Deploy Horizon Edge Gateway on VMware vSphere

Deploy Horizon Edge Gateway on VMware vSphere

If you have an Omnissa Horizon subscription, you should deploy the Horizon Edge gateway appliance to license your Omnissa Horizon setup.

The Horizon Edge Gateway for vSphere is a VM that you deploy on your VMware vSphere environment. In addition to automatically licensing your Horizon setup, the Horizon Edge gateway also serves as a connector to the Horizon Control Plane hosted by Omnissa, enabling Omnissa and you to monitor your Horizon setup for issues. In older versions of Horizon, the Edge Gateway was called the Cloud Connector.

In this post, I will show you step by step how to deploy the Omnissa Horizon Edge Gateway on VMware vSphere.

Prerequisites

  • Static IP for the Horizon Edge Gateway appliance.
  • FQDN for the Horizon Edge Gateway appliance with forward and reverse DNS records.
  • Enough resources in vSphere for the Edge Gateway VM.
    • The Edge Gateway will need
      • 8 vCPU
      • 16GB RAM
      • 40GB disk
  • A Root password for the Horizon Edge Gateway appliance.
  • An Admin password for the Horizon Edge Gateway appliance.
  • Service Account configured as an admin in Horizon.

If you need to add the service account as an admin to Horizon, my blog post, Add Administrators to Omnissa Horizon covers how to do so.

The Process

  • Under the Launch Services section, click Horizon Cloud.
  • In the Get Started section, in the Horizon 8 tile, click Select.
  • In the Horizon Edge tile, click Start Deployment.
  • Review the requirements. If you are ready to go, select I confirm that all requirements are met and click Next.
  • Enter a name for your Horizon Edge and click Next.

In my example, I will name mine DXT-HZ-Edge01.

Read More Read More

Schedule VMware Exam

Schedule VMware Exam

In this post, I will show you step by step how to schedule a VMware exam.

The Process

The entire process is split into a few stages.

Testing Portal Login

  • In the Additional Resources section, on the Education Portal tile, click Explore.
  • On the new page that opened up under the Addition Resources section, click on Certification.

If you want, you can skip those clicks and go directly to the following URL https://cp.certmetrics.com/vmware/en/home/dashboard

  • Under Features, click on Schedule your exam.
  • Click on SSO to Vue.

Private Access Codes

If you are taking a VMware exam at a conference, you will likely have a private access code to access the on-site exam center.

  • Click Private Access Code, type in the Private Access Code, then click Enter.

Exam Selection

  • Click on View exams.
  • Depending on the exam you are taking, you may need to click on VMware Professional Level Exams or VMware Advanced Level Exams. You can also search for the exam.

Read More Read More

Deploy Claude Desktop on Non-Persistent VDI

Deploy Claude Desktop on Non-Persistent VDI

In this post, I will show you step by step how to deploy Claude Desktop on Non-Persistent VDI.

The Process

The entire setup is split into a few stages.

Install Claude Desktop

To deploy Claude Desktop for Non-Persistent VDI, you need to use the Claude Desktop MSIX.

Add-AppxProvisionedPackage -Online -PackagePath "Claude.msix" -SkipLicense -Regions "all"Code language: PowerShell (powershell)

Now, when a user uses the updated non-persistent VDI desktop, Claude Desktop will be installed.

Disable Claude Desktop Updates

Claude Desktop gets updates very frequently, but you do not need to install them right away. Fortunately, Anthropic provides a way to disable updates on Claude Desktop. It’s also recommended to disable application auto-updates when used on non-persistent VDI.

  • Create the following registry key HKLM:\SOFTWARE\Policies\Claude
  • Create a DWORD named disableAutoUpdates with the value of 1
Registry setting to disable Claude Desktop updates.

When you launch Claude Desktop, it will no longer automatically check for updates, and the option to check for updates will be disabled.

Claude Desktop with updates disabled.

Manually Update Claude Desktop

When you want to update Claude Desktop on your non-persistent VDI gold image, you need to remove it first.

  • Run the following PowerShell command to remove the Claude Desktop MSIX deployment.
Get-AppxProvisionedPackage -online | where DisplayName -like *Claude* | Remove-AppxProvisionedPackage -OnlineCode language: PowerShell (powershell)
  • Run the following PowerShell command to remove the Claude Desktop MSIX installation.
Get-AppxPackage *Claude* -allusers | Remove-AppxPackage -allusersCode language: PowerShell (powershell)
  • Now you can download the updated MSIX from Claude and install the new version using the same process as Install Claude Desktop.

Claude Desktop User Settings Capture

When a user launches Claude Desktop for the first time, their settings are stored in the MSIX redirected location %LOCALAPPDATA%\Packages\Claude_pzs8sxrjxfjjc\LocalCache\Roaming\Claude and %LOCALAPPDATA%\Packages\Claude_pzs8sxrjxfjjc\LocalCache\Roaming\Claude-3p

Claude Desktop saving user settings to LocalAppData LocalCache.

Depending on how you capture the user’s AppData, the default MSIX redirected location can cause issues. Solutions such as FSLogix ignore the %LOCALAPPDATA%\Packages\*\LocalCache folders regardless of your configuration.

Read More Read More

I Went to BSides Calgary 2026

I Went to BSides Calgary 2026

I recently attended BSides in Calgary, Alberta, Canada, which took place from May 25th to May 26th. This was the 10th year of the BSides conference in Calgary, and it was also my second time attending BSides Calgary.

If you’ve never heard of BSides, it is a community-driven cybersecurity conference made by the community, for the community. Each local chapter creates and runs its own BSides conference.

In this post, I will detail my experience at BSides Calgary 2026.

In previous years, BSides Calgary was held at Bow Valley College. This year, the conference was hosted at Contemporary Calgary.

Contemporary Calgary

Contemporary Calgary is a really cool venue because it used to be the Centennial Planetarium, which was also the TELUS World of Science. I remember visiting it when it was the TELUS World of Science. It was really cool to see that space again.

Day 1

The day started with registering and picking up my badge.

My BSides Calgary 2026 Badge

After registering, it was time for the keynote, hosted by Terry Ingoldsby. In the keynote, Terry spoke about the history of the internet in Calgary. It was really cool to learn that the University of Calgary had access to the DARPA (Defense Advanced Research Projects Agency) version of the internet (at the time, the only version of the internet). Around the same time, Unix was growing in popularity, and CUUG (Calgary Unix User Group) was formed. Eventually, they got a connection from the University of Calgary, making CUUG the second place in Calgary to have internet. One of the things I took away from the keynote is that you shouldn’t look at cybersecurity as just good vs. evil, you should treat it as an engineering problem to solve instead, and just because you are secure doesn’t make you compliant, and just because you are compliant doesn’t make you secure.

The next session I attended was LLM-Assisted Malware Development: Case Study and Defensive Strategies, which was hosted by Kai Iyer. In the session, Kai dissected how the LameHug infostealer malware works. LameHug is really interesting because it is the first known malware to directly integrate AI into its workflow. At its core, it uses the LLM model Qwen 2.5-Coder-32B-Instruct, which Hugging Face hosts. The prompt LameHug sends to Qwen is very innocent, as it simply asks to gather basic system information and place it in a text file, which is no different from what a system administrator would do. Because of the innocent request, Qwen complies and doesn’t flag the prompt as malware.

Read More Read More

Install Omnissa DEM Application Profiler

Install Omnissa DEM Application Profiler

The Omnissa DEM (Dynamic Environment Manager) application profiler is a tool you can use to determine what you need to capture to make sure the user’s application settings and data are saved and roam with the user.

In this post, I will show you step by step how to install the Omnissa DEM Application Profiler.

Prerequisites

  • A Windows VM running Windows 10 or 11 Professional or Enterprise edition.

If you plan to capture an application that will run on a terminal server, you should install Windows Server 2016 or newer to capture everything correctly.

The Process

  • Download the Omnissa Dynamic Environment Manager from Omnissa Customer Connect.
  • Extract the Omnissa DEM Application Profiler MSI from the Optional Components folder in the Omnissa DEM zip file.

It’s common for the Omnissa DEM Application Profiler installer version to not match the DEM version you are using. Just make sure you use the one included with the DEM version you are using.

  • Connect to your Windows VM.
  • Run the Omnissa DEM Application Profiler Setup as an Administrator.
  • If you agree to the Omnissa General Terms, select I accept and click Next.
  • On the Custom Setup screen, make any necessary changes and click Next.

Read More Read More

I Went to VMUG Connect Minneapolis 2026

I Went to VMUG Connect Minneapolis 2026

I recently attended VMUG Connect in Minneapolis, Minnesota, USA, from April 7th to 9th. This is the second round of VMUG Connect conferences. After the success of the first VMUG Connect in St. Louis, VMUG ended their UserCons and replaced them with VMUG Connects.

Due to VMUG Connect replacing UserCons, there is more than one VMUG Connect conference. For 2026, VMUG Connect will be in the following cities.

  • Amsterdam, Netherlands (March 17th to 19th)
  • Minneapolis, Minnesota (April 7th to 9th)
  • Toronto, Ontario (May 12th to 14th)
  • Dallas, Texas (June 9th to 11th)
  • Orlando, Florida (October 20th to 22nd)

In this post, I will detail my experience at VMUG Connect 2026 in Minneapolis.

Travel Day

My adventure to VMUG Connect in Minneapolis was a shared one, as I was traveling with my friend Stephen Wagner. Our journey started with a direct flight from Calgary, Alberta, Canada, to Minneapolis, Minnesota, USA.

This was my second time going to Minneapolis, as I had traveled to Minneapolis in August for EUC World Amplify last year. You can read about that experience in my blog post, I Went to EUC World Amplify 2025.

Once we arrived in Minneapolis, we got all checked into the hotel. While we waited for our friends to arrive, we decided to explore downtown a bit. To my surprise, downtown Minneapolis actually has its own version of the Plus 15s that we have in Calgary, in Minneapolis they are called Skywalks. Plus 15s or Skywalks are a way to get around the downtown core without going outside. It’s super useful when the weather is bad. Minneapolis also has a double-decker Skywalk.

Minneapolis Skywalk

We then met up with some of our friends and went out to lunch. We ended up going to a restaurant named Hell’s Kitchen (it has nothing to do with Gordon Ramsey). We asked them who came first, and they said they did, and they had a licensing deal with Gordon Ramsey’s Hell’s Kitchen, which allowed them to use the name.

Hell’s Kitchen in Minneapolis

After lunch, we met up with more friends and went to the Mall of America. I had never been to the Mall of America before. It is currently the largest mall in America.

Mall of America amusement park

In Canada, we have the West Edmonton Mall, which is currently the largest mall in Canada. What’s interesting is that both malls are owned by the Triple Five Group. The West Edmonton Mall is 5.3 million square feet, and the Mall of America is 5.6 million square feet. What’s interesting is that the West Edmonton Mall has over 800 stores, while the Mall of America has only over 500. Both malls have an indoor amusement park, but only the West Edmonton Mall has an indoor waterpark.

After visiting the Mall of America, we all went back to the hotel and hung out at the hotel bar.

Day 1

The first day of VMUG Connect is registration day, and includes a few sessions. VMUG calls this day PreConnect.

I started by registering and collecting my badge.

My VMUG Connect Minneapolis badge

Read More Read More

Microsoft Entra ID External MFA

Microsoft Entra ID External MFA

Microsoft recently announced that External Authentication Methods has been renamed to External MFA and is Generally Available.

Microsoft also announced that Custom Controls is being deprecated, with its deprecation currently planned for September 30th, 2026. Microsoft Entra ID External MFA (formerly External Authentication Methods) replaces Custom Controls.

Here is a brief timeline of Custom Controls and External MFA:

  • September 2018: Custom Controls was released as a Public Preview.
  • March 2020: Microsoft acknowledged some limitations of Custom Control and said that something new was being built to replace it.
  • May 2024: External Authentication Methods was released as a Public Preview to replace Custom Controls.
  • March 2026: External Authentication Methods was renamed External MFA and became Generally Available.
  • September 2026: Custom Controls will be deprecated.

Here’s how to check if you have Custom Controls configured.

Custom Controls Configuration Check

  • Log in to the Microsoft Entra Admin Center.
  • Click on Entra ID > Conditional Access.
  • Click on Custom Controls (Preview).
  • If anything is listed, you are possibly using Custom Controls.

In my example, the Custom Control RequireDuoMfa is currently configured.

If you have Custom Controls configured, you also need to check if the configured Custom Controls are being used by Conditional Access policies.

Conditional Access Policy Check

  • Click on Policies.
  • Click on a Conditional Access policy.

In my example, I will click on the Conditional Access policy named Duo MFA Custom Controls.

Read More Read More

Palo Alto Change Master Key with HA (Active/Passive)

Palo Alto Change Master Key with HA (Active/Passive)

When a Palo Alto Networks firewall is configured with a unique master key, you need to change the master key before it expires, as when the master key expires, the firewall will reboot into maintenance mode, and you’ll need to factory reset it.

In this post, I will show you step by step how to change the Palo Alto Networks firewall master key before it expires.

Prerequisites

  • Palo Alto firewall configured with a unique master key.

If you haven’t configured a master key yet, my post, Palo Alto Configure Master Key with HA (Active/Passive), goes into detail on the process.

The Process

  • Backup your Palo Alto firewall config.

For more information on backing up your firewall config, my post, Palo Alto Config Backup, goes into detail.

Disable HA Config Sync

We need to disable the HA configuration synchronization on both firewalls in the HA setup before changing the master key.

Disable HA Config Sync GUI

  • On the Primary firewall, click on the Device tab.
  • Click on High Availability.
  • Click on the General tab.
  • In the HA Pair Settings, click on the gear icon in the Setup box.
  • Uncheck Enable Config Sync and click OK.
  • Commit the change.
  • Repeat the process on the Secondary firewall.

Disable HA Config Sync CLI

  • SSH into the Primary firewall.
  • Enter configuration mode with the command configure
  • Run the following command to check your current HA config sync settings show deviceconfig high-availability group configuration-synchronization

If enabled is set to yes, we need to disable it.

  • Disable HA config sync with the following command set deviceconfig high-availability group configuration-synchronization enabled no
  • Commit the change.
  • Repeat the process on the Secondary firewall.

Change Master Key

With HA config sync disabled, we can safely change the master key on both firewalls. The new master key must be exactly 16 characters.

Change Master Key GUI

  • On the Primary firewall, click on the Device tab.

Read More Read More

Deploy Sophos Firewall on VMware vCenter

Deploy Sophos Firewall on VMware vCenter

A virtual SFOS (Sophos Firewall Operating System) can run on many hypervisors, including VMware.

In this post, I will show you step by step how to deploy a virtual SFOS on VMware vCenter.

The Process

  • Download the ZIP file for the SFOS version you want to deploy from Sophos.

There are two locations where you can download the Sophos firewall files. The first is the Sophos Firewall Installers page, and the second is the Sophos Knowledge Base Article KBA-000007972.

  • Extract the ZIP file contents.

Inside the ZIP, there are a few files. The files we care about are sf_virtual_vm8_paravirtual.ovf, sf_virtual-disk1.vmdk, and sf_virtual-disk2.vmdk.

The sf_virtual_vm8_paravirtual.ovf is the most important because it supports VMXNET 3.

  • In VMware vCenter, right-click the cluster or host you want to deploy SFOS to, and click Deploy OVF Template.
  • Select Local file and click Upload Files.

The Sophos documentation instructs you to select the manifest file sf_virtual.mf, the OVF file you want to use, and the VMDKs. This process only work if you are using the sf_virtual.ovf OVF file.

If you use the manifest file sf_virtual.mf with any OVF other than sf_virtual.ovf, the vCenter checksum verification will fail, and you can not proceed.

If you open the manifest file sf_virtual.mf with notepad, you see that it only contains the checksums for sf_virtual.ovf, sf_virtual-disk1.vmdk, and sf_virtual-disk2.vmdk.

This explains why the vCenter checksum verification fails when you select any OVF other than sf_virtual.ovf.

We don’t want to use the OVF sf_virtual.ovf because it uses the Vlance network adapter, which is an emulated version of the AMD 79C970 PCnet32 LANCE NIC, a 10 Mbps NIC.

Read More Read More