Setting maintenance mode for Linked Clones using API’s

If you have used the VMware.hv.helper the title of this blog post might sound strange since the set-hvmachine already has a way to set maintenance mode. When Ryan Butler asked me the question this week though I didn’t think of that and dived into the api’s immediately. The machines.Machine_EnterMaintenanceMode method looked good to me and than I though of the vmware.hv.helper and noticed that with

it was also possible so set maintenance mode. The usage though made me think immediately that this was not actually using a proper api call but the update function. A quick look at the function itself confirmed this. It sets that status of the virtual machine by directly setting the status.

(this is just a snippet of the complete function)

If you are below version 7.5 of Horizon view it’s probably of no use to continue with the rest of this blog post. The api explorer only mentions the relevant functions since 7.5! They have been tried against 7.0.3 and 6.2 and there they don’t work.

So back to the drawing board it was and I needed to look at the API explorer, there are 4 relevant methods for maintenance mode.

As usual there are methods for multiple machines that use an array of id’s (with machines in the name) and methods for single machines id’s (without the machines in the name).

Since I usually use instant clones these days I created a small pool with three linked clones. With get-hvmachine I can show you their names and state.

Since I know that get-hvmachine will already give you the id of a machine it’s easy to do a one liner to set one system in maintenance mode.

and exit maintenance mode.

And the entire pool?

And exit maintenance mode for the entire pool.

Okay so we now know how this works but I don’t want to use to vmware.hv.helper module for this at all because I want to be able to use a list of machines or based on part of the name. That can be done using a query. The query entitytype to use is MachineSummaryView and if you use queryfiltercontains it’s also possible to use only a part of the name for a kind of wildcard selection. Combine several of these in with queryfilteror and it gives the opportunity to select them from a list.

Now I replaced the names in the txt file with only p2lc00

And back into maintenance mode

So this is a nice way to manage the machines and their maintenance state. Please remember that these scripts only work against horizon 7.5 and higher.

The VMware Labs flings monthly for November 2018

The year’s almost over but for me it feels like it just got started, how does it feel for you? Time certainly flies! This month there was one new fling: vSphere PKS Plugin and five have received updates: Workspace ONE UEM Profile Migration UtilityHCIBenchESXi Embedded Host ClientCross vCenter Workload Migration Utility and Workspace ONE Configuration Tool for Provisioning.

New

vSphere PKS Plugin

The vSphere PKS Plugin provides a user interface for managing and monitoring Kubernetes cluster deployments for the PKS platform. Using the vSphere PKS Plugin you can view details about your Kubernetes clusters, including master and worker nodes as well as networking configuration.

Features

The vSphere PKS Plugin:

  • Provides a graphical interface to visualize the Kubernetes clusters deployed and managed by PKS
  • Provides visibility into underlying infrastructure such as VMs, network objects and storage objects that are created when a Kubernetes cluster is deployed in a vSphere environment
  • Provides a centralized launch point for viewing components deployed with the Kubernetes cluster, including nodes and network objects such as routers, logical switches, load balancers
  • Provides a simple user interface to get easy access to the cluster using the kubectl interface and the cluster Dashboard

Updated

Workspace ONE UEM Profile Migration Utility

The Workspace ONE UEM Profile Migration Utility helps  in moving profiles between various WS One UEM Consoles.

Changelog

Version 1.6

  • Added a log file for more advanced troubleshooting and auditing. A new file in the folder called: WS1UEM-Profile-Migration-Utility-log.txt
  • Added logic to ensure the user has to hit Review button before Create
  • Fixed a bug where the Status wouldn’t clear if selecting a new Profile therefore the user was unable to tell if the new Create Profile was successful

HCIBench

The HCIBench is a Hyperconverged Infrastructure Benchmark build around VDbench.

Changelog

Version 1.6.8.1

  • Fixed regression when datastore is in the datastore folder
  • Avoid checking connection to host directly and use tvm deployment instead
  • Added Vdbench version check in summary script

Version 1.6.8

  • Added resource pool and VM folder fields for VMC environment
  • Fixed easy-run disk size issue
  • Enhanced pre-validation error message handling
  • Changed the names of network interface from “Public Network” to “Management Network”, and “Private Network” to “VM Network”

ESXi Embedded Host Client

While the ESXi embedded host client has been officially released for 5.5, 6, 6.5 and 6.7 the fling gets all the latest updates.

Changelog

Version 1.32.0 build 10692217 (Fling 22) – November 2, 2018

  • Import / Export
    • Iso files and nvram files can now be exported and imported (if suppored by the esx version)
    • Files can be individually selected when exporting
    • All advanced vm config options are exported by default
    • Several bug fixes related to the export wizard
  • General
    • Permissions previews now display correctly
    • Support Bundles are now generated on the fly
    • Domain user functionality has been restored
    • Fibre Channel WWNs are displayed in hex

Cross vCenter Workload Migration Utility

If you want to use a gui to move vm’s between different vCenter servers than the Cross vCenter Workload Migration Utility is the tool to use.

Changelog

Version 2.5, November 5, 2018

  • Remember registered site information (without password)
  • Easily retry a previously attempted task in case of failures
  • Search box for keyword filtering of migration task history
  • Option to clear task history by removing completed tasks
  • Added documentation and other links under the help menu
  • Partial fix for an issue related to duplicate network names

Workspace ONE Configuration Tool for Provisioning

The Workspace ONE Configuration Tool for Provisioning assists in building unattend.xml configuration files that can be used by Dell (or others when more provide the service) when delivering systems from the factory to set them up for your environment.

Changelog

Release Update – Version 2.0.0

Improvements

  • The version number is shown in the window title
  • The version number is shown as a comment in the generated XML
  • The product key is now validated to conform with the 11111-11111-11111-11111-11111 pattern
  • Split the locale settings into ‘Operating System Language’, and ‘Region and Keyboard Settings’.
  • ‘Operating System Language’ maps to the language of the operating system installation media, and ‘Region and Keyboard Settings’ maps to the locale settings available to the user during OOBE
  • ‘Operating System Language’ is now a required field as it is needed for certain customizations, such as adding a user to the administrators group
  • Removed the ability to set a custom computer name. The computer name now defaults to ‘*’, which causes the Windows OS to generate a random name, taking up to seven characters from the ‘Registered Organization’ field plus eight random characters. This change makes sure every computer has a unique name on the network.
  • The ‘Auto Admin Logon’ feature is no longer selectable. Instead, it will be activated when it is required by the deployment scenario.
  • All deployment scenarios now allow for the creation of a local user.
  • Moved the node from the ‘oobeSystem’ pass to the ‘specialize’ pass
    to be consistent with the node

Bug Fixes

  • Auto Admin Logon would only work with an unattend XML generated for an en-US installation image
  • Enabled the ASSIGNEDTOLOGGEDINUSER=Y flag to enable the WS1 agent to correctly enroll the user in the ‘Workgroup’ deployment scenario
  • Fixed an issue where the ‘Show Privacy Settings’ option would have no effect

The second (and last :( ) day of Nutanix .Next London 2018

The second day of .Next London started with a good keynote mainly about IoT and what Nutanix brings to the table in that area of expertise. There where some issues before the keynote started but everything ended up really going smoothly. Session wise I did two sessions, both about VDI: deepdive into Xi Frame and the VDI supersession at the end of the day. In between there was a really inspirational keynote with Julie O’Brien interviewing Dr Jane Goodall. At age 85 she still travels the world convincing people they need to work at keeping our world healthy. In between all of this I spent some time at the Community lounge and browsing the solution expo.

The VDI supersession was a good mix of Horizon and Citrix that was very open for questions of the audience. It covered two time slots with a short break in between and it was good to see a couple of former EUC Champions + a Nutanix NTC on stage. The day ended for me walking into a restaurant that had a table filled with speakers & audience of the VDI supersession who immediately invited me over to join them.

The first day(s) of Nutanix .Next 2018 London

please remember this is article is written while I was still waking and sobering up from last nights party at The Tobacco Dock.

The last couple of days where a blast. I came in on the Eurostar on Tuesday and while others had issues with flights being cancelled I had no issues crossing The Channel by train. At 3 PM we started the rehearsals for Wednesdays opening act where we had to juggle a bit with balls. We where being trained by 4 pro’s including brand new World Champion Aguska Mnich that showed how things are done on stage. Too bad they didn’t have a lot of time on stage because backstage they where showing some amazing tricks.

Watch Aguska winning the championship from about minute 49

After this I finished the evening meeting some great community people at the Welcome reception and a dinner with some Dutch Nutanix employees and customers.

Wednesday started at 7.30 am with the last rehearsals for our opening act. It was great fun doing this though the stage was even warmer than the keynote room (usually keynote rooms are cold due to their size, over calling it warm was an understatement). When the keynote ended I went out to Angelo’s awesome community lounge before we went out to the NTC lunch where it was great meeting all the other ntc’s. It was quite a big group this time compared to last year.

In the afternoon I visited my first breakout about Nutanix files and it’s awesome to see how this product has grown over the years. It’s a full-fledged nas replacement now that’s just as easy to scale out as a Nutanix cluster with the same performance.

closing keynote was by Bear Grylls. I expected a bit more energetic person on stage but in fast he even looked a bit shy at some points. His main point: never give up!

This years party had an old style circus theme at the Tobacco Dock and while some of the music and smells where a total sensory overload for me I ended up in the saloon enjoying the (mostly) acoustic music.

 

 

 

 

What’s (in) my bag for Nutanix .Next 2018 London

This post is fairly similar to my posts for .Next Nice in 2017 and VMworld US of this year. For security reasons I decided to go with the XD Design Bobby again. Since it’s a lot harder to open when on my back I feel it’s a bit more secure while travelling on the London Underground. A couple of other changes also have been made, the bubm bag was replaced by a bit smaller pouch from the same maker and my Sony headset has gone to my wife since I settled on the Jabra Move I got from Cohesity at VMworld. The Jabra just sits a bit more comfortable for me and fits perfectly in it’s own bubm case.

For the rest there are the usual suspects: Xiaomi 10k battery pack, HP Probook 440 G5Microsoft designer mouseRoundcube Rewirable  USB Travel adapter and some various bits & pieces. My suitcase is simply packed with lots of stroopwafels and all the Nutanix NTC gear I have.

Horizon View Api’s: back to basics part 3: Methods

Like I said in part two I wanted to do that first before going to method’s since for some methods you actually need the output from a query. I posted an example of that in the meanwhile with my post about sending messages to users. The get-hvglobalsession and get-hvlocalsession are based on queries that are used for the Session_SendMessages method of the session service.

The obvious way of finding available methods is by looking into the API Explorer.

It’s a complete list but it’s hard to find all the methods that belong to a service. It’s easier to do a get-method on a service.

So, in here we have two methods: ConnectionServerHealth_Get and ConnectionServerHealth_List. Even my wide PowerShell window is not big enough to show what’s needed to with the ConnectionServerHealth_Get method. For that we can use service.method without any brackets.

and

The required input for the method’s is visible between the brackets. The _Get method requires an id of the type vmware.hv.connectionserverid and the list doesn’t even need an input. I will keep the first one to use for later while I run the latter one.

A lot of these lists have information that is available on a deeper level, with a get-method everything is shown.

The ones where you see a property that has a definition that starts with vmware.hv…. has more content hidden. It is possible to access these by putting the entire line between brackets followed by .membername for example

Please be aware that this can go multiple levels deep for some methods. To avoid unneeded api calls it’s wise to declare a variable from the method and use that to access the data.

Now to show the use of the _get method I could use the id that I received from the _list method but that would be cheating. What I will do is put a list of all connectionservers into an array (even though I only have 1) and do a foreach with the _get method.

This is the basic usage for method’s. For some method’s a spec is required for input please take a look at this post about adding an instantclone administrator for an example. I will show some more details about that one in here. Let’s take a look at what the method requires as input.

You can see that a spec is required of the type VMware.Hv.InstantCloneEngineDomainAdministratorSpec. The API Explorer will show that this actually is a bit weird one since it one contains a base.

If you click on the base you’ll see whats required in there.

These levels actually show that we need to declare multiple objects to build the actual spec. You can create the basic object with new-object objecttype

As you see the base is empty and doesn’t know what data it can contain. This shows that we need to declare the object for every level where we need to enter some information.

First I tried this using the class that’s shown in the API explorer, this obviously didn’t work so I use the data object name.

In the link I posted above you should be able to find what’s required to create an actual instantcloneadministrator. With this I have covered most of the method’s and how they work. Please don’t assume that _list nevers needs an id or that _get always needs one because that’s not true. Sometimes it will also say ids like with my previous post about sending messages that means it needs an array of id’s most possibly generated by a query or an _list method.

 

 

The VMware Labs flings monthly for October 2018

Time flies when you are having fun so it’s already almost time for VMworld EU in Barcelona. Sadly I will not be there so I will be missing all the fun over there. There is one new fling: Workspace ONE UEM Profile Migration Utility that somehow starts at version 1.5 so there must have been an internal version for VMware already and five have received updates: Horizon DaaS Migration Tool, True SSO Diagnostic Utility, Cross vCenter Workload Migration Utility, vRealize Operations REST Notifications Helper and the one and only vSphere HTML5 Web Client.

New

Workspace ONE UEM Profile Migration Utility

This tool helps to migrate WS One profiles between various environments.

The Workspace ONE UEM Profile Migration Utility aides in moving Profiles between Workspace ONE UEM Consoles. This can be very helpful to programmatically migrate complex Profiles from UAT to PROD environments.

Note: Not all Profile payloads are supported within the AirWatch API.

Updated

Horizon DaaS Migration Tool

The Horizon DAAS Migration Tool is targeted to Service Providers that run an Horizon DAAS environment and that want to upgrade that environment.

Changelog

Version 2.0.0

  • Added functionality for VMware tool upgrade;
  • Added progress statistics;
  • Added support for 32 bit VM;
  • Added support for Windows 10, 7 and 8;
  • Added resoulution for blank screen;
  • Added logging enhancements.

True SSO Diagnostic Utility

With the True SSO Diagnostic Utility you can validate the Horizon certificates used by the Enrollment Server.

Changelog

Version 2.0

  • Updated to support VMware Horizon 7.4 and later
  • Added LogonTest method; Performs basic validation of generated certificates
  • Display expiry time for Enrollment and CA certificates
  • Display additional information of generated certificates

Cross vCenter Workload Migration Utility

The Cross vCenter Workload Migration Utility allows you to move VM’s between vCenter servers using a gui. It now also supports migrating within the same vCenter so you can manage all vmotions with this tool.

Changelog

Version 2.3, October 18, 2018

  • Added support for migration within a single vCenter server

vRealize Operations REST Notifications Helper

vRealize Operations REST Notifications Helper helps vRealize Operations Manager users improve and customize the REST notifications of alerts. It collects the most useful information about an alert, creates a new payload by user configuration, and sends it to third parties.

Changelog

Version 1.1.3

  • Added “recommendations” value to the final payload
  • All recommendations of the alert are added to the payload as a single string, separated with “\n”.

vSphere HTML5 Web Client

It’s already fully featured in vSphere 6.7 u1 but that doesn’t stop the VMware engineers from updating the fling as well.

Changelog

Fling 3.42 – Build 10321112

New Features

  • Dark theme mode for vSphere Client
    • Go to User menu and click on Switch theme to switch over to Dark theme mode of vSphere Client
  • vCenter Authentication Proxy UI is added to vCenter -> Configure -> Authentication Proxy
  • System configuration displays the summary of vCenter (multiple vCenters in case of linked mode) and PSC node (in case of external PSC) and also show them as links. Clicking on these links will open the VAMI UI for these nodes.
  • Update content library item
  • Clone vApp to a vApp template in content library
  • New vApp from a vApp template in content library

Improvements

  • If there are multiple vCenter servers in vSphere Client connected using linked mode, then certain operations like Deploy OVF across different vCenters will result in a certificate warning asking users to open the vSphere Client for the different vCenter than the one you are using. This warning dialog is updated to give the URL of the vCenter server as a link (Refer this reddit post for reported issue)

Bug fixes

  • Performance fix for loading actions menu when fling appliance is pointed to a 6.5 vCenter with external PSC

Known Issues

  • Dark theme might not render well for certain areas of the client. One such known area is for any VMware or partner plugins which are already ported over to HTML5 client. Give us feedback using feedback tool if you notice any areas which does not render well in dark mode.

Sending messages to users with the Horizon API’s

I got the question today from Fabian Lenz if it is possible to send messages to end users using the Horizon API. I knew I had seen it somewhere already and here’s a quick explanation.

There are two method’s to do this, one for a single session and the other for a group of sessions. Both fall under the session service.

You can see both the methods called session_sendmessage and session_sendmessages if we look at what’s required for both we see that the difference is a single sessionid or an array of session id’s.

Let’s see what the API explorer says what’s needed.

So the msgtype is a string that can have three values and the message is just a string, let’s test this.

I am lazy and will use get-hvlocalsession for the sessionid.

I do the -first 1 so it isn’t an array but a single session.

Now let’s send a message.

And the result:

Now let’s do the same for multiple sessions.

And to show that this also works for global sessions (both where connected to pod2cbr1)

If you want to filter the sessions on user or machine name you can filter the $globalsessions on $globalsessions.namesdata.basenames

With the localsessions it’s located in $sessions.namesdata

It’s also possible to filter this with the query service, take a look on my previous post on how to handle queries.

So now you know how to send messages to users. Not that they always read these messages but at least you can try warning them a bit faster now!

Horizon View Api’s: back to basics part 2: Queries

So this is the second post in this series about the Horizon View API basics. While functions logically would be part 2 I have decided on doing queries first since you might need the result for a query before you can use some of the functions. Some if it will seem double from my recent post about pulling event information but not everyone might be looking into that. This post will not have as much gifs as the first post but that’s because only the end results count for this one.

Looking at the API Explorer these are the services that we can actually query:

There are some examples in the API explorer but will show you some different examples with the aduserorgroupsummaryview since that one has a lot of documented filters and I can easily add some extra accounts to show different queries.

The first thing that we always need to do with queries is to declare the queryservice object

If you do a get-method on this object it will show several possible methods to use.

The next thing to do is to create a definition object in which we will declare the things the query looks for.

When getting this object and its get-method it shows the definitions we can set, as you can see all method’s are already visible from just viewing the object so we don’t need to use the get-method anymore.

Now we need to set a QueryEntityType these can be found in the API explorer under the Queryable Entity Types. They have to be used between quotation marks.

Now we’re already set to create some results by putting the query into an object.

As you can see below this will create an object where the results property contains all the data. This Results property has 2 other properties of it’s own that actually contain all the data.

And if we expand the base property it gives us one of the build-in Active Directory groups.

Since this can go several layers deep it is smarter to use the round brackets to get this information. (Select -expandproperty following select – expandproperty is just ugly and takes too long)

This way it’s also easy to count the amount of returned objects. This is very useful if you have a bigger environment and want to take counts of sessions with their status (i.e. Connected, disconnected, error etc)

Next up is adding a filter, so we only get user accounts but we need to do some maintenance first. If you do too many queries it is possible that you will get some errors about too many filters or something (of course I am not getting them while writing this post) so, it might be needed to remove the old stored queries is possible with the queryservice_deleteall method.

This does not give any feedback on the results so let’s continue with the old query and put a filter on it. First you need to know what kind of filter you need and the options are listed in the API explorer.

The first one I will use is queryfilterequals since I use that the most. I start by defining a filter object consisting of a property with a value.


Then I will add it to the querydefinition

Now I will show you the results + the fact that you don’t necessarily need to define an object for the results. I have selected the first result to show you that it contains the domain administrator account

It is also possible to combine several filters into one query, while the ad service might not be the most useful for this it can still be used as an example. The thing to do is to first create a couple of filters.

Please be aware that these membernames are case sensitive!

These need to be combined into one array

To filter on multiple things we need to have a filterand object

And then we can add the $filterarray to this object

and finally we put this object into the querydefinition object

Now let’s run the query

That’s it for the basics of doing queries using the Horizon View API’s. There are some more things that we can do with these like sorting them, but I think you can find that on your own in the API explorer examples.

Nutanix Technology Champion, what’s in it for you?

This week it was announced that applications for the 2019 Nutanix Technology Champions (NTC) are open. Despite not having worked with Nutanix in production in a while I have been a member of this great piece of vCommunity for two years now. Angelo, who runs the program, listed the benefits to include the following:

  • Early access briefings about Nutanix products and announcements
  • Access to private betas and insight into ongoing product development
  • Participation in exclusive meetings with engineering teams
  • Access to discussions on the Nutanix NTC slack channel with internal teams
  • Exclusive activities at our annual .NEXT conference including pre-show briefings
  • Support and Mentorship for those seeking NCP, NCAP and NPX career development

Let’s dive into these benefits a bit deeper.

Early access briefings about Nutanix products and announcements

Since I don’t work with the tech this is what really keeps me up to speed on what Nutanix is doing. While sometimes it’s hard for them to do it really early with the fast pace of developing new features or tools this still gives the edge for bloggers who like to blog about this. But it also gives us the possibility to provide feedback before it’s released for new ideas or enhancements.

Access to private betas and insight into ongoing product development

Again due to the high pace of developing at Nutanix the first part doesn’t happen too often but the second one does every now and then. Engineers pitch ideas during regular calls and use our reactions to those to see if it would be worth implementing.

Participation in exclusive meetings with engineering teams

See the previous point, it’s really valuable for both sides to give and receive the input on new developments.

Access to discussions on the Nutanix NTC slack channel with internal teams

Being a customer or partner this is the icing on the cake for you. Besides communicating with your fellow NTC’s every Nutanix employee can have access to our Slack Channel. I have been on the phone with support during an issue while on Slack I was able to give logs and other information that otherwise might have taken a bit more time to end up on their side. In here there are no stupid questions and if the person with the required knowledge isn’t in the channel someone else will invite them in. And it isn’t about Nutanix software only, if someone at Nutanix has the knowledge we will get them in there. Want to ask CEO Dheeraj Pandey a question? He’s in there as well!

Exclusive activities at our annual .NEXT conference including pre-show briefings

We always have a NTC lunch at .Next and several briefings up front so we know what to expect. Angelo is also a selfie maniac at conferences so you probably won’t get away without one posted on Twitter. Everywhere you go you’ll find another NTC around so like most conferences it’s a great place to make new and meet old friends.

(and no I never look good on selfies :D)

Support and Mentorship for those seeking NCP, NCAP and NPX career development

For this again the Slack channel is essential. After a call about the NPX certification ealy this year I pitched the idea to have a bootcamp in The Netherlands and that turned out to be a success as you can see in my blogpost about it.

Other things

Are there any other advantages than those that Angelo names? Yes there certainly are, all NTC’s get a free subscription to Pluralsight and on a regular base we have calls with vendors that also supply us with nfr licenses. For example we have access to hycu, Bitdefender and after the comming call also  Unitrends.

Conclusion

It doesn’t matter if you are a partner, customer or member of the greater vCommunity being a member of the NTC program is great benefit. Angelo really strives to help us grow in whatever we do and succeeds in that! If it isn’t about the knowledge then it is about expanding your network in this awesome thing that we call the vCommunity.