The VMware Labs flings monthly for July 2018

It’s been a busy month in the world of flings all of the flings except for one on the first page are new or updated ones. This means there are five(!) new ones and six(!) have received an update. The new ones are: Policy BuilderSDDC Certificate ToolvAssist.ai NLP PlatformWorkspace ONE UEM Samsung E-FOTA Tool and the Horizon Helpdesk Utility that I wrote yesterday about. The ones that received an update are: Cross vCenter Workload Migration Utility,  Blockchain on KubernetesHCIBenchESXi Embedded Host ClientvSphere HTML5 Web Client and last but not least the VMware OS Optimization Tool.

The new releases

Policy Builder

The policy builder is an hosted fling that helps the user to create custom MDM policies for Workspace UEM (former Airwatch)

Official summary:

This cloud hosted Fling helps users with custom Mobile Device Management (MDM) policy generation that use MDM capabilities available through Microsoft’s Windows 10 MDM Configuration Service Providers (CSPs).

Note: On login with My VMmware credentials, the tool provides an easy to use form based UI that allows the Windows 10 admin to simply enter the required values for the policies and auto generates corresponding syncML that can be copied to publish through Workspace ONE Unified Endpoint Management.

This tool greatly reduces the effort of hand rolling syncML and the possibility of code and formatting errors when creating or managing custom settings profiles through Workspace ONE UEM.

SDDC Certificate Tool

The SDDC Certificate Tool is an automated process that replaces all certificates in a SDDC for you. This normally can be a lengthy process but should be a breeze with this fling.

Official summary:

Replacing SSL certificates across VMware products is a manual and time-consuming process. The SDDC Certificate Tool automates this workflow and makes it easy to keep certificates across your SDDC up to date. It will replace all certificates in the supported products and reestablish trust between the components.

Supported Products

  • VMware Platform Services Controller (PSC)
  • VMware vCenter Server (VC)
  • VMware NSX for vSphere (NSX)
  • vRealize Log Insight (vRLI)
  • vRealize Operations Manager (vROps)
  • vRealize Automation (vRA)
  • vRealize Business for Cloud (vRB)
    More about this Fling: New SDDC Certificate Replacement Fling by William Lam

vAssist.ai NLP Platform

Not my cup of tea but this fling is supposed to be an example where you can talk against vRealize Automation.

Official summary:

vAssist.ai, a Natural Language Processing (NLP) platform, enables bot developers to train machine learning models for intent classification and entity extraction. This platform is available as a SaaS model which exposes easy-to-use REST APIs to train and parse natural language inputs. It also provides a multi-tenant user interface dashboard which can be used to annotate and visualize training data expressions and train machine learning models in the cloud.

VMware customers who are serious about building conversational interfaces can benefit from this platform. With this Fling we trained a sample model for vRealize Automation. Users can chat with the test bot to query available catalog services and initiate a provisioning request in a natural, conversational way. Please note that we are using a sample internal environment for vRealize Automation.

Features

  • NLU Engine for Intent and entity extraction
  • Customizable NLU pipeline
  • Rule based and ML based Conversation Engine
  • Privacy of the data
  • Scalable and Fault Tolerant
  • REST APIs exposed for integration with multiple channels and platforms

Workspace ONE UEM Samsung E-FOTA Tool

The Workspace ONE UEM Samsung E-FOTA Tool is a fling for Workspace One UEM to add some extra functionality for Samsung devices.

Official summary:

The Workspace ONE UEM Samsung E-FOTA Tool is designed to add to the existing abilities of AirWatch’s Samsung E-FOTA implementation. These new abilities include scheduling a firmware/OS update in a targeted window. This feature is dependent on the existing abilities within AirWatch which enroll the MDM into Samsung E-FOTA and push profiles to enroll the device into Samsung E-FOTA. Users should use this tool along with the information gathered from the Workspace ONE UEM console. The information can then be used to make an API command to schedule the firmware/OS update to your Samsung devices.

Horizon Helpdesk Utility

Like I said yesterday the Horizon Helpdesk Utility is how the original Horizon View Helpdesk Tool should have been. Please read yesterdays;s post for more information and screenshots.

The Horizon Helpdesk Utility is designed to be a tool used by real help desk agents. The Horizon Helpdesk Utility takes all of the functionality of the current HTML5 based Helpdesk in VMware Horizon and adds true desktop integration features, including:

  • Greater speed in queries
  • Reduced steps to find a session
  • Multiple monitoring windows
  • Keystrokes for fast access
  • Native remote control functionality
  • Real-time updates
  • Built-in session experience score based on session performance and variables

Updated flings

VMware OS Optimization Tool

Changelog

July 30, 2018, b1100

  • Issue fix: With group selection operation, unselected optimization items are applied.
  • Issue fix: can not export analysis report

July 20, 2018, b1099

  • Template update: Windows 10 & Windows Server 2016
  • Prevent the usage of OneDrive for file storage
  • Registry changes:

Cross vCenter Workload Migration Utility

Changelog

Version 2.2, July 16, 2018

  • Support for vSphere Resource Pool and VM folder for placement under advanced options
  • Support for VMware Cloud on AWS (VMC) by specifying resource pool and folder options

Blockchain on Kubernetes

Changelog

July 16 2018, BoK 2.1

  • Support deployment of Hyperledger Fabric 1.1.0.
  • Allow users to customize the Fabric organizations and peers in bok.yaml.
  • Add ingress controller for serving traffic to Fabric peers nodes and explorer node.
  • Make improvement on stability and usability.
  • Verified against Kubernetes 1.10.3 and Pivotal Container Service (PKS) 1.1.0.
  • Updated the PCF Fabric Tile which supports creating Kubernetes cluster via PKS Tile and deploy Hyperledger Fabric in the Kubernetes cluster.

HCIBench

Changelog

Version 1.6.7.1

  • Fixed vSAN Performance Diagnostic API call
  • Fixed network validation message not clear issue
  • Fixed setting re-use VMs as default bug in 1.6.7

Version 1.6.7

  • Enabled https instead of http
  • Added storage policy field, user can specify storage policy for the data disks. For this version, storage policy can’t be assigned to existing client VMs
  • Enhanced deployment methodology
  • Enhanced vSAN Observer to avoid blow up the memory
  • Enhanced vSAN Performance Diagnostic API call with HCIBench workload configuration included
  • Added timestamp to the testing status
  • Bug fixes

ESXi Embedded Host Client

Changelog

Version 1.31.0 build 9277095 (Fling 21) – July 20, 2018

  • General
    • Resolve several issues related to dropdown selection
    • Update NTP UX
    • Update AngularJS to 1.6.10
    • Other minor bug fixes

vSphere HTML5 Web Client

Changelog

Fling 3.40 – Build 9292689
New Features

  • Host profiles
    • Check compliance
    • Pre-check and remediate host (known issue exists – see known issues)
    • Extract, edit host profile
    • Host profile favorites management (vCenter 6.5)
    • Copy settings between profiles (vCenter 6.5)

Creating local ESXi user in a locked down situation and add it to exception list

So my customer asked for a solution to add local users on ESXi hosts that are in lockdown mode. A side quest was to add these to the lockdown exception list. The use case for this is app volumes, they want to be able to keep using them in case the vCenter server goes down. The trick to this that you need to talk to two different viserver entities. The vCenter server and the local ESXi host since you can add those users via vCenter.

Offcourse PowerCLI to the rescue! I decided to do everything in a try catch construction for some error handling and to give some visual output. These cab be stripped if you want but i like some feedback.

Some of the outtakes:

These two disable and enable the current lockdown mode, this is necessary before being able to create the local user.

Some encryption stuff in here but that’s because I dislike having password visible as plain tekst. This first test if the account exists and then sets the password and description. If the user doesn’t exist it will create the user for you.

This gives the newly created or edited user the admin role. If you want to use a custom role this could be added to the script, we decided to go for the admin role since app volumes needs an awful lot of rights anyway. In that case i would recommend to use a variable for role name and create it per host using new-VIrole

This simply adds the user to the lockdown exception list.

So now the complete script:

Future versions of this script will not be edited on here so always check the latest version on github.

 

Is updating @VMware ESXi at @Nutanix really that easy?

Do you want the short answer or the long answer?

Short: Yes!

Long: Absolutely!

The real story:

  • After doing several Acropolis (CVM) & NCC (Health check) upgrades before on my customer’s Nutanix clusters today was the first time to do an actual hypervisor upgrade. Since we run everything on VMware we wanted to go from 5.5u2 to 6.0u2. The first things to do is to check all compatibility charts and with Acropolis at 4.6.4 and NCC at 2.2.8 we had green lights all over the board.
  • What I always do first before doing anything is running a health check. Since NCC 2.2 you can run some of the checks parallel to save some time:

2016-10-04-20_32_24-beheerders-desktop

  • After the check and make sure DRS is set on automated and vSphere HA is turned on as it should otherwise you won’t be updating anything!
  • Next up is heading to Prism, no we’re not doing any cli work when a GUI is better and just as fast!
  • The first thing to do is upload the software (Offline bundle zip file from VMware.com and json file from Nutanix.com)

2016-10-04-15_08_02-documents

  • Go to Software Upgrade

2016-10-04-20_47_38-beheerders-desktop

  • Select Upload the hypervisor Binary

2016-10-04-15_08_16-nutanix-web-console

  • Select the binary and the Json files and hit Upload Now

2016-10-04-15_08_37-nutanix-web-console

2016-10-04-15_08_59-nutanix-web-console

  • When this is done hit the arrow besides the upgrade button and select the pre-check (the real upgrade also does this but it is never wrong to check twice!)

2016-10-04-15_10_49-nutanix-web-console

2016-10-04-15_10_58-nutanix-web-console

  • Enter the IP of the vCenter (not DNS!) and credentials

2016-10-04-15_11_36-nutanix-web-console

2016-10-04-15_12_20-nutanix-web-console

2016-10-04-15_12_28-nutanix-web-console

  • This won’t take long but if you get bored hit the Nothing do to button for a game of 2048 presented to you by our friends at Nutanix

2016-10-04-15_12_39-nutanix-web-console

  • You might need to re-open the Software Upgrade but but somewhere it will be done now

2016-10-04-15_17_53-nutanix-web-console

  • When this finishes successful it’s time to hit the real upgrade button

2016-10-04-15_18_47-nutanix-web-console

  • You know what to do here right?

2016-10-04-15_18_57-nutanix-web-console

2016-10-04-15_19_50-nutanix-web-console

2016-10-04-15_20_48-nutanix-web-console

  • The waiting game has started since there will be a lot of vMotion’s and reboots
  • This it might be time for this again

2016-10-04-15_12_39-nutanix-web-console

2016-10-04-15_21_01-nutanix-web-console

  • If you re-open the Software Upgrade bit it will show the versions of ESXi the cluster is now running

2016-10-04-15_21_45-nutanix-web-console

  • Aaaaaaand we’re done

2016-10-04-15_36_56-nutanix-web-console

So actually creating this post took longer then the preparation and actions for the upgrade themselves. For me that was 5 minutes work in preparation and about 20 minutes per host for the upgrade itself.

 

 

 

 

Back to basics: Daily checks

Something I still hear a lot that system engineers take their vSphere environment for granted and hardly check anything on a daily basis. I always point them at Alan Renouf‘s brilliant health check script while there are other ways to get your daily dose of health this one still rocks for me. You can remove unwanted plugins or make different selections of plugins for daily, weekly or monthly checks. Now and then I still hear people that had issues because of snapshots and there is no need for that anymore and hasn’t been for years! This script has saved me lots of times already + it helped me get management support for limiting other people’s access to the environment because they had no idea what they where doing.

Example of the output you can get:

2016-07-03 20_13_59-192.168.0.11 vCheck

 

Timecheck please!

Something I still see now and then, and have had big issues with in the past, is the time on ESXi hosts. Sometimes no ntp servers have been set or the ESXi hosts can’t connect to them. Other times ntp servers have been set but not the time so they’re still off. Normally this shouldn’t be a problem but since a VM always takes on the time of the hosts it is moving to during a vmotion this can cause issues on database servers.

In my last situation the ntp servers where correct but the time was off and somehow never properly synced to the ntp hosts. To fix this I created 2 scripts, one to check the ntp settings and current time and another to set the time.

Nothing fancy, you need to be connected to your vcenter in advance but it makes and opens a nice html file with your ntp settings and current time on your ESXi hosts.

This is the output it makes:

2016-05-24 20_23_21-Mozilla Firefox

Then it was time to make the other script, since sometimes it might take a few secs to set the time I decided to check my local time before every set of a time on an ESXi host.

Again nothing fancy but it does the trick perfectly.