The VMware Labs flings monthly for September 2018

September flew past for me like a whirlwind. So much new things that I learned so here’s my monthly overview of all the new and updated VMware flings. There are three new ones with the DRS Dump Insight H5 PluginWorkspace One Configuration Tool for provisioning and the Horizon Session Recording. Four have received updates: ESXi Compatibility Checker, HCIBench, vRealize Operations REST Notifications and but not least the SDDC Certificate tool. It’s also one of the few months where the HTML5 Client didn’t get an update.

New

Horizon Session Recording

The Horizon Session Recording fling gives Horizon View administrators a way to record and save their users activity.

VMware Horizon Session Recording allows administrators of a VMware Horizon environment record their users activity in their Blast Extreme virtual desktop and application sessions.

With Session Recording, the administrator can choose to record local or remote sessions, to a central recording Server where the administrator can watch the recordings back via a HTML 5 web console integrated into the server.

The Session Recordings are stored as MP4 files for watching via the web console or downloading to play in a local player.

The VMware Horizon Session Recording Fling comprises of two components:

  • A Central Recording Repository + Web Front End
  • The Agent to be installed in the virtual desktop or RDSH host template which facilitates the recording.

Today VMware Horizon Session Recording supports Windows Server 2016 as the Central Server along with Windows 7, 10, Server 2012 and Server 2016 on the agent.

DRS Dump Insight H5 Plugin

If you like the the older DRS Dump Insight fling you will like the DRS Dump Insight H5 Plugin even more. No need anymore for pulling the data yourself, with the Plugin it will be available directly.

The DRS Dump Insight H5 Plugin helps answer simple questions like

  • “Can I get all the recommendations made by DRS?”
  • “Why did DRS make a certain recommendation?”
  • “Why is DRS not making any recommendations to balance my cluster?”
  • “How is my custom affinity/anti-affinity rule affecting load balancing in my cluster?”
  • “If I have a policy defined in my cluster, how different would DRS load balancing be?”

When diagnosing Distributed Resource Scheduler (DRS) cluster issues in vSphere, we look at vCenter server logs from the support bundle, including DrmDump files to find any clues. Analyzing DrmDumps is a slow and tedious process, is usually done by VMware support or Engineering teams for advanced debugging of algorithm related issues. This is because analyzing the dumps requires building a replayer module, for which one needs access to the source code. Another challenge is that the final DrmDump data is not in plain text format; it requires someone with an understanding of the source code to be able to make good sense of it.

There is an existing DRS Dump Insight fling, which can replay DrmDumps and provide useful information for debugging. However, Dump Insight requires users to manually upload relevant DrmDump files from the time when the issue occurred. With the DRS Dump Insight H5 Plugin, customers do not need to upload any DrmDump files, and can access all the anal yzed information from their vSphere HTML5 web client itself.

  • Once a customer installs the HTML5 plugin, a new DRS Dump Insight tab will be available under the “cluster -> monitor” view.
  • All the DrmDump files that are available for the given cluster are listed in the opening screen. Customers can select the dump file of their choice for analysis.
  • They can also select multiple dump files to be analyzed together.
  • After analysis, the tool shows the analysis for each dump file in a separate tab view.

Workspace ONE Configuration Tool for Provisioning

The Workspace ONE Configuration Tool for Provisioning fling is created for the Workspace One provisioning in the Dell factory.

The Workspace ONE Configuration Tool helps you build special-purpose unattend.xml configuration files to be applied in the Dell factory as part of Factory Provisioning. This helps to domain join (domain, workgroup, AAD, AAD Premium) and enroll devices automatically on first-boot. This simplifies the creation of the unattend.xml configuration file for Windows 10.

Features

  • It’s a stand-alone .exe app that helps IT administrators configure general and Out-of-the-Box Experience Windows setups to automatically enroll users in Workspace ONE.
  • The User Interface is made simple with explicit instructions about each field for easy and quick use by IT admins.
  • The User Interface has dynamic and efficient validations in Clarity and Angular, preventing the user from building the unattend.xml until all the validations are correctly satisfied.
  • This makes the UI fool-proof and reduces the chances of generating an invalid xml file.
  • The tool is made as a .Net Core 2.0 web app with Angular 5 and Clarity, which eases the integration of v2.0 into the AirWatch Console.

Updated

ESXi Compatibility Checker

With the ESXi Compatibility Checker a vSphere admin can automatically check and validate a current vSphere environment against the HCL.

Changelog

Build 10066133

  • Fixed bugs

HCIBench

While it probably is optimized for VSAN workloads the HCIBench is a benchmark tool that can be used with any HCI solution.

Changelog

Version 1.6.7.2

  • Enhanced write/read buffer/cache methodology
  • Fixed network ip-prefix selection issue
  • Fixed 95% percentile calculation issue

vRealize Operations REST Notifications Helper

With the vRealize Operations REST Notifications Helper fling it is possible it’s easier to use alerts in vRealize Operations Manager and send them to third-party tools.

Changelog

Version 1.1.2

  • Changed the line endings in text files from Win to Unix

Version 1.1

  • The new version of imset.jar
  • Updated properties file (imset.properties)
  • A new configuration file example (slack.json)
  • New version release notes (v1.1_notes.pdf)

SDDC Certificate Tool

The SDDC Certificate Tool is your one stop shop to replace all the certificates in a range of VMware Products: vSphere,NSX,vRLI,vROps etc.

Changelog

1.0.1 – Build 10253169

  • Spring Frameworks updated to version 4.3.19 due to security vulnerability

The VMware Labs flings monthly for July 2018

It’s been a busy month in the world of flings all of the flings except for one on the first page are new or updated ones. This means there are five(!) new ones and six(!) have received an update. The new ones are: Policy BuilderSDDC Certificate ToolvAssist.ai NLP PlatformWorkspace ONE UEM Samsung E-FOTA Tool and the Horizon Helpdesk Utility that I wrote yesterday about. The ones that received an update are: Cross vCenter Workload Migration Utility,  Blockchain on KubernetesHCIBenchESXi Embedded Host ClientvSphere HTML5 Web Client and last but not least the VMware OS Optimization Tool.

The new releases

Policy Builder

The policy builder is an hosted fling that helps the user to create custom MDM policies for Workspace UEM (former Airwatch)

Official summary:

This cloud hosted Fling helps users with custom Mobile Device Management (MDM) policy generation that use MDM capabilities available through Microsoft’s Windows 10 MDM Configuration Service Providers (CSPs).

Note: On login with My VMmware credentials, the tool provides an easy to use form based UI that allows the Windows 10 admin to simply enter the required values for the policies and auto generates corresponding syncML that can be copied to publish through Workspace ONE Unified Endpoint Management.

This tool greatly reduces the effort of hand rolling syncML and the possibility of code and formatting errors when creating or managing custom settings profiles through Workspace ONE UEM.

SDDC Certificate Tool

The SDDC Certificate Tool is an automated process that replaces all certificates in a SDDC for you. This normally can be a lengthy process but should be a breeze with this fling.

Official summary:

Replacing SSL certificates across VMware products is a manual and time-consuming process. The SDDC Certificate Tool automates this workflow and makes it easy to keep certificates across your SDDC up to date. It will replace all certificates in the supported products and reestablish trust between the components.

Supported Products

  • VMware Platform Services Controller (PSC)
  • VMware vCenter Server (VC)
  • VMware NSX for vSphere (NSX)
  • vRealize Log Insight (vRLI)
  • vRealize Operations Manager (vROps)
  • vRealize Automation (vRA)
  • vRealize Business for Cloud (vRB)
    More about this Fling: New SDDC Certificate Replacement Fling by William Lam

vAssist.ai NLP Platform

Not my cup of tea but this fling is supposed to be an example where you can talk against vRealize Automation.

Official summary:

vAssist.ai, a Natural Language Processing (NLP) platform, enables bot developers to train machine learning models for intent classification and entity extraction. This platform is available as a SaaS model which exposes easy-to-use REST APIs to train and parse natural language inputs. It also provides a multi-tenant user interface dashboard which can be used to annotate and visualize training data expressions and train machine learning models in the cloud.

VMware customers who are serious about building conversational interfaces can benefit from this platform. With this Fling we trained a sample model for vRealize Automation. Users can chat with the test bot to query available catalog services and initiate a provisioning request in a natural, conversational way. Please note that we are using a sample internal environment for vRealize Automation.

Features

  • NLU Engine for Intent and entity extraction
  • Customizable NLU pipeline
  • Rule based and ML based Conversation Engine
  • Privacy of the data
  • Scalable and Fault Tolerant
  • REST APIs exposed for integration with multiple channels and platforms

Workspace ONE UEM Samsung E-FOTA Tool

The Workspace ONE UEM Samsung E-FOTA Tool is a fling for Workspace One UEM to add some extra functionality for Samsung devices.

Official summary:

The Workspace ONE UEM Samsung E-FOTA Tool is designed to add to the existing abilities of AirWatch’s Samsung E-FOTA implementation. These new abilities include scheduling a firmware/OS update in a targeted window. This feature is dependent on the existing abilities within AirWatch which enroll the MDM into Samsung E-FOTA and push profiles to enroll the device into Samsung E-FOTA. Users should use this tool along with the information gathered from the Workspace ONE UEM console. The information can then be used to make an API command to schedule the firmware/OS update to your Samsung devices.

Horizon Helpdesk Utility

Like I said yesterday the Horizon Helpdesk Utility is how the original Horizon View Helpdesk Tool should have been. Please read yesterdays;s post for more information and screenshots.

The Horizon Helpdesk Utility is designed to be a tool used by real help desk agents. The Horizon Helpdesk Utility takes all of the functionality of the current HTML5 based Helpdesk in VMware Horizon and adds true desktop integration features, including:

  • Greater speed in queries
  • Reduced steps to find a session
  • Multiple monitoring windows
  • Keystrokes for fast access
  • Native remote control functionality
  • Real-time updates
  • Built-in session experience score based on session performance and variables

Updated flings

VMware OS Optimization Tool

Changelog

July 30, 2018, b1100

  • Issue fix: With group selection operation, unselected optimization items are applied.
  • Issue fix: can not export analysis report

July 20, 2018, b1099

  • Template update: Windows 10 & Windows Server 2016
  • Prevent the usage of OneDrive for file storage
  • Registry changes:

Cross vCenter Workload Migration Utility

Changelog

Version 2.2, July 16, 2018

  • Support for vSphere Resource Pool and VM folder for placement under advanced options
  • Support for VMware Cloud on AWS (VMC) by specifying resource pool and folder options

Blockchain on Kubernetes

Changelog

July 16 2018, BoK 2.1

  • Support deployment of Hyperledger Fabric 1.1.0.
  • Allow users to customize the Fabric organizations and peers in bok.yaml.
  • Add ingress controller for serving traffic to Fabric peers nodes and explorer node.
  • Make improvement on stability and usability.
  • Verified against Kubernetes 1.10.3 and Pivotal Container Service (PKS) 1.1.0.
  • Updated the PCF Fabric Tile which supports creating Kubernetes cluster via PKS Tile and deploy Hyperledger Fabric in the Kubernetes cluster.

HCIBench

Changelog

Version 1.6.7.1

  • Fixed vSAN Performance Diagnostic API call
  • Fixed network validation message not clear issue
  • Fixed setting re-use VMs as default bug in 1.6.7

Version 1.6.7

  • Enabled https instead of http
  • Added storage policy field, user can specify storage policy for the data disks. For this version, storage policy can’t be assigned to existing client VMs
  • Enhanced deployment methodology
  • Enhanced vSAN Observer to avoid blow up the memory
  • Enhanced vSAN Performance Diagnostic API call with HCIBench workload configuration included
  • Added timestamp to the testing status
  • Bug fixes

ESXi Embedded Host Client

Changelog

Version 1.31.0 build 9277095 (Fling 21) – July 20, 2018

  • General
    • Resolve several issues related to dropdown selection
    • Update NTP UX
    • Update AngularJS to 1.6.10
    • Other minor bug fixes

vSphere HTML5 Web Client

Changelog

Fling 3.40 – Build 9292689
New Features

  • Host profiles
    • Check compliance
    • Pre-check and remediate host (known issue exists – see known issues)
    • Extract, edit host profile
    • Host profile favorites management (vCenter 6.5)
    • Copy settings between profiles (vCenter 6.5)

Creating local ESXi user in a locked down situation and add it to exception list

So my customer asked for a solution to add local users on ESXi hosts that are in lockdown mode. A side quest was to add these to the lockdown exception list. The use case for this is app volumes, they want to be able to keep using them in case the vCenter server goes down. The trick to this that you need to talk to two different viserver entities. The vCenter server and the local ESXi host since you can add those users via vCenter.

Offcourse PowerCLI to the rescue! I decided to do everything in a try catch construction for some error handling and to give some visual output. These cab be stripped if you want but i like some feedback.

Some of the outtakes:

These two disable and enable the current lockdown mode, this is necessary before being able to create the local user.

Some encryption stuff in here but that’s because I dislike having password visible as plain tekst. This first test if the account exists and then sets the password and description. If the user doesn’t exist it will create the user for you.

This gives the newly created or edited user the admin role. If you want to use a custom role this could be added to the script, we decided to go for the admin role since app volumes needs an awful lot of rights anyway. In that case i would recommend to use a variable for role name and create it per host using new-VIrole

This simply adds the user to the lockdown exception list.

So now the complete script:

Future versions of this script will not be edited on here so always check the latest version on github.

 

Is updating @VMware ESXi at @Nutanix really that easy?

Do you want the short answer or the long answer?

Short: Yes!

Long: Absolutely!

The real story:

  • After doing several Acropolis (CVM) & NCC (Health check) upgrades before on my customer’s Nutanix clusters today was the first time to do an actual hypervisor upgrade. Since we run everything on VMware we wanted to go from 5.5u2 to 6.0u2. The first things to do is to check all compatibility charts and with Acropolis at 4.6.4 and NCC at 2.2.8 we had green lights all over the board.
  • What I always do first before doing anything is running a health check. Since NCC 2.2 you can run some of the checks parallel to save some time:

2016-10-04-20_32_24-beheerders-desktop

  • After the check and make sure DRS is set on automated and vSphere HA is turned on as it should otherwise you won’t be updating anything!
  • Next up is heading to Prism, no we’re not doing any cli work when a GUI is better and just as fast!
  • The first thing to do is upload the software (Offline bundle zip file from VMware.com and json file from Nutanix.com)

2016-10-04-15_08_02-documents

  • Go to Software Upgrade

2016-10-04-20_47_38-beheerders-desktop

  • Select Upload the hypervisor Binary

2016-10-04-15_08_16-nutanix-web-console

  • Select the binary and the Json files and hit Upload Now

2016-10-04-15_08_37-nutanix-web-console

2016-10-04-15_08_59-nutanix-web-console

  • When this is done hit the arrow besides the upgrade button and select the pre-check (the real upgrade also does this but it is never wrong to check twice!)

2016-10-04-15_10_49-nutanix-web-console

2016-10-04-15_10_58-nutanix-web-console

  • Enter the IP of the vCenter (not DNS!) and credentials

2016-10-04-15_11_36-nutanix-web-console

2016-10-04-15_12_20-nutanix-web-console

2016-10-04-15_12_28-nutanix-web-console

  • This won’t take long but if you get bored hit the Nothing do to button for a game of 2048 presented to you by our friends at Nutanix

2016-10-04-15_12_39-nutanix-web-console

  • You might need to re-open the Software Upgrade but but somewhere it will be done now

2016-10-04-15_17_53-nutanix-web-console

  • When this finishes successful it’s time to hit the real upgrade button

2016-10-04-15_18_47-nutanix-web-console

  • You know what to do here right?

2016-10-04-15_18_57-nutanix-web-console

2016-10-04-15_19_50-nutanix-web-console

2016-10-04-15_20_48-nutanix-web-console

  • The waiting game has started since there will be a lot of vMotion’s and reboots
  • This it might be time for this again

2016-10-04-15_12_39-nutanix-web-console

2016-10-04-15_21_01-nutanix-web-console

  • If you re-open the Software Upgrade bit it will show the versions of ESXi the cluster is now running

2016-10-04-15_21_45-nutanix-web-console

  • Aaaaaaand we’re done

2016-10-04-15_36_56-nutanix-web-console

So actually creating this post took longer then the preparation and actions for the upgrade themselves. For me that was 5 minutes work in preparation and about 20 minutes per host for the upgrade itself.

 

 

 

 

Back to basics: Daily checks

Something I still hear a lot that system engineers take their vSphere environment for granted and hardly check anything on a daily basis. I always point them at Alan Renouf‘s brilliant health check script while there are other ways to get your daily dose of health this one still rocks for me. You can remove unwanted plugins or make different selections of plugins for daily, weekly or monthly checks. Now and then I still hear people that had issues because of snapshots and there is no need for that anymore and hasn’t been for years! This script has saved me lots of times already + it helped me get management support for limiting other people’s access to the environment because they had no idea what they where doing.

Example of the output you can get:

2016-07-03 20_13_59-192.168.0.11 vCheck

 

Timecheck please!

Something I still see now and then, and have had big issues with in the past, is the time on ESXi hosts. Sometimes no ntp servers have been set or the ESXi hosts can’t connect to them. Other times ntp servers have been set but not the time so they’re still off. Normally this shouldn’t be a problem but since a VM always takes on the time of the hosts it is moving to during a vmotion this can cause issues on database servers.

In my last situation the ntp servers where correct but the time was off and somehow never properly synced to the ntp hosts. To fix this I created 2 scripts, one to check the ntp settings and current time and another to set the time.

Nothing fancy, you need to be connected to your vcenter in advance but it makes and opens a nice html file with your ntp settings and current time on your ESXi hosts.

This is the output it makes:

2016-05-24 20_23_21-Mozilla Firefox

Then it was time to make the other script, since sometimes it might take a few secs to set the time I decided to check my local time before every set of a time on an ESXi host.

Again nothing fancy but it does the trick perfectly.