The VMware Labs flings monthly for May 2019

Originally I created this post with only 2 updated and one new fling. Some engineers though added two more new flings so 3 new ones and 2 have received an update. The new ones are the Distributed Trust Incident Reporting fling, vRealize Build Tools and Cloud Automation Services SDK for Python. while the Horizon Toolbox and Horizon Migration Tool have received updates.

New Releases

vRealize Build Tools

vRealize Build Tools provides tools to development and release teams implementing solutions based on vRealize Automation (vRA) and vRealize Orchestrator (vRO). The solution targets Virtual Infrastructure Administrators and Solution Developers working in parallel on multiple vRealize-based projects who want to use standard DevOps practices.

This Fling is focused on code quality, code reusability, unit testing, dependency management and parallel releases of vRealize projects. In practice, it is a set of Maven extensions, packaged in a Maven repository format, that support the use of IDE (via Maven) and CLI to develop, test and deliver vRA and vRO-based solutions. It includes a vRO plug-in that exposes autocomplete information for standard and third-party scripting objects and actions and CLI that can deploy packages to vRO and vRA via the standard APIs.

Cloud Automation Services SDK for Python

The Cloud Automation Services SDK for Python is a set of Python classes to simplify automation against several aspects of the Cloud Assembly, Service Broker, and Code Stream API when using Python.

Note: The github repo will be public soon!

 

Distributed Trust Incident Reporting

The Distributed Trust Incident Reporting fling is an  open source security incident tracker.

Security incidents are important to track so that all parties know the status of a breach and can respond in concert and with appropriate speed. Current methods to track incidents are generally paper-based manual processes. More recent systems are based on a centralized database with some web interface to interact with the record and response tracking.

We propose that this does not work well enough in the scenarios where:

  • security incidents may affect more than a single entity
  • where more than one entity must respond to an incident
  • some or all entities have no trust in the others
  • no party can or will be responsible for hosting the full system

For example, a security breach in the supply chain for a food manufacturer could result in several retail businesses with products on shelf that contain a pathogen. Current methods of notifying the proper authorities require a phone tree to call all the correct parties which then react as individuals or local committees. In addition the incident must either be initially submitted to each entity separately or one entity must take responsibility to notify the others.

This Fling:

  • allows all parties (e.g. retail, governmental, public) to see the incident via a single report transaction
  • allows all parties to respond in concert as required
  • allows automated systems to report incidents
  • allows transparency across all organizations

Updated flings

Horizon Toolbox

The Horizon toolbox is an extension to the Horizon Admin Console giving all kinds of user and session information. It is no replacement for the Horizon Helpdesk (or the fling).

Changelog

May 28, 2019, 7.8.0

  • Fix some incompatible issues
  • Only support Horizon View 7.7 & 7.8

Horizon Migration Tool

The Horizon Migration Tool helps you migrating from Citrix to an On-Prem Horizon Environment.

Changelog

Version 3.0.2

  • Updated the binary package and the document accordingly

[API’s] Getting session counts (incl performance comparison)

One of my customers asked the question if it is possible to get a quick sessioncount for a script that they can run very often for a correct logging of license usage. While this could easily be done by grabbing all the sessions I thought this could be a slow process. I remembered though that the first release of the vmware.hv.helper module had a function called get-podsessions that only returned a sessioncount. I decided to see what was used for this. By going back in time at github I found that the GlobalSessionQueryService was still used but with the GlobalSessionQueryService_GetCountWithSpec method. It needs the service and a spec of the type VMware.Hv.GlobalSessionQueryServiceCountSpec.

the spec itself can hold one of the many options to get a count for

As you can see there is a globalentitlement property that needs to be set using the id so let’s grab that one first.

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'GlobalEntitlementSummaryView'
$globalentitlements = ($queryService.QueryService_Create($Services1, $defn)).results

I will use the first globalentitlement to grab the sessioncount

$globalentitlement=$globalentitlements | select -first 1
$globalsessionqueryservice_helper = New-Object VMware.Hv.GlobalSessionQueryServiceService  
$count_spec = New-Object VMware.Hv.GlobalSessionQueryServiceCountSpec  
$count_spec.globalentitlement=$globalentitlement.id
$sessioncountperglobalentitlements=$globalsessionqueryservice_helper.GlobalSessionQueryService_GetCountWithSpec($services1,$count_spec)

As you can see we actually get a count per pod so to get all the counts from all pods from all globalentitlements I have created a script with a couple foreach’s.

$hvserver1=connect-hvserver SERVERNAME
$services1=$hvserver1.extensiondata
$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'GlobalEntitlementSummaryView'
$globalentitlements = ($queryService.QueryService_Create($Services1, $defn)).results
$queryservice.QueryService_DeleteAll($services1)
[email protected]()


foreach ($globalentitlement in $globalentitlements){
  $globalsessionqueryservice_helper = New-Object VMware.Hv.GlobalSessionQueryServiceService  
  $count_spec = New-Object VMware.Hv.GlobalSessionQueryServiceCountSpec  
  $count_spec.globalentitlement=$globalentitlement.id
  $sessioncountperglobalentitlements=$globalsessionqueryservice_helper.GlobalSessionQueryService_GetCountWithSpec($services1,$count_spec)
  foreach ($sessioncountperglobalentitlement in $sessioncountperglobalentitlements){
    $pod=$services1.pod.pod_get($sessioncountperglobalentitlement.id)
    $sessioncount+= New-Object PSObject -Property @{
      "Global_Entitlement_Name" = $globalentitlement.base.displayname;
      "Pod_Name"=$pod.displayname
      "Pod_Sessioncount" = ($sessioncountperglobalentitlement | select-object -expandproperty count);
      "Site_Name"= ($services1.site.site_get($pod.site)).base.Displayname;
    }
  }
}
 return $sessioncount | select-object Global_Entitlement_Name,Pod_Name,Site_Name,Pod_Sessioncount

The W10_MGMT global entitlement only has a pool in pod1 so even though the pod doesn’t have a pool inside the global entitlement it will still return a sessioncount.

Performance

I also decided to time it but in my small environment it took 3 seconds and 3 of those where for connecting to the connection server. If I removed the connecting part it was 0.7 seconds.

Measure-Command {D:\scripts\dev\session_count.ps1}

Back at the customer I decided to compare this against dumping all global sessions, this will give some better data since it has a couple more sessions in it (around 3500 at the moment of testing)

The script I used for getting all global sessions is the code that I used for the get-hvglobalsession in the vmware.hv.helper module

$query_service_helper = New-Object VMware.Hv.GlobalSessionQueryServiceService
$query=new-object vmware.hv.GlobalSessionQueryServiceQuerySpec

$SessionList = @()
foreach ($pod in $services1.Pod.Pod_List()) {
  $query.pod=$pod.id
  $queryResults = $query_service_helper.GlobalSessionQueryService_QueryWithSpec($services1, $query)
  $GetNext = $false
  do {
    if ($GetNext) { $queryResults = $query_service_helper.GlobalSessionQueryService_GetNext($services1, $queryResults.id) }
    $SessionList += $queryResults.results
    $GetNext = $true
  } while ($queryResults.remainingCount -gt 0)
    $query_service_helper.GlobalSessionQueryService_Delete($services1, $queryresults.id)

}
return $sessionlist

Screenshots from the timing:

so the getcountwithspec method is about 2.5 seconds faster but the data in the globalsession is way more extensive and usable for all kinds of management overviews.

[API shorts]Resetting Desktops

This is the first post in a series of shorts that I will be posting about various methods that you can use with the VMware Horizon API’s. This time it will be about resetting desktops. When looking at the API Explorer you’ll see that there are two ways do do this from the machine service.

So the first is for a single VDI desktop and the latter for multiple.

First we need to get a list of vm’s I will be using the machines in pod1pool02 as victims for this post.

$queryservice=new-object VMware.Hv.QueryServiceService
$defn=New-Object VMware.Hv.QueryDefinition
$defn.QueryEntityType="MachineNamesView"
$filter=new-object VMware.Hv.QueryFilterContains
$filter.MemberName='base.name'
$filter.Value="Pod1Pool2"
$defn.filter=$filter
$results=($queryservice.QueryService_Query($services1, $defn)).results

with this result:

From this we’ll make a variable with all of them and one with a single one

$singlevm=$results | select-object -first 1
$multiplevms=$results

Before I will reset the single VM I will show the state of all the vm’s.

($queryservice.QueryService_Query($services1, $defn)).results.base.basicstate

And now let’s reset the vm.

$services1.machine.machine_reset($singlevm.id)

Since this is an instant clone you’ll see provisioned and not reset. Now let’s reset the rest as well.

$services1.Machine.Machine_ResetMachines($multiplevms.id)

And this method will work for all managed vdi desktops full, linked or instant clones.

The VMware Labs flings monthly for April 2019

It has been a quiet month for me on the blogging side of things. I am slowly rebuilding my lab so that costs a lot of time that I can’t spend on blogging. This month two new flings have been released and no less than six have received an update. the new flings are MyVMware CLI and App Volumes Entitlement Sync. The ones to receive an update are App Volumes Toolbox, Workspace One UEM Workload Migration Tool, Cross vCenter Workload Migration Utility, Identity Manager Migration/Backup Tool, vSphere HTML5 Web Client,  and HCIBench.

New Releases

MyVMware CLI

The MyVMware CLI fling is an early preview of api’s to download your entitled software from http://my.vmware.com.

MyVMware CLI is a command line client used to login and interact with my.vmware.com.
It provides an interface for programmatic query and download of VMware product binaries.

This Fling is in early preview and allows you to find and download:

  • Every product
  • Every version
  • Every file

Note: Any download attempts will be restricted to the entitlements afforded by your my.vmware.com account.

App Volumes Entitlement Sync

If you have multiple App Volumes installations than the App Volumes Entitlement Sync fling can be usefull to make sure everyone has the same rights everywhere.

The App Volumes Entitlement Sync Fling will read, compare and sync entitlements from one App Volumes instance to another. This helps customers managing multiple App Volumes instances across one or multiple geographic sites.

Updated flings

App Volumes Toolbox

The App Volumes Toolbox fling makes it easier to manage your App Volumes setups.

Changelog

Version 2.0

  • Optimized for App Volumes 2.x
  • Remove support for Enzo and App Volumes 3
  • Bug Fixes

Workspace One UEM Workload Migration Tool

The Workspace One UEM Workload Migration Tool fling allows you to easily migrate applications and configurations between various WS One setups.

Changelog

Version 1.0.1

  • Fixed issue with expired credentials.

Cross vCenter Workload Migration Utility

The Cross vCenter Workload Migration Utility allows you to vmotion or move vm’s between linked and unlinked vCenter servers. Since this version it also supports NSX-T Opaque networking.

Changelog

Version 2.6, April 15, 2019

  • Added support for NSX-T Opaque Network (enables migration to/from VMC and on-premises vSphere with NSX-T)

Identity Manager Migration/Backup Tool

With the Identity Manager Migration/Backup Tool you can automate the process of migrating and backing up from one idm to another.

Changelog

Version 1.6

  • Exports categories to new XML file appname_categories.xml
  • Exports entitlements to a new XML file called appname_entitlements.xml
  • Imports categories
  • Creates the category if it doesn’t exist on tenant where importing
  • Shows if a bundle has an associated entitlement or category xml file
  • Shows number of applications returned
  • Shows number of categories an application has assigned to it
  • Windows reserved characters are replaced with an underscore for export bundle

Version 1.5

  • Allows more than 20 applications to be returned – now up to 500 applications will be returned by the tool
  • Added number of applications returned into the group box title

vSphere HTML5 Web Client

Want the newest even with vCenter 6.7? Use the vSphere HTML5 Web Client fling!

Changelog

Fling 4.2.0 – Build 13172979
New Features

  • vSphere Perspective Management available under Administration > Customization > Perspectives This new feature enables administrators to take control of which parts of the UI other administrators see. This is done by defining a set of views and combining them together into a so called “perspective”.
    • [Perspective tab] As an administrator you can show or hide: tabs, portlets and primary views.
    • [Assignments tab] Perspectives can be assigned to both users and groups.
    • Demo is available at https://www.dropbox.com/s/06z15xspsvrciys/Perspectives-demo-fling.mp4
  • Code Capture can also capture calls for operations made when managing Content Libraries.
  • Code Capture can generate scripts in additional languages: Python and vRO (vRealize Orchestrator) Javascript.

Known Issues

We noticed an intermittent issue with stopping the vsphere-client. You can always kill the process manually by running these commands

ps -ax | grep java
kill -9
ps -ax | node
kill -9

HCIBench

Want to test your Hyperconverged Infrastructure? HCIBench Is one of the tools you can use for that.

Changelog

Version 2.0

  • Added fio as an alternative workload generator
  • Added Grafana for workload live monitoring
  • Switched UI to clarity
  • Allow user to select one to four cases while using easy-run

Bug fixes

  • MD5 checksum of HCIBench_2.0.ova: ba3c2b06b8c27fb41a1bb68baedb325f

The VMware Labs flings monthly for March 2019

We’re already into April that means it’s time for the flings update for March. There have been 3 updates and two new flings. I already have a blogpost about one of the updated flings: The Horizon Helpdesk Utility. The new flings are: Identity Manager Migration/Backup Tool and Physical Desktop as a Thin Client. The updated ones are: vSAN Hardware Compatibility List Checker, vSphere HTML5 Web Client and as said earlier the Horizon Helpdesk Utility.

New Releases

Physical Desktop as a Thin Client

Personally I don’t see the added value for this fling since there are already plenty of products that provide the functionality and you can even do it yourself with gpo’s. (and the logo is outdated as well)

A thin client is a stateless, fanless desktop terminal that has no hard drive. Thin clients provide businesses a cost-effective way to access virtual desktop infrastructures (VDI). To simplify the operation steps to access VDI, some features are embedded in thin clients.

For example:

  • Launch the RDP client default
  • Hide desktop/task bar
  • Disable system options to prevent user using other applications

And so on

This Fling will convert physical desktop as a thin client. It will restrict end-users’ behaviors when users log into physical desktops. After user logged in, Horizon view client will be launched automatically and other applications are forbidden to switch. Physical desktop will log off automatically once user exit Horizon view clients.

Identity Manager Migration/Backup Tool

The Identity Manager Migration/Backup Tool helps you in migrating vIDM settings between environments.

Identity Manager Migration/Backup Tool automates the process of exporting or importing applications and entitlements from one Identity Manager instance to another. If entitlements exists, they will also be backed up to an XML file. This Fling uses Identity Manager API’s for Export, Import, Delete and applying entitlements.

Updated flings

vSAN Hardware Compatibility List Checker

With the vSAN Hardware Compatibility List Checker you can check easily if you’re hardware is supported for VSAN.

Changelog

Version 2.1

  • Fixed the bug that firmware version of some controllers can’t be fetched

Version 2.0

  • Add 3 new checks
  • Controller is VMware certified for ESXi release
  • Controller driver is VMware certified
  • Controller firmware is VMware certified
  • Update HTML report format
  • Bug fixes

vSphere HTML5 Web Client

Nuf said about this one.

Changelog

Fling 4.1.0 – Build 12518617
New Features

  • Hiding VMs in Hosts and Clusters view – A very popular desktop client feature is brought into the vSphere HTML5 client where you can go to User’s menu, select My preferences and Inventory tab from where you can show/hide VMs in Hosts and Clusters view by selecting the checkbox.
  • User’s menu -> My preferences will have additional preference options like Language, Time Zone, Console and Inventory
  • Developer Center now has API Explorer tab listing all the REST APIs exposed by vSphere SDK.
  • New layout for the feedback tool and feedback tool can be invoked even when a dialog is open on the screen. This enables taking the screenshot of the client including the dialogs. Also, feedback tool now has the ability to add screenshots, this will help you compare the features between different clients and upload the screenshots.

Improvements

  • We added the support back to 6.0 vCenters to the fling. You can now point vSphere HTML5 client fling v4.1 to 6.0 or 6.5 or 6.7 version of vCenter servers.
  • License expiration notification now is increased from 60 to 90 days and includes all the licenses
  • Evaluation License is now shown in the licenses list
  • Sorting and Filtering by License Expiration date in the Licenses list

Known Issues

  • New layout of the feedback tool has issues in the Firefox browser, so you will see old feedback tool in that browser.
  • There are some areas where feedback tool might not capture the screenshot of the dialog, like VM edit settings.

Horizon Helpdesk Utility

For a more complete overview of the Horizon Helpdesk Utility fling so the link I posted in the intro to my previous blogpost.

Changelog

Version 1.3.3.1

  • Removed machine listings from session view (overkill)
  • Improved Environment view to include metrics on all connected infrastructure:
    • vSphere
    • Hosts
    • Datastores
    • Remote Pods
    • Events
    • Problem Machines
  • Added repeated queries for logon breakdown if missed on first instance
  • Added event query support for logon breakdown
  • Added events view for Farm and Desktop pools
  • Added inbuilt find / search to users / machines in pool views
  • Added support for multiselect in pool / farm views
  • Added graph / chart views of machines / sessions and problem machines on the environment overview
  • Added a pod switcher to the environment overview
  • Added a global search to the environment overview
  • Added support for Pod Jumping.
    • the ability to jump to a pod on demand
    • the ability to jump to a pod a session belongs to
  • Added support for an architecture view of Desktop Pools
  • Added support for an architecture view of Farms
    • Enhanced view of servers load evaluator value
  • Added bulk user tasks via pool or farm views:
    • Bulk messaging
    • Bulk log off
    • Bulk disconnect
    • Bulk reset
    • Bulk restart
  • Added support for a local pod view (AKA environment view):
    • Connection servers
    • Farms
    • Desktop pools
  • Added documentation (finally)
  • Added MSI installation support
  • Added a start time column to user sessions (this will persist as a preference)

The Horizon Helpdesk Utility fling version 1.3.3.1 has been released

Last august I posted about a then new fling: the Horizon Helpdesk Utility While that release was great Andrew added a whole lot more of awesomeness.

Changelog

Version 1.3.3.1

  • Removed machine listings from session view (overkill)
  • Improved Environment view to include metrics on all connected infrastructure:
    • vSphere
    • Hosts
    • Datastores
    • Remote Pods
    • Events
    • Problem Machines
  • Added repeated queries for logon breakdown if missed on first instance
  • Added event query support for logon breakdown
  • Added events view for Farm and Desktop pools
  • Added inbuilt find / search to users / machines in pool views
  • Added support for multiselect in pool / farm views
  • Added graph / chart views of machines / sessions and problem machines on the environment overview
  • Added a pod switcher to the environment overview
  • Added a global search to the environment overview
  • Added support for Pod Jumping.
    • the ability to jump to a pod on demand
    • the ability to jump to a pod a session belongs to
  • Added support for an architecture view of Desktop Pools
  • Added support for an architecture view of Farms
    • Enhanced view of servers load evaluator value
  • Added bulk user tasks via pool or farm views:
    • Bulk messaging
    • Bulk log off
    • Bulk disconnect
    • Bulk reset
    • Bulk restart
  • Added support for a local pod view (AKA environment view):
    • Connection servers
    • Farms
    • Desktop pools
  • Added documentation (finally)
  • Added MSI installation support
  • Added a start time column to user sessions (this will persist as a preference)

Let’s take a look some of the new goodies, the first change is that you now get a proper connection alert:

The POD switcher

The show environment button will show you the environment as seen from the pod you are currently connected to. A lot of tabs with health information about those components and some counts on sessions, machines and problem machines.

The address behind Connected To will send you to the Horizon Admin Console, this might sound small but I like it!

When you open a pool this is what you see

All of the events for that pool and yes you can sort & filter them!

Some details for a users session

If there are multiple sessions (unlike in my lab) you can select them and mass send messages or do other actions against them.

The view for an RDS farm

So yes the best Horizon helpdesk tool ever just got improved by a 100%!

 

 

 

Applying Golden Images for VDI & RDS cloned pools using the Horizon View API’s

Recently I came up with the idea to create a script to apply new Golden Images against the various types of desktop pools and farms that we have in Horizon View. This was something that I thought was not available from the vmware.hv.helper module but after some research I did find that it it available from the module by using start-hvpool and start-hvfarm. No those are not the best names for the functions in my opinion. This wouldn’t stop me for creating this post though on how to apply the images using api’s only since the module uses mapentries and I still hate those. I will cover full clones and defining a new image without recomposing in a next post since that requires updating the pools.

Let’s take a look at the api explorer on what is needed to recompose or push an image.

 

The DesktopPushImageSpec for instant clones has a comparable setup with some nuance differences.

For RDS farms the linked clones spec is equal to the desktop spec but for instant clones there’s a rather big difference but I will cover that later on.

So the common steps for most types of applying the golden image are:

  • Selecting the Desktop Pool or RDS Farm
  • getting the id for the vcenter or datacenter where the parent VM lives
  • getting the id of the Parent VM
  • getting the id of the snapshot to use
  • getting the id’s of the machines in the desktop pool (Linked Clones only)
  • Select date & time for the recompose or imagepush (if required)
  • combine the above info into a spec to recompose or imagepush
  • Apply the recompose or ImagePush

Each step uses information from the step above it.

Selecting the Desktop Pool or RDS Farm

This can be done using queries. For desktops we user the desktopsummaryview definition and for farms farmsummaryview.

$poolname="pod02_LC"
$queryservice=New-Object VMware.Hv.QueryServiceService
$defn=new-object VMware.Hv.QueryDefinition
$defn.QueryEntityType='DesktopSummaryView'
$defn.Filter= New-Object VMware.Hv.QueryFilterEquals -property @{'MemberName'='desktopSummaryData.name'; 'value'=$poolname}
$desktoppool=($queryservice.QueryService_Create($services1, $defn)).results

And for a farm

$farmname="rds_IC"
$queryservice=New-Object VMware.Hv.QueryServiceService
$defn=new-object VMware.Hv.QueryDefinition
$defn.QueryEntityType='FarmSummaryView'
$defn.Filter= New-Object VMware.Hv.QueryFilterEquals -property @{'MemberName'='data.name'; 'value'=$farmname}
$farm=($queryservice.QueryService_Create($services1, $defn)).results

getting the id for the vcenter or datacenter where the parent VM lives

For desktops this is a property of the $desktoppool object we have now

$desktopppoolvcenterid=$desktoppool.desktopsummarydata.VirtualCenter

For automated farms we need a small extra step since it is not property for the summary data we we can get it by doing a farm_get with the id we received from the query

$farmvcenterid=($services1.Farm.Farm_Get($farm.id)).automatedfarmdata.VirtualCenter

getting the id of the Parent VM

Using the vcenterid as done below we are able to list all vm’s in the vCenter that might be a Golden Image using

$services1.BaseImageVm.BaseImageVm_List($desktopppoolvcenterid)

You might be able to see it but this gives a list of all VM’s in the vCenter, sadly there is no query for this yet even though that would be really useful. If you know the exact name you can select on that but if you look at the IncompatibleReasons property there’s info to filter (if you want to create a menu for example)

$baseimagevmlist=$services1.BaseImageVm.BaseImageVm_List($desktopppoolvcenterid)
$baseimagevmlist.IncompatibleReasons

InUseByDesktop is a usable one for instantclones. I don’t know why InUseByLinkedCloneDesktop doesn’t give any true values even though I have one pool with linked clones, viewcomposerreplica does work. I have filtered this on some of the more obvious ones and end up with both my golden images for Windows 7 & Server 2016

$baseimagevmlist |where {$_.IncompatibleReasons.InUseByDesktop -eq $false -and $_.IncompatibleReasons.InstantInternal -eq $false -and $_.IncompatibleReasons.ViewComposerReplica -eq $false}

I will do it easy and select on the name for now

$Desktopbaseimagevm=$baseimagevmlist | where {$_.name -eq "GI_H72"}
$farmbaseimagevm=$baseimagevmlist | where {$_.name -eq "rds_template"}

getting the id of the snapshot to use

With the baseimagevmid we can utilize the baseimagesnapshot method to get the id for the snapshot.

$desktopsnapshotlist=$services1.BaseImageSnapshot.BaseImageSnapshot_List($Desktopbaseimagevm.id)
$farmsnapshotlist=$services1.BaseImageSnapshot.BaseImageSnapshot_List($farmbaseimagevm.id)

In this there is also an IncompatibleReasons property but that doesn’t give a lot of information so we’ll need to filter on name.

$desktopLCsnapshot=$desktopsnapshotlist | where-object {$_.name -eq "gi_linked"}
$desktopICsnapshot=$desktopsnapshotlist | where-object {$_.name -eq "snap_gi"}
$farmsnapshot=$farmsnapshotlist | where-object {$_.name -eq "gi_rds_2016"}

getting the id’s of the machines in the desktop pool

As you’ll see later in the spec there’s a requirement to list the machine id’s for the pool if you want to do a recompose. These can be grabbed by doing a query

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'MachineSummaryView'
$defn.filter=New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='base.desktop'; 'value'=$desktoppool.id}
$QueryResults=$queryService.Queryservice_create($Services1, $defn)
$desktopmachinelist=$queryresults.results

For Linked Clone RDS farms you ned to use the QueryEntityType of RDSServerSummaryView but since I don’t have those in my lab I can only show the theory

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'RDSServerSummaryView'
$defn.filter=New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='base.desktop'; 'value'=$farm.id}
$QueryResults=$queryService.Queryservice_create($Services1, $defn)
$farmmachinelist=$queryresults.results

Settings date and time for the action

It’s not required to set a date and but is very usable if you want to schedule an action. Please be aware that this is based on us format for day and time so mm-dd-yyyy otherwise I would have scheduled it for august.

$datetime=[DateTime]"02-08-2019 10:00:00AM"

The [DateTime] converts the string that follows it to a variable of the type day and time

combine the above info into a spec to recompose or imagepush.

To build the spec we first need to declare a new object with new-object vmware.hv.DesktopRecomposeSpec please be aware that for this name you need to look at the data object in the API explorer and not the class.

$desktoprecomposespec=new-object vmware.hv.DesktopRecomposeSpec
$desktoprecomposespec.ParentVm=$desktopbaseimagevm.id
$desktoprecomposespec.Snapshot=$desktopLCsnapshot.id
$desktoprecomposespec.StartTime=$datetime
$desktoprecomposespec.LogoffSetting="WAIT_FOR_LOGOFF"
$desktoprecomposespec.StopOnFirstError=$true
$desktoprecomposespec.Machines=$desktopmachinelist.id

For the instant clone image push there’s an extra layer required for the settings

$desktopimagepushspec=new-object VMware.Hv.DesktopPushImageSpec
$desktopimagepushspec.settings=new-object vmware.hv.DesktopPushImageSettings
$desktopimagepushspec.ParentVm=$desktopbaseimagevm.id
$desktopimagepushspec.snapshot=$desktopICsnapshot.id
$desktopimagepushspec.settings.StartTime=$datetime
$desktopimagepushspec.settings.LogoffSetting="WAIT_FOR_LOGOFF"
$desktopimagepushspec.settings.StopOnFirstError=$true

The recompose for a linked clone rds farm is similar to the desktop linked clone.

$farmrecomposespec=new-object vmware.hv.farmRecomposeSpec
$farmrecomposespec.ParentVm=$farmbaseimagevm.id
$farmrecomposespec.Snapshot=$farmLCsnapshot.id
$farmrecomposespec.StartTime=$datetime
$farmrecomposespec.LogoffSetting="WAIT_FOR_LOGOFF"
$farmrecomposespec.StopOnFirstError=$true
$farmrecomposespec.Machines=$farmmachinelist.id

For RDS instant clone farms the pushing of a new image is part of the maintenance schedule that can be done immediate or recurring. I will do the recurring option for now since rds hosts needs to be refreshed every once in a while anyway. There’s some options inside the settings that are explained in the api explorer.

$farmmaintenancespec=new-object vmware.hv.FarmMaintenanceSpec
$farmmaintenancespec.recurringMaintenanceSettings=new-object vmware.hv.FarmRecurringMaintenanceSettings
$farmmaintenancespec.imageMaintenanceSettings=new-object vmware.hv.FarmImageMaintenanceSettings
$farmmaintenancespec.maintenanceMode="RECURRING"
$farmmaintenancespec.scheduledTime=$datetime
$farmmaintenancespec.logoffsetting="WAIT_FOR_LOGOFF"
$farmmaintenancespec.stopOnFirstError=$true
$farmmaintenancespec.recurringMaintenanceSettings.startTime="23:00"
$farmmaintenancespec.recurringMaintenanceSettings.maintenancePeriod="WEEKLY"
$farmmaintenancespec.recurringMaintenanceSettings.startInt=1
$farmmaintenancespec.ImageMaintenanceSettings.parentVm=$farmbaseimagevm.id
$farmmaintenancespec.ImageMaintenanceSettings.snapshot=$farmsnapshot.id

Apply the recompose or ImagePush

This is the easiest part of the spec’s have been build properly.

Please note that the variables for the pools I use are a bit different to show the linked and instant clone pools

$services1.Desktop.Desktop_Recompose($linkedclonepool.id,  $desktoprecomposespec)
$services1.Desktop.Desktop_SchedulePushImage($instantclonepool.id, $desktopimagepushspec)
$services1.farm.Farm_ScheduleMaintenance($farm.id, $farmmaintenancespec)

No visible feedback but it’s visible from the admin console (sadly not all tasks can be gotten from the api’s yet 🙁 )

That’s it for now but expect future posts about full clones, setting a default image for linked clones without recompose and maybe a complete script that does it all for you.

The VMware Labs flings monthly for January 2019

One month down, eleven to go for 2019! I am very busy planning the first Nutanix User Group meet and hopefully I will be selected again as vExpert. You can also still apply for vExpert at http://vexpert.vmware.com/. Back to the flings, this month there has been one new release:  Policy Enforcer and four updates: ESXi Embedded Host Client,
vSphere HTML5 Web Client, vSAN Hardware Compatibility List Checker and vSphere PKS Plugin.

New Releases

Policy Enforcer

Policy Enforcer is used to check and remediate restriction policies on a Workspace ONE Managed Windows 10 machine. If a user were to try to override configured Policy CSP settings by attempting to edit the Windows Registry, Policy Enforcer will compare the current value with the MDM configured value and reset the registry if the values differ.

Policy Enforcer can be implemented by uploading the MSI installer to the WS1 UEM console and deploying as an internal app via Apps & Books.

Updated

vSAN Hardware Compatibility List Checker

With the vSAN Hardware Compatibility List Checker you are able to test your hardware against the vSAN Hardware Compatibility list.

The vSAN Hardware Compatibility List Checker is a tool that verifies all installed storage adapters against the vSAN supported storage controller list. The tool will verify if the model, driver and firmware version of the storage adapter are supported.

Using a supported storage controller and firmware is important in a vSAN deployment to ensure normal operations, optimal performance, and to reduce the chances of hardware/firmware issues. This tool can be useful to ensure that a storage device and its firmware went through certification testing supported by VMware and its partners.

Some scenarios where the tool can be useful:

  • Verify if new server and storage adapter are supported for a vSAN deployment
  • Verify if re-purposed server, storage adapter are supported for a vSAN deployment

For a full vSAN system check, please check vSAN health UI through vSphere web client after a vSAN deployment.

Changelog

Version 2.0

  • Add 3 new checks
  • Controller is VMware certified for ESXi release
  • Controller driver is VMware certified
  • Controller firmware is VMware certified
  • Update HTML report format
  • Bug fixes

vSphere PKS Plugin

The vSphere PKS plugin gives the administrator a graphical interface within the vSphere HTML5 console.

Changelog

Version 1.0.1 – Build 168317

  • A PKS instance can be added to the plugin by providing the Ops Manager credentials
  • Support an alternate IP address (such as an NSX floating IP) to be used as the registration server and plugin server IP. It is assumed that the IP will be mapped to the appliance’s NIC via other means
  • Minor bug fixes

ESXi Embedded Host Client

The latest and greatest version of the ESXi embedded host client as found in production since ESXi6.0

Changelog

Version 1.33.1 build 12086396 (Fling 23) – January 31, 2019
OVF issues 

  • Various fixes for ovf import issues
  • ISO files are now imported from OVAs

General 

  • Fixed an issue with special characters in datastore names in some versions of ESXi
  • Fix swapped labels for transmit and receive in network chart
  • Network adapters are added to the vm in the correct order
  • Fixed issue with firewall notifications displaying incorrect information
  • provide notifications for expiring licenses
  • Support for Swedish input locale in the vm console
  • Display Fibre channel wwn and wwp as 64bit addresses

 vSphere HTML5 Web Client

This is the newest release of the HTML5 Web Client for vSphere. The downloadable version is 4.0.1 while the changelog is 4.0 so we’ll have to assume that 4.0.1 is a small bug fix. Starting from this version the fling ONLY supports vSphere 6.5 and newer!

Changelog

Fling 4.0 – Build 11785236

  • New Features
    • Support for VC 6.7
    • ESX Agent Manager UI
    • MxN Convergence in System Configuration
    • Import Certificate and Generate CSR
    • Code Capture: the record button can be toggled between hidden and shown.
    • Ability to remove Script Bundles in Autodeploy for 6.7 VC
    • Ability to remove Discovered hosts in Autodeploy for 6.7 VC
    • Export licensing data in CSV for all licensing views
    • Add and Assign license with single operation
    • Authentication Proxy configuration for VC 6.5+ (VC > Configure  > Settings > Authentication Proxy)
  • Improvements
    • Improved performance for Files browser for VC 6.7
  • Bug Fixes
    • Fixed an issue where starting a Code Capture recording would lead to dialogs loading slowly or not at all.
  • Known Issues
    • To open the Fling UI, you need to use https://<Fling IP>/ui
    • The VMware vSphere Update Manager (VUM) plugin will not be loaded when the Fling 4.0 is connected to vSphere 65
  • Release Notes
    • The upgrade from Fling 3.x to Fling 4.0 will require to establish new connection to the vSphere by providing the vSphere credentials.
    • The Fling 4.0 is based on the vSphere 6.7 client and does not support vSphere versions prior to vSphere 6.5

Added Checks to the vCheck for Horizon View

Starting this year I decided to really restart working on the vCheck for Horizon. I had several requests for RDS checks & Active directory plus I really wanted to get rid of everything related to the vmware.hv.helper module to make using it a little easier.

Just like the pools I pull the farms in the connection plugin so these can be used from other plugins.

# --- Get Desktop pools
$poolqueryservice=new-object vmware.hv.queryserviceservice
$pooldefn = New-Object VMware.Hv.QueryDefinition
$pooldefn.queryentitytype='DesktopSummaryView'
$poolqueryResults = $poolqueryService.QueryService_Create($Services1, $pooldefn)
$pools = foreach ($poolresult in $poolqueryResults.results){$services1.desktop.desktop_get($poolresult.id)}

# --- Get RDS Farms

$Farmqueryservice=new-object vmware.hv.queryserviceservice
$Farmdefn = New-Object VMware.Hv.QueryDefinition
$Farmdefn.queryentitytype='FarmSummaryView'
$FarmqueryResults = $FarmqueryService.QueryService_Create($Services1, $Farmdefn)
$farms = foreach ($farmresult in $farmqueryResults.results){$services1.farm.farm_get($farmresult.id)}

# ---- Remove queries
$services1.QueryService.QueryService_DeleteAll()

The deleteall() for the queries needs to be added to clean things up, otherwise you will run out of queries pdq. The RDS plugins I created are visible down below.

Also an AD check was added

The vCenter api call was split into three checks for vCenter itself, ESXi and datastores.

Besides these I have also added a saml check (tested by Aresh Sarkari, thank you!) and truesso checks (don’t have it in my lab so can’t test).

If you want an example of the vCheck that can be found HERE.

Setting maintenance mode for Linked Clones using API’s

If you have used the VMware.hv.helper the title of this blog post might sound strange since the set-hvmachine already has a way to set maintenance mode. When Ryan Butler asked me the question this week though I didn’t think of that and dived into the api’s immediately. The machines.Machine_EnterMaintenanceMode method looked good to me and than I though of the vmware.hv.helper and noticed that with

Set-HVMachine -Maintenance ENTER_MAINTENANCE_MODE

it was also possible so set maintenance mode. The usage though made me think immediately that this was not actually using a proper api call but the update function. A quick look at the function itself confirmed this. It sets that status of the virtual machine by directly setting the status.

if ($Maintenance) {
      if ($Maintenance -eq 'ENTER_MAINTENANCE_MODE') {
        $updates += Get-MapEntry -key 'managedMachineData.inMaintenanceMode' -value $true
      } else {
        $updates += Get-MapEntry -key 'managedMachineData.inMaintenanceMode' -value $false
      }
    }
(this is just a snippet of the complete function)

If you are below version 7.5 of Horizon view it’s probably of no use to continue with the rest of this blog post. The api explorer only mentions the relevant functions since 7.5! They have been tried against 7.0.3 and 6.2 and there they don’t work.

So back to the drawing board it was and I needed to look at the API explorer, there are 4 relevant methods for maintenance mode.

As usual there are methods for multiple machines that use an array of id’s (with machines in the name) and methods for single machines id’s (without the machines in the name).

Since I usually use instant clones these days I created a small pool with three linked clones. With get-hvmachine I can show you their names and state.

(get-hvmachine -pool pod2_linked).base | select-object name,basicstate

Since I know that get-hvmachine will already give you the id of a machine it’s easy to do a one liner to set one system in maintenance mode.

 $services1.Machine.Machine_EnterMaintenanceMode((get-hvmachine -machinename p2lc001).id)

and exit maintenance mode.

 $services1.Machine.Machine_ExitMaintenanceMode((get-hvmachine -machinename p2lc001).id)

And the entire pool?

$services1.Machine.Machine_EnterMaintenanceModemachines((get-hvmachine -pool pod2_linked).id)

And exit maintenance mode for the entire pool.

$services1.Machine.Machine_ExitMaintenanceModemachines((get-hvmachine -pool pod2_linked).id)

Okay so we now know how this works but I don’t want to use to vmware.hv.helper module for this at all because I want to be able to use a list of machines or based on part of the name. That can be done using a query. The query entitytype to use is MachineSummaryView and if you use queryfiltercontains it’s also possible to use only a part of the name for a kind of wildcard selection. Combine several of these in with queryfilteror and it gives the opportunity to select them from a list.

$connectionserver="servername"
$hvserver1=connect-hvserver $connectionserver 
$Services1= $hvServer1.ExtensionData
$machines=get-content machines.txt
$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryentitytype='MachineSummaryView'
[email protected]()
foreach ($machine in $machines) {
    $queryfiltercontains=New-Object VMware.Hv.QueryFiltercontains -Property @{ 'memberName' = 'base.name'; 'value' = $machine }    
    $filterset+=$queryfiltercontains
    }
$orFilter = New-Object VMware.Hv.QueryFilterOr
$orFilter.filters = $filterSet
$defn.filter=$orFilter
$ids=($queryService.QueryService_Create($Services1, $defn)).results
$services1.Machine.Machine_EnterMaintenanceModeMachines($ids.id)
p2lc001
p2lc003

Now I replaced the names in the txt file with only p2lc00

$connectionserver="servername"
$hvserver1=connect-hvserver $connectionserver 
$Services1= $hvServer1.ExtensionData
$machines=get-content machines.txt
$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryentitytype='MachineSummaryView'
[email protected]()
foreach ($machine in $machines) {
    $queryfiltercontains=New-Object VMware.Hv.QueryFiltercontains -Property @{ 'memberName' = 'base.name'; 'value' = $machine }    
    $filterset+=$queryfiltercontains
    }
$orFilter = New-Object VMware.Hv.QueryFilterOr
$orFilter.filters = $filterSet
$defn.filter=$orFilter
$ids=($queryService.QueryService_Create($Services1, $defn)).results
$services1.Machine.Machine_ExitMaintenanceModeMachines($ids.id)

And back into maintenance mode

So this is a nice way to manage the machines and their maintenance state. Please remember that these scripts only work against horizon 7.5 and higher.