certainly not the case, but think again about the Windows 10 offerings from Azure where Windows 10 is also “pre-staged”.

Do we need UEM and Modern Management? Are we prepared for it?

Well, if we go by the definition of UEM then we already use Unified Endpoint Management since EMM is a part of, but just without the Windows 10 client management part. A survey in Switzerland has shown that only 50% of the companies are dealing with this topic. And to be clear: an adoption or implementation of UEM takes several years. Gartner predicts that companies have to start working with UEM within the next three to five years.

What preparation is needed to move to the new modern cloud-based management approach? There are different options depending on your current situation.

If you are running on Windows 7 and use Configuration Manager (SCCM) for the deployment, you could use Workspace ONE’s Airlift technology to build a co-management setup. But then you need to migrate first from Windows 7 to Windows 10 and use SCCM to deploy our Intelligent Hub (formerly known as Airwatch Agent). Then your good to go and could profit from a transition phase until all clients have been migrated. And in the end you can get rid of SCCM completely.

If you use another tool or manually install Windows 10, then you just need to install Intelligent Hub, enroll the device and your prepared.

But we can leverage other features and technologies like AutoPilot or Dell Factory Provisioning for Workspace ONE which are not part of this article.

Which UEM Solution for your Digital Workspace?

If you are responsible for modernizing client and device management in your company, then keep the following advice in mind. Check your requirements and define a mobility or a general IT strategy for your company. Then look out for the vendors and solutions which meet your requirements and vision. Ignore who is on the top right of the Gartner Magic Quadrant or the vendor who claims to have “the ONE” digital workspace solution. In the end you, your customers and colleagues must be happy! 🙂 

In the future I will provide more information about Unified Endpoint Management and Modern Management. We are in the early market phase when it comes to UEM and I’m curious what’s coming within the next one or two years.

The terms “Intelligence” and “Analytics” have not been covered yet and they are very interesting because it’s about new features and technology based on artificial intelligence and machine learning. E.g. with VMware’s Workspace ONE Intelligence you have new options for “insights” and “automation”. You have data, can collect it and run it through a rules engine (automation). But this is something for another time.

VCAP7-DTM Design Exam, Part 12

I failed the VCAP7-DTM Design exam, but expected it and the first try of the exam showed me what stuff I need to learn better and where my weaknesses are. Let me tell you about my exam experience.

I arrived on time at the PearsonVUE test center, but they had PC problems and so I had to wait first for 30min until I could start the exam. The timer showed me that I have two hours for the 60 questions. The most of the time I was guessing and eliminating the obviously wrong answers and so I was through 50% of the questions of 50% of the time. If you would know a little bit more than I do and you work/worked with all the products on a daily basis, I would say that the exam is a piece of cake!

Nevertheless, I answered all 60 questions 15 minutes before the timer ended, but I didn’t review any of them, because I knew that I still wouldn’t have the better or correct answers. This may sound to you like I failed with a score of 0, but no. I had 252 of the 300 needed points and this is a sign for me that I just need to improve my weak spots and the topics I didn’t check during my preparation time.

Today I’m going to travel to VMware Airwatch in Milton Keynes (UK) for my VMware Workspace ONE: Deploy and Manage [V9.x] training which starts tomorrow. And I have to prepare a presentation for a roadshow with five events where I will be the speaker of a 30min slot. This means no time for studying yet.

But I’m lucky that I still got a seat at the Digital Workspace Livefire Architecture & Design training taking place in three weeks. This will be last part of my preparation for the retake which I planned for 23rd November 2018. But first I have to wait for my new exam voucher. 🙂

I cannot tell you which topics/technologies or questions were asked during the exam, but I can assure you that I didn’t expect some of the questions – they were just craaaaazy or about veeeery old stuff.

This is also one of my problems. You have to study things which are not valid anymore for the today’s product version or implementation. In a few cases the configuration limits or some parts of an architecture have changed.

So, I read the exam blueprint again and checked some of the attached URLs and document links again. In my opinion the following products and versions you should know for the exam:

  • Horizon 7.2
  • VMware Identity Manager 2.8
  • App Volumes 2.12
  • User Environment Manager 9.1
  • ThinApp 5.1
  • Unified Access Gateway 2.9
  • vSAN 6.2
  • vSphere 6.5
  • vRealize Operations 6.4
  • Mirage 5.x

So, this was my exam experience of the VCAP7-DTM Design exam and my advices after. It is totally okay to fail, because it will just help you if you are not prepared well enough or just went to early for your first shot.

My last advice: Use the note board for the difficult answers and topics you have no clue of. If you have enough time, reviewed your answers and you are ready to end the exam, memorize all your notes. Just in case you didn’t pass, you now have the notess in your mind and could transfer themto your personal notebook. This is totally legal and really helpful! 🙂

Good luck to you if you take the exam. I have another four weeks now to fill the gaps. 🙂 See if I passed or not.