I have been awarded VMware vExpert once again: the vCommunity rules!

After having lots of fun in the vExpert Slack channel last evening with everyone waiting for the vExpert 2018 announcements I decided to had to bed not too late. This morning I woke up with this in my inbox:

So this is my third year in a row that I have been awarded VMware vExpert. Those three years have been a thrill ride. I started blogging mid 2016 after doing my first (and somewhat failed) vmug presentation at the Dutch VMUG. Things really picked up after I was awarded my 1st vExpert in the 2nd batch of 2016, my blog started to get more views, I created more content and I found my home in a community that simply rules: the vCommunity!

While sometimes harsh words are spoken my general feeling of the vCommunity is one of camaraderie. No question is too stupid, no solution is to weird, there are always people willing to help you with whatever is going on. This is not only true for the vExpert slack channels but also those of Nutanix, VMware Code, IOPros and last but not least the vExpertEUC channel. Most of the times things are very serious but every now and then the channels buzz with that Friday afternoon feeling where no-one is safe for jokes. When going to events meeting up with all of these people is always fun. If it is at a vmug, VMworld or EUCtechcon there’s almost almost immediate chemistry between people who just enjoy sharing and caring.

So I want to thank all of the vCommunity that have made this possible for me and I look forward to speaking to you whether it’s in person, twitter, slack or some webex. Without all of you this wouldn’t have been half as much fun!!

Presenting at the Dutch VMUG UserCon

In two weeks time I will be presenting at the Dutch VMUG UserCon, the biggest VMUG in the world! For the 3rd consecutive time I will be taking the stage by storm. My first try, about problems I encountered in the field, was a disaster but I learned lots and got good feedback from lots of people including my very good friend Hans Kraaijeveld. The second year I decided to get Hans on stage as well because he already thought he knew it all so we presented about our favorite flings for Horizon View last year. I repeated that presentation on my own at the German VMUG later that year where I had a bit more time so I could actually show the tools instead of clicking trough a powerpoint like we had to do in in the 20 minutes we had in The Netherlands.

This year I will be on my own again on stage talking about PowerCLI & Horizon View. For the regulars on that will certainly not come as a surprise. Lots of it will be pre-recorded demo’s since I don’t want to bore the people with ten minutes of typing errors. Sadly I am placed at the end of the day so I hope the audience will not be too tired. I have competition from someone called Duncan Epping, you might have heard of him. Looking at the agenda it’s a star studded day anyhow so it’s hard getting a slot without very good competition.

So do I see you at the dutch vmug? Most of the presentations will be in dutch but we can still have fun though!

The VMware Labs flings monthly for February 2018

It’s already March 1st and that gives me just a bit over 2,5 weeks to prepare for my session at the Dutch VMUG Usercon, the biggest in the world! ALso it has a Hackathon this year the day before + lots of VMware R&D sessions to choose from and last but not least a VCDX workshop. But back to flings, there have been three updated an no new flings this month. First there is almost as always the vSphere HTML5 Web Client. Further both DRS Lens and the Cross vCenter VM Mobility – CLI flings have received updates. Also a special mention for a fling that has gone GA: PowerCLI Core is now embedded in PowerCLI 10.0.0 that was released yesterday!!

Cross vCenter VM Mobility – CLI

Need to move workloads between vCenter’s that are linked or not linked? This fling will help you doing that from the commandline.

Changelog

Version 1.5

  • Added support to choose destination vm folder / destination storage pod (storage drs)

DRS Lens

The DRS Lens fling has been created to give it’s user insight in why DRS migrations take place. It provides information on vMotions, Cluster Balance and more.

Changelog

Version 1.2

  • Added support for archiving monitored data
  • Added vCenter level summary page, to get summary of clusters and archives
  • Fixed Bugs reported in v1.1
  • UI enhancements

vSphere HTML5 Web Client

Yes this fling also needs an introduction but what else can I say that this is the latest and greatest in managing your vCenter?

Changelog

Fling 3.34 – Build 7758187

New Features

  • Distributed switch topology diagram
  • Batch creation of VMkernel network adapters on a distributed port group
  • Assign License action on the License Assets tabs
  • Notification message for expiring VC licenses
  • Edit vApp settings
  • Enable and edit vApp options on a VM
  • Move networks and distributed switches to network folders

New vmware.hv.helper cmdlets (also looking for ideas!)

It’s already a couple of weeks ago that the pull request was merged but I managed to build a couple of new functions for the vmware.hv.helper module. Besides these I am also always looking for new functions to add and since I keep forgetting them I create a project on my own fork of the PowerCLI-Example-Scripts. That can be found here: https://github.com/Magneet/PowerCLI-Example-Scripts/projects/1 so if you have any requests or good ideas for functions please send them my way or add them yourself off course 🙂

This was recently done after my pr’s or is still open to be merged:

New functions

  • reset-hvmachine
    • Resets machines
  • get-hvlocalsession
    • Gets all sessions for the local pod
  • get-hvglobalsession
    • Gets all global sessions + the sessions directly to the local pod

Changed functions

  • get-hventitlement
    • had some issues with groups
  • add-hvdesktop & add-hvrdsserver
    • removed the displaying of the vcentervm id that was added to the pool
      • PR done, not yet merged!

Removed Functions

  • get-hvpodsession
    • this only got a sessioncount so hardly any usefull data

What gets you in the creative mood?

Not a technical post this time but a short one about creativity. Do you know that feeling that there’s an awesome idea in your head  brewing for a post but that you somehow can’t get yourself going to write it up?  I used to have this when writing reviews for fok.nl and still do sometimes when writing blogs on this site. While most of the times setting myself to it will get me in the right mindset that doesn’t always help. Sometimes there’s just too much noise around in my house or all kinds of distractions around the house (adhd anyone?). Most of the times it’s my kids watching something and they just can’t sit still on their chairs (again: adhd). Trying to get them quiet is sheer impossible and noise cancelling headphones will allow just enough sound trough for them to still be annoying.

The one thing that almost always gets me going is music! And I don’t even need that noise cancelling headset for that, just having a tune in my head or playing it on my phone can be enough. Lately one of my favorites have been Alestorm but other bands have been able to get me on the creative track. Queen, Pink Floyd, Metallica, Epica or DJ Tiesto are some of the other names I have had success with in the past. The question always is what band/artist I need to pick to get me going, this totally depends on how I am feeling but the first that pops into my head to play mostly is ok.

My current favorite to get me going (and that inspired me to this short post):

 

So the big question is: What get’s you in the right mood for creativity?

The VMware Labs flings monthly for January 2018

It’s that time of the month again with the update flings from VMware labs. In January seven flings received an updated while no new flings have been released, it can’t have a launch party every month can we? Six familiar names with the vSphere HTML5 Web Client, Desktop Watermark, Horizon Toolbox, HCIBench, Blockchain on vSphere and the OS Optimization tool plus the lesser updated (last update august 2016) DoD Security Technical Implementation Guide(STIG) ESXi VIB.

DoD Security Technical Implementation Guide(STIG) ESXi VIB

This one is for the people who have to implement a very high security on their vSphere environment. Please read the changelog, no STIG has been released yet for vSphere 6.5! Since it’s a lesser updated one I will give you the complete description from the fling site:

The DoD Security Technical Implementation Guide (‘STIG’) ESXi VIB is a Fling that provides a custom VMware-signed ESXi vSphere Installation Bundle (‘VIB’) to assist in remediating Defense Information Systems Agency STIG controls for ESXi. This VIB has been developed to help customers rapidly implement the more challenging aspects of the vSphere STIG. These include the fact that installation is time consuming and must be done manually on the ESXi hosts. In certain cases, it may require complex scripting, or even development of an in-house VIB that would not be officially digitally signed by VMware (and therefore would not be deployed as a normal patch would). The need for a VMware-signed VIB is due to the system level files that are to be replaced. These files cannot be modified at a community supported acceptance level. The use of the VMware-signed STIG VIB provides customers the following benefits:

  • The ability to use vSphere Update Manager (‘VUM’) to quickly deploy the VIB to ESXi hosts (you cannot do this with a customer created VIB)
  • The ability to use VUM to quickly check if all ESXi hosts have the STIG VIB installed and therefore are also in compliance
  • No need to manually replace and copy files directly on each ESXi host in your environment
  • No need to create complex shell scripts that run each time ESXi boots to re-apply settings

Changelog

Update January 2018

Added 6.5 STIG VIB to the downloads section. **Please note this is not based on a DISA STIG as a 6.5 STIG has not been released**

VMware OS Optimization Tool

No need to say a lot about this fling. If you need to optimize a windows system this has been the goto tool for years.

Changelog

January 4, 2018

  • Issue fix: Can not access public templates

Blockchain on vSphere

Want to build & test blockchain applications? This might be a handy tool in your toolbox for that.

Changelog

Jan 15 2018, BoV 1.1

  • Designed to run on PKS(Pivotal Container Services), and validated in PKS Beta
  • Integrate Blockchain Explorer into BoV which makes it easier to view/monitor peers, transactions, etc
  • Enhance BoV to support saving blocks and channel data to persistent volume
  • Optimize the installation process
  • Provide a default channel for blockchain applications
  • Update Fabric to 1.0.5

HCIBench

Specially build to benchmark VSAN clusters but can be used to test any HCI.

Changelog

Version 1.6.5.2

  • Added case comparisons by generating an XLS file for each test folder
  • Fixed bug when there’s white space in datastore name or test name

Horizon Toolbox

Missing anything in the (crappy) Horizon? There is a chance that it might be in this tool!

Changelog

2018 Jan 18

  • Horizon 7.4 support
  • Some bug fixes

Desktop Watermark

Do you want to be sure one of your desktops is used for auditing. With this tool you can set an (in)visible watermark.

Changelog

Build 1127

  • This build is signed now.

Addition

  • Password protection for the configuration & uninstallation
    • was supposed to be added in the previous release as well so might be a copy/paste error

vSphere HTML5 Web Client

Do I really need to add a description to this one? There is a html5 client build into vSphere these days but this version is updated very often and is becoming more and more on par with the (yuck) flash client.

Changelog

Fling 3.33 – Build 7616394

New Features

  • Support for PCI and Shared PCI devices for a VM
  • Create vApp wizard
  • Clone vApp wizard
  • vApp move to Host & Cluster
  • Duplicate a VM customization specification to another VC and with custom name/description
  • Synchronize Licenses action (former Import License Keys Data)
  • Assets’ details
  • Ability to edit VM Advanced configurations in Edit Settings of the VM
  • Change the shortcuts for Power Operations in VMware tools section in the Edit Settings of the VM
  • Change the maximum concurrent VMRC sessions for a VM in the Edit Settings

Bug Fixes

  • Can add an existing hard disk in Edit Settings for VM residing on datastore cluster

Known Issues

  • Creation of child vApp wizard is not working – the workaround is to create a child vApp as separate vApp and use move to operation to move it under the parent one.

Fling 3.32 – Build 7496117

New Features

  • vApp power operations
  • vApp move to operation to folder operation
  • vApp rename operation
  • vApp delete operation
  • vApp export to OVF template

Improvements

  • vApp related VMs tab, datastore tab and networking
  • Add Permission action on VM templates

New Year, new month, new job!

2018 already proved to become an awesome year for me. I became Nutanix Technology Champion again for 2018 and I also decided to change employers. While Detron has been a great employer for over three years it was time to change. My ambitions for what I wanted to do proved to be hard for them to match in jobs to do. I do have to thank them though for the great support I had in these years in which I started blogging, public speaking and managed to enter several community programs like VMware vExpert, Nutanix Technology Champion and more recently the newly announced Liquidware Tech Insiders started by former colleague and Liquidware Pre-sales Director Northern Europe Bas van Kaam.

Starting February first I will be joining TenICT in the Netherlands as VMware Consultant. This company was recently nominated as Most promising Partner of the year for The Netherlands by VMware. They also recently signed a VMware PSO contract so will be taking on PSO jobs as well in the near future. In short it looks like it’s going to be an awesome 2018.

Again I want to thank Detron for the three great years I had with them and I will definitely miss the people and the fun we had!

(Advertorial)Vembu BDR Suite v3.9.0 is now Generally Available and includes Tape Support & Flexible Restores

It is highly important that data needs to be backed up and there should be an effective Disaster Recovery plan in case of data threat or a catastrophe. While data continues to grow and there are number of technology providers who offer better and comprehensive storage techniques to businesses, there has not been an alternative to the concept of backup. While costs are a major factor for businesses, having a steady backup plan to counter data threats and compliant to strict regulatory standards(including the upcoming EU’s GDPR) is necessary. Be it virtual environment backup like VMware Backup, Microsoft Hyper-V Backup or legacy environment backup like Windows Server Backup, Workstation backup, Vembu BDR Suite has been offering Backup & Recovery with their own file-system, VembuHIVE thereby easing the backup process, storage management at an extremely affordable pricing.

Last week, they did announce the release of Vembu BDR Suite v3.9.0 which offers manifold features and enhancements to meet the different needs of Diverse IT environments. According to them, the overall goal of the new version v3.9.0 is to provide advancements in terms of Storage, Security, and Data Restoration.

Vembu BDR Suite v3.9.0 release is distinct because a number of critical features are incorporated for maintaining business continuity and to function effectively for high availability. Here are some of the key highlights of this release:

Tape Backup Support

Vembu now provides the popular 3-2-1 backup strategy( copies of backup in 2 medias(Disk and Tape) and 1 backup copy at offsite) to businesses by announcing the support for Native Tape Backup for  Image-based Backups (VMware, Hyper-V, and Physical Windows Servers & Workstations) providing an option for Long-Term Archival and Offsite storage.  Also, Vembu Tape Backup Support makes the DR possible on any physical or virtual environment. Thus Vembu Tape backup is designed keeping in mind the future needs of the ever evolving IT demands.

Quick VM Recovery on ESXi host for Hyper-V and Windows Image Backups

As we speak of data backup, recovery of data is equally important, if not more. While data recovery is crucial, the amount of time taken to restore data decides the business continuity of any organization. In the previous versions, Vembu has provided instant recovery capabilities only for VMware Backups from the GUI. From this release v3.9.0, Vembu makes the instant recovery process much simpler and quicker than before by making the Quick VM Recovery possible on VMware ESXi from Vembu BDR backup server console for all image-based backups(VMware, Hyper-V and Microsoft Windows). Thus, Vembu lowers the Recovery Time Objectives of the organizations and provides quicker data regain and access.

Backup-level Encryption

With the newest release, Vembu provides the ability to encrypt the data while creating a backup job. Each backup job that is configured from the distributed agents or through the Vembu BDR backup server is now highly secured through Backup-level Encryption. By using customized passwords, users will now be able to enable additional security for their backup jobs. And the backup data can be restored/accessed only by providing the password. Thus, the data is encrypted and can only be accessed by authorized users. This step is to fight data threats and also to ensure data compliances.

Auto Authorization at Vembu OffsiteDR Server

Offsite data protection is critical in terms of business continuity and is primarily done to keep a backup instance of key business data. To increase data security, Vembu BDR Suite v3.9.0 has Auto Authorization feature at Vembu OffsiteDR server that lets only the registered BDR backup servers to connect to the OffsiteDR server. Vembu BDR servers are authorized through unique registration key generated at the OffsiteDR server. Thus, safeguard all your backup data even if they are transferred to offsite through Auto-Authorization at OffsiteDR server.

Pre/Post backup scripts

Many businesses are in a need to execute certain business logic before or after a backup job. But running these logics manually through scripts is difficult and is not feasible for organizations having multiple backup jobs running in their IT infrastructure. To make this process simpler, Vembu BDR Suite v3.9.0 provides a separate wizard in NetworkBackup, OnlineBackup and ImageBackup clients, where one can add a number of pre and post executable commands/scripts. This helps in automatically executing the added commands/scripts at specific stages based on the configuration and provides the ability to run the custom actions before/after the backup schedules.

Besides all the listed features, Vembu BDR Suite v3.9.0 has few interesting features like Windows Event Viewer Integration along with some Enhancements.

Interested in trying Vembu BDR suite?, Try Now on a 30-days free trial: https://www.vembu.com/vembu-bdr-suite-download/

 

 

 

 

 

 

 

 

 

 

 

Multi vlan Network for Horizon View using PowerCLI & API’s

One of the things I wanted to do for a while is to write an API version on how to use multiple dvSwitch portgroups with Horizon View linked clones. With instant clones there’s a gui way to select multiple portgroups but for instant clones the only was to do this was to use the View PowerCLI. This gets installed with the connection server and can only be used from there. What you do is create a file, edit and apply it. Johan has described this process very well on his blog. I decided there had to be a way to do this as well with ‘regular’ PowerCLI & the api’s.

The api explorer shows a property named networklabel for both desktop pools and rds farms. This entry showed me what data I needed to configure. I spent most of my time in gathering all the data for this. As you can see in the script I had to dig rather deep to get all information like hostorclusterid and snapshotid. This information then needs to be put into an object called nics.

The script I made is a working prove of concept and doesn’t contain logic about what portgroups to apply. It just grabs all portgroups that comply with a simple filter. It then grabs the id’s for those and configures them to use for the pool. The script grabs information using the snapshotid but in my testing it’s 100% safe to change snapshots or golden images after that, is just uses that information to know where to configure things.

Something I found during testing is that the maximum amount of labels is respected and spread over all port groups as long as there are labels available. If the system runs out of labels it will continue using only the last configured label! I have tested this on View 6.2 and 7.3.2 with vSphere 6.5 on both methods of configuring the portgroups.

This is the script, it asks for some required information at first. This way you don’t have to put a password in plain text in the script. You can see I have the maxlabeltype and enabled properties pre-configured as LIMITED and $true. If the maxlabeltype is UNLIMITED the composer would stop using any other labels configured after that one and if enabled would be $false that label wouldn’t be used at all..

#-------------------------------------------------
# Linked Clone Configure multiple vlan's
# This script is created to allow a Linked Clone
# Desktop pool to use multiple vlan's
#
# In the past only the 'old' View PowerCLI on the Connection
# broker could be used to accomplish this. Now it's possible 
# from any system running PowerCLI 6.5 or above.
#
# This version replaces all current settings!
# 
# Requires PowerCLI 6.5 or higher
#
# Feel free to use or alter in anyway but please remember the original creator :)
#
# Version 1.0
# 16-01-2018
# Created by: Wouter Kursten
# https://www.retouw.nl
# Twitter @Magneet_NL
#-------------------------------------------------

$hvservername=Read-host "Which Connection broker do you want to connect to?"
$domain=read-host "Please enter your active directory domain?"
$username=Read-host "Please enter your useraccount"
$password=Read-host -assecurestring "Please enter your password"
$poolname=read-host "What pool to configure?"
$labelfilter=Read-host "What portgroups do you wnat to configure (use * as wildcard i.e. DVVDI*)"
$maxlabels=read-host "How many labels to configure per portgroup?"

#Connect to View Connection broker
Import-module vmware.hv.helper
write-host "Connecting to the connection broker" -ForegroundColor Green
try {
	$hvserver1=connect-hvserver $hvservername -domain $domain -username $username -password $password -WarningAction silentlyContinue -erroraction stop
	$Services1= $hvServer1.ExtensionData
}
catch {
	Write-host "Can't connect to the Connection server please check the credentials." -ForegroundColor Red
	exit
}
$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'DesktopSummaryView'
$defn.filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='desktopSummaryData.name'; 'value' = $poolname}
try     {
        $poolid=($queryService.queryservice_create($Services1, $defn)).results
        }
catch   { 
        throw "Can't find $poolname, exiting" 
        }

$pool=$Services1.Desktop.desktop_get($poolid.id)
$networklabelsall=$services1.networklabel.NetworkLabel_ListByHostOrCluster($pool.AutomatedDesktopData.VirtualCenterProvisioningSettings.VirtualCenterProvisioningData.hostorcluster)
$networklabels=$networklabelsall | where-object {$_.data.name -like $labelfilter}
$NetworkInterfaceCard=$services1.NetworkInterfaceCard.NetworkInterfaceCard_ListBySnapshot($pool.AutomatedDesktopData.VirtualCenterProvisioningSettings.VirtualCenterProvisioningData.snapshot)
$NetworkInterfaceCardSettings=new-object vmware.hv.desktopNetworkInterfaceCardSettings
$NetworkInterfaceCardSettings.nic=$NetworkInterfaceCard.id
[email protected]()

foreach ($networklabel in $networklabels){
    $NetworkLabelAssignmentSpec=new-object VMware.Hv.desktopNetworkLabelAssignmentSpec
    $NetworkLabelAssignmentSpec.enabled=$True
    $NetworkLabelAssignmentSpec.networklabel=$networklabel.id
    $NetworkLabelAssignmentSpec.maxlabeltype="LIMITED"
    $NetworkLabelAssignmentSpec.MaxLabel=$maxlabels
    $networkLabelAssignmentSpecs+=$networkLabelAssignmentSpec
    }
$NetworkInterfaceCardSettings.networkLabelAssignmentSpecs=$networkLabelAssignmentSpecs

[email protected]()
$VirtualCenterNetworkingSettings=new-object vmware.hv.DesktopVirtualCenterNetworkingSettings
$VirtualCenterNetworkingSettings.nics+=$NetworkInterfaceCardSettings

$desktopService = New-Object VMware.Hv.DesktopService
$desktopInfoHelper = $desktopService.read($services1, $Pool.Id)
$desktopinfohelper.getAutomatedDesktopDataHelper().getVirtualCenterProvisioningSettingsHelper().setVirtualCenterNetworkingSettingsHelper($VirtualCenterNetworkingSettings)
$desktopservice.update($services1, $desktopInfoHelper)

I used a lot of variables and arrays with the names as they are pulled from the data, that explains their long names. Afterwards it doesn’t give any feedback. For this I created a separate script so you can separately check what is configured before or after you change the configuration:

#-------------------------------------------------
# Linked Clone get vlan configuration
# This script is created to check if a linked clone pool 
# has any configured vlan/portgroup configuration
#
# Requires PowerCLI 6.5 or higher 
#
# Feel free to use or alter in anyway but please remember the original creator :)
#
# Version 1.0
# 16-01-2018
# Created by: Wouter Kursten
# https://www.retouw.nl
# Twitter @Magneet_NL
#-------------------------------------------------

#region variables
$hvservername=Read-host "Which Connection broker do you want to connect to?"
$domain=read-host "Please enter your active directory domain?"
$username=Read-host "Please enter your useraccount"
$password=Read-host -assecurestring "Please enter your password"
$poolname=read-host "What pool to check?"

#endregion

#region Connect to View Connection broker
Import-module vmware.hv.helper
write-host "Connecting to the connection broker" -ForegroundColor Green
try{
    $hvserver1=connect-hvserver $hvservername -domain $domain -username $username -password $password -WarningAction silentlyContinue -erroraction stop
    $Services1= $hvServer1.ExtensionData
}
catch{
    Write-host "Can't connect to the Connection server please check the credentials." -ForegroundColor Red
    exit
}
    
#endregion

#regio gather and display data
$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'DesktopSummaryView'
$defn.filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='desktopSummaryData.name'; 'value' = $poolname}
try     {
        $poolid=($queryService.queryservice_create($Services1, $defn)).results
        }
catch   { 
        throw "Can't find $poolname, exiting" 
        }

$pool=$Services1.Desktop.desktop_get($poolid.id)
$labels=($pool.automateddesktopdata.virtualcenterprovisioningsettings.VirtualCenterNetworkingSettings.nics).NetworkLabelAssignmentSpecs
if (!$labels){
    write-output "No configured portgroup(s) or $poolname not found."
}
else{
    [email protected]()
    foreach ($label in $labels){
        $output+= New-Object PSObject -Property @{
            "Labelname" = get-hvinternalname $label.networklabel;
            "Enabled" = $label.Enabled;
            "Labeltype" = $label.maxlabeltype;
            "Max_labelcount" = $label.maxlabel;
        }
    }
$output | select-object Labelname,Labeltype,Max_labelcount,enabled
}

And the result:

In the end the script looks and is way more complex than the ‘old’ way to assign multiple vlans. On the other hand it is way more flexible to use in any scripting you are already using for the automation of your Horizon environment.

As always both scripts can be found on Github here and here.

Finding Horizon View local entitlements using PowerCLI

Intro

In a previous post i mentioned that finding the entitlements for a user from the Horizon side of things can be a bit of a hassle. If only active directory groups are used its dead easy: just use the Active directory commands for those groups. If the groups are used for multiple pools and if you have assigned desktops things get a bit more complicated. For now I will only concentrate on the local pod without global entitlements.

getting that info

To get started the vmware.hv.helper module has the get-hventitlement command. As almost always a very useful one but it has some flaws. First it requires full domainname\username or [email protected]

For example

get-hventitlement -user magneet.lab\user1

or

get-hventitlement -user [email protected]

Both work but

get-hventitlement -user magneet\user1

gives this message: Get-HVEntitlement: No entitlements found with given search parameters.

At least

get-hventitlement -user user1

If you add the -type group to this command you get all group entitlements

gives an error message that the -user argument does not match the “^.+?[@\\].+?$” pattern. With this last one you at least get an error so you know where to look but not displaying any entitlements is an issue for me.

So, back to the results of these commands, I have assigned the user user1 the following rights

  • Pool04 directly and by using a group
  • directly on a single desktop in pool04.
  • Pool01 only by group.
  • Paint rds app by group
  • Calculator rds app direct
  • Wordpad rds app by both group & directly

When using the get-hventitlement without anything else it doesn’t seem to show a lot of usable things

get-hventitlement -user [email protected]

If you put this between brackets followed by a period and one of the properties a bit more info is shown.

(get-hventitlement -user [email protected]).base

Some information about the user, not very usable the session data property gives some information about current sessions (none at the moment)

With the localdata property it looks like we hit the motherload jackpot thingy

(get-hventitlement -user [email protected]).localdata

Very good, a lot of id’s so what can we do with those? For now I will put this into $entitledids.

$entitledids=(get-hventitlement -user [email protected]).localdata

I read something about get-hvinternalname when checking out the module, sounds usable.

get-help get-hvinternalname -examples

Ah, so this needs an entityid as input, a machine is an entity so let’s try it. This might need a foreach though because the output gave machines and not machine.

foreach ($Entityid in ($entitledids.machines)){get-hvinternalname $Entityid}

Damn, that’s not usable, let’s double-check with the other id types

foreach ($Entityid in ($entitledids.desktops)){get-hvinternalname $entityid}
foreach ($Entityid in ($entitledids.desktopuserentitlements)){get-hvinternalname $entityid}
foreach ($Entityid in ($entitledids.aplicationuserentitlements)){get-hvinternalname $entityid}
foreach ($Entityid in ($entitledids.applications)){get-hvinternalname $entityid}

The ones we need are readable, couple of them not but I don’t those will be missed.

The missing machine name is actually easy to solve by doing an api call:

foreach ($Entityid in ($entitledids.machines)){($services1.machine.machine_Get($Entityid)).base}

Conclusion

Because this is rather easy to use and since I didn’t have a direct use case for that I decided not to create a complete script. With get-hventitlement, get-hvinternalname and maybe an api call here or there it’s very easy to pull the information about which account or groups have what rights. To see if a user belongs to a group can easily be done with any of the multitude of scripts for that here’s a good example of those.