Category: Api

New Horizon API calls in PowerCLI 10.1.1

  By , , , ,

VMware quietly released a new version of PowerCLI last week: 10.1.1. This release is mainly an update for the Horizon View API’s. This to bring it back on level with the current Horizon release at 7.5. The release notes are not very extensive but it has a fix for some people getting time-outs when connecting to a Connection server  plus a bunch of new api calls.

I have dumped the output from the available api calls into two text files and made a comparison:

Since there’s no update yet in the API explorer I will have to make an educated guess on what the functions do:

DesktopTask

When looking at the available method’s for this call it looks like it has everything to do with Desktop task. But it also can’t do a damn thing without an vmware.hv.desktoptaskid. This will most probably bu retrievable using a query. This is something I will further investigate in the future.

DiagOperation

To be honest I have no idea yet what this one does. I have tried created a VMware.Hv.DiagOperationRequest and tried to send it but got an error that no message queue handler was found. This might be something from Horizon 7.5 since I haven’t updated my lab yet.

GatewayAccessUserOrGroup

This one is easy, it creates, deletes, gets and lists remote access users. You can expect a function for this in the near future since it looks easy to build.

JwtToken

According to my sources this is a SSO token between the flex and html5 clients.

LogonTiming

This obviously is created to pull logon timing as the name suggests. I have put a session ID in a variable but sadly the data is not usable from PowerCLI. WHat it seems to be is the api call the Helpdesk client uses to pull the logon time. I didn’t have the timing profiler turned on initially and neither the helpdesk tool or this call gave my any information. Disconnected sessions also don’t give any information and when reconnected it gives the reconnection time not the initial logontime for when the session started. This is the same behaviour as the helpdesk tool.

Apparently the output is in a json format and for now I doubt if it will be usable in a function.

While the session itself has this information.

NetworkProxyConfiguration

No idea yet why there is a networkproxy configuration in here.

Performance

This gets some performance data using a session id as also visible in the helpdesk tool.

RemoteApplication

Gives per session information on the Skype 4 Business pairing mode.

RemoteAssistantTicket

100% sure related to the remote assistance function in the helpdesk tool.

RemoteProcess

Looks like this one gets some information from a query and then kills the process, will have to dig into it some further later on. This for sure is a function in the helpdesk tool.

ViewClient

Again from the helpdesktool, this gives the client version of a session.

Conclusion

For now I only see the DesktopTask and GatewayAccessUserOrGroup ending up in a function in the vmware.hv.helper. The first one will need some digging on how it exactly works but it has the looks of a usable call. The latter on can be in there pretty fast if I find the time to do so. The other ones

 

Update

Already received some extra information about some calls.

New experimental functions for the vmware.hv.helper on github

  By , , , ,

While working on my presentation for the 2nd vEUCtechcon event in Utrecht (The Netherlands) on may 28th I have added a list of new functions to the vmware.hv.helper module. While I haven’t had the time yet to clean them up to be proper coded scripts I have decided to already publish them on Github. All of them work but might be missing a feature or two and almost all of them are get-hv* or new-hv* type functions. Since the presentation is all about building an environment I have decided to build the remove parts later on. You might have already seen some screenshots on twitter recently:

Added functions that are not in the official module yet:

  • register-hvvirtualcenter
  • set-hveventdatabase
  • set-hvlicense
  • get-hvlicense
  • new-hvinstantcloneadministrator
  • New-HVRole
  • Get-HVRole
  • Get-HVpermission
  • New-HVPermission
  • Get-HVVirtualcenter
  • Get-HVInstantCloneAdministrator
  • Get-HVPod
  • Set-HVPod
  • Get-HVHomeSite
  • New-HVHomeSite

 

Registering an Instantclone administrator using PowerCLI

  By , , ,

Another question Sean Massey asked me if it is possible to register an instant clone domain administrator. This is possible using the instantcloneenginedomainadministrator service with the InstantCloneEngineDomainAdministrator_create method. This needs a spec with the following content:

  • spec (vmware.hv.InstantCloneEngineDomainAdministratorSpec)
    • base (vmware.hv.InstantCloneEngineDomainAdministratorBase)
      • username (string)
      • domain (domainid)
      • password(vmware.hv.securestring)

The password can be created using the same scriptlet I used to register a new vCenter server. The domain ID can actually be gotten by listing all domains using

$services1.ADDomain.addomain_list()

For now I have created a scripts that requires you to give some details so it can register the instant clone domain administrator. It can also be found on Github but I will also definitively add it to the vmware.hv.helper module.

$icausername=read-host "What username to use for instantclone administrator?"
$icadomain=read-host "please give the dns name for the domain to user (i.e. domain.com)"
$icapassword=read-host "vCenter User password?" -assecurestring
$temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($icaPassword)
$PlainicaPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$icadminPassword = New-Object VMware.Hv.SecureString
$enc = [system.Text.Encoding]::UTF8
$icadminPassword.Utf8String = $enc.GetBytes($PlainicaPassword)
$spec=new-object vmware.hv.InstantCloneEngineDomainAdministratorSpec
$spec.base=new-object vmware.hv.InstantCloneEngineDomainAdministratorBase
$spec.base.domain=(($services1.ADDomain.addomain_list() | where {$_.DnsName -eq $icadomain} | select-object -first 1).id)
$spec.base.username=$icausername
$spec.base.password=$icadminpassword
$services1.InstantCloneEngineDomainAdministrator.InstantCloneEngineDomainAdministrator_Create($spec)

Pulling horizon session information using PowerCLI

  By , , ,

I should’ve already posted a blog about this but better late then never. At the end of february I posted about several new functions being added to the vmware.hv.helper and two out of three where about pulling session information. Recently I received some questions about using those since it’s the raw data being returned. For my Dutch vmug presentation I used several gif’s that showed what you can do with that data. I might need to update the cmdlets so all information will be shown at once but that’s for another time since it might slow down the cmdlet a lot and I don’t like that.

Usage

Since get-hvglobalsession and get-hvlocalsession show almost similar data I will only show the latter one.

get-hvglocalsession

As you see this only shows the methods contained inside the session. We can show the content by pipelining it to  select-object -expandproperty but I prefer the bracket method since these might go several layers deep.

(get-hvlocalsession).namesdata

Some of the returned values are logical like the username, machineorrdsservername. The desktop name though is the actual desktop pool the user is connected to. Desktoptype can be Automated, Manual or RDS depending on the type of desktop and Desktopsource can be Virtual_Center (VM’s hosted on vCenter but not managed by Horizon or Full Clone desktops), View_Composer(when using Linked Clones), Instant_Clone_engine (when using Instant Clones), Unmanaged (physical machines, non-vCenter vm’s) or RDS (Terminal Servers). Farmname will be used when it’s an RDS session. The Securitygateway will show the Connection Server the user connected to or the UAG/Security server used.

the same can be done with referencedata and sessiondata

(get-hvlocalsession).referencedata
(get-hvlocalsession).sessiondata

Not a lot of directly usefull information but a bunch of id’s that you might be able to use with the api’s if needed.

A lot of information about the session itself.

The actual code

The get-hvglobalsession actually is a query repeated for all pods. First it connects to the query service and then creates a query to run against each pod and add that to a sessionlist.

$query_service_helper = New-Object VMware.Hv.GlobalSessionQueryServiceService
$query=new-object vmware.hv.GlobalSessionQueryServiceQuerySpec

$SessionList = @()
foreach ($pod in $services.Pod.Pod_List()) {
  $query.pod=$pod.id
  $queryResults = $query_service_helper.GlobalSessionQueryService_QueryWithSpec($services, $query)
  $GetNext = $false
  do {
    if ($GetNext) { $queryResults = $query_service_helper.GlobalSessionQueryService_GetNext($services, $queryResults.id) }
    $SessionList += $queryResults.results
    $GetNext = $true
  } while ($queryResults.remainingCount -gt 0)
    $query_service_helper.GlobalSessionQueryService_Delete($services, $queryresults.id)

}
return $sessionlist
}

The get-hvlocalsession is almost the same, it just doesn’t need to foreach since it doesn’t have multiple pods to query.

 $query_service_helper = New-Object VMware.Hv.QueryServiceService
  $query = New-Object VMware.Hv.QueryDefinition

  $query.queryEntityType = 'SessionLocalSummaryView'
  $SessionList = @()
  $GetNext = $false
  $queryResults = $query_service_helper.QueryService_Create($services, $query)
  do {
    if ($GetNext) { $queryResults = $query_service_helper.QueryService_GetNext($services, $queryResults.id) }
    $SessionList += $queryResults.results
    $GetNext = $true
  } 
  while ($queryResults.remainingCount -gt 0)
    $query_service_helper.QueryService_Delete($services, $queryResults.id)
  

  return $sessionlist
  [System.gc]::collect()
}

In both there is a do while because otherwise it will run into some restrictions about maximum amount of data to return.

Managing Pods in a Horizon View Cloud Pod Environment using PowerCLI & Api’s

  By , , ,

After Pod Federations and Sites it is time to manage the actual pods. Let’s take a look at what we can do.

$services1.pod | gm

Looks like a short post to me since there’s onl Get, List and Update

[sta_anchor id=”get” unsan=”Get” /]

Pod_Get

Just like with site’s the get can be used in conjunction with a podid that might be gotten from somewhere else

$services1.pod.pod_get((($services1.site.site_list()).pods | select -first 1))

This selects the first podid listed when pulling all the pods from all sites and gets the information about that pod. We’ll see the same information when doing a list but just with all pod’s listed.

[sta_anchor id=”list” unsan=”List” /]

Pod_List

$services1.pod.pod_list()

Those endpoints are the connection servers in the pod. Let’s take a short detour and get the listing for one of those (the podendpoint service only has list and get so you will not see them separately anyway).

$services1.PodEndpoint.PodEndpoint_Get((($services1.pod.pod_list() | select -first 1).endpoints | select -first 1))

It might look lazy to use the select -first one and yes it is a bit but doing  a foreach to explain things also doesn’t really work in my opinion.

[sta_anchor id=”update” unsan=”Update” /]

Pod_Update

Standard by now, first we need to connect to the podservice.

$podservice=new-object vmware.hv.podservice
$podhelper=$podservice.read($services1, ($services1.pod.pod_list() | select -first 1).id)

Under $podhelper we can already see how to set things.

$podhelper | gm

Let’s update  the easy things.

$podhelper.setdescription("This is a new description")
$podhelper.setDisplayName("This is a new name")
$podservice.update($services1, $podhelper)
$services1.pod.pod_list()

As a result we have updated the name and description of the pod. The other thing we can do is assign the pod to another site. Thankfully I already have two of those created.

$services1.site.site_list()
$siteid=$services1.site.site_list() | select -first 1

$podhelper.setsite($siteid.id)
$podservice.update($services1, $podhelper)
($services1.pod.pod_list()).site
$services1.site.site_list()

Both the lists aren’t required but I added them to show that the pods are spread over both pods now.

 

Creating and managing Sites in a Horizon View Cloud Pod Environment using PowerCLI & Api’s

  By , , ,

Intro

Like I said in my previous post about Pod Federations this is a separate post that will show how to handle Sites within a Pod Federation. There are only a couple of API calls that do not include assigning a pod to a site. This is done trough the podservice which I will post about in a next blog post.

Let’s take a look at the site service to see what it actually has in api call’s

$services1.site | gm

So we have Site_create, Site_delete, site_get, site_list and site_update. To Make it myself easy I will use the order of List, create, get, update and delete.

[sta_anchor id=”list” /]

Site_list

With site_list a list of all available site’s will be created, currently I have only one so let’s show that one.

$services1.site.site_list()

Note a lot of information is shown so let’s take a look at the contents of base and pods.

($services1.site.site_list()).base

($services1.site.site_list()).pods

so again not a lot of information since it only contains a name, description and the pod id’s of the member pods.

[sta_anchor id=”create” /]

Site_Create

Since we already saw in the methods under the siteservice that the create needs a bit more information then just a name let’s take a look again at what is required.

$services1.site.site_create

An object is needed of the type vmware.hv.sitebase, we will need to take a look in the API explorer to see what this object should contain. Under Site_create we can click on sitebase.

The sitebase object has 2 properties of which only DisplayName is required. I have tried various ways to keep the description empty but haven’t succeeded so far and with it it the create also doesn’t work so how optional is it?

Let’s create the sitebase object

$sitebase=new-object vmware.hv.sitebase
$sitebase.displayname="blogpostdemosite"
$sitebase.description="This is a blog demo site"
$sitebase

The $sitebase is not required but shows what the object contains. Now we have enough to create the new site.

$services1.site.site_create($sitebase)

[sta_anchor id=”get” /]

Site_Get

In the overview we have seen that a site_get needs a bit more information.

$services1.site.site_get

We already know how to get this site id by using site_list, normally you would only use the site_get with an id received from another service like the pod service. For the example I will use the demo site I create in the site_create part of this post.

First I will need to get the siteid

$demosite=$services1.site.site_list() | where-object {$_.base.displayname -like "*blogpostdemosite*"}

And now we need to apply that to the site_get

$services1.site.site_get($demosite.id)

[sta_anchor id=”update” /]

Site_Update

As said before for an update method it is better to use the helper service for that service.

$siteservice=new-object vmware.hv.siteservice

now what method’s do we see?

$siteservice | gm

To see the difference between the sitebasehelper and siteinfohelper I will create both objects.

$siteinfohelper=$siteservice.read($services1, $demosite.id)
$sitebasehelper=$siteservice.read($services1, $demosite.id)

Now let’s compare them.

$sitebasehelper | gm
$siteinfohelper | gm

 

This is again one of those wtf moments, they both do exactly the same! I will use the sitebasehelper for now will update both the Displayname and description. For this I will need to use the getbasehelper 1 step deeper

$sitebasehelper.getbasehelper() | gm

$sitebasehelper.getbasehelper().setDisplayname("thissitecanberemoved")
$sitebasehelper.getbasehelper().setDescription("yes it can really be removed")

and apply the update, since neither will generate a response I won’t put any screenshots in.

$siteservice.update($services1, $sitebasehelper)

Now let’s see the result for a site_get for this site now

[sta_anchor id=”delete” /]

Site_Delete

We can take a look at it but to delete a site we only need the siteid so let’s remove that site we gave an update.

$services1.site.Site_Delete($demosite.id)

again no visual feedback but if we do a sitelist there’s only one left.

 

 

Initiating and managing the Podfederation in a Horizon Cloud Pod Architecture using PowerCLI & API’s

  By , , ,

One of the new cmdlets for the vmware.hv.helper that I am currently working on is initiating the Cloud Pod Architecture (CPA) and more actions related to this. This blog post will show the basics about initiating, and joining a CPA using the API’s. Doing things with site’s within the CPA will be covered in a later blogpost.

If we look at the services available in the Horizon API’s you’ll see that podfederation is one of them, let’s take a look at that and what method’s are available.

$services1.PodFederation | gm

So we can Eject, Get, Initialize, Join, Unintialize, Unjoin and update a podfederation. If we look at the brackets behind the methods than (un)initializing and unjoin don’t need any extra info so let’s get ahead and initialize the podfederation. To show you there’s nothing there yet I made a screenshot of the admin interface.

[sta_anchor id=”initialize” /]

Initialize the podfederation

Now to initiate the podfederation

$services1.PodFederation.PodFederation_Initialize()

And if you are quick enough in switching to the admin interface will also still show it initializing

[sta_anchor id=”get” /]

Get information about the federation

With podfederation_get() we can grab the configuration information.

$services1.PodFederation.PodFederation_Get()
($services1.PodFederation.PodFederation_Get()).data
($services1.PodFederation.PodFederation_Get()).localpodstatus
($services1.PodFederation.PodFederation_Get()).localpodstatus.LocalConnectionServerStatuses

Not a lot of information but there isn’t a lot more anyway in the podfederation itself.

[sta_anchor id=”join” /]

Join a federation

I have another pod that I want to join to this federation since we’ve already seen that this needs some more input let’s check what it exactly needs.

$Services1.PodFederation.PodFederation_join

So we need a remotepod address, presumable one of the connection servers in that pod will be enough, a username where domain\username will do just like in the admin console and a password of the type vmware.hv.securestring. The last one was new for me but thankfully it was described in one of the examples in the api explorer (https://code.vmware.com/apis/75/view and click on Data Object Types).

$vcPassword = New-Object VMware.Hv.SecureString
$enc = [system.Text.Encoding]::UTF8
$vcPassword.Utf8String = $enc.GetBytes('passwd')

With this it’s easy to add the local pod to the podfederation

$Services1.PodFederation.PodFederation_join("connectionserver","domain\username",$svcpassword)

And again if you are fast enough this is also visible in the admin console

And now a get will also show that it has been enabled

[sta_anchor id=”unjoin” /]

Unjoining a Podfederation

If you are braking down a pod because of whatever reason the best way to do this is to unjoin the pod from the federation. As we saw before there’s no extra information need so you just need to connect to a connection server in that pod and do an unjoin.

$services1.PodFederation.PodFederation_Unjoin()

this is really fast so over several tries I did not succeed in making a screenshot of the admin console.

[sta_anchor id=”eject” unsan=”Eject” /]

Ejecting a pod

This is the only podfederation function not available through the admin console as far as I could see. Ejecting a pod for is for me a last option if a datacenter burned down, everything is gone and you want to get rid of the pod. I did it in my lab against an alive pod and had to uninitialize the (now unlinked) podfederation from that pod to be able to rejoin it to the correct pod. This method also requires some input so let’s see what that is.

$services1.PodFederation.PodFederation_Eject

So we need the podid of the pod to eject, this information can be get trough the pod service

$services1.pod.Pod_List()

I want to eject the pod from pod2cbr1

$pod=$services1.pod.Pod_List() | where {$_.displayname -like "*pod2cbr1*"}

and with $pod I can check if I have the correct one

So let’s serve the eviction notice to the pod.

 $services1.PodFederation.PodFederation_Eject($pod.id)

No feedback, nothing but if we check the pod list it’s gone.

I will show how to remove the remnants in the uninitialize chapter.

[sta_anchor id=”update” /]

Updating a Pod Federation

This one sounds bigger then it is since there’s only one thing that we can update in a federation. To do this it is better to use the helper service then to use the podfederation_update method since that can get complicated very fast sometimes. To use the helper service we will need to create some variables first

$podservice=new-object vmware.hv.podfederationservice
$podservicehelper=$podservice.read($services1)

and when we do a get method on it

After some trial and error I know we need to getdatahelper method to continue

This only show the updates that are currently in the queue to be applied with a get method it’s possible to see what can be set.

$podservicehelper.getDatahelper() | gm

What we need to look for is a set so the only options here are setdisplayname that needs a string value and setupdates that needs a load of information and that probably might also be a way to do it but I will use the setdisplayname.

$podservicehelper.getDatahelper().setdisplayname("Whatever name you like")

This will give no feedback and nothing will be changed yet, what needs to be done is to apply this update in the helper service to the service.

$podservice.update($services1, $podservicehelper)

and if you now do a get on the podfederation it will show the changed name.

[sta_anchor id=”Unintialize” /]

Uninitializing a Podfederation

To show the pod uninitialization step I will use the pod that I have ejected from the podfederation pod2cbr1. It is clear that it is a bit wonky if we look at the pod list from that connection server.

So it knows about the pod federation but doesn’t see itself in it anymore.

$services1.PodFederation.PodFederation_Uninitialize()

This is again a fast one so I couldn’t get it visible in the admin console but when checking the data from a get it shows it has been disabled.

Looking from the other pod it still shows the Podfederation as enabled.

No github scripts this time since I will be adding this functionality into the vmware.hv.helper module.

New vmware.hv.helper cmdlets (also looking for ideas!)

  By , , ,

It’s already a couple of weeks ago that the pull request was merged but I managed to build a couple of new functions for the vmware.hv.helper module. Besides these I am also always looking for new functions to add and since I keep forgetting them I create a project on my own fork of the PowerCLI-Example-Scripts. That can be found here: https://github.com/Magneet/PowerCLI-Example-Scripts/projects/1 so if you have any requests or good ideas for functions please send them my way or add them yourself off course 🙂

This was recently done after my pr’s or is still open to be merged:

New functions

  • reset-hvmachine
    • Resets machines
  • get-hvlocalsession
    • Gets all sessions for the local pod
  • get-hvglobalsession
    • Gets all global sessions + the sessions directly to the local pod

Changed functions

  • get-hventitlement
    • had some issues with groups
  • add-hvdesktop & add-hvrdsserver
    • removed the displaying of the vcentervm id that was added to the pool
      • PR done, not yet merged!

Removed Functions

  • get-hvpodsession
    • this only got a sessioncount so hardly any usefull data

Multi vlan Network for Horizon View using PowerCLI & API’s

  By , ,

One of the things I wanted to do for a while is to write an API version on how to use multiple dvSwitch portgroups with Horizon View linked clones. With instant clones there’s a gui way to select multiple portgroups but for instant clones the only was to do this was to use the View PowerCLI. This gets installed with the connection server and can only be used from there. What you do is create a file, edit and apply it. Johan has described this process very well on his blog. I decided there had to be a way to do this as well with ‘regular’ PowerCLI & the api’s.

The api explorer shows a property named networklabel for both desktop pools and rds farms. This entry showed me what data I needed to configure. I spent most of my time in gathering all the data for this. As you can see in the script I had to dig rather deep to get all information like hostorclusterid and snapshotid. This information then needs to be put into an object called nics.

The script I made is a working prove of concept and doesn’t contain logic about what portgroups to apply. It just grabs all portgroups that comply with a simple filter. It then grabs the id’s for those and configures them to use for the pool. The script grabs information using the snapshotid but in my testing it’s 100% safe to change snapshots or golden images after that, is just uses that information to know where to configure things.

Something I found during testing is that the maximum amount of labels is respected and spread over all port groups as long as there are labels available. If the system runs out of labels it will continue using only the last configured label! I have tested this on View 6.2 and 7.3.2 with vSphere 6.5 on both methods of configuring the portgroups.

This is the script, it asks for some required information at first. This way you don’t have to put a password in plain text in the script. You can see I have the maxlabeltype and enabled properties pre-configured as LIMITED and $true. If the maxlabeltype is UNLIMITED the composer would stop using any other labels configured after that one and if enabled would be $false that label wouldn’t be used at all..

#-------------------------------------------------
# Linked Clone Configure multiple vlan's
# This script is created to allow a Linked Clone
# Desktop pool to use multiple vlan's
#
# In the past only the 'old' View PowerCLI on the Connection
# broker could be used to accomplish this. Now it's possible 
# from any system running PowerCLI 6.5 or above.
#
# This version replaces all current settings!
# 
# Requires PowerCLI 6.5 or higher
#
# Feel free to use or alter in anyway but please remember the original creator :)
#
# Version 1.0
# 16-01-2018
# Created by: Wouter Kursten
# https://www.retouw.nl
# Twitter @Magneet_NL
#-------------------------------------------------

$hvservername=Read-host "Which Connection broker do you want to connect to?"
$domain=read-host "Please enter your active directory domain?"
$username=Read-host "Please enter your useraccount"
$password=Read-host -assecurestring "Please enter your password"
$poolname=read-host "What pool to configure?"
$labelfilter=Read-host "What portgroups do you wnat to configure (use * as wildcard i.e. DVVDI*)"
$maxlabels=read-host "How many labels to configure per portgroup?"

#Connect to View Connection broker
Import-module vmware.hv.helper
write-host "Connecting to the connection broker" -ForegroundColor Green
try {
	$hvserver1=connect-hvserver $hvservername -domain $domain -username $username -password $password -WarningAction silentlyContinue -erroraction stop
	$Services1= $hvServer1.ExtensionData
}
catch {
	Write-host "Can't connect to the Connection server please check the credentials." -ForegroundColor Red
	exit
}
$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'DesktopSummaryView'
$defn.filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='desktopSummaryData.name'; 'value' = $poolname}
try     {
        $poolid=($queryService.queryservice_create($Services1, $defn)).results
        }
catch   { 
        throw "Can't find $poolname, exiting" 
        }

$pool=$Services1.Desktop.desktop_get($poolid.id)
$networklabelsall=$services1.networklabel.NetworkLabel_ListByHostOrCluster($pool.AutomatedDesktopData.VirtualCenterProvisioningSettings.VirtualCenterProvisioningData.hostorcluster)
$networklabels=$networklabelsall | where-object {$_.data.name -like $labelfilter}
$NetworkInterfaceCard=$services1.NetworkInterfaceCard.NetworkInterfaceCard_ListBySnapshot($pool.AutomatedDesktopData.VirtualCenterProvisioningSettings.VirtualCenterProvisioningData.snapshot)
$NetworkInterfaceCardSettings=new-object vmware.hv.desktopNetworkInterfaceCardSettings
$NetworkInterfaceCardSettings.nic=$NetworkInterfaceCard.id
$networkLabelAssignmentSpecs=@()

foreach ($networklabel in $networklabels){
    $NetworkLabelAssignmentSpec=new-object VMware.Hv.desktopNetworkLabelAssignmentSpec
    $NetworkLabelAssignmentSpec.enabled=$True
    $NetworkLabelAssignmentSpec.networklabel=$networklabel.id
    $NetworkLabelAssignmentSpec.maxlabeltype="LIMITED"
    $NetworkLabelAssignmentSpec.MaxLabel=$maxlabels
    $networkLabelAssignmentSpecs+=$networkLabelAssignmentSpec
    }
$NetworkInterfaceCardSettings.networkLabelAssignmentSpecs=$networkLabelAssignmentSpecs

$VirtualCenterNetworkingSettings=@()
$VirtualCenterNetworkingSettings=new-object vmware.hv.DesktopVirtualCenterNetworkingSettings
$VirtualCenterNetworkingSettings.nics+=$NetworkInterfaceCardSettings

$desktopService = New-Object VMware.Hv.DesktopService
$desktopInfoHelper = $desktopService.read($services1, $Pool.Id)
$desktopinfohelper.getAutomatedDesktopDataHelper().getVirtualCenterProvisioningSettingsHelper().setVirtualCenterNetworkingSettingsHelper($VirtualCenterNetworkingSettings)
$desktopservice.update($services1, $desktopInfoHelper)

I used a lot of variables and arrays with the names as they are pulled from the data, that explains their long names. Afterwards it doesn’t give any feedback. For this I created a separate script so you can separately check what is configured before or after you change the configuration:

#-------------------------------------------------
# Linked Clone get vlan configuration
# This script is created to check if a linked clone pool 
# has any configured vlan/portgroup configuration
#
# Requires PowerCLI 6.5 or higher 
#
# Feel free to use or alter in anyway but please remember the original creator :)
#
# Version 1.0
# 16-01-2018
# Created by: Wouter Kursten
# https://www.retouw.nl
# Twitter @Magneet_NL
#-------------------------------------------------

#region variables
$hvservername=Read-host "Which Connection broker do you want to connect to?"
$domain=read-host "Please enter your active directory domain?"
$username=Read-host "Please enter your useraccount"
$password=Read-host -assecurestring "Please enter your password"
$poolname=read-host "What pool to check?"

#endregion

#region Connect to View Connection broker
Import-module vmware.hv.helper
write-host "Connecting to the connection broker" -ForegroundColor Green
try{
    $hvserver1=connect-hvserver $hvservername -domain $domain -username $username -password $password -WarningAction silentlyContinue -erroraction stop
    $Services1= $hvServer1.ExtensionData
}
catch{
    Write-host "Can't connect to the Connection server please check the credentials." -ForegroundColor Red
    exit
}
    
#endregion

#regio gather and display data
$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'DesktopSummaryView'
$defn.filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='desktopSummaryData.name'; 'value' = $poolname}
try     {
        $poolid=($queryService.queryservice_create($Services1, $defn)).results
        }
catch   { 
        throw "Can't find $poolname, exiting" 
        }

$pool=$Services1.Desktop.desktop_get($poolid.id)
$labels=($pool.automateddesktopdata.virtualcenterprovisioningsettings.VirtualCenterNetworkingSettings.nics).NetworkLabelAssignmentSpecs
if (!$labels){
    write-output "No configured portgroup(s) or $poolname not found."
}
else{
    $output=@()
    foreach ($label in $labels){
        $output+= New-Object PSObject -Property @{
            "Labelname" = get-hvinternalname $label.networklabel;
            "Enabled" = $label.Enabled;
            "Labeltype" = $label.maxlabeltype;
            "Max_labelcount" = $label.maxlabel;
        }
    }
$output | select-object Labelname,Labeltype,Max_labelcount,enabled
}

And the result:

In the end the script looks and is way more complex than the ‘old’ way to assign multiple vlans. On the other hand it is way more flexible to use in any scripting you are already using for the automation of your Horizon environment.

As always both scripts can be found on Github here and here.

Finding Horizon View local entitlements using PowerCLI

  By , ,

Intro

In a previous post i mentioned that finding the entitlements for a user from the Horizon side of things can be a bit of a hassle. If only active directory groups are used its dead easy: just use the Active directory commands for those groups. If the groups are used for multiple pools and if you have assigned desktops things get a bit more complicated. For now I will only concentrate on the local pod without global entitlements.

getting that info

To get started the vmware.hv.helper module has the get-hventitlement command. As almost always a very useful one but it has some flaws. First it requires full domainname\username or username@fulldomainname.

For example

get-hventitlement -user magneet.lab\user1

or

get-hventitlement -user user1@magneet.lab

Both work but

get-hventitlement -user magneet\user1

gives this message: Get-HVEntitlement: No entitlements found with given search parameters.

At least

get-hventitlement -user user1

If you add the -type group to this command you get all group entitlements

gives an error message that the -user argument does not match the “^.+?[@\\].+?$” pattern. With this last one you at least get an error so you know where to look but not displaying any entitlements is an issue for me.

So, back to the results of these commands, I have assigned the user user1 the following rights

  • Pool04 directly and by using a group
  • directly on a single desktop in pool04.
  • Pool01 only by group.
  • Paint rds app by group
  • Calculator rds app direct
  • Wordpad rds app by both group & directly

When using the get-hventitlement without anything else it doesn’t seem to show a lot of usable things

get-hventitlement -user user1@magneet.lab

If you put this between brackets followed by a period and one of the properties a bit more info is shown.

(get-hventitlement -user user1@magneet.lab).base

Some information about the user, not very usable the session data property gives some information about current sessions (none at the moment)

With the localdata property it looks like we hit the motherload jackpot thingy

(get-hventitlement -user user1@magneet.lab).localdata

Very good, a lot of id’s so what can we do with those? For now I will put this into $entitledids.

$entitledids=(get-hventitlement -user user1@magneet.lab).localdata

I read something about get-hvinternalname when checking out the module, sounds usable.

get-help get-hvinternalname -examples

Ah, so this needs an entityid as input, a machine is an entity so let’s try it. This might need a foreach though because the output gave machines and not machine.

foreach ($Entityid in ($entitledids.machines)){get-hvinternalname $Entityid}

Damn, that’s not usable, let’s double-check with the other id types

foreach ($Entityid in ($entitledids.desktops)){get-hvinternalname $entityid}
foreach ($Entityid in ($entitledids.desktopuserentitlements)){get-hvinternalname $entityid}
foreach ($Entityid in ($entitledids.aplicationuserentitlements)){get-hvinternalname $entityid}
foreach ($Entityid in ($entitledids.applications)){get-hvinternalname $entityid}

The ones we need are readable, couple of them not but I don’t those will be missed.

The missing machine name is actually easy to solve by doing an api call:

foreach ($Entityid in ($entitledids.machines)){($services1.machine.machine_Get($Entityid)).base}

Conclusion

Because this is rather easy to use and since I didn’t have a direct use case for that I decided not to create a complete script. With get-hventitlement, get-hvinternalname and maybe an api call here or there it’s very easy to pull the information about which account or groups have what rights. To see if a user belongs to a group can easily be done with any of the multitude of scripts for that here’s a good example of those.