So last week I created a blog about gathering Horizon entitlements using the api’s. At the end I promised that my next blog post would be about creating entitlements and guess what: that’s this post 🙂
First a short explanation about what UserEntitlements actually are in Horizon. When you pull the entitlement info the base property has the needed information.
So in short an entitlement is a link between the userorgroup object id and a resource object id. The resource object can be: Application, Desktop, Global Application Entitlement, Global Desktop Entitlement and URLRedirection.
Let’s first grab the id’s that we need, I use 2 queries for that bur first I put the names of the group and the desktop in variables:
Somehow I have never really blogged about using the Horizon api’s to gather entitlement data. These are actually stored in entitlement objects and we can find them using a query against either the EntitledUserOrGroupLocalSummaryView or EntitledUserOrGroupGlobalSummaryView objects. Let’s start with the local variety.
Yes that’s me making a typo, try to talk to me on Slack. I hardly type anything without typo’s. Back to the $queryresults because there’s an easier way to get the group or username because it’s listed under the base property.
So we now have the group or username now we need to find what they have been entitled to, this information is stored under localdata.
The Applications and Desktops properties contain the ids where the users have rights to so if we use Desktop.Desktop_GetSummaryViews or Application_GetSummaryViews we end up with the relevant data. I have opened the summarydata for both to make things more visible.
Pallas helps an admin to manage edge ESXi hosts where it’s not possible to manage them using vCenter due to security reasons.
The goal of Pallas is to provide management ability for ESXi hosts that cannot be managed by vCenter due to firewall or network issues.
Case 1: You have several ESXi hosts which running in a private network, but you have requirement to management them in the public network.
Case 2: Your ESXi host don’t wire connections and must connected through WiFi or Mobile network. For example, you use ESXi running on the oil rig, train head and you want to remote manage the ESXi securely.
Case 3: In IOT world you have the virtualized Edge devices requirements (ESXi host on Edge Device) and need remote management the ESXi(like patch, create VM etc.)
This solution includes a dominate-agent VM to provide remote management ability on the ESXi. If the ESXi has no wire connection then a pluggable network device (USB WiFi card, 3G/4G/5G sim card or other device that can provide network access ability) is needed, the pluggable network device will be pass-through directly to the dominate-agent VM. A remote manager server that accept connections either in public cloud/hybrid or private datacenter.
The dominate agent VM will talk to ESXi through ESXi SDK for workload VM management. There is no direct connection between the workload vm and dominate agent by default.
The dominate agent VM will talk to Pallas Manger though MQTT protocol, it will not allow any inbound traffic.
Virtual Machine Compute Optimizer
Virtual Machine Compute Optimizer is a script that analyses vm’s and the hosts running them to see if they run in an optimized way. It does not look into the vm’s themselves, if that is needed vRealize Operations is recommended.
Modified Get-OptimalvCPU.ps1 to account for vCenters with no clusters
Modified Error Catches so they display the line number of the error
Code Capture new language: the recorded interaction can now be translated to Go.
PowerActions: integrating PowerCLI and the vSphere Client. The vSphere Client now provides the ability to execute PowerCLI commands and scripts, and store scripts in a library. Custom actions backed by PowerCLI scripts can be defined and executed on inventory objects.
PowerActions must be explicitly enabled on a vSphere Client Fling deployment. For setup instructions and a quick walkthrough, see the file PowerActions_documentation_Fling50.pdf .
PowerActions: when executing a script from the context menu of an object, the context object is prepopulated, but the object selector control has to be expanded and collapsed in order for this to become visible.
The base operating system for the fling is changed to Photon OS.
Upgrade from previous versions to 5.0 is not supported. A new appliance has to be deployed.
Server.bat Replaced, December 3
Fix a small error where ls.url was printed twice in the resulting webclient.properties which leads to errors when trying to login to the H5 web client.
App Volumes Entitlement Sync
The App Volumes Entitlement Sync helps the App Volumes admin in copying entitlements between various App Volumes environments like from test to production.
Fixed problem with sync button being disabled
Added check for App Volumes 2.x and App Volumes 4.x managers and will pop up message that they can’t be synced
Fix for Migrated Appstack upload failure in AVM due to JSON parsing error.
Instructions doc updated to reflect the name change from “Upload Prepackaged Volume” to “Upload Template” in the AVM UI.
vRealize Build Tools
vRealize Build Tools provides tools to development and release teams implementing solutions based on vRealize Automation (vRA) and vRealize Orchestrator (vRO). The solution targets Virtual Infrastructure Administrators and Solution Developers working in parallel on multiple vRealize-based projects who want to use standard DevOps practices.
Support vRA 8 support for blueprints, custom forms, subscriptions and flavor-mapping
vRO 8 support for existing content management and import
Support vRO 8 export of WFs in a folder structure derived from WF tags
Support for running WFs on vRO using maven command
Support persisting JS Actions IDs in source to allow for actions originating in vRO first to not create conflicts
TypeScript Projects (experimental) support improvements and bug fixes
General bugs fixing an documentation updates
Power vRA Cloud
Power vRA Cloud makes the vRA API’s more accessible for people already used to PowerCLI or PowerShell.
After years of contracting a new challenge lays ahead for me in the vendor space. Until now I have always been on either the customer or partner side of things but was always curious how things would be from a vendor perspective. Recently I saw an opportunity at ControlUP passing by that I couldn’t resist in asking if it would also be feasible do do this from The Netherlands since it was posted for the UK. The lines where short since I am already working on for them on a freelance base creating Horizon scripts.
PS Engineers are experienced IT professionals that guide customers through their journey of assessing needs and implementing ControlUp solutions. Prospective candidates must be self-motivated, charismatic individuals that are willing to meet customers and work in very dynamic situations that present new, never before seen business and technical challenges on a regular basis. Ideal candidates possess several years of enterprise IT consulting experience and a deep technical skill set covering VMware’s or Citrix virtualization and PowerShell scripting.
· Professionally represent ControlUp values at all times
· Maintain current knowledge of the entire ControlUp product portfolio
· Become a trusted advisor to both colleagues and customers
· Help our customers succeed by solving their challenging technical problems, from design through to production operations
· Work closely with customers to understand their needs and objectives
· Provide regular transfer of information presentations to customers
· Provide regular feedback to management for process and practice improvements
· Assist with all phases of Couchbase implementations, starting with installation, architecture design and review
· Contribute to internal technical projects, which can include software development, benchmarking, troubleshooting
· Work closely with the sales team and presales team on technical escalations and help grow opportunities in existing accounts
· Assist with customer PoC/Pilots through effective management of acceptance criteria and issue escalation/resolution
· Work with all technical levels from managers, to architects and developers in the Couchbase Server technology and architecture
· Identify and write internal and external technical collateral, like typical deployment architectures or best practices
· Travel to customers at least 25%
· 10+ years of experience in information technology- A MUST
· 5+ years of customer-facing professional services or VDI Administration- A MUST
· Fluent Speak and Writing English- A MUST
· Strong VMware or Citrix experience
· Strong Windows desktop OS administration experience
· VCP/CTP/VCPDT strongly preferred
· B.S./B.A./M.S. degree or equivalent technical training & experience
· Proven technical background –You will need to have a strong hands-on understanding of a number of popular technical platforms
· Positive attitude and very customer-centric; always willing to put the customers’ needs first
· MCSE – a plus
While I have been doing mainly VMware for the last few years I also have a bit of history with Citrix so I thought this would fit perfectly. After a couple of zoom calls first I traveled to ControlUP’s yearly Sales Kick-Off in Jerusalem last month to have a face to face meeting but also to feel how things are run inside the company. Looking back at that I have to say I really enjoyed it and was able to connect with just about everyone (I just didn’t have the time to connect with everybody). So when I received the call a week or so later that they wanted to hire me I couldn’t be more happy about that and I will be starting March first as Professional Service Engineer!
tldr: Got hired by ControlUP as Professional Services Engineer starting March first
Last week Mark Brookfield asked the question if it is possible to configure the event database in code. My answer was that I thought it should be possible until Stephen Jesse pointed me to the the vmware.hv.helper where there is the set-hveventdatabase cmdlet for this. When looking at the code I noticed something familiar:
Author : Wouter Kursten
Author email : [email protected]
Version : 1.0
===Tested Against Environment====
Horizon View Server Version : 7.4
PowerCLI Version : PowerCLI 10
PowerShell Version : 5.0
So that’s why I knew it was possible! A good reason to create a quick blogpost though. Mark made a nice script for himself with variables and all those fancy things but I just want to quickly show how you can do it.
Something that was added in the last few versions of the Horizon API is the option to handle UAG’s. Since I had to add an uag to my lab for another project I decided to find out what api calls are possible. First I’ll check what services there are.
$hvservice | Select-Object gateway*
I will ignore the GatewayAccessUserOrGroup since that was already in there so we are left with Gateway and GatewayHealth. Let’s see what methods are available under Gateway.
$hvservice.Gateway | gm
I Gateway_Get and Gateway_List will show the same information as always but with _Get you will need a gateway ID and it only shows the information about one gateway. WIth _List you will get the information about all registered gateways.
The SyncML Compare tool is usefull for troubleshooting profiles and applications that are pushed from the Workspace One Console.
SyncML-Compare is an extension to Fiddler application that lets you compare the syncmls pushed from server against the SyncMls received from the device management client on the device.
Comparing SyncMLs is often required to troubleshoot or debug profiles, applications pushed from the WS1 console.
Instead of copying the two syncmls and then manually comparing each syncml node in a separate xml viewer, SyncML compare lets you compare the SyncMLs on the fiddler application itself.
As shown in the below screenshot, you can see the locUris, commandIds and the results using SyncML compare.
This simplifies the SyncML troubleshooting experience as well as speeds up debugging process.
The vCenter Plugin for vRealize Network Insight brings relevant information from Network Insight, directly into vCenter. It allows the virtual infrastructure admins to view networking focused data and statistics in the same interface as where they manage their workloads, without having to have 2 interfaces open. Additionally, this plugin also helps add vCenter as a data source to Network Insight and set up incoming network flows.
Summary view of vCenter activity: VMs, vMotions, and snapshots.
Bring in network information directly to vCenter, such as:Summary view of how network traffic behaves; how much east-west and how much internet traffic there is.
Health check violation for the vCenter and attached NSX environments
Network top talkers, grouped by VMs, Cluster, L2 Network, Subnet, Security Group, Source-Destination Pair, Source & Destination Subnet, Source & Destination IPs.
Most used networks
New Virtual Machines that are accessing the internet
o Top 5 Hosts or Networks that are experiencing the most packet loss
Links to the vRealize Network Insight interface shows the source data and allows you to look closer, apply filters, export information, and more.
Configure vCenter as a data source and configure NetFlow on the available vSphere Distributed Switches.
App Finder for Tunnel
The App Finder for Tunnel fling can be used to flag applications to use the Workspace One Tunnel on MacOS.
This application is a utility which can be used for conveniently flagging the applications to use WorkspaceONE Tunnel on macOS. On macOS, WorkapceONE Tunnel supports per-app VPN feature where only the whitelisted applications can be Tunneled rather than tunneling the entire device traffic. In order to whitelist the application to use Tunnel, admin needs to enter the following details on the Workspace UEM Console under “VMware Tunnel” device traffic rule:
Path (this is used only for the pure non-bundle binaries like Curl and ssh)
This fling application supports the basic drag and drop interface which admin can launch and then drag and drop the application to be flagged to use per-app VPN (Firefox in the following case), once the applicatin is dropped, it’s attributes are listed and then admin can paste those in the UEM console as shown below:
Removed internal link in User Guide. Added a link to the correct external location
Removed duplicate User Guide document in zip file
VMware OS Optimization Tool
While there is some competition OSOT has been THE tool for optimizing images for VDI or RDSH. The changelog on this on is huge!
December, 2019, b1130
Command LineAdded command line parameters to allow the control of the common options settings. This allows for the control of visual effect, notification, windows update, store applications, background and system clean up tasks, from the command line.
Added list of available templates to the output when run with -h (help).
Fixed issues with command line options.
The VMware Operating System Optimization Tool Guide has been updated to include instruction and examples on using the command line.
Changed balanced setting (default) to leave Show shadows under windows enabled. This was making the white on white explorer windows blend in together which did not give the best user experience.
Added optimization settings to disable WebCache processes from Windows 10. The default is that these optimizations are selected. This removes approximately 40 Mb from each users’ profile on creation and improves logon times.
Horizon Cloud Templates
Changed the two Horizon Cloud specific templates (Windows 10 and Windows 7) by removing the item “VMware DaaS Agent Service”. This is no longer required in Horizon Cloud Service.
December, 2019, b1120
Changed the two existing Windows 10 templates to also cover the associated Server OS and to introduce support for Windows Server 2019.
Windows 10 1507-1803 / Server 2016
Windows 10 1809-1909 / Server 2019
The old Windows Server 2016 templates have been removed.
System Clean Up
Added System Clean Up options to Common Options dialog. This removed the need for these to be typed and run manually.
Deployment Image Servicing and Management (DISM)
Reduces the size of the WinSxS folder by uninstalling and deleting packages with components that have been replaced by other components with newer versions. Should be run after a Windows update.
Native Image Generator (NGEN).
Optimizes the .NET Framework. Should be run after an update of .NET Framework.
Compact (Windows 10/ Server 2016/2019). Enables CompactOS to compress specific Windows system files to free up space. Can take several minutes to execute.
Deletes temporary and unnecessary files.
New Common Options page for Background which allows the choice of color using a picker. This also allows the option to allow the user to be able to change their wallpaper.
Visual Effects options
Added a third option where all visual effects are turned off apart from smooth edges and use drop shadows. This is now the default selection.
Windows Store Apps
New page in Common Options that allows more control over removing Windows Store Apps while allowing the user to select common ones to keep. The Windows Store App and the StorePurchaseApp are retained by default.
Applications that will be able to be selected to be kept are:
Alarms & Clock
The small taskbar option is now no longer selected by default.
In both Windows 10/ Server templates the following services are now no longer selected by default.
Application Layering Gateway Service
Block Level Backup Engine Service
Function Discovery Provider Host
Function Discovery Resource Publication
Internet Connection Sharing
Microsoft iSCSI Initiator Service
Microsoft Software Shadow Copy Provider
Secure Socket Tunneling Protocol Service
Store Storage Service
Volume Shadow Copy Service
Windows Biometric Service
Numerous New Optimizations
Fully disable Smartscreen.
Disable Content Delivery Manager.
Disable User Activity History completely.
Disable Cloud Content.
Disable Shared Experiences.
Disable Server Manager when Windows Server OS.
Disable Internet Explorer Enhanced Security when Windows Server OS (not selected by default).
Disable Storage Sense service.
Disable Distributed Link Tracking Client Service.
Disable Payments and NFC/SE Manager Service.
Bug and error fixes
Fixed condition when Export Analysis Results would fail to create file.
Sometimes there is a need to change the amount of desktops/rds hosts in a pool/farm. Since doing this in the GUI sucks (although that seems to have gotten slightly better with 7.11) I prefer to do it using the API’s. Let’s start with a Desktop pool.
The easiest way to change pool settings is to use the helper function of a service. After connecting to the connection server we first need to query for the ID of the desktoppool that we need to change.
As I said in the blog posts, Horizon Reach is one of the best tools for Horizon ever if not the best by giving the admin insight into the entire Cloud Pod Architecture.
Horizon Reach is a web based, monitoring and alerting fling for VMware Horizon On Prem deployments. Horizon Reach is designed to tackle the disconnect in Enterprise environments wherein each Pod in a Cloud Pod Architecture is its own technology domain and fault domain, or a customer is running multiple, disconnected pods, outside of a Cloud Pod Architecture, but would still like to treat them all as one unit of compute.
Often when troubleshooting these fault domains, it can feel like a game of “Whack a mole” jumping from Pod to Pod trying to find a pertinent session, alarm or event to the problem your user is describing.
Reach tackles this issue by performing health checking and gathering pertinent errors from each separate environment and displaying them all in a single place, creating an easy location for administrators to monitor the environment, along with providing a detailed first step in the troubleshooting process.
VMware vSAN Live
Did you like the vSphere mobile fling? Guess what there is a vSAN mobile fling now as well to give you all the insights while on the go. Personally I expect this one to be merged with the vSphere app at some point but as of now it’s a separate app.
VMware vSAN Live provides vSAN users with instant insights into their hyperconverged infrastructure environments from their mobile devices. Instead of stopping, signing into a laptop and then logging in remotely to view their vSAN environments, users can monitor their HCI clusters while on the go, troubleshooting in just a few clicks.
What’s included in this release?
Overview dashboard of vSAN clusters
Full-featured Health Checks
Cluster inventory view including Fault domain and host status.
Easily switch between different vCenter Servers
Cluster configuration view including vSAN settings and service status.
Full-featured Performance monitoring for VMs and Cluster
Full-featured Capacity monitoring
VMware vSAN powers VMware’s hyperconverged infrastructure solution, which combines compute virtualization, storage virtualization and storage networking with unified management into a single system running on industry-standard x86 servers. VMware vSAN, primes businesses for growth through seamless evolution, industry leading deployment flexibility and hybrid-cloud capabilities.
vSAN is native to the market-leading hypervisor, vSphere, simplifying HCI adoption by leveraging existing tools and skillsets. vSAN provides customers industry leading deployment flexibility with over 500+ ReadyNodes, or jointly-certified x86 servers, a turn-key appliance, Dell EMC VxRail, and native services with all of the top public cloud providers: Amazon, Microsoft, Google, Alibaba, IBM and Oracle. vSAN supports the most hybrid cloud uses cases and provides enterprise-grade, general-purpose infrastructure for VM and container-based applications.
vCenter Event Broker Appliance
This is quite a handy appliance when you want some event driven automation for your vSphere environment.
The vCenter Event Broker Appliance (VEBA) enables customers to easily create event-driven automation based on vCenter Server Events. For example, VEBA can drive basic workflows like automatically attaching a vSphere tag when a virtual machine (VM) is created. Even more powerful integrations between datacenter-internal enterprise services and cloud services, for example Slack and Pager Duty, can be created with VEBA out of the box.
VEBA is provided as a Virtual Appliance that can be deployed to any vSphere-based infrastructure, including an on-premises and/or any public cloud environment, running on vSphere such as VMware Cloud on AWS or VMware Cloud on Dell-EMC.
With this appliance, end-users, partners and independent software vendors only have to write minimal business logic without going through a steep learning curve understanding vSphere APIs. As such, we believe this solution not only offers a better user experience in solving existing problems for vSphere operators. More importantly, it will enable new integration use cases and workflows to grow the vSphere ecosystem and community, similar to what AWS has achieved with AWS Lambda.
New plugin UI integrated with the vSphere HTML5 Client and supported with both vSphere and VMware Cloud environments
Full feature parity with the standalone XVM UI
Supports migrations triggered by the host, cluster and resource pool actions from the vSphere Client inventory tree
Standalone UI is now deprecated but is still supported
Ability to migrate networks with the same name
Sorting and filtering of the list of VMs to migrate (plugin only)
Error reporting improvements
Infrastructure Deployer for vCloud NFV
Infrastructure Deployer for vCloud NFV is an automation-based deployment tool used for setting up the VMware vCloud NFV platform (NFV 3.2 VCD edition). It is based on VMware vCloud NFV 3.0 Reference Architecture design and targets greenfield deployments only.
There are two components:
The input text file – User enters all details of the environment and component products that need to be deployed, and
The power shell scripts – Executed to do the actual deployment of the products.
Horizon View Events Database Export Utility
While I personally prefer to use the api’s to grab Horizon event logs I still think the Horizon View Events Database Export Utility could be very usefull for people, specially now it has been updated to work with the latest version of Horizon.
Added support for RDSH Pools
Returns desktop name now
Several bug fixes
Tested with Horizon 7.11
Horizon Helpdesk Utility
The Horizon Helpdesk Utility still is a 1000 times better than the official java or html5 interfaces and it keeps getting better and better.
Added Named user support in the views
Added support for VM image details
Added Global search on the overview
Added an option to disable the global mutex
Fixed numerous bugs
Updated all binaries to be signed
Added full name support for search results
Added image status and details for machines view
Added a privacy setting to remove the windows title caption
Many Bug Fixes
Kubewise is a nifty multi-platform Kubernetes Desktop client. In case you don’t want to type kubctl this could be a replacement.
[ Features ]
Terminal command UI – users can now override the default command to open a new terminal window of their choice.
About Info UI – displays the version of currently installed kubectl
[ Bug fixes ]
Fixed an issue where Windows users cannot add a kubeconfig file
Fixed an issue where Linux users cannot list resources due to snap security policies
Switching to YAML format in the Inspect resource view loaded all resources of the same type
Surround path params of kubectl commands with double quotes
[ Misc ]
Save settings file pretty printed
Allign ‘trash’ icons in kubeconfig dropdown
Show loading spinner on application startup
For years one of the less optimal things about VMware was the fact that you are not able to get an overview over all pods. Yes with other tooling like vRops or 3rd party monitoring this is possibly but all at a cost. At VMworld US Andrew Morgan presented Horizon Reach or Project Heimdall at that time, to the VMware EUC Champions. This tool sounded like the solution to get an easy overview over all pods. While I wasn’t there I definitely was interested and managed to get my hands on some of the early beta releases. With each and every release the stool started to look better and better. It was so good that at VMworld EU it received the first spot in the Top 5 EUC tools that Hans Kraaijeveld and I presented about at the EUC Tapas and Beer Community event.
Yesterday the fling finally was released and announced at Andrews own blog.