The VMware Labs flings monthly for September 2018

September flew past for me like a whirlwind. So much new things that I learned so here’s my monthly overview of all the new and updated VMware flings. There are three new ones with the DRS Dump Insight H5 PluginWorkspace One Configuration Tool for provisioning and the Horizon Session Recording. Four have received updates: ESXi Compatibility Checker, HCIBench, vRealize Operations REST Notifications and but not least the SDDC Certificate tool. It’s also one of the few months where the HTML5 Client didn’t get an update.

New

Horizon Session Recording

The Horizon Session Recording fling gives Horizon View administrators a way to record and save their users activity.

VMware Horizon Session Recording allows administrators of a VMware Horizon environment record their users activity in their Blast Extreme virtual desktop and application sessions.

With Session Recording, the administrator can choose to record local or remote sessions, to a central recording Server where the administrator can watch the recordings back via a HTML 5 web console integrated into the server.

The Session Recordings are stored as MP4 files for watching via the web console or downloading to play in a local player.

The VMware Horizon Session Recording Fling comprises of two components:

  • A Central Recording Repository + Web Front End
  • The Agent to be installed in the virtual desktop or RDSH host template which facilitates the recording.

Today VMware Horizon Session Recording supports Windows Server 2016 as the Central Server along with Windows 7, 10, Server 2012 and Server 2016 on the agent.

DRS Dump Insight H5 Plugin

If you like the the older DRS Dump Insight fling you will like the DRS Dump Insight H5 Plugin even more. No need anymore for pulling the data yourself, with the Plugin it will be available directly.

The DRS Dump Insight H5 Plugin helps answer simple questions like

  • “Can I get all the recommendations made by DRS?”
  • “Why did DRS make a certain recommendation?”
  • “Why is DRS not making any recommendations to balance my cluster?”
  • “How is my custom affinity/anti-affinity rule affecting load balancing in my cluster?”
  • “If I have a policy defined in my cluster, how different would DRS load balancing be?”

When diagnosing Distributed Resource Scheduler (DRS) cluster issues in vSphere, we look at vCenter server logs from the support bundle, including DrmDump files to find any clues. Analyzing DrmDumps is a slow and tedious process, is usually done by VMware support or Engineering teams for advanced debugging of algorithm related issues. This is because analyzing the dumps requires building a replayer module, for which one needs access to the source code. Another challenge is that the final DrmDump data is not in plain text format; it requires someone with an understanding of the source code to be able to make good sense of it.

There is an existing DRS Dump Insight fling, which can replay DrmDumps and provide useful information for debugging. However, Dump Insight requires users to manually upload relevant DrmDump files from the time when the issue occurred. With the DRS Dump Insight H5 Plugin, customers do not need to upload any DrmDump files, and can access all the anal yzed information from their vSphere HTML5 web client itself.

  • Once a customer installs the HTML5 plugin, a new DRS Dump Insight tab will be available under the “cluster -> monitor” view.
  • All the DrmDump files that are available for the given cluster are listed in the opening screen. Customers can select the dump file of their choice for analysis.
  • They can also select multiple dump files to be analyzed together.
  • After analysis, the tool shows the analysis for each dump file in a separate tab view.

Workspace ONE Configuration Tool for Provisioning

The Workspace ONE Configuration Tool for Provisioning fling is created for the Workspace One provisioning in the Dell factory.

The Workspace ONE Configuration Tool helps you build special-purpose unattend.xml configuration files to be applied in the Dell factory as part of Factory Provisioning. This helps to domain join (domain, workgroup, AAD, AAD Premium) and enroll devices automatically on first-boot. This simplifies the creation of the unattend.xml configuration file for Windows 10.

Features

  • It’s a stand-alone .exe app that helps IT administrators configure general and Out-of-the-Box Experience Windows setups to automatically enroll users in Workspace ONE.
  • The User Interface is made simple with explicit instructions about each field for easy and quick use by IT admins.
  • The User Interface has dynamic and efficient validations in Clarity and Angular, preventing the user from building the unattend.xml until all the validations are correctly satisfied.
  • This makes the UI fool-proof and reduces the chances of generating an invalid xml file.
  • The tool is made as a .Net Core 2.0 web app with Angular 5 and Clarity, which eases the integration of v2.0 into the AirWatch Console.

Updated

ESXi Compatibility Checker

With the ESXi Compatibility Checker a vSphere admin can automatically check and validate a current vSphere environment against the HCL.

Changelog

Build 10066133

  • Fixed bugs

HCIBench

While it probably is optimized for VSAN workloads the HCIBench is a benchmark tool that can be used with any HCI solution.

Changelog

Version 1.6.7.2

  • Enhanced write/read buffer/cache methodology
  • Fixed network ip-prefix selection issue
  • Fixed 95% percentile calculation issue

vRealize Operations REST Notifications Helper

With the vRealize Operations REST Notifications Helper fling it is possible it’s easier to use alerts in vRealize Operations Manager and send them to third-party tools.

Changelog

Version 1.1.2

  • Changed the line endings in text files from Win to Unix

Version 1.1

  • The new version of imset.jar
  • Updated properties file (imset.properties)
  • A new configuration file example (slack.json)
  • New version release notes (v1.1_notes.pdf)

SDDC Certificate Tool

The SDDC Certificate Tool is your one stop shop to replace all the certificates in a range of VMware Products: vSphere,NSX,vRLI,vROps etc.

Changelog

1.0.1 – Build 10253169

  • Spring Frameworks updated to version 4.3.19 due to security vulnerability

My #VMworld presentations @vbrownbag and @vmwarecode

Time flies when you’re having fun and it’s already been over two weeks since I came back from VMworld 2018 in Las Vegas. I just thought of the fact that I promised some people to post my presentations. While they kept looping on the provided mac’s they don’t do that on a windows system, or at least for me.

This is the link to the vBrownbag Presentation

and the video

This is the link to the VMware {Code} presentation

And the video

 

VMworld US 2018 report day 1 – Hackathon

Today was the official first day for VMworld US 2018. For me it started with the keynote from the press seats in the keynote arena. This was a first time for me since previous years I had decided on viewing it from the community areas. With VMware being almost old enough to grab a beer with it’s 20 years it was all about looking back at the past but also looking forward to the future. The message that I really agree on is that everything has to do with the community. A video of Mercy Ships was shown with their hospital ships that run on VMware products.

New announcements (and yes I might have missed some)

  • Platinum License leven (vSphere + App Defence)
  • vSphere 6.7 U1
  • vSAN EBS with bulk live migration
  • Amazon Relational Database Service (RDS) for On-Prem
  • Project DImension
  • Pulse 2.0
  • Acquirement of Cloudhealth
  • Coud Automation formerly known as Project Tango
  • Dell Provisioning for Workspace One
  • ESXi on arm64 for edge solutions

After this I went on the exhibition floor for a bit to wander around and look at new products. The floor was mostly about Cloud & monitoring this year where for me Uila and EG Innovations. Rather quickly the vmtn area became THE place to be again for vExperts and everyone in the community.

After lunch I went to the first of my two regular breakouts I visited this week: EUC Champions panel with Brian Madden as moderator. This was a fun panel where we even managed to heckle them from the first row.

Later in the afternoon it was time for the EUC Keynote where some of the newly announced things included Industry baselines for WIndows 10 Modern Management and a demo was shown for Horizon Cloud management.

The day ended with the VMworld hackathon. This kicked of with a short Kyle Ruddy Hecklethon where he introduced the audience into what can be done with PowerCLI.

The Hackathon itself wasn’t that successful for our team since I wasted most of the times with laptop issues. We had applied 1 fix though for the vmware.hv.helper and started work on vDocumentation for Horizon view. It was lots of fun though and that was the most important part for me.

I ended up with a step count of 16.240 for the day.

 

 

New View API query services in PowerCLI 10.1.1: pulling event information without the sql password.

A while back I already posted about new services that where available for the View API’s in PowerCLI 10.1.1. Recently the api explorer for this version was published and can be found here. Two things that I didn’t find back then was the addition of two services for the query service. The first is GlobalApplicationEntitlementInfo this one can be compared to the previously already available GlobalEntitlementSummaryView and will return information about global entitlements.

The second added services is extremely useful: you can now query the event database. This means you don’t need the actual sql password anymore to query the events. According to the api explorer at least Horizon 7.3 is required and only events from the Event and Event_Data database tables. A simple query will show all events.

$queryservice=new-object VMware.Hv.QueryServiceservice
$defn=new-object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EventSummaryView'
$results=($queryservice.QueryService_Query($services1,$defn)).results
$results

As you can see the data is divided in data and namesdata properties, these contain the same data as what is returned with get-hvevent. I added some selections to show only one event.

$results | where {$_.data.eventtype -like "*BROKER_USERLOGGEDIN*"}  | select -last 1 | select -expandproperty data

and

$results | where {$_.data.eventtype -like "*BROKER_USERLOGGEDIN*"}  | select -last 1 | select -expandproperty namesdata

Offcourse it;s better to use filtering from the query directly. The full lust for that is available from the api explorer but I will give a couple of examples. (be aware that membername and the value are case sensitive)

$queryservice=new-object VMware.Hv.QueryServiceservice
$defn=new-object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EventSummaryView'
$equalsFilter = New-Object VMware.Hv.QueryFilterEquals
$equalsFilter.membername='data.eventType'
$equalsFilter.value="BROKER_USERLOGGEDIN"
$defn.filter=$equalsFilter
($queryservice.QueryService_Query($services1,$defn)).results.data | select -last 1

Or by severity

$queryservice=new-object VMware.Hv.QueryServiceservice
$defn=new-object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EventSummaryView'
$equalsFilter = New-Object VMware.Hv.QueryFilterEquals
$equalsFilter.membername='data.severity'
$equalsFilter.value="WARNING"
$defn.filter=$equalsFilter
($queryservice.QueryService_Query($services1,$defn)).results.data | select -last 1

As said it can be filtered on other properties as well but that might require some more logic to get the userid or desktopid for example. This is a very useful addition in my opinion to the Horizon View api’s.

The VMware Labs flings monthly for July 2018

It’s been a busy month in the world of flings all of the flings except for one on the first page are new or updated ones. This means there are five(!) new ones and six(!) have received an update. The new ones are: Policy BuilderSDDC Certificate ToolvAssist.ai NLP PlatformWorkspace ONE UEM Samsung E-FOTA Tool and the Horizon Helpdesk Utility that I wrote yesterday about. The ones that received an update are: Cross vCenter Workload Migration Utility,  Blockchain on KubernetesHCIBenchESXi Embedded Host ClientvSphere HTML5 Web Client and last but not least the VMware OS Optimization Tool.

The new releases

Policy Builder

The policy builder is an hosted fling that helps the user to create custom MDM policies for Workspace UEM (former Airwatch)

Official summary:

This cloud hosted Fling helps users with custom Mobile Device Management (MDM) policy generation that use MDM capabilities available through Microsoft’s Windows 10 MDM Configuration Service Providers (CSPs).

Note: On login with My VMmware credentials, the tool provides an easy to use form based UI that allows the Windows 10 admin to simply enter the required values for the policies and auto generates corresponding syncML that can be copied to publish through Workspace ONE Unified Endpoint Management.

This tool greatly reduces the effort of hand rolling syncML and the possibility of code and formatting errors when creating or managing custom settings profiles through Workspace ONE UEM.

SDDC Certificate Tool

The SDDC Certificate Tool is an automated process that replaces all certificates in a SDDC for you. This normally can be a lengthy process but should be a breeze with this fling.

Official summary:

Replacing SSL certificates across VMware products is a manual and time-consuming process. The SDDC Certificate Tool automates this workflow and makes it easy to keep certificates across your SDDC up to date. It will replace all certificates in the supported products and reestablish trust between the components.

Supported Products

  • VMware Platform Services Controller (PSC)
  • VMware vCenter Server (VC)
  • VMware NSX for vSphere (NSX)
  • vRealize Log Insight (vRLI)
  • vRealize Operations Manager (vROps)
  • vRealize Automation (vRA)
  • vRealize Business for Cloud (vRB)
    More about this Fling: New SDDC Certificate Replacement Fling by William Lam

vAssist.ai NLP Platform

Not my cup of tea but this fling is supposed to be an example where you can talk against vRealize Automation.

Official summary:

vAssist.ai, a Natural Language Processing (NLP) platform, enables bot developers to train machine learning models for intent classification and entity extraction. This platform is available as a SaaS model which exposes easy-to-use REST APIs to train and parse natural language inputs. It also provides a multi-tenant user interface dashboard which can be used to annotate and visualize training data expressions and train machine learning models in the cloud.

VMware customers who are serious about building conversational interfaces can benefit from this platform. With this Fling we trained a sample model for vRealize Automation. Users can chat with the test bot to query available catalog services and initiate a provisioning request in a natural, conversational way. Please note that we are using a sample internal environment for vRealize Automation.

Features

  • NLU Engine for Intent and entity extraction
  • Customizable NLU pipeline
  • Rule based and ML based Conversation Engine
  • Privacy of the data
  • Scalable and Fault Tolerant
  • REST APIs exposed for integration with multiple channels and platforms

Workspace ONE UEM Samsung E-FOTA Tool

The Workspace ONE UEM Samsung E-FOTA Tool is a fling for Workspace One UEM to add some extra functionality for Samsung devices.

Official summary:

The Workspace ONE UEM Samsung E-FOTA Tool is designed to add to the existing abilities of AirWatch’s Samsung E-FOTA implementation. These new abilities include scheduling a firmware/OS update in a targeted window. This feature is dependent on the existing abilities within AirWatch which enroll the MDM into Samsung E-FOTA and push profiles to enroll the device into Samsung E-FOTA. Users should use this tool along with the information gathered from the Workspace ONE UEM console. The information can then be used to make an API command to schedule the firmware/OS update to your Samsung devices.

Horizon Helpdesk Utility

Like I said yesterday the Horizon Helpdesk Utility is how the original Horizon View Helpdesk Tool should have been. Please read yesterdays;s post for more information and screenshots.

The Horizon Helpdesk Utility is designed to be a tool used by real help desk agents. The Horizon Helpdesk Utility takes all of the functionality of the current HTML5 based Helpdesk in VMware Horizon and adds true desktop integration features, including:

  • Greater speed in queries
  • Reduced steps to find a session
  • Multiple monitoring windows
  • Keystrokes for fast access
  • Native remote control functionality
  • Real-time updates
  • Built-in session experience score based on session performance and variables

Updated flings

VMware OS Optimization Tool

Changelog

July 30, 2018, b1100

  • Issue fix: With group selection operation, unselected optimization items are applied.
  • Issue fix: can not export analysis report

July 20, 2018, b1099

  • Template update: Windows 10 & Windows Server 2016
  • Prevent the usage of OneDrive for file storage
  • Registry changes:
reg add "HKLM\DEFAULT\Software\Classes\CLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /v System.IsPinnedToNameSpaceTree /t REG_DWORD /d 0 /f
* reg add "HKLM\DEFAULT\Software\Classes\Wow6432Node\CLSID{018D5C66-4533-4307-9B53-224DE2ED1FE6}" /v System.IsPinnedToNameSpaceTree /t REG_DWORD /d 0 /f reg add "HKLM\DEFAULT\System\GameConfigStore" /v GameDVR_Enabled /t REG_DWORD /d 0 /f reg add "HKLM\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\People" /v PeopleBand /t REG_DWORD /d 0 /f reg add "HKLM\DEFAULT\Software\Microsoft\Windows\CurrentVersion\GameDVR" /v AppCaptureEnabled /t REG_DWORD /d 0 /f reg add "HKLM\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.SystemToast.SecurityAndMaintenance" /v Enabled /t REG_DWORD /d 0 /f reg add "HKLM\DEFAULT\Software\Microsoft\Windows\CurrentVersion\PenWorkspace" /v PenWorkspaceButtonDesiredVisibility /t REG_DWORD /d 0 /f reg delete "HKLM\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v OneDrive /F reg delete "HKLM\DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run" /v OneDriveSetup /F

Cross vCenter Workload Migration Utility

Changelog

Version 2.2, July 16, 2018

  • Support for vSphere Resource Pool and VM folder for placement under advanced options
  • Support for VMware Cloud on AWS (VMC) by specifying resource pool and folder options

Blockchain on Kubernetes

Changelog

July 16 2018, BoK 2.1

  • Support deployment of Hyperledger Fabric 1.1.0.
  • Allow users to customize the Fabric organizations and peers in bok.yaml.
  • Add ingress controller for serving traffic to Fabric peers nodes and explorer node.
  • Make improvement on stability and usability.
  • Verified against Kubernetes 1.10.3 and Pivotal Container Service (PKS) 1.1.0.
  • Updated the PCF Fabric Tile which supports creating Kubernetes cluster via PKS Tile and deploy Hyperledger Fabric in the Kubernetes cluster.

HCIBench

Changelog

Version 1.6.7.1

  • Fixed vSAN Performance Diagnostic API call
  • Fixed network validation message not clear issue
  • Fixed setting re-use VMs as default bug in 1.6.7

Version 1.6.7

  • Enabled https instead of http
  • Added storage policy field, user can specify storage policy for the data disks. For this version, storage policy can’t be assigned to existing client VMs
  • Enhanced deployment methodology
  • Enhanced vSAN Observer to avoid blow up the memory
  • Enhanced vSAN Performance Diagnostic API call with HCIBench workload configuration included
  • Added timestamp to the testing status
  • Bug fixes

ESXi Embedded Host Client

Changelog

Version 1.31.0 build 9277095 (Fling 21) – July 20, 2018

  • General
    • Resolve several issues related to dropdown selection
    • Update NTP UX
    • Update AngularJS to 1.6.10
    • Other minor bug fixes

vSphere HTML5 Web Client

Changelog

Fling 3.40 – Build 9292689
New Features

  • Host profiles
    • Check compliance
    • Pre-check and remediate host (known issue exists – see known issues)
    • Extract, edit host profile
    • Host profile favorites management (vCenter 6.5)
    • Copy settings between profiles (vCenter 6.5)

New EUC fling released: Horizon Helpdesk Utility

Ok, normally I do a post each month with the latest and greatest flings and I will still do that tomorrow. Today though Andrew Morgan from VMware OCTO has released a fantastic new fling: Horizon Helpdesk Utility! But we already have the Helpdesk tool you might say? Well this fling is everything the helpdesk tool should have been. While it isn’t bad this one is way better.

First of all this fling is an app that you need to install on your own computer or a management server. It will keep its settings in C:\Users\Username\AppData\Roaming\HorizonHelpDeskAgent\ .net Framework 4.5.2 is required but most will already have that or a higher version installed. Installation itself is a quick next next finish with the warning that the signer of the application is not trusted, I have been told that this might be fixed in the next release. After installation you will find a new application in your start menu. I have already attached it to my start menu as well.

After starting you will get a box where you will need to fill in the server address including the http part and your credentials (the same role is required as the regular helpdesk tool)

If you don’t have a trusted certificate you will get a box to accept that certificate.

After that I was looking for something to popup but I just had a small icon added down right

Right click on this and you’ll see a small search box. This search is more easily reachable by using ctrl+F12

Put in a name and you’ll get a box that contains all matching names

Double click the correct account or session and the real deal will open up for you.

The diagrams hardly need any explanation, please also notice the user experience rating on the top right. The image in my lab doesn’t have anything installed so I can’t really show a lot but here are the views from the other tabs as well:

All entitlements for the user

This is pulled directly from the event database

Some more fancy diagrams about the blast protocol

The last tab shows all processes on the desktop, this can easily be filtered on any of the info shown

A possible improvement here would be some kind of checkbox to show only the users own processes because otherwise things can get confusing at RDS hosts. I’ve already talked with Andrew about that (actually the checkbox was his idea).

On the top left there’s a couple of pull down menus to allow for some actions on the session or the machine itself.

The remote control functionality starts windows’ own mrsa tool.

Despite running it against my own very small lab the tool seems to perform very well. I consider it for the few moments that I have used it as a very decent replacement for the original helpdesk tool.

 

 

My presentation at the vEUCtechcon 2018

Yesterday it was clear for me that more people are interested in what Dutch secret agents have to do with airwatch/workspace one uem then with PowerCLi for Horizon View. Nonetheless there where some people listening to my presentation and watching the ginormous slide deck filled with gif’s that I created. My personal experience was that it went ok but nothing more than that. Sadly using the vga cable didn’t help against the connection bugs all presenters where having during the entire day. Also I would have preferred to have a monitor in front of me so I could actually hear myself talking in that big room. Personal points for next time: I had a good storyline in my head in advance, that didn’t come out at all. Also I need to channel my personal energy onto stage, I have the feeling that wasn’t really visible. Aka I need to do some more energetic storytelling.

For the people interesting in the presentation it can be found HERE. There’s a video recorded that I will add to this post when it gets published. Luckily there where also a couple of tweets about my sessions so we do already have some pictures.

New Horizon API calls in PowerCLI 10.1.1

VMware quietly released a new version of PowerCLI last week: 10.1.1. This release is mainly an update for the Horizon View API’s. This to bring it back on level with the current Horizon release at 7.5. The release notes are not very extensive but it has a fix for some people getting time-outs when connecting to a Connection server  plus a bunch of new api calls.

I have dumped the output from the available api calls into two text files and made a comparison:

Since there’s no update yet in the API explorer I will have to make an educated guess on what the functions do:

DesktopTask

When looking at the available method’s for this call it looks like it has everything to do with Desktop task. But it also can’t do a damn thing without an vmware.hv.desktoptaskid. This will most probably bu retrievable using a query. This is something I will further investigate in the future.

DiagOperation

To be honest I have no idea yet what this one does. I have tried created a VMware.Hv.DiagOperationRequest and tried to send it but got an error that no message queue handler was found. This might be something from Horizon 7.5 since I haven’t updated my lab yet.

GatewayAccessUserOrGroup

This one is easy, it creates, deletes, gets and lists remote access users. You can expect a function for this in the near future since it looks easy to build.

JwtToken

According to my sources this is a SSO token between the flex and html5 clients.

LogonTiming

This obviously is created to pull logon timing as the name suggests. I have put a session ID in a variable but sadly the data is not usable from PowerCLI. WHat it seems to be is the api call the Helpdesk client uses to pull the logon time. I didn’t have the timing profiler turned on initially and neither the helpdesk tool or this call gave my any information. Disconnected sessions also don’t give any information and when reconnected it gives the reconnection time not the initial logontime for when the session started. This is the same behaviour as the helpdesk tool.

Apparently the output is in a json format and for now I doubt if it will be usable in a function.

While the session itself has this information.

NetworkProxyConfiguration

No idea yet why there is a networkproxy configuration in here.

Performance

This gets some performance data using a session id as also visible in the helpdesk tool.

RemoteApplication

Gives per session information on the Skype 4 Business pairing mode.

RemoteAssistantTicket

100% sure related to the remote assistance function in the helpdesk tool.

RemoteProcess

Looks like this one gets some information from a query and then kills the process, will have to dig into it some further later on. This for sure is a function in the helpdesk tool.

ViewClient

Again from the helpdesktool, this gives the client version of a session.

Conclusion

For now I only see the DesktopTask and GatewayAccessUserOrGroup ending up in a function in the vmware.hv.helper. The first one will need some digging on how it exactly works but it has the looks of a usable call. The latter on can be in there pretty fast if I find the time to do so. The other ones

 

Update

Already received some extra information about some calls.

New experimental functions for the vmware.hv.helper on github

While working on my presentation for the 2nd vEUCtechcon event in Utrecht (The Netherlands) on may 28th I have added a list of new functions to the vmware.hv.helper module. While I haven’t had the time yet to clean them up to be proper coded scripts I have decided to already publish them on Github. All of them work but might be missing a feature or two and almost all of them are get-hv* or new-hv* type functions. Since the presentation is all about building an environment I have decided to build the remove parts later on. You might have already seen some screenshots on twitter recently:

Added functions that are not in the official module yet:

  • register-hvvirtualcenter
  • set-hveventdatabase
  • set-hvlicense
  • get-hvlicense
  • new-hvinstantcloneadministrator
  • New-HVRole
  • Get-HVRole
  • Get-HVpermission
  • New-HVPermission
  • Get-HVVirtualcenter
  • Get-HVInstantCloneAdministrator
  • Get-HVPod
  • Set-HVPod
  • Get-HVHomeSite
  • New-HVHomeSite

 

Registering an Instantclone administrator using PowerCLI

Another question Sean Massey asked me if it is possible to register an instant clone domain administrator. This is possible using the instantcloneenginedomainadministrator service with the InstantCloneEngineDomainAdministrator_create method. This needs a spec with the following content:

  • spec (vmware.hv.InstantCloneEngineDomainAdministratorSpec)
    • base (vmware.hv.InstantCloneEngineDomainAdministratorBase)
      • username (string)
      • domain (domainid)
      • password(vmware.hv.securestring)

The password can be created using the same scriptlet I used to register a new vCenter server. The domain ID can actually be gotten by listing all domains using

$services1.ADDomain.addomain_list()

For now I have created a scripts that requires you to give some details so it can register the instant clone domain administrator. It can also be found on Github but I will also definitively add it to the vmware.hv.helper module.

$icausername=read-host "What username to use for instantclone administrator?"
$icadomain=read-host "please give the dns name for the domain to user (i.e. domain.com)"
$icapassword=read-host "vCenter User password?" -assecurestring
$temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($icaPassword)
$PlainicaPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$icadminPassword = New-Object VMware.Hv.SecureString
$enc = [system.Text.Encoding]::UTF8
$icadminPassword.Utf8String = $enc.GetBytes($PlainicaPassword)
$spec=new-object vmware.hv.InstantCloneEngineDomainAdministratorSpec
$spec.base=new-object vmware.hv.InstantCloneEngineDomainAdministratorBase
$spec.base.domain=(($services1.ADDomain.addomain_list() | where {$_.DnsName -eq $icadomain} | select-object -first 1).id)
$spec.base.username=$icausername
$spec.base.password=$icadminpassword
$services1.InstantCloneEngineDomainAdministrator.InstantCloneEngineDomainAdministrator_Create($spec)