Endpoint Management from Anywhere on AWS Cloud
VMWare WSO on AWS is undoubtedly one of the best options available in the market for best-in-class endpoint management. Some of the goals that can be achieved using this solution:
- End-point Assessment and Management
- Remote Application Management
- File level Anti-Virus Integration
- Minimum Baseline Security Standard enforcement
- Identity and Mobility Management
- High Level of scalability and availability
- Cost and resource efficiency and optimization
AWS Services Used:
- AWS EC2
- AWS Direct Connect
- AWS IAM
- AWS Guard Duty
- AWS Security Hub
- AWS Config
- AWS CloudWatch
- AWS CloudTrail
Other Services:
- Fortinet NGFW
- Microsoft SQL Server 2016
- Windows Server 2016
- VMWare WSO Bundle
Assessment, Analysis and Design:
- There was no endpoint management system in place, as such; we just understood the requirement from the client.
- We analysed and assessed the requirements, dependencies and the solutions ability to leverage AWS services.
- We designed the architecture based on our assessment
- We validated the functionality of the architecture by discussing with the client team and deploying the VMWare Workspace ONE Solution on a UAT environment.
Implementation:
- Deploy the production infrastructure
- Start by deploying the VPC and configuring the Subnets, Security Groups and Route Table appropriately.
- Then deploy one instance of Microsoft Servers 2016 and install VMWare WSO Console and Assist Servers on the same instance.
- The Configure auto-scaling
- Next, the connection was established from the endpoints to the WSO Server on AWS via AWS Direct Connect.
- Then, we installed the Assist Client on all the end points and established the connecting with the server on AWS
- After that, the solution is tested.
- Furthermore, we launched the Fortinet NGFW to allow the servers to securely communicate to the internet. Also, to securely connect to the infrastructure
- One EC2 instance is also launched as a Jump Host.
- Next, we configure GuardDuty, Config and Security Hub, CloudWatch and CloudTrail appropriately for effective security posturing and management.