VCP IaaS exam experience

It has been a year or two since I’ve had time to sit down and actually take an exam. I knew with the announcement this year that VCP certifications would need to be renewed before March 2015, I had to do something.

My background leading up to the decision to take the VCP IaaS exam: I have been working with vCloud for the past 7 months. I deployed a single cell in our development environment for the company I am with. It has been great for controlling VM sprawl. I built it as a model for test and production. I kept it simple at first with easy catalogs that joined the development domain, no wild double NAT’s or crazy vApps with multi networks. It is best to get your feet planted firmly in the concepts of vCloud before you take off with that stuff.

My study materials:

– My first exposure to vCloud was last year at VMworld when I won a book from the VMUG group titled “VMware vCloud Architecture Toolkit (vCAT)“. It is a beast of a book. It is not something you want to sit down with and just read from end to end. It is a collection of reference documents. I jumped back and forth with the book to overview material that was important to me. I used it often when designing my architecture.

– I spent time watching the VMware blogs on vCAT.

– I spent plenty of time watching the PluralSight videos from Chris Wahl: VMware vCloud Director 5.1 Essentials “Installing and Configuring” and “Managing and Monitoring“. Also Jake Robinson’s “VMware vCloud Director Organizations” and “VMware vCloud Director Essentials” with David Davis. These are the best training videos! They are worth every bit of money you pay for a subscription to PluralSight.

– I did have a chance to attend the VMware vCloud Director: Install, Configure, Manage course a few months ago. It was really cut and dry material. It was not anything really new for me. It was great to get my hands on the class material though. The book really helped with studying for the exam.

– As a part of the VMware vCloud course, the instructor Shawn Bolan gave us access to practice exams for VCP-Cloud. For $100 you can get two months of access to this practice exam. For me, I was taking the IaaS exam, so it was a little different taking this practice exam based on a different exam (VCP-Cloud).

– I did plenty of the practice exams. 1. The VMware VCP IaaS mock exam. If I missed questions, I would research the answers. 2. Practice exams from Paul McSharry here, here and here. 3. Mock exams. For each mock exam I would actually have my vCAT book and my class material to go over questions and answers. It is not just an exercise to pass a mock exam, but an experiance to learn something new.

– Read plenty of PDF’s. 1. The vShield Installation and Upgrade Guide. 2. The vCloud Director User’s Guide. 3. The vCenter Chargeback Manager Users’s Guide.

The Exam itself:

– I really hate sitting exams. For me it is like sitting there waiting for an electric shock at the end. I had 90 minutes for 85 questions. I think I averaged 1 question every 45 seconds. The questions were not super wordy like a VCAP exam. The mix of questions between vCloud, chargeback, vCloud connector and vShield seemed pretty balanced like it was in the mock exam. You will see every topic from the exam blueprint! I had marked about 10 questions for review. At the end I had about 15 minutes left. I spent a few minutes going over anything that I might have missed. I felt fairly confident in my answers, so I ended the exam. No electric shock at the end, I passed!

You really need hands on with the products. I have to admit, I have not work with chargeback or vCloud connector yet. Those are optional products. I do not have a need for them in my environment. I only reviewed the PDF documents for these. These are probably questions that I missed. If you have a home lab, try to build all of these components out!

You really need time to deploy not just simple networking and vApps, but some of the more complicated items as well. Networking is a big focus in the exam. It is also vital to know when using vCloud. Knowing how to navigate the vCloud administrative options is vital!

Why the VCP-IaaS exam and not VCP-vCloud? Gregg Robertson has a pretty good post on the differences between the two.

Good luck to anyone seeking to take the exam!

Working with XenDesktop 7.x printing policies for external sessions

This post is specifically looking at printer policies to block external users from enabling printers. There is a lack of documentation and a bit of confusion when looking at the policies in XenDesktop.

Lets say you have a simple deployment, internal and external users.


Citrix StoreFront Deployment

Let’s focus on printing for now. You want to allow internal users to map printers and deny external users from mapping home printers. This would be a DLP strategy to keep data from leave the session from a remote location. Looking at the policies, you would think that just allowing internal and deny internal would work.

assign ctx policy 2 - incorrect

Wrong. Printing is actually enabled by default without a policy in place. I could not find this documented anywhere! That should be the first disclaimer on

It took working with support for weeks to find the proper configuration to block printing from external clients. I even worked with the NetScaler teams, thinking the policy had to be tied to the SmartHost name.

The correct configuration is almost a double negative. Set “Client printer redirection – Prohibit” and “Auto-create client printers – Do not create client printers”.

define ctx policy

Set the access controller filter to “Allow with Netscaler” using asterisk (if you have just one NetScaler) as the farm name and access condition. This is allowing the “deny printers” policy to apply to anyone who uses the NetScaler. If you want to use a specific NetScaler, use the SmartHost name for the Farm Name.

assign ctx policy 3

Also Apply a second filter to the Delivery Group with “Allow”.

assign ctx policy 4The final configuration should look like this:

assign ctx policy 5This will block external users from using home printers to printer data from a Citrix session. Users will also need to authenticate against the NetScaler when logging on from an external network. This is best practice, but you do have the option to authenticate directly against storefront (not recommended).