Horizon View Api’s: back to basics part 3: Methods

Like I said in part two I wanted to do that first before going to method’s since for some methods you actually need the output from a query. I posted an example of that in the meanwhile with my post about sending messages to users. The get-hvglobalsession and get-hvlocalsession are based on queries that are used for the Session_SendMessages method of the session service.

The obvious way of finding available methods is by looking into the API Explorer.

It’s a complete list but it’s hard to find all the methods that belong to a service. It’s easier to do a get-method on a service.

So, in here we have two methods: ConnectionServerHealth_Get and ConnectionServerHealth_List. Even my wide PowerShell window is not big enough to show what’s needed to with the ConnectionServerHealth_Get method. For that we can use service.method without any brackets.

and

The required input for the method’s is visible between the brackets. The _Get method requires an id of the type vmware.hv.connectionserverid and the list doesn’t even need an input. I will keep the first one to use for later while I run the latter one.

A lot of these lists have information that is available on a deeper level, with a get-method everything is shown.

The ones where you see a property that has a definition that starts with vmware.hv…. has more content hidden. It is possible to access these by putting the entire line between brackets followed by .membername for example

Please be aware that this can go multiple levels deep for some methods. To avoid unneeded api calls it’s wise to declare a variable from the method and use that to access the data.

Now to show the use of the _get method I could use the id that I received from the _list method but that would be cheating. What I will do is put a list of all connectionservers into an array (even though I only have 1) and do a foreach with the _get method.

This is the basic usage for method’s. For some method’s a spec is required for input please take a look at this post about adding an instantclone administrator for an example. I will show some more details about that one in here. Let’s take a look at what the method requires as input.

You can see that a spec is required of the type VMware.Hv.InstantCloneEngineDomainAdministratorSpec. The API Explorer will show that this actually is a bit weird one since it one contains a base.

If you click on the base you’ll see whats required in there.

These levels actually show that we need to declare multiple objects to build the actual spec. You can create the basic object with new-object objecttype

As you see the base is empty and doesn’t know what data it can contain. This shows that we need to declare the object for every level where we need to enter some information.

First I tried this using the class that’s shown in the API explorer, this obviously didn’t work so I use the data object name.

In the link I posted above you should be able to find what’s required to create an actual instantcloneadministrator. With this I have covered most of the method’s and how they work. Please don’t assume that _list nevers needs an id or that _get always needs one because that’s not true. Sometimes it will also say ids like with my previous post about sending messages that means it needs an array of id’s most possibly generated by a query or an _list method.

 

 

Sending messages to users with the Horizon API’s

I got the question today from Fabian Lenz if it is possible to send messages to end users using the Horizon API. I knew I had seen it somewhere already and here’s a quick explanation.

There are two method’s to do this, one for a single session and the other for a group of sessions. Both fall under the session service.

You can see both the methods called session_sendmessage and session_sendmessages if we look at what’s required for both we see that the difference is a single sessionid or an array of session id’s.

Let’s see what the API explorer says what’s needed.

So the msgtype is a string that can have three values and the message is just a string, let’s test this.

I am lazy and will use get-hvlocalsession for the sessionid.

I do the -first 1 so it isn’t an array but a single session.

Now let’s send a message.

And the result:

Now let’s do the same for multiple sessions.

And to show that this also works for global sessions (both where connected to pod2cbr1)

If you want to filter the sessions on user or machine name you can filter the $globalsessions on $globalsessions.namesdata.basenames

With the localsessions it’s located in $sessions.namesdata

It’s also possible to filter this with the query service, take a look on my previous post on how to handle queries.

So now you know how to send messages to users. Not that they always read these messages but at least you can try warning them a bit faster now!

Horizon View Api’s: back to basics part 2: Queries

So this is the second post in this series about the Horizon View API basics. While functions logically would be part 2 I have decided on doing queries first since you might need the result for a query before you can use some of the functions. Some if it will seem double from my recent post about pulling event information but not everyone might be looking into that. This post will not have as much gifs as the first post but that’s because only the end results count for this one.

Looking at the API Explorer these are the services that we can actually query:

There are some examples in the API explorer but will show you some different examples with the aduserorgroupsummaryview since that one has a lot of documented filters and I can easily add some extra accounts to show different queries.

The first thing that we always need to do with queries is to declare the queryservice object

If you do a get-method on this object it will show several possible methods to use.

The next thing to do is to create a definition object in which we will declare the things the query looks for.

When getting this object and its get-method it shows the definitions we can set, as you can see all method’s are already visible from just viewing the object so we don’t need to use the get-method anymore.

Now we need to set a QueryEntityType these can be found in the API explorer under the Queryable Entity Types. They have to be used between quotation marks.

Now we’re already set to create some results by putting the query into an object.

As you can see below this will create an object where the results property contains all the data. This Results property has 2 other properties of it’s own that actually contain all the data.

And if we expand the base property it gives us one of the build-in Active Directory groups.

Since this can go several layers deep it is smarter to use the round brackets to get this information. (Select -expandproperty following select – expandproperty is just ugly and takes too long)

This way it’s also easy to count the amount of returned objects. This is very useful if you have a bigger environment and want to take counts of sessions with their status (i.e. Connected, disconnected, error etc)

Next up is adding a filter, so we only get user accounts but we need to do some maintenance first. If you do too many queries it is possible that you will get some errors about too many filters or something (of course I am not getting them while writing this post) so, it might be needed to remove the old stored queries is possible with the queryservice_deleteall method.

This does not give any feedback on the results so let’s continue with the old query and put a filter on it. First you need to know what kind of filter you need and the options are listed in the API explorer.

The first one I will use is queryfilterequals since I use that the most. I start by defining a filter object consisting of a property with a value.


Then I will add it to the querydefinition

Now I will show you the results + the fact that you don’t necessarily need to define an object for the results. I have selected the first result to show you that it contains the domain administrator account

It is also possible to combine several filters into one query, while the ad service might not be the most useful for this it can still be used as an example. The thing to do is to first create a couple of filters.

Please be aware that these membernames are case sensitive!

These need to be combined into one array

To filter on multiple things we need to have a filterand object

And then we can add the $filterarray to this object

and finally we put this object into the querydefinition object

Now let’s run the query

That’s it for the basics of doing queries using the Horizon View API’s. There are some more things that we can do with these like sorting them, but I think you can find that on your own in the API explorer examples.

[Update 15-10] VMware PowerCLI 11.0.0 release with new Horizon (7.6!) API calls

UPDATE 12-10: The new API explorer page also has been published, it just needs to be added to the main page. Check this link: https://code.vmware.com/apis/445

Update 15-10: I have received an overview from VMware about the other changes:

New API Endpoints:
ConnectionServer_GetTags
GlobalSettings_GetEnvironmentSettings
QueryService_DeleteByIds
Datastore_GetDatastoreRequirements
Datastore_ListDatastoresByDesktopOrFarm
RemoteApplication_EndApplication

There also have been some changes to some objects (MachineBase,AccessGroup etc) to include more properties

Original Article:

Today the latest version of PowerCLI was released with version 11.0.0. When you look at the release notes it’s obvious that some extra things have been added for the Horizon VIew API’s.

PowerCLI has been moving at quite the rapid pace over the last 2 years. In 2018, we’ve been releasing roughly every other month to make sure we get the latest features, performance improvements, and updates available as quickly as possible. Well, it’s been two months and we’re not going to break this trend. Today, we are releasing PowerCLI 11.0.0!

PowerCLI 11.0.0 comes with the following updates:

  • Added a new Security module
  • Added new cmdlets for Host Profiles
  • Added a new cmdlet to interact with NSX-T in VMware Cloud on AWS
  • Support for vSphere 6.7 Update 1
  • Support for NSX-T 2.3
  • Support for Horizon View 7.6
  • Support for vCloud Director 9.5
  • Multiplatform support for the Cloud module
  • Updated the Get-ErrorReport cmdlet
  • Removed the PCloud module
  • Removed the HA module

Even though Jake Robinson already gave me a heads up that this version was coming it’s always the question what has been added for Horizon View. According to the API explorer page no new querydefinitions have been added. Like last time I decided to compare the services against the old list and there are two new additions:

  • CategoryFolder
  • ResourceSettings

I have tried both against a Horizon 7.5 setup and they failed so these are only exposed from Horizon View 7.6 and up.

The first one called Categoryfolder is linked to the possibility to put rdsh applications into folders.

It currently has only one function:

I have also investigated if there was a way to change things using the helper function but sadly it has no .update api call so that’s a no-go. I currently have no rdsh on my lab so I can do the list but it doesn’t show anything.

The other new service is the .ResourceSettings just like categoryfolder it also only has one function:

For this one I can actually show what it’s used for:

It shows the general settings for forced logoffs.

Sadly this service also doesn’t show a way to change things.

Sadly I have no found no way yet to see what queryservice entity’s have been added so hopefully we will have a new API explorer soon (maybe with release notes this time, pretty please VMware?) that shows us all the new goods.

Horizon View Api’s: back to basics part 1: Connecting

Intro

I have done a lot of deep dives but just like the VMware{Code} session I did at VMworld I think it’s time to go back to the basics on how to work with the Horizon api’s from PowerCLI. First up is connecting to a Connection server and disconnecting. I will be showing various ways to do but the new and secure one is the best for me since that’s also usable when you want to schedule scripts.

The easy way

The easiest wat to connect is by using the connect-hvserver SERVERNAME

This will give you a nice credentials popup.

The Unsecure way

The previous way that I used was by using the -user, -pass and maybe the -domain parameters.

The ‘new’ and secure way

Since one of the latest updates it is also possible to use a credential object. We found this out during the Hackathon @VMworld US that it is possible. It will use the good old credentials function from Powershell like in this post from 2008. First you’ll need to make a file with the encrypted password. Big thanks to Ariel & Edgar 🙂 check this for the vDocumentation script.

The next two lines I will combine into one, just because I can.

Doing it in two lines is also possible and might make it a bit easier to read

And then it’s time to connect

That’s easy right?

Connect to the api’s

There’s a little bit more to it so you can actually use the api’s. First we need to put the session into a variable. I always use a number so it’s easy to separate my various pods.

Next up is actually making the services visible. Again I added the number for when I am working with multiple pod’s.

And a quick look at the available services which I will explain in a next blog post.

Disconnecting

If you are connected to a single Connection server this is easy, just a disconnect-hvserver is enough.

Or without confirmation, this is a standard powershell thing.

This will not work when you are connected to multiple Pod’s so you’ll need to specify the server you are connected to.

The End

Next time I will go into some of the things you can do with the services I quickly showed you.

New View API query services in PowerCLI 10.1.1: pulling event information without the sql password.

A while back I already posted about new services that where available for the View API’s in PowerCLI 10.1.1. Recently the api explorer for this version was published and can be found here. Two things that I didn’t find back then was the addition of two services for the query service. The first is GlobalApplicationEntitlementInfo this one can be compared to the previously already available GlobalEntitlementSummaryView and will return information about global entitlements.

The second added services is extremely useful: you can now query the event database. This means you don’t need the actual sql password anymore to query the events. According to the api explorer at least Horizon 7.3 is required and only events from the Event and Event_Data database tables. A simple query will show all events.

As you can see the data is divided in data and namesdata properties, these contain the same data as what is returned with get-hvevent. I added some selections to show only one event.

and

Offcourse it;s better to use filtering from the query directly. The full lust for that is available from the api explorer but I will give a couple of examples. (be aware that membername and the value are case sensitive)

Or by severity

As said it can be filtered on other properties as well but that might require some more logic to get the userid or desktopid for example. This is a very useful addition in my opinion to the Horizon View api’s.

The VMware Labs flings monthly for July 2018

It’s been a busy month in the world of flings all of the flings except for one on the first page are new or updated ones. This means there are five(!) new ones and six(!) have received an update. The new ones are: Policy BuilderSDDC Certificate ToolvAssist.ai NLP PlatformWorkspace ONE UEM Samsung E-FOTA Tool and the Horizon Helpdesk Utility that I wrote yesterday about. The ones that received an update are: Cross vCenter Workload Migration Utility,  Blockchain on KubernetesHCIBenchESXi Embedded Host ClientvSphere HTML5 Web Client and last but not least the VMware OS Optimization Tool.

The new releases

Policy Builder

The policy builder is an hosted fling that helps the user to create custom MDM policies for Workspace UEM (former Airwatch)

Official summary:

This cloud hosted Fling helps users with custom Mobile Device Management (MDM) policy generation that use MDM capabilities available through Microsoft’s Windows 10 MDM Configuration Service Providers (CSPs).

Note: On login with My VMmware credentials, the tool provides an easy to use form based UI that allows the Windows 10 admin to simply enter the required values for the policies and auto generates corresponding syncML that can be copied to publish through Workspace ONE Unified Endpoint Management.

This tool greatly reduces the effort of hand rolling syncML and the possibility of code and formatting errors when creating or managing custom settings profiles through Workspace ONE UEM.

SDDC Certificate Tool

The SDDC Certificate Tool is an automated process that replaces all certificates in a SDDC for you. This normally can be a lengthy process but should be a breeze with this fling.

Official summary:

Replacing SSL certificates across VMware products is a manual and time-consuming process. The SDDC Certificate Tool automates this workflow and makes it easy to keep certificates across your SDDC up to date. It will replace all certificates in the supported products and reestablish trust between the components.

Supported Products

  • VMware Platform Services Controller (PSC)
  • VMware vCenter Server (VC)
  • VMware NSX for vSphere (NSX)
  • vRealize Log Insight (vRLI)
  • vRealize Operations Manager (vROps)
  • vRealize Automation (vRA)
  • vRealize Business for Cloud (vRB)
    More about this Fling: New SDDC Certificate Replacement Fling by William Lam

vAssist.ai NLP Platform

Not my cup of tea but this fling is supposed to be an example where you can talk against vRealize Automation.

Official summary:

vAssist.ai, a Natural Language Processing (NLP) platform, enables bot developers to train machine learning models for intent classification and entity extraction. This platform is available as a SaaS model which exposes easy-to-use REST APIs to train and parse natural language inputs. It also provides a multi-tenant user interface dashboard which can be used to annotate and visualize training data expressions and train machine learning models in the cloud.

VMware customers who are serious about building conversational interfaces can benefit from this platform. With this Fling we trained a sample model for vRealize Automation. Users can chat with the test bot to query available catalog services and initiate a provisioning request in a natural, conversational way. Please note that we are using a sample internal environment for vRealize Automation.

Features

  • NLU Engine for Intent and entity extraction
  • Customizable NLU pipeline
  • Rule based and ML based Conversation Engine
  • Privacy of the data
  • Scalable and Fault Tolerant
  • REST APIs exposed for integration with multiple channels and platforms

Workspace ONE UEM Samsung E-FOTA Tool

The Workspace ONE UEM Samsung E-FOTA Tool is a fling for Workspace One UEM to add some extra functionality for Samsung devices.

Official summary:

The Workspace ONE UEM Samsung E-FOTA Tool is designed to add to the existing abilities of AirWatch’s Samsung E-FOTA implementation. These new abilities include scheduling a firmware/OS update in a targeted window. This feature is dependent on the existing abilities within AirWatch which enroll the MDM into Samsung E-FOTA and push profiles to enroll the device into Samsung E-FOTA. Users should use this tool along with the information gathered from the Workspace ONE UEM console. The information can then be used to make an API command to schedule the firmware/OS update to your Samsung devices.

Horizon Helpdesk Utility

Like I said yesterday the Horizon Helpdesk Utility is how the original Horizon View Helpdesk Tool should have been. Please read yesterdays;s post for more information and screenshots.

The Horizon Helpdesk Utility is designed to be a tool used by real help desk agents. The Horizon Helpdesk Utility takes all of the functionality of the current HTML5 based Helpdesk in VMware Horizon and adds true desktop integration features, including:

  • Greater speed in queries
  • Reduced steps to find a session
  • Multiple monitoring windows
  • Keystrokes for fast access
  • Native remote control functionality
  • Real-time updates
  • Built-in session experience score based on session performance and variables

Updated flings

VMware OS Optimization Tool

Changelog

July 30, 2018, b1100

  • Issue fix: With group selection operation, unselected optimization items are applied.
  • Issue fix: can not export analysis report

July 20, 2018, b1099

  • Template update: Windows 10 & Windows Server 2016
  • Prevent the usage of OneDrive for file storage
  • Registry changes:

Cross vCenter Workload Migration Utility

Changelog

Version 2.2, July 16, 2018

  • Support for vSphere Resource Pool and VM folder for placement under advanced options
  • Support for VMware Cloud on AWS (VMC) by specifying resource pool and folder options

Blockchain on Kubernetes

Changelog

July 16 2018, BoK 2.1

  • Support deployment of Hyperledger Fabric 1.1.0.
  • Allow users to customize the Fabric organizations and peers in bok.yaml.
  • Add ingress controller for serving traffic to Fabric peers nodes and explorer node.
  • Make improvement on stability and usability.
  • Verified against Kubernetes 1.10.3 and Pivotal Container Service (PKS) 1.1.0.
  • Updated the PCF Fabric Tile which supports creating Kubernetes cluster via PKS Tile and deploy Hyperledger Fabric in the Kubernetes cluster.

HCIBench

Changelog

Version 1.6.7.1

  • Fixed vSAN Performance Diagnostic API call
  • Fixed network validation message not clear issue
  • Fixed setting re-use VMs as default bug in 1.6.7

Version 1.6.7

  • Enabled https instead of http
  • Added storage policy field, user can specify storage policy for the data disks. For this version, storage policy can’t be assigned to existing client VMs
  • Enhanced deployment methodology
  • Enhanced vSAN Observer to avoid blow up the memory
  • Enhanced vSAN Performance Diagnostic API call with HCIBench workload configuration included
  • Added timestamp to the testing status
  • Bug fixes

ESXi Embedded Host Client

Changelog

Version 1.31.0 build 9277095 (Fling 21) – July 20, 2018

  • General
    • Resolve several issues related to dropdown selection
    • Update NTP UX
    • Update AngularJS to 1.6.10
    • Other minor bug fixes

vSphere HTML5 Web Client

Changelog

Fling 3.40 – Build 9292689
New Features

  • Host profiles
    • Check compliance
    • Pre-check and remediate host (known issue exists – see known issues)
    • Extract, edit host profile
    • Host profile favorites management (vCenter 6.5)
    • Copy settings between profiles (vCenter 6.5)

New EUC fling released: Horizon Helpdesk Utility

Ok, normally I do a post each month with the latest and greatest flings and I will still do that tomorrow. Today though Andrew Morgan from VMware OCTO has released a fantastic new fling: Horizon Helpdesk Utility! But we already have the Helpdesk tool you might say? Well this fling is everything the helpdesk tool should have been. While it isn’t bad this one is way better.

First of all this fling is an app that you need to install on your own computer or a management server. It will keep its settings in C:\Users\Username\AppData\Roaming\HorizonHelpDeskAgent\ .net Framework 4.5.2 is required but most will already have that or a higher version installed. Installation itself is a quick next next finish with the warning that the signer of the application is not trusted, I have been told that this might be fixed in the next release. After installation you will find a new application in your start menu. I have already attached it to my start menu as well.

After starting you will get a box where you will need to fill in the server address including the http part and your credentials (the same role is required as the regular helpdesk tool)

If you don’t have a trusted certificate you will get a box to accept that certificate.

After that I was looking for something to popup but I just had a small icon added down right

Right click on this and you’ll see a small search box. This search is more easily reachable by using ctrl+F12

Put in a name and you’ll get a box that contains all matching names

Double click the correct account or session and the real deal will open up for you.

The diagrams hardly need any explanation, please also notice the user experience rating on the top right. The image in my lab doesn’t have anything installed so I can’t really show a lot but here are the views from the other tabs as well:

All entitlements for the user

This is pulled directly from the event database

Some more fancy diagrams about the blast protocol

The last tab shows all processes on the desktop, this can easily be filtered on any of the info shown

A possible improvement here would be some kind of checkbox to show only the users own processes because otherwise things can get confusing at RDS hosts. I’ve already talked with Andrew about that (actually the checkbox was his idea).

On the top left there’s a couple of pull down menus to allow for some actions on the session or the machine itself.

The remote control functionality starts windows’ own mrsa tool.

Despite running it against my own very small lab the tool seems to perform very well. I consider it for the few moments that I have used it as a very decent replacement for the original helpdesk tool.

 

 

The VMware Labs flings monthly for June 2018

It’s less than two months before VMworld US is on us, are you looking forward to it? I know I am! In June there have been six updates to VMware flings:

ESXi Compatibility Checker

This was a new fling last month and now the ESXi Compatibility checker has been expanded with several functions like offline and multiple vCenter support. With this tool it is possible to check if your ESXi hosts will work with the latest and greatest that VMware has to offer.

Changelog

Build 8951845

Offline case support

  • The current script requires to be executed with access to both public internet and target hosts. The new version can separately validate compatibility from collecting hardware information. Hence, user can collect hardware information on a system without public internet access and save the information in a json file. And he can validate compatibility of collected hardware from a saved json file on a system with public internet access.

Example

  • The ‘-g’ option will collect hardware information and generate a json file. (no need to have internet access)

  • The ‘-f’ option will validate compatibility from a json file (no need to access target hosts)

Multiple virtual centers support

  • The host parameter with the ‘-s’ option now accepts comma separated multiple hostnames. This feature will be useful to create a single compatibility report for multiple VCs

example

More information in the compatibility report

  • “Installed Release”, “Checked Release”, and hardware information have been added in the report.

The “-p” option to set a proxy server

  • The https proxy server can be specified with the “-p” option

Cross vCenter Workload Migration Utility

The Cross vCenter Workload Migration Utility provides a GUI to migrate vm’s between vCenters.

Changelog

Version 2.1, June 21, 2018

  • Increased simultaneous migration limit to 100 from 10
  • Added check to ignore unknown fields for inventory info
  • Fixed source/target site names in task status view
  • Updated status API to include version number

 

DRS Lens

As VMware vSphere DRS has become more widely adopted now, more and more users are interested in knowing how it works. They need more insights into DRS activity and actions. They want to know the value that DRS provides to their clusters. DRS Lens is an attempt to provide a UI-based solution to help understand DRS better. (yes this is a lame copy/paste, it’s too hot to come up with original stuf)

Changelog

Version 1.3

  • Upgraded apache tomcat to version 8.5.31 for security compliance.

vSphere HTML5 Web Client

What would this monthly overview be without the vSphere HTML5 Web client?

Changelog

Fling 3.39 – Build 8835608

New Features

  • All the features of Auto Deploy (when compared with the vSphere Web Client)
    • Software Depots
    • Deploy Rules
    • Deployed Hosts
    • Discovered Hosts
    • Configure (Auto-Deploy configuration)
  • Script Bundles support for Auto-Deploy (Available only in the vSphere Client)
    • Script Bundles view where all bundles are listed
    • Ability to Upload a script bundle
    • Ability to Add/Edit deploy rules with script bundles
  • New virtual switches view on a host which includes topology diagrams for standard and host proxy switches

Improvements

  • vApp properties create, edit, delete and set value functionality
  • VM vApp option properties create, edit, delete and set value functionality
  • vCenter Extensions
  • VM SDRS create, edit and delete

VMware OS Optimization Tool

Being an EUC guy this is simply my favorite fling, nothing new this time, it’s just a bug fix release.

Changelog

June 14, 2018

  • Issue fix: Crash in non-English locale (e.g. French)

Horizon Migration Tool

The Horizon Migration Tool helps you to migrate from Xendesktop/App to Horizon View. This is mainly a maintenance version for a tool they missed in the last release.

Changelog

Version 3.0.1

  • Fixed issue: add missed XenAppDumper.exe for XenApp 5.0

 

My presentation at the vEUCtechcon 2018

Yesterday it was clear for me that more people are interested in what Dutch secret agents have to do with airwatch/workspace one uem then with PowerCLi for Horizon View. Nonetheless there where some people listening to my presentation and watching the ginormous slide deck filled with gif’s that I created. My personal experience was that it went ok but nothing more than that. Sadly using the vga cable didn’t help against the connection bugs all presenters where having during the entire day. Also I would have preferred to have a monitor in front of me so I could actually hear myself talking in that big room. Personal points for next time: I had a good storyline in my head in advance, that didn’t come out at all. Also I need to channel my personal energy onto stage, I have the feeling that wasn’t really visible. Aka I need to do some more energetic storytelling.

For the people interesting in the presentation it can be found HERE. There’s a video recorded that I will add to this post when it gets published. Luckily there where also a couple of tweets about my sessions so we do already have some pictures.