Author: Wouter

[HorizonRestAPI] Handling Instant Clone Administrator accounts

  By , , , ,

One of the options already available using the Horizon REST API‘s is working with Instant Clone Administrators. In total there are 5 API calls available and I will give an explanation for al 5 on how to use them. As you can see you’ll run all of them against /rest/config/v1/ic-domain-accounts.

GET : for all Instant Clone Domain accounts

POST : to create a new Instant Clone Domain accounts

GET : To retreive a specific Instant Clone Domain account with it’s ID

PUT : to update an Instant Clone Domain account.

DELETE : To delete an Instant Clone Domain account

Getting Started

To start showing these I am starting with the same base that I used in my first blog post about the Horizon REST api’s:

$url = read-host -prompt "Connection server url" 
$username = read-host -prompt "Username" 
$password = read-host -prompt "Password" -AsSecureString 
$Domain = read-host -Prompt "Domain" 
$url = "https://pod1cbr1.loft.lab"


$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password) 
$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)


function Get-HRHeader(){
    param($accessToken)
    return @{
        'Authorization' = 'Bearer ' + $($accessToken.access_token)
        'Content-Type' = "application/json"
    }
}
function Open-HRConnection(){
    param(
        [string] $username,
        [string] $password,
        [string] $domain,
        [string] $url
    )

    $Credentials = New-Object psobject -Property @{
        username = $username
        password = $password
        domain = $domain
    }

    return invoke-restmethod -Method Post -uri "$url/rest/login" -ContentType "application/json" -Body ($Credentials | ConvertTo-Json)
}

function Close-HRConnection(){
    param(
        $accessToken,
        $url
    )
    return Invoke-RestMethod -Method post -uri "$url/rest/logout" -ContentType "application/json" -Body ($accessToken | ConvertTo-Json)
}

$accessToken = Open-HRConnection -username $username -password $UnsecurePassword -domain $Domain -url $url

Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

[sta_anchor id=”get” unsan=”GET” /]

GET

The regular get is really straight forward, just invoke a get and you get the results.

Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

As you can see I currently have 2 accounts configured.

[sta_anchor id=”post” unsan=”POST” /]

POST

With post we can configure a new Instant Clone Domain account. Let’s see what we need. According to the API explorer it looks like we need to supply a domain ID, password and account.

To get the domain ID we’ll actually need to do a GET against another url:

$domains=Invoke-RestMethod -Method Get -uri "$url/rest/external/v1/ad-domains" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

Now I will create the json that we’ll need to configure the account. The $data variable is just a regular powershell array that  afterwards convert to the actual json

$domainid=$domains |select-object -expandproperty id -first 1

$data=@{
ad_domain_id= $domainid;
password= "password";
username= "username"
}

$body= $data | ConvertTo-Json

Now let’s use the Post method to apply this

Oops, too slow let’s authenticate and try again

Invoke-RestMethod -Method Post -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) -body $body

There are a few remarks about this: no propper error is returned when a wrong username and password is used. Wen you try to create an account that already exists it will return a 409 conflict.

[sta_anchor id=”post” unsan=”GETID” /]

GET with ID

This is straightforward again, just extend the url for the get with the ID of the account you want to get. I grabbed this from the regular pul request and filtered on the user account I just created

$icaccounts= Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) 
$accountid=($icaccounts | where {$_.username -eq "username"}).id 
Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/ic-domain-accounts/$accountid" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

[sta_anchor id=”post” unsan=”PUT” /]

PUT

Put can be used to change a users password. It’s requires a combination of the url with the ID from the get with id and a body like in the Post.

$data=@{password="Demo-02"}
$body = $data | ConvertTo-Json
Invoke-RestMethod -Method Put -uri "$url/rest/config/v1/ic-domain-accounts/$accountid" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) -Body $body

[sta_anchor id=”post” unsan=”DELETE” /]

DELETE

To delete an account simply use the url with the id in it with the DELETE method

Invoke-RestMethod -Method Delete -uri "$url/rest/config/v1/ic-domain-accounts/$accountid" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

 

The VMware Labs flings monthly for May 2020

  By , , , , , , ,

Another month, another monthly overview of the new and changed flings as published on https://flings.vmware.com/. There are three new flings and seven received an update.

New flings:

Linux Driver for Precision Clock Virtual Device

Demo Appliance for Tanzu Kubernetes Grid

Supernova – Accelerating Machine Learning Inference

Update flings:

VMware Appliance for Folding@Home

VMware Event Broker Appliance

Virtual Machine Compute Optimizer

VMware Machine Learning Platform

vSphere Mobile Client

Horizon Session Recording

Horizon Helpdesk Utility

New Releases

[sta_anchor id=”ptpvmw” /]

Linux Driver for Precision Clock Virtual Device

The Linux Driver for Precision Clock Virtual Device fling is an alternative way for synchronising time using a newly introduced piece of virtual hardware in vSphere 7.

ptp_vmw is a Linux driver for VMware Precision Clock, a new type of virtual device available in ESXi 7.0 (hardware version 17 on-wards) that provides virtual machines with access to the underlying ESXi host’s system clock. Guests can use the device as a reference clock in Chrony time synchronization software to synchronize their system clocks with.

Precision Clock offers an alternative to existing methods of time synchronization in the guest, such as NTP. A potential benefit of using Precision Clock, when compared to a network time synchronization, is that it uses a VMware proprietary paravirtual interface between a virtual machine and the host to fetch time information. Achievable accuracy using network based time synchronization in a guest is limited by delay and variability in the virtual networking paths (including the guest’s own networking stack), especially under high loads. By avoiding virtual networking, time synchronization using Precision Clock can, potentially, achieve higher accuracy. See the vSphere 7.0 documentation at https://docs.vmware.com for more information about this virtual device.

This fling includes a Linux kernel module source RPM, which can be built and installed in a Linux system. Upon loading the driver, a PTP clock device is created, which can be consumed as a reference clock in Chrony. See included README file for more information.

[sta_anchor id=”tanzudemo” /]

Demo Appliance for Tanzu Kubernetes Grid

A Virtual Appliance that pre-bundles all required dependencies to help customers in learning and deploying standalone Tanzu Kubernetes Grid (TKG) clusters running on either VMware Cloud on AWS and/or vSphere 6.7 Update 3 environment for Proof of Concept, Demo and Dev/Test purposes.

This appliance will enable you to quickly go from zero to Kubernetes in less than 30 minutes with just an SSH client and a web browser!

Features:

  • Quickly deploy TKG Clusters onto VMware Cloud on AWS or vSphere-based infrastructure
  • Online vSphere Content Library to sync all TKG Demo Appliance dependencies
  • Accompany step-by-step workshop-style guide
  • Embedded Harbor registry pre-loaded with all required TKG and Demo Containers
  • Support for Air-Gapped and Non-Internet accessible environments
  • Sample demo applications including Persistent Volume, K8s 3-Tier Application with a LoadBalancer example
  • Easily access and debug TKG Clusters using Octant

What’s Included:

[sta_anchor id=”snamli” /]

Supernova – Accelerating Machine Learning Inference

With machine learning is widely used in enterprises, big data are trained on the edge, inference services go to production either in the cloud or on the edge.

On the edge

  • Edge devices have limited resources, space and power supply
  • Edge servers cost much higher than devices
  • Hardware accelerators are heterogeneous in architecture and various on interfaces and performance on the edge

In the cloud

  • Accelerator market is dominated by Nvidia GPU
  • Other options come as AMD GPU, Intel Habana Goya/Altera FPGA, AWS Inferentia, Xilinx FPGA etc
  • Common inference interfaces from cloud to edge doesn’t appear generally
  • Limitation on specific hardware accelerators or cloud leads to new vendor lock-in

Project Supernova is to build a common machine learning inference service framework by enabling machine learning inference accelerators across edge endpoint devices, edge systems and cloud, with or without hardware accelerators.

  • Micro-service based architecture with Restful API
  • Support heterogenous system architectures from leading vendors
  • Support accelerator compilers to native code
  • Neutral to ML training framework file formats
  • Work on both edge devices and clouds
  • Hardware CPU support:
    • x86-64, ARM64
  • Hardware accelerator support:
    • Intel VPU, Google Edge TPU, Nvidia GPU
  • Software
    • Inference toolkit support: OpenVINO, TensorRT & Tenserflow Lite
    • Training framework data format: Tensorflow, Caffe, ONNX, MxNet

Updated flings

[sta_anchor id=”foldingathome” /]

VMware Appliance for Folding@Home

Do you have some cpu resources left to use for a good cause? The VMware appliance for folding@home makes life doing that just a bit easier.

Changelog

May 6, 2020 – v1.0.4

  • F@H software has been updated to latest 7.6.13

VMware-Appliance-FaH_1.0.4.ova
MD5: 151a5708f5d8cada3f5b48936e749f60

[sta_anchor id=”veba” /]

VMware Event Broker Appliance

The VMware Event Broker Appliance gives users makes live easier for creating business logic based on events.

Changelog

Here.

[sta_anchor id=”vmco” /]

Virtual Machine Compute Optimizer

The Virtual Machine Compute Optimizer (VMCO) is a Powershell script that uses the PowerCLI module to capture information about the hosts and VMS running in your vSphere environment, and reports back on whether the VMs are configured optimally based on the Host CPU and memory.

Changelog

Version 2.1.0

  • Fixed errors in reporting for some VMs that are on hosts with 4 sockets
  • Fixed “memory” missing from Details when VM memory spans pNUMA nodes
  • Added ability to call function with “-simple” which only reports VM info (leaves out vCenter, Cluster, and Host)

[sta_anchor id=”vmlp” /]

VMware Machine Learning Platform

The VMware Machine Learning Platform was build to provide an end-to-end ML Platform.

Changelog

Version 0.2.0

  • Added support for vSphere with Kubernetes and Tanzu Kubernetes GRID in addition to VMware
  • Cloud Foundation/PKS
  • Upgraded to Kubeflow 1.0 GA
  • Added support for GPUs
  • Introduced a new data registry component called Data Manager
  • Upgraded minor components/libraries to the latest versions
  • Added an easy-to-use installer
  • Lots of bug fixes

[sta_anchor id=”vspheremobileclient” /]

vSphere Mobile Client

The vSphere Mobile client is the tool to have if you want to be able to an early check on your vCenter while running to your desk to do it on those nice and fancy big screens you have over there.

Changelog

Version 1.11.0

New features:

  • Virtual keyboard for VM console, with all special keys available
  • Details page for cluster objects

Improvements:

  • iOS devices now have the VM console, still requires direct ESXi connection for both Android and iOS
  • Library updates for better compatibility

Bugfixes:

  • Host no longer shows as standalone when part of a cluster
  • Issues for all objects are calculated similarly, by adding together fired alarms and configuration issues
  • Virtual CPU count in VM summary page is now correct
  • All details pages are showing information in a similar way

[sta_anchor id=”horrec” /]

Horizon Session Recording

The Horizon Helpdesk Recording fling is an underestimated fling in my eyes, it gives you the opportunity to properly record whats’s happening in a users vdi session.

Changelog

Version 2.0.8

Note: Version 2.0.8 is a complete re-write of the whole fling, This fling does not support upgrading, this will require a new deployment, server and agent.

  • The agent is now multi-threaded.
  • The web service is now written in angular.
  • The web service now supports high availability (see documentation).
  • This release will only work with Horizon 7.9 or higher.

[sta_anchor id=”horhelp” /]

Horizon Helpdesk Utility

After Reach that sadly had to be pulled the Horizon Helpdesk Utility is on of the best flings to have ever been released for Horizon. FInally a fast tool that properly helps your helpdesk without having to go to the admin console.

Changelog

Version 1.5.0.21

  • Fixed an intermittent issue with the agent crashed when viewing a pool / session.

[HorizonAPI] Getting started with the Horizon REST api

  By ,

Until now all of my blogging about the Horizon api’s was about consuming the SOAP api using PowerCLI. Since a couple of releases Horizon also has a REST api and since 7.12 we are also able to change some settings using that. So now it’s time for me to dive into the Horizon REST api’s. I will consume them using Powershell since I am the most comfortable using that but you can use whatever method you prefer..

The REST api is just like the soap api documented at the VMware{CODE} api explorer.

First of all we need to create an accesstoken, we can do this by using some code that I simply stole from Andrew Morgan because why would I re-invent the wheel? From his git repository I grabbed three basic functions: get-HRHeader, Open-HRConnection and close-hrconnection. there’s also a refresh-hrconnection but I won’t need that for now.

function Get-HRHeader(){
    param($accessToken)
    return @{
        'Authorization' = 'Bearer ' + $($accessToken.access_token)
        'Content-Type' = "application/json"
    }
}

function Open-HRConnection(){
    param(
        [string] $username,
        [string] $password,
        [string] $domain,
        [string] $url
    )

    $Credentials = New-Object psobject -Property @{
        username = $username
        password = $password
        domain = $domain
    }

    return invoke-restmethod -Method Post -uri "$url/rest/login" -ContentType "application/json" -Body ($Credentials | ConvertTo-Json)
}

function Close-HRConnection(){
    param(
        $accessToken,
        $url
    )
    return Invoke-RestMethod -Method post -uri "$url/rest/logout" -ContentType "application/json" -Body ($accessToken | ConvertTo-Json)
}
$accessToken = Open-HRConnection -username $username -password $password -domain $Domain -url $url

But we can’t do anything with only these functions, somehow we also need to supply username and password

$url = read-host -prompt "Connection server url"
$username = read-host -prompt "Username"
$password = read-host -prompt "Password" -AsSecureString
$Domain = read-host -Prompt "Domain"

$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

(I am grabbing it from the command line here but when I run the scripts I have my creds hardcoded to make my life for the duration of this blog post a bit easier)

Next up is actually getting some data. The first thing that I wil do is show the connection servers. This can be done with the following API call. The part after -uri “$url/rest/ is what you can find int he api explorer. The method is the method also shown in the api explorer.

Invoke-RestMethod -Method Get -uri "$url/rest/monitor/connection-servers" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

and the result:

Since one of the few things that you can already change using the rest api’s are the general settings I will take those as the next example

Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/settings" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

This works but I can’t say that it’s really usable. Now this is not the first time I do something with REST api’s (haven’t done it a lot though to be honest) so I know this can easily be converted to json to make it visible. What I will do is that I put it in a variable first.

$settings=Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/settings" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)
$settings | ConvertTo-Json

Now this DOES look usable! Let’s take a look what is under general_settings

$settings.general_settings

Let’s say I want to change the forced logoff message

$settings.general_settings.forced_logoff_message="Get lost, the Bastard Operator From Hell is here."

Now my variable has the change but I need to send this to the server. This can be done using a put method and the settings variable has to be added as json. The second line is to pull the new settings from my connection server showing it directly in a json format.

 

Invoke-RestMethod -Method Put -uri "$url/rest/config/v1/settings" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) -body ($settings | ConvertTo-Json)
Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/settings" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) | ConvertTo-Json

and in the admin interface:

That’s it for my 1ste blog post about the horizon REST api’s hopefully it’s useful! Below is an example of the script that I used.

$url = read-host -prompt "Connection server url" 
$username = read-host -prompt "Username" 
$password = read-host -prompt "Password" -AsSecureString 
$Domain = read-host -Prompt "Domain" 

#$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password) 
#$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

function Get-HRHeader(){
    param($accessToken)
    return @{
        'Authorization' = 'Bearer ' + $($accessToken.access_token)
        'Content-Type' = "application/json"
    }
}
function Open-HRConnection(){
    param(
        [string] $username,
        [string] $password,
        [string] $domain,
        [string] $url
    )

    $Credentials = New-Object psobject -Property @{
        username = $username
        password = $password
        domain = $domain
    }

    return invoke-restmethod -Method Post -uri "$url/rest/login" -ContentType "application/json" -Body ($Credentials | ConvertTo-Json)
}

function Close-HRConnection(){
    param(
        $accessToken,
        $url
    )
    return Invoke-RestMethod -Method post -uri "$url/rest/logout" -ContentType "application/json" -Body ($accessToken | ConvertTo-Json)
}

$accessToken = Open-HRConnection -username $username -password $password -domain $Domain -url $url

Invoke-RestMethod -Method Get -uri "$url/rest/monitor/connection-servers" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

The VMware Labs flings monthly for April 2020

  By , , , , , ,

Another month down in the Corona quarantaine. That doesn’t mean that the engineers didn’t work on flings. More the opposite since I can’t remember having to go to page 2 on the site to see all of the new releases and updates. I see four new releases and nine updated flings.

The new ones: Tech For Good – Virtual Reality Experience, vSphere Replication Capacity Planning, Python Client for VMC on AWS, Horizon Cloud Pod Architecture Tools.

The updated flings: vRealize Operations REST Notifications Helper, App Finder for Tunnel, USB Network Native Driver for ESXi, vSphere Software Asset Management Tool, VMware OS Optimization Tool, Power vRA Cloud, VMware Appliance for Folding@Home, Virtual Machine Compute Optimizer, vSAN Performance Monitor.

New flings

[sta_anchor id=”vrexp” /]

Tech For Good – Virtual Reality Experience

The Tech For Good – Virtual Reality Experience fling is a VR huide through 4 key pieces of tech.

Download this Virtual Reality Application for the Oculus Quest and Oculus Go, you will watch this VR experience hosted by VMware, Bask Iyer, CIO and Chief Digital Transformation officer, as he walks us through 4 key technologies Cloud, Mobile, IoT and AI and illustrates new opportunities for technology to deliver a positive impact on society.

[sta_anchor id=”vrepcapplan” /]

vSphere Replication Capacity Planning

The vSphere Replication Capacity Planning Fling reveals actual VM traffic consumption and delta size. This helps you perform a capacity planning or estimation of vSphere Replication network bandwidth utilization prior to enabling vSphere Replication for VMs.

This Fling exposes graphics regarding LWD (lightweight delta) network traffic and delta size metrics, represented in different time frames – hourly, daily, weekly and monthly.

[sta_anchor id=”vmcpython” /]

Python Client for VMC on AWS

Python Client for VMware Cloud on AWS is an open-source Python-based tool. Written in Python, the tool enables VMware Cloud on AWS users to automate the consumption of their VMware Cloud on AWS SDDC.
Note this is not to interact with your VMware Cloud on AWS vCenter but to run tasks such as creating and deleting networks, setting up security groups and services and building network security rules on the Management and Compute Gateways.

Detailed instructions can be downloaded in the instructions tab or can be also found on the following blog post:
https://nicovibert.com/2020/02/25/pyvmc-python-vmware-cloud-aws/

[sta_anchor id=”cloudpodtools” /]

Horizon Cloud Pod Architecture Tools

The Horizon Cloud Pod Architecture Tools fling is a set of tools that helps with managing a Horizon cloud pod.

Horizon cloud pod architecture (CPA) has lmvutil commands to manage the global database entitlements data using command line interface. A lmvtools command line wrapper is now available to enhance the command execution of lmvutil commands to input the password only once and leave the command execution to continue. It has capability to export all the site, site-pod mapping, global entitlements, user global assignments, local pool assignments, home site overrides, backup global entitlements in lmvutil commands format to file. The command builder has in-built mechanism to comment the stale user global assignments and stale home site assignments.

Update flings

[sta_anchor id=”vropsrestnotifier” /]

vRealize Operations REST Notifications Helper

vRealize Operations REST Notifications Helper helps vRealize Operations Manager users improve and customize the REST notifications of alerts. It collects the most useful information about an alert, creates a new payload by user configuration, and sends it to third parties.

Changelog

Version 1.4.0

  • Added vRealize Operations Cloud Support
  • Added custom tags support
  • Bugfixes and improvements

[sta_anchor id=”appfinder” /]

App Finder for Tunnel

This application is a utility which can be used for conveniently flagging the applications to use WorkspaceONE Tunnel on macOS.

Changelog

Unknown

[sta_anchor id=”usbnicdriver” /]

USB Network Native Driver for ESXi

Specially made for homelabs the USB Network Native Driver for ESXi makes it possible to use usb network cards with ESXi.

Changelog

April 6, 2020 – v1.5

  • Added support for ESXi 7.0

Note: This is ONLY for ESXi 7.0, for ESXi 6.5/6.7, please ensure you are using the correct version of driver.

ESXi700-VMKUSB-NIC-FLING-34491022-component-15873236.zip

[sta_anchor id=”vSAM” /]

vSphere Software Asset Management Tool

The vSphere Software Asset Management (vSAM) is a tool that collects and summarizes vSphere product deployment information. It calls on vSphere APIs for deployment data and produces a PDF report that the customer can consult as a part of their infrastructure review and planning process. This lightweight Java application runs on Windows, Linux or Mac OS.

Changelog

Version 1.1

  • Added vSphere 7.0 support; Added the Host Inventory Table in the generated software asset management report.

[sta_anchor id=”osot” /]

VMware OS Optimization Tool

Osot is the tool to optimize your Horizon golden images.

Changelog

April,2020,b1151

  • Fixed several issues in CLI.

April, 2020, b1150
.docx file of recent change log located in the hyperlink above.

Includes various bug fixes and many new optimizations that have a huge beneficial effect.

Support for Windows 10 version 2004 has been added.

Optimizations

Lots of Windows 10 and Windows Server optimizations have been added to this version. These include settings for Windows features and also for applications:

  • Office 2013/2016/2019
    • Disable start screens
    • Disable animations
    • Disable hardware acceleration
  • Internet Explorer 11 and Edge browserBlank home page
    • Prevent first time wizard
    • Disable hardware acceleration
  • Adobe Reader 11 and DC
    • Disable hardware acceleration
    • Multiple additional optimizations

More optimizations have been added for Windows services and scheduled tasks to achieve a faster OS initialization and improve performance.

UI Button Renames and Reorder

Several buttons have been renamed to more closely reflect the task they perform.

  • Analyze is now called Optimize.
  • The old page that displayed the results of an optimization task used to be called Optimize. That has been renamed to Results.

Inside the Optimize page the buttons at the bottom left have been reorganized. These are now in order that you would execute them in. Analyze > Common Options > Optimize

Removed the button for Compatibility as this was a legacy item.

The top-level buttons and tabs have been reordered to better reflect the main tasks and the order you carry them out in. Analyze > Generalize > Finalize.

Common Options

New option in Visual Effect to allow the selection of disabling hardware acceleration for IE, office and Adobe Reader. The default is that this is selected but this allows this to be easily unselected if using hardware GPU.

Added Photos to the list of Windows Store apps that can be selected to be retained.

Setting the background to a solid color is now selected by default.

Generalize

More comprehensive Sysprep answer file that helps with some optimization items that were getting undone by the Sysprep process.

Finalize

New options to carry out some tasks that get undone during Generalize.

  • Disable Superfetch service. This reduces high usage of CPU and RAM.
  • Clean temporary files from the default user profile.

Automate the use of SDelete to zero empty disk space.

  • Overwrites empty disk space with zeros so that the VMDK size can be reduced when it is cloned.
  • This uses SDelete which needs to be downloaded from Microsoft Sysinternals and copied to a location in the path (Windows\System32 or current user directory).

Create Local Group Policies

  • Creates local group policies for computer and user settings that can then be viewed with tools like RSOP and GPEdit.
  • This uses LGPO.exe which can be downloaded as part of the Microsoft Security Compliance Toolkit. LGPO.exe should be copied to a location in the path (Windows\System32 or current user directory).

Command Line

Command line support added for the Generalize step.

Command line support added for the Finalize step. This also simplifies and consolidates the previous system clean tasks (NGEN, DISM, Compact, Disk Cleanup) under the new -Finalize option. These can now be run without specifying a template.

Fixed naming of Paint3D application when wanting to retain this while removing other Windows Store Applications. This had been previously been incorrectly named as MSpaint.

Templates

Windows 10 version 2004 was added to the built-in template Windows 10 1809 – XXXX-Server 2019.

Legacy templates for Horizon Cloud and App Volumes packaging have been removed. The two standard Windows 10 templates should be used instead.

LoginVSI templates are no longer built in. They are still available to download from the public templates interface.

Guides

Updated OSOT user guide: VMware Operating System Optimization Tool Guide.

Updated Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop guide coming soon.

[sta_anchor id=”powervra” /]

Power vRA Cloud

PowervRA Cloud is a PowerShell module that abstracts the VMware vRealize Automation Cloud APIs to a set of easily used PowerShell functions.

Changelog

Version 1.2

  • Support for vRealize Automation 8.1
  • New cmdlets
  • Connect-vRA-Server
  • New-vRA-Server-CloudAccount-VMC
  • New-vRA-Server-CloudAccount-vSphere

[sta_anchor id=”folding” /]

VMware Appliance for Folding@Home

This Fling is a vSphere Appliance that contains the Folding@Home client software to help the fight against Covid.

Changelog

April 17, 2020 – v1.0.3

  • F@H software has been updated to latest 7.6.8
  • Add OVF property (guestinfo.fah_next_unit_percentage) to control Workload Unit Percentage (default value of 90)

VMware-Appliance-FaH_1.0.3.ova
MD5: d82d0829badc64e7e19bf24999a2db1a

April 1, 2020 – v1.0.2

  • F@H software has been updated to latest 7.5.1
  • Add OVF DeploymentOption (Small, Medium and Large) to help simplify initial configuration including optimal memory setting for 16 vCPU
  • SSH is now disabled by default (can be enabled during OVF deployment)

VMware-Appliance-FaH_1.0.2.ova
MD5: 44843701611febbf45d72b8b37a0778a

[sta_anchor id=”vmco” /]

Virtual Machine Compute Optimizer

The Virtual Machine Compute Optimizer (VMCO) is a Powershell script that uses the PowerCLI module to capture information about the hosts and VMS running in your vSphere environment, and reports back on whether the VMs are configured optimally based on the Host CPU and memory.

Changelog

Version 2.0.4

  • Fixed errors with reporting on VMs with odd number of vCPUs
  • Fixed reporting on VMs that have CPU Hot Add enabled

[sta_anchor id=”vsanperfmon” /]

vSAN Performance Monitor

The vSAN performance monitor is a monitoring and visualization tool based on vSAN Performance metrics.

Changelog

Version 1.3

  • Fixed issues related to user login. We have removed the user password configuration screen while deploying the fling. Users will be prompted to change the password after login.
  • Few tweaks related to Grafana charts. Removed the login screen to access graphs.

[HorizonAPI] Registering a Composer Domain Administrator using the api’s

  By , , , , , , ,

A while ago I blogged about adding an Instant Clone administrator using the api’s. I never looked at creating a linked clone domain administrator though so let’s do that.

When checking the services near the bottom we see a service called ViewComposerDomainAdministrator

Now let’s check the available methods

The difference between ViewComposerDomainAdministrator_Create and ViewComposerDomainAdministrator_CreateByServerDefinition is that for the first you’ll need the virtualcenterid and for the lather the ServerDefinition for the configured vCenter.I will go with the easier first one.

Let’s see what’s required

so we need a spec of the type VMware.Hv.ViewComposerDomainAdministratorSpec this is what the api explorer says about it:

So for the base we actually need another object of the type vmware.hv.ViewComposerDomainAdministratorBase, let’s create both

$spec=new-object  vmware.hv.viewcomposerdomainadministratorspec
$spec.base=new-object VMware.Hv.viewcomposerDomainAdministratorBase

The virtualCenterID is only available by doing a virtualcenter.virtualcenter_list() with a where on the results

$vcenter="pod2vcr1.loft.lab"
$vcenters = $services.virtualcenter.virtualcenter_list()
$vcenterid = ($vcenters.where{$_.serverSpec.serverName -eq $vcenter}).id
$spec.VirtualCenter = $vcenterid

see how I do the where? For this one it doesn’t really matter but doing it this way is muchos faster than using where-object

In the base the username and domain are strings so those are easy. For the password we need to have it encrypted in a certain way. Luckily I already used it in the vCenter adding post that I gave an update last week.

$spec.base.Username = "m_wouter"
$spec.Base.Domain = "loft.lab"
$cmpdomainadminpassword=read-host "Composer domain administrator password?" -assecurestring
$temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($cmpdomainadminpassword)
$PlaincmpdomainadminPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$cmpdomainadminencPassword = New-Object VMware.Hv.SecureString
$enc = [system.Text.Encoding]::UTF8
$cmpdomainadminencPassword.Utf8String = $enc.GetBytes($PlaincmpdomainadminPassword)
$spec.base.password=$cmpdomainadminencPassword

And we bring all of this together by creating the administrator

$services.ViewComposerDomainAdministrator.ViewComposerDomainAdministrator_Create($spec)

To match the post adding vCenter servers I have put all of this together in a nice script, you just need to connect to the connection server first

$hvServer = $global:DefaultHVServers[0]
$services=  $hvServer.ExtensionData

# Create required objects

$spec=new-object  vmware.hv.viewcomposerdomainadministratorspec
$spec.base=new-object VMware.Hv.viewcomposerDomainAdministratorBase
$spec.base.Username = "m_wouter"
$spec.Base.Domain = "loft.lab"
$vcenter="pod2vcr1.loft.lab"
$vcenters = $services.virtualcenter.virtualcenter_list()
$vcenterid = ($vcenters.where{$_.serverSpec.serverName -eq $vcenter}).id
$spec.VirtualCenter = $vcenterid
$cmpdomainadminpassword=read-host "Composer domain administrator password?" -assecurestring
$temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($cmpdomainadminpassword)
$PlaincmpdomainadminPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$cmpdomainadminencPassword = New-Object VMware.Hv.SecureString
$enc = [system.Text.Encoding]::UTF8
$cmpdomainadminencPassword.Utf8String = $enc.GetBytes($PlaincmpdomainadminPassword)
$spec.base.password=$cmpdomainadminencPassword




# This will create the View Composer Domain Admin
$services.ViewComposerDomainAdministrator.ViewComposerDomainAdministrator_Create($spec)

 

 

[Update 23-04-2020]Adding vCenter server to Horizon View using the api’s

  By , , ,

Update

I don’t know since what version but somewhere this script stopped working because VMware change some things. In 7.8 there was a change about the thumbprint algorithm to DER_BASE64_PEM so it might have started there. Another change is that in the sslcertthumbprint field they stopped using the thumbprint but actually add the entire certificate.

What is needed to fix this?

Replace:

$spec.CertificateOverride=($services.Certificate.Certificate_Validate($spec.serverspec)).thumbprint

with

$spec.CertificateOverride.SslCertThumbprint=($services.Certificate.Certificate_Validate($spec.serverspec)).certificate
$spec.CertificateOverride.sslCertThumbprintAlgorithm = "DER_BASE64_PEM"

and you should be good. I have already updated the version of the script below.

A big thank you to Mark Brookfield for asking me about this

/update

Yesterday Sean Massey (https://thevirtualhorizon.com/) asked me if it was possible to add a vCenter server + some other things to Horizon View using the api’s. With a quick look at the api explorer I confirmed this should be possible. The other things he asked I will put in a separate blogpost.

It looks like a simple matter of building the spec and I should be good. In the end it turned out to be a bit more work then expected. Some items are not required according to the api explorer but should at least be called in the spec (set them to something empty) while others can safely be left away. The automatic generated ssl certs in my lab also turned out to be a pita. First I copied them from a current spec and later I downloaded the certificate on the Connection server itself and read that cert. Andrew Morgan (http://andrewmorgan.ie/)from VMware helped me out with this by showing their internal script that they use. It turned out that except for the SSL certs I was on the right path. As usual I will add this functionality to the vmware.hv.helper but since that might take a while I decided to create a useful script

$hvServer = $global:DefaultHVServers[0]
$services=  $hvServer.ExtensionData

# Create required objects

$spec=new-object VMware.Hv.VirtualCenterSpec
$spec.serverspec=new-object vmware.hv.serverspec
$spec.viewComposerData=new-object VMware.Hv.virtualcenterViewComposerData

$spec.Certificateoverride=new-object vmware.hv.CertificateThumbprint
$spec.limits=new-object VMware.Hv.VirtualCenterConcurrentOperationLimits
$spec.storageAcceleratorData=new-object VMware.Hv.virtualcenterStorageAcceleratorData

# vCenter Server specs

$spec.ServerSpec.servername="pod2vcr1.loft.lab"        # Required, fqdn for the vCenter server
$spec.ServerSpec.port=443                                 # Required
$spec.ServerSpec.usessl=$true                             # Required
$spec.ServerSpec.username="administrator@vsphere.local"   # Required user@domain
$vcpassword=read-host "vCenter User password?" -assecurestring
$temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($vcPassword)
$PlainvcPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$vcencPassword = New-Object VMware.Hv.SecureString
$enc = [system.Text.Encoding]::UTF8
$vcencPassword.Utf8String = $enc.GetBytes($PlainvcPassword)
$spec.ServerSpec.password=$vcencPassword
$spec.ServerSpec.servertype="VIRTUAL_CENTER"

# Description & Displayname, neither is required to be set

#$spec.description="description"              # Not Required
#$spec.displayname="virtualcenterdisplayname" # Not Required
$spec.CertificateOverride=($services.Certificate.Certificate_Validate($spec.serverspec)).thumbprint
$spec.CertificateOverride.SslCertThumbprint=($services.Certificate.Certificate_Validate($spec.serverspec)).certificate
$spec.CertificateOverride.sslCertThumbprintAlgorithm = "DER_BASE64_PEM"


# Limits
# Only change when you want to change the default values. It is required to set these in the spec

$spec.limits.vcProvisioningLimit=20
$spec.Limits.VcPowerOperationsLimit=50
$spec.limits.ViewComposerProvisioningLimit=12
$spec.Limits.ViewComposerMaintenanceLimit=20
$spec.Limits.InstantCloneEngineProvisioningLimit=20

# Storage Accelerator data

$spec.StorageAcceleratorData.enabled=$false
#$spec.StorageAcceleratorData.DefaultCacheSizeMB=1024   # Not Required

# Cmposer
# most can be left empty but they need to be set otherwise you'll get a xml error

$spec.ViewComposerData.viewcomposertype="STANDALONE"  # DISABLED for none, LOCAL_TO_VC for installed with the vcenter and STANDALONE for s standalone composer


if ($spec.ViewComposerData.viewcomposertype -ne "DISABLED"){
    $spec.ViewComposerData.ServerSpec=new-object vmware.hv.serverspec
    $spec.ViewComposerData.CertificateOverride=new-object VMware.Hv.CertificateThumbprint
    $cmppassword=read-host "Composer user password?" -assecurestring
    $temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($cmpPassword)
    $PlaincmpPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
    $cmpencPassword = New-Object VMware.Hv.SecureString
    $enc = [system.Text.Encoding]::UTF8
    $cmpencPassword.Utf8String = $enc.GetBytes($PlaincmpPassword)
    $spec.ViewComposerData.ServerSpec.password=$cmpencPassword
    $spec.ViewComposerData.ServerSpec.servername="pod2cmp1.loft.lab"
    $spec.ViewComposerData.ServerSpec.port=18443
    $spec.ViewComposerData.ServerSpec.usessl=$true
    $spec.ViewComposerData.ServerSpec.username="m_wouter@loft.lab"
    $spec.ViewComposerData.ServerSpec.servertype="VIEW_COMPOSER"

    $spec.ViewComposerData.CertificateOverride=($services.Certificate.Certificate_Validate($spec.ViewComposerData.ServerSpec)).thumbprint
    $spec.ViewComposerData.CertificateOverride.sslCertThumbprint = ($services.Certificate.Certificate_Validate($spec.ViewComposerData.ServerSpec)).certificate
    $spec.ViewComposerData.CertificateOverride.sslCertThumbprintAlgorithm = "DER_BASE64_PEM"
}


# Disk reclamation, this is required to be set to either $false or $true
$spec.SeSparseReclamationEnabled=$false 

# This will create the connection
$services.VirtualCenter.VirtualCenter_Create($spec)

 

Looking at the output it will only ask for the vCenter user’s password and if a Composer server is set for that user’s password.

 

The VMware Labs flings monthly for March 2020

  By , , , , ,

We are living in some crazy times, we have been locked down here already for several weeks and in my area things are improving, just like my dad who is recovering from Corona. The virus didn’t stop the VMware engineers from working on flings though. This includes the new VMware Appliance for Folding@Home if you want to help in the battle against Corona or other illnesses. Other new releases are Workspace ONE Mobileconfig Importer and Unified Access Gateway Deployment Utility while the following received an update: vSphere Software Asset Management Tool, Desktop WatermarkvCenter Event Broker Appliance,, Ubuntu OVA for Horizon, Workspace ONE UEM SCIM Adapter, vSphere Mobile Client, Infrastructure Deployer for vCloud NFV and last but not least Horizon View Events Database Export Utility.

New Releases

[sta_anchor id=”foldingathomeappliance” /]

VMware Appliance for Folding@Home

I already spoiler the VMware Appliance for Folding@Home but this appliance gives you the opportunity to add your computer power in the search for a solution against Corona or other diseases.

This Fling is a vSphere Appliance that contains the Folding@Home client software. Upon deploying the VMware Appliance for Folding@Home, the user will be prompted to enter information to configure the Folding@Home software. Once the appliance is deployed, the Folding@Home client is running and ready for Working Units. The Fling is also pre-configured to allow remote management of the Folding@Home client. For more information on the Folding@Home Project and how we can be a Force for Good against diseases like the Coronavirus, visit the website www.foldingathome.org.

The Folding@Home Appliance is configured to automatically join Team VMware ID 52737. Everyone is welcome to join! Check out http://vmwa.re/fah for team and individual statistics.

[sta_anchor id=”wsoneconfigimporter” /]

Workspace ONE Mobileconfig Importer

The Workspace ONE mobileconfig Importer gives you the ability to import existing mobileconfig files directly into a Workspace ONE UEM environment as a Custom Settings profile, import app preference plist files in order to created managed preference profiles, and to create new Custom Settings profiles from scratch. When importing existing configuration profiles, the tool will attempt to separate each PayloadContent dictionary into a separate payload for the Workspace ONE profile.

[sta_anchor id=”uagdeployutil” /]

Unified Access Gateway Deployment Utility

In case the manual deployment is too much work or the PowerCLI based is too difficult engineers have now created Unified Access Gateway Deployment Utility for Mac or Windows to install the uag.

Unified Access Gateway (UAG) Deployment Utility assists the deployment of UAG appliances by running the utility on Windows or macOS machines. This utility provides better user interface, which is self explanatory about the next steps and better error handling through useful messages & tool tips which will make it easier for an admin to deploy single or multiple appliances.

Updated Flings

[sta_anchor id=”vsphereassetmgttool” /]

vSphere Software Asset Management Tool

Changelog

March 2020

  • Minor wording update to the generated software asset management report.

[sta_anchor id=”desktopwatermark” /]

Desktop Watermark

Changelog

v1.1 – Build 20200302-signed

  • Added a new attribute %DATETIME% to show hour and minute info on screen.

[sta_anchor id=”vceventbrokerappliance” /]

vCenter Event Broker Appliance

Changelog

Too damn much so better head over to William Lam’s blogpost.

[sta_anchor id=”horizonubuntuova” /]

Ubuntu OVA for Horizon

Changelog

v1.2

  • Special thanks to Robert Guske for testing & feedback
  • Support for Horizon 7.11 and later
  • Support for vSphere 6.7+
  • Updated OVA base image to Ubuntu 18.04.4 LTS
  • Updated Virtual Hardware to v14
  • Added option to configure static networking
  • Added support for USB 3.0 and USB Redirection (via linux-agent-installer.sh)
  • Added KDE Desktop Environment Option
  • Added Gnome Desktop Environment Option (recommended)
  • Developer Desktop Package option
  • Added Keyboard Layout Option
  • Added option to enable SSH
  • Removed runlevel 5 setting
  • Fixed MOTD prompt code
  • Disabled auto software updates
  • Removed greeter modifications to support SSO
  • Numerous improvements to script
  • Script renamed to ‘optimize.sh’

[sta_anchor id=”wsoneuemscimadapter” /]

Workspace ONE UEM SCIM Adapter

Changelog

20.03 Release Notes:
Please Note: If you have already setup WS1 SCIM Adapter, it is possible that moving to 20.03 will create new accounts. Please consider resetting Directory Services configuation for the OG you are connecting to.

New Features:

  • Windows 10 OOBE Enrollment now supported
  • Bitnami Node.js 12.16.1-0 now supported with embedded install
  • Various Enterprise and Custom SCIM Schema attributes now supported (see below table)

Bugs Fixed:

  • Resources with special characters in immutableId do not update

[sta_anchor id=”vspheremobclient” /]

vSphere Mobile Client

Changelog

Version 1.10.2

Improvements/Fixes

  • Better support for older devices
  • Fix some issues related to the back button
  • Fix for the annotation not defined issue

Version 1.10.1

  • Fixed “TypeError : Cannot read property of ‘annotation’ of undefined”
  • Errors causing white screen should now have more information about the cause

[sta_anchor id=”infradevfornfv” /]

Infrastructure Deployer for vCloud NFV

Changelog

Version 3.2.1 Update

  • Updated to new version
  • Replaced user guide the new version

[sta_anchor id=”horizoneventexportutil” /]

Horizon View Events Database Export Utility

Changelog

Version 2.2

Fixed the following issues:

  • Able to return data for All Pools
  • Able to return data on just user logon and logoff events
  • Both of these actions would cause a crash or error in previous versions

[HorizonAPI] Creating Entitlements

  By , , , , , ,

So last week I created a blog about gathering Horizon entitlements using the api’s. At the end I promised that my next blog post would be about creating entitlements and guess what: that’s this post 🙂

First a short explanation about what UserEntitlements actually are in Horizon. When you pull the entitlement info the base property has the needed information.

So in short an entitlement is a link between the userorgroup object id and a resource object id. The resource object can be: Application, Desktop, Global Application Entitlement, Global Desktop Entitlement and URLRedirection.

Let’s first grab the id’s that we need, I use 2 queries for that bur first I put the names of the group and the desktop in variables:

$groupname = "example_group"
$poolname = "pod01_pool01"

Than I create two objects called $group and $pool using queries.

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'ADUserOrGroupSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='base.name'; 'value' = "$groupname"}
$group= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'DesktopSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='desktopSummaryData.displayName'; 'value' = "$Poolname"}
$pool= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

Next we create the object to link them together.

$userentitlement= new-object VMware.Hv.UserEntitlementBase
$userentitlement.UserOrGroup = $group.id
$userentitlement.Resource = $pool.id

And we create the actual entitlement, since the output we get from this is the id of the entitlement object I store this in a variable to show you the entitlement in the next step.

and to show the entitlement

($hvservice.UserEntitlement.UserEntitlement_Get($newentitlement)).base

If you want to create entitlements for other resource you’ll need to use the either of the following to build your query:

Name Data object property to filter on
Application ApplicationInfo data.displayName
Desktop DesktopSummaryView DesktopSummaryData.displayName
Global Application Entitlement GlobalApplicationEntitlementInfo base.displayName
Global Desktop Entitlement GlobalEntitlementInfo base.displayName

There is no query for the URLRedirection so you’ll need to use URLRedirection.URLRedirection_List() to get the entire list and select the right one from that.

This is a complete example script that you could use to create a desktop entitlement:

Import-Module VMware.VimAutomation.HorizonView
Import-Module VMware.VimAutomation.Core

$cs = 'pod1cbr1.loft.lab'
$groupname = "example_group"
$poolname = "pod01_pool01"

$hvServer = Connect-HVServer -Server $cs 

$HVService= $hvServer1.ExtensionData

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'ADUserOrGroupSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='base.name'; 'value' = "$groupname"}
$group= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'DesktopSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='desktopSummaryData.displayName'; 'value' = "$Poolname"}
$pool= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

$userentitlement= new-object VMware.Hv.UserEntitlementBase
$userentitlement.UserOrGroup = $group.id
$userentitlement.Resource = $pool.id
$hvservice.UserEntitlement.UserEntitlement_Create($userentitlement)

[HorizonAPI] Pulling entitlement information using the api’s

  By , , , ,

Somehow I have never really blogged about using the Horizon api’s to gather entitlement data. These are actually stored in entitlement objects and we can find them using a query against either the EntitledUserOrGroupLocalSummaryView or EntitledUserOrGroupGlobalSummaryView objects. Let’s start with the local variety.

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EntitledUserOrGroupLocalSummaryView'
$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$queryService.QueryService_DeleteAll($HVservice)
$queryresults

So we have some property’s and the ID is the easiest one to use since it’s of the VMware.Hv.UserOrGroupId type that we can resolve using aduserorgroup.aduserorgroup_GetInfos(arrayofids)

$hvservice.ADUserOrGroup.ADUserOrGroup_GetInfos($queryResults.id)

and the name is visible using base.displayname

($hvservice.ADUserOrGroup.ADUserOrGroup_GetInfos($queryResults.id)).base.displayname

$

Yes that’s me making a typo, try to talk to me on Slack. I hardly type anything without typo’s. Back to the $queryresults because there’s an easier way to get the group or username because it’s listed under the base property.

$queryresults.base

or

So we now have the group or username now we need to find what they have been entitled to, this information is stored under localdata.

$queryresults.localdata

The Applications and Desktops properties contain the ids where the users have rights to so if we use Desktop.Desktop_GetSummaryViews or Application_GetSummaryViews we end up with the relevant data. I have opened the summarydata for both to make things more visible.

($hvservice.Desktop.Desktop_GetSummaryViews($queryResults.localdata.desktops)).desktopsummarydata
($hvservice.Application.Application_GetSummaryViews($queryResults.localdata.applications)).applicationsummarydata

To create a nice overview of this I have created a small script

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EntitledUserOrGroupLocalSummaryView'
$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$queryService.QueryService_DeleteAll($HVservice)
$entitlements=@()
foreach ($queryresult in $queryresults){
    $userorgroupname = $queryresult.base.displayname
    $group = $queryresult.base.group
    $desktops=@()
    if ($queryresult.localdata.desktops){
        foreach ($desktop in $queryresult.localdata.desktops){
            $desktops+=($hvservice.desktop.desktop_get($desktop)).base.name
        }
    }
    $applications=@()
    if ($queryresult.localdata.applications){
        foreach ($application in $queryresult.localdata.applications){
            $applications+=($hvservice.application.application_get($application)).data.name
        }
    }
    $entitlements+=New-Object PSObject -Property @{
        "Name" = $userorgroupname;
        "group" = $group;
        "desktops" = $desktops;
        "applications" = $applications;
    }
}
$entitlements | select-object Name,group,desktops,applications

as you can see user1 is the lucky SoB that I test everything on.

The difference with global entitlements is that the localdata property is replaced bij globaldata.

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EntitledUserOrGroupGlobalSummaryView'
$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$queryService.QueryService_DeleteAll($HVservice)
$queryresults

And the entitlements are named a bit different

$queryresults.globaldata

To rebuild the script for global entitlements it needed a bit of tinkering but here it is

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EntitledUserOrGroupGlobalSummaryView'
$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$queryService.QueryService_DeleteAll($HVservice)
$entitlements=@()
foreach ($queryresult in $queryresults){
    $userorgroupname = $queryresult.base.displayname
    $group = $queryresult.base.group
    $desktops=@()
    if ($queryresult.globaldata.GlobalEntitlements){
        foreach ($desktop in $queryresult.globaldata.GlobalEntitlements){
            $desktops+=($hvservice.GlobalEntitlement.GlobalEntitlement_Get($desktop)).base.displayname
        }
    }
    $applications=@()
    if ($queryresult.globaldata.GlobalApplicationEntitlements){
        foreach ($application in $queryresult.globaldata.GlobalApplicationEntitlements){
            $applications+=($hvservice.GlobalApplicationEntitlement.GlobalApplicationEntitlement_Get($application)).base.displayname
        }
    }
    $entitlements+=New-Object PSObject -Property @{
        "Name" = $userorgroupname;
        "group" = $group;
        "desktops" = $desktops;
        "applications" = $applications;
    }
}
$entitlements | select-object Name,group,desktops,applications

So here you have the ways to retrieve information about entitlements, locally and globally. Next post will be about creating entitlements.

The VMware Labs flings monthly for February 2020

  By , , , , , , ,

First of all my excuses for not posting more last month. It was a short but very busy month so I just couldn’t find the time for that. The people behind VMware flings have bee busy though with one new fling and seven updates ones. New is Pallas (for managing edge ESXi hosts) and the following received updates: Virtual Machine Compute Optimizer, USB Network Native Driver for ESXi, vSphere HTML5 Web Client, App Volumes Entitlement Sync, App Volumes Migration Utility, vRealize Build Tools, Power vRA Cloud.

New Releases

[sta_anchor id=”pallas” /]

pallas

Pallas helps an admin to manage edge ESXi hosts where it’s not possible to manage them using vCenter due to security reasons.

The goal of Pallas is to provide management ability for ESXi hosts that cannot be managed by vCenter due to firewall or network issues.

 

Case 1: You have several ESXi hosts which running in a private network, but you have requirement to management them in the public network.

 

Case 2: Your ESXi host don’t wire connections and must connected through WiFi or Mobile network. For example, you use ESXi running on the oil rig, train head and you want to remote manage the ESXi securely.

 

Case 3: In IOT world you have the virtualized Edge devices requirements (ESXi host on Edge Device) and need remote management the ESXi(like patch, create VM etc.)

 

This solution includes a dominate-agent VM to provide remote management ability on the ESXi. If the ESXi has no wire connection then a pluggable network device (USB WiFi card, 3G/4G/5G sim card or other device that can provide network access ability) is needed, the pluggable network device will be pass-through directly to the dominate-agent VM. A remote manager server that accept connections either in public cloud/hybrid or private datacenter.

 

The dominate agent VM will talk to ESXi through ESXi SDK for workload VM management. There is no direct connection between the workload vm and dominate agent by default.

 

The dominate agent VM will talk to Pallas Manger though MQTT protocol, it will not allow any inbound traffic.

 

Updated Flings

[sta_anchor id=”vmcompoptimizer” /]

Virtual Machine Compute Optimizer

Virtual Machine Compute Optimizer is a script that analyses vm’s and the hosts running them to see if they run in an optimized way. It does not look into the vm’s themselves, if that is needed vRealize Operations is recommended.

Changelog

Version 2.0.2

  • Modified Get-OptimalvCPU.ps1 to account for vCenters with no clusters
  • Modified Error Catches so they display the line number of the error

[sta_anchor id=”esxiusbnetdriver” /]

USB Network Native Driver for ESXi

The USB Network Native Driver for ESXi was specially made for homelabs that need USB ports for extra network connectivity.

Changelog

February 12, 2020 – v1.4

  • Add SuperMicro/Insyde Software Corp USB Devices in the supported list
  • Resolved 9K Jumbo frame issue on RTL8153 chipset devices
  • Resolved invalid speed reporting for some quick devices by using the default speed

ESXi670-VMKUSB-NIC-FLING-33242987-offline_bundle-15615590.zip
ESXi650-VMKUSB-NIC-FLING-33268102-offline_bundle-15620342.zip

[sta_anchor id=”html5webclient” /]

vSphere HTML5 Web Client

And the vSphere html5 client keeps improving and improving.

Changelog

Fling 5.0 – build 15670023

New Features

  • Code Capture new language: the recorded interaction can now be translated to Go.
  • PowerActions: integrating PowerCLI and the vSphere Client. The vSphere Client now provides the ability to execute PowerCLI commands and scripts, and store scripts in a library. Custom actions backed by PowerCLI scripts can be defined and executed on inventory objects.
  • PowerActions must be explicitly enabled on a vSphere Client Fling deployment. For setup instructions and a quick walkthrough, see the file PowerActions_documentation_Fling50.pdf .

Improvements

  • PowerActions: when executing a script from the context menu of an object, the context object is prepopulated, but the object selector control has to be expanded and collapsed in order for this to become visible.

Release Notes

  • The base operating system for the fling is changed to Photon OS.
    Upgrade from previous versions to 5.0 is not supported. A new appliance has to be deployed.

Server.bat Replaced, December 3

Fix a small error where ls.url was printed twice in the resulting webclient.properties which leads to errors when trying to login to the H5 web client.

[sta_anchor id=”appvolentsync” /]

App Volumes Entitlement Sync

The App Volumes Entitlement Sync helps the App Volumes admin in copying entitlements between various App Volumes environments like from test to production.

Changelog

Version 2.4

  • Fixed problem with sync button being disabled
  • Added check for App Volumes 2.x and App Volumes 4.x managers and will pop up message that they can’t be synced

[sta_anchor id=”appvolmigutil” /]

App Volumes Migration Utility

You might want to use the App Volumes Migration Utility if you are upgrading from App Volumes 2.* to App Volumes 4.

Changelog

Version 1.0.1

  • Fix for Migrated Appstack upload failure in AVM due to JSON parsing error.
  • Instructions doc updated to reflect the name change from “Upload Prepackaged Volume” to “Upload Template” in the AVM UI.

[sta_anchor id=”vrbuildtools” /]

vRealize Build Tools

vRealize Build Tools provides tools to development and release teams implementing solutions based on vRealize Automation (vRA) and vRealize Orchestrator (vRO). The solution targets Virtual Infrastructure Administrators and Solution Developers working in parallel on multiple vRealize-based projects who want to use standard DevOps practices.

Changelog

Version 2.4.18

  • Support vRA 8 support for blueprints, custom forms, subscriptions and flavor-mapping
  • vRO 8 support for existing content management and import
  • Support vRO 8 export of WFs in a folder structure derived from WF tags
  • Support for running WFs on vRO using maven command
  • Support persisting JS Actions IDs in source to allow for actions originating in vRO first to not create conflicts
  • TypeScript Projects (experimental) support improvements and bug fixes
  • General bugs fixing an documentation updates

[sta_anchor id=”powervracloud” /]

Power vRA Cloud

Power vRA Cloud makes the vRA API’s more accessible for people already used to PowerCLI or PowerShell.

Changelog

Version 1.1

  • Bug fixes and following new cmdlets
  • Add-vRA-Project-Administrator
  • Add-vRA-Project-Member
  • Get-vRA-DeploymentFilters
  • Get-vRA-DeploymentFilterTypes
  • Get-vRA-FabricNetworksFilter
  • Get-vRA-FabricImagesFilter
  • Remove-vRA-Project-Administrator
  • Remove-vRA-Project-Member
  • Update-vRA-Project-ZoneConfig