diff --git a/group_vars/all/ip_addresses.yml b/group_vars/all/ip_addresses.yml
index 7803915a6..1a3186c40 100644
--- a/group_vars/all/ip_addresses.yml
+++ b/group_vars/all/ip_addresses.yml
@@ -24,12 +24,16 @@ ip_addresses:
       desc: 'UMCG firewalls / core routers'
     internal1:
       address: '172.25.0.1'
-      netmaask: '/22'
+      netmask: '/22'
       desc: 'UMCG internal 3211 range'
     basiswerkplek:
       address: '10.96.128.1'
-      netmaask: '/21'
+      netmask: '/21'
       desc: 'UMCG internal range of Basis Werkplek'
+    win10vdi:
+      address: '172.18.96.1'
+      netmask: '/20'
+      desc: 'UMCG internal range of Win10VDI machines'
   #
   # RUG network ranges.
   #
diff --git a/group_vars/forkhead_cluster/vars.yml b/group_vars/forkhead_cluster/vars.yml
index 1f2d2d525..7f6f6db4c 100644
--- a/group_vars/forkhead_cluster/vars.yml
+++ b/group_vars/forkhead_cluster/vars.yml
@@ -54,14 +54,17 @@ network_private_management_cidr: '10.96.52.12/24'
 #network_private_storage_cidr: '10.10.2.0/24'
 
 iptables_allow_icmp_inbound:
-  - "{{ all.ip_addresses['umcg']['internal'] }}"
+  - "{{ all.ip_addresses['umcg']['internal1'] }}"
   - "{{ all.ip_addresses['umcg']['basiswerkplek'] }}"
+  - "{{ all.ip_addresses['umcg']['win10vdi'] }}"
 iptables_allow_ssh_inbound:
-  - "{{ all.ip_addresses['umcg']['internal'] }}"
+  - "{{ all.ip_addresses['umcg']['internal1'] }}"
   - "{{ all.ip_addresses['umcg']['basiswerkplek'] }}"
+  - "{{ all.ip_addresses['umcg']['win10vdi'] }}"
 iptables_allow_ssh_outbound:
   - "{{ wingedhelix_cluster.ip_addresses['porch']['vlan16'] }}"
 
+main_backup_folder: '/mnt/pssd_backup/'
 local_backups: # list of folders for cron to make daily backup
   - name: apps # don't modify after once deployed!
     src_path: '/apps'
@@ -162,11 +165,11 @@ regular_users:
 # Shared storage related variables
 #
 pfs_mounts:
-  - pfs: pssd
-    device: /data  # needs to be already mounted on system (f.e. /dev/sdc1 > /data)
+  - pfs: pssd # must already be in /etc/fstab and mounted - f.e. /dev/sda > /mnt/local_raid (pfs somename must be same as /mnt/somename)
+    device: ''
     source: '/mnt'
     type: 'none'
-    rw_options: 'bind'
+    rw_options: 'bind,rw'
     ro_options: 'bind,ro'
     machines: "{{ groups['sys_admin_interface'] }}"
   - pfs: 'medgen_zincfinger$'
diff --git a/ssh-host-ca/forkhead_cluster-ca b/ssh-host-ca/forkhead_cluster-ca
new file mode 100644
index 000000000..c528a2897
--- /dev/null
+++ b/ssh-host-ca/forkhead_cluster-ca
@@ -0,0 +1,29 @@
+$ANSIBLE_VAULT;1.2;AES256;forkhead_cluster
+32303163323963323964616630386461623437343765646434616536306166353965346334643338
+3036633139643666663439336637313066303739616431310a343563626365343163363038333533
+39376564663239323365653435663732643836333436363261663832646139326432313964643934
+6636616132393930620a306634343563356363353839336131363366376565353135343963353733
+31643733316132306632386635393630303532613335666138303837313838613930616362333233
+38623665336538363762376239313534333766313230316265353962363461386230353137613738
+65393966353764383030643461343531393830326663313836656564323236666533383463663161
+64666436343835313861613130333437323562313463613434626431323030323164333239663734
+38643034323764376433336530363132343134353633633765616361383365303433333932353263
+37623064386632386562656165323335343939613263313865326230313138373234383564303232
+38643664323964386336303863343863633963366131343131386339656563623663653365386332
+62373861353437333839316135643731343936343734663433373334633831616538336238313930
+35363530383737303262613164623166636232333263366234303036343937383632656136376536
+32353462643037653439313530353737636532646666383438326535353435356263313339356533
+64366239396461653663386562656165316334303130646634333463373836643566346330376430
+63323535626366663734326261396161303234316634643130313232666234663530336334326235
+34313363363739613834343361303030646665323134373164643736663038363863373930306663
+39316562623334383231316434623437656635373663323738646330613230643138616463313637
+62643066316162633464333965306563613439626265356435306135363536613134633435626466
+61663962323666333738326336323664383233366438336431636435613534363664613164656566
+62633833303865613261643633323866653132356430353838346337326639646335346239396538
+63666535356266353138616133386335383263356131383932313866393734343661303136313766
+66633630653130666139343632373635633830666535383664383338326535356461653139323632
+65636335396261376635666464643566326532313039373263633831303936313363636230633037
+32376265336539373431363062326566346264643264343235373165353334343063363364393234
+32646130313263393833643765383563336162623935366562393638383137383132363336383365
+36313336356130393435396163666363343362613532643561316337653961646230393136346634
+32326362386538636366
diff --git a/ssh-host-ca/forkhead_cluster-ca.pub b/ssh-host-ca/forkhead_cluster-ca.pub
new file mode 100644
index 000000000..2ecad8d04
--- /dev/null
+++ b/ssh-host-ca/forkhead_cluster-ca.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFkYbfjgNQJBXnSLvGELMwlPCVqPYbDqiIGTHSve+1iG CA key for Forkhead
diff --git a/static_inventories/forkhead_cluster.yml b/static_inventories/forkhead_cluster.yml
index dd50ca03e..cbe27819b 100644
--- a/static_inventories/forkhead_cluster.yml
+++ b/static_inventories/forkhead_cluster.yml
@@ -10,6 +10,7 @@ all:
     sys_admin_interface:
       hosts:
         forkhead:
+          ansible_host: 10.96.52.12
           local_yum_repository: true # enable local yum repository
     deploy_admin_interface:
       hosts: