The VMware Labs flings monthly for April 2020

Another month down in the Corona quarantaine. That doesn’t mean that the engineers didn’t work on flings. More the opposite since I can’t remember having to go to page 2 on the site to see all of the new releases and updates. I see four new releases and nine updated flings.

The new ones: Tech For Good – Virtual Reality Experience, vSphere Replication Capacity Planning, Python Client for VMC on AWS, Horizon Cloud Pod Architecture Tools.

The updated flings: vRealize Operations REST Notifications Helper, App Finder for Tunnel, USB Network Native Driver for ESXi, vSphere Software Asset Management Tool, VMware OS Optimization Tool, Power vRA Cloud, VMware Appliance for [email protected], Virtual Machine Compute Optimizer, vSAN Performance Monitor.

New flings

Tech For Good – Virtual Reality Experience

The Tech For Good – Virtual Reality Experience fling is a VR huide through 4 key pieces of tech.

Download this Virtual Reality Application for the Oculus Quest and Oculus Go, you will watch this VR experience hosted by VMware, Bask Iyer, CIO and Chief Digital Transformation officer, as he walks us through 4 key technologies Cloud, Mobile, IoT and AI and illustrates new opportunities for technology to deliver a positive impact on society.

vSphere Replication Capacity Planning

The vSphere Replication Capacity Planning Fling reveals actual VM traffic consumption and delta size. This helps you perform a capacity planning or estimation of vSphere Replication network bandwidth utilization prior to enabling vSphere Replication for VMs.

This Fling exposes graphics regarding LWD (lightweight delta) network traffic and delta size metrics, represented in different time frames – hourly, daily, weekly and monthly.

Python Client for VMC on AWS

Python Client for VMware Cloud on AWS is an open-source Python-based tool. Written in Python, the tool enables VMware Cloud on AWS users to automate the consumption of their VMware Cloud on AWS SDDC.
Note this is not to interact with your VMware Cloud on AWS vCenter but to run tasks such as creating and deleting networks, setting up security groups and services and building network security rules on the Management and Compute Gateways.

Detailed instructions can be downloaded in the instructions tab or can be also found on the following blog post:
https://nicovibert.com/2020/02/25/pyvmc-python-vmware-cloud-aws/

Horizon Cloud Pod Architecture Tools

The Horizon Cloud Pod Architecture Tools fling is a set of tools that helps with managing a Horizon cloud pod.

Horizon cloud pod architecture (CPA) has lmvutil commands to manage the global database entitlements data using command line interface. A lmvtools command line wrapper is now available to enhance the command execution of lmvutil commands to input the password only once and leave the command execution to continue. It has capability to export all the site, site-pod mapping, global entitlements, user global assignments, local pool assignments, home site overrides, backup global entitlements in lmvutil commands format to file. The command builder has in-built mechanism to comment the stale user global assignments and stale home site assignments.

Update flings

vRealize Operations REST Notifications Helper

vRealize Operations REST Notifications Helper helps vRealize Operations Manager users improve and customize the REST notifications of alerts. It collects the most useful information about an alert, creates a new payload by user configuration, and sends it to third parties.

Changelog

Version 1.4.0

  • Added vRealize Operations Cloud Support
  • Added custom tags support
  • Bugfixes and improvements

App Finder for Tunnel

This application is a utility which can be used for conveniently flagging the applications to use WorkspaceONE Tunnel on macOS.

Changelog

Unknown

USB Network Native Driver for ESXi

Specially made for homelabs the USB Network Native Driver for ESXi makes it possible to use usb network cards with ESXi.

Changelog

April 6, 2020 – v1.5

  • Added support for ESXi 7.0

Note: This is ONLY for ESXi 7.0, for ESXi 6.5/6.7, please ensure you are using the correct version of driver.

ESXi700-VMKUSB-NIC-FLING-34491022-component-15873236.zip

vSphere Software Asset Management Tool

The vSphere Software Asset Management (vSAM) is a tool that collects and summarizes vSphere product deployment information. It calls on vSphere APIs for deployment data and produces a PDF report that the customer can consult as a part of their infrastructure review and planning process. This lightweight Java application runs on Windows, Linux or Mac OS.

Changelog

Version 1.1

  • Added vSphere 7.0 support; Added the Host Inventory Table in the generated software asset management report.

VMware OS Optimization Tool

Osot is the tool to optimize your Horizon golden images.

Changelog

April,2020,b1151

  • Fixed several issues in CLI.

April, 2020, b1150
.docx file of recent change log located in the hyperlink above.

Includes various bug fixes and many new optimizations that have a huge beneficial effect.

Support for Windows 10 version 2004 has been added.

Optimizations

Lots of Windows 10 and Windows Server optimizations have been added to this version. These include settings for Windows features and also for applications:

  • Office 2013/2016/2019
    • Disable start screens
    • Disable animations
    • Disable hardware acceleration
  • Internet Explorer 11 and Edge browserBlank home page
    • Prevent first time wizard
    • Disable hardware acceleration
  • Adobe Reader 11 and DC
    • Disable hardware acceleration
    • Multiple additional optimizations

More optimizations have been added for Windows services and scheduled tasks to achieve a faster OS initialization and improve performance.

UI Button Renames and Reorder

Several buttons have been renamed to more closely reflect the task they perform.

  • Analyze is now called Optimize.
  • The old page that displayed the results of an optimization task used to be called Optimize. That has been renamed to Results.

Inside the Optimize page the buttons at the bottom left have been reorganized. These are now in order that you would execute them in. Analyze > Common Options > Optimize

Removed the button for Compatibility as this was a legacy item.

The top-level buttons and tabs have been reordered to better reflect the main tasks and the order you carry them out in. Analyze > Generalize > Finalize.

Common Options

New option in Visual Effect to allow the selection of disabling hardware acceleration for IE, office and Adobe Reader. The default is that this is selected but this allows this to be easily unselected if using hardware GPU.

Added Photos to the list of Windows Store apps that can be selected to be retained.

Setting the background to a solid color is now selected by default.

Generalize

More comprehensive Sysprep answer file that helps with some optimization items that were getting undone by the Sysprep process.

Finalize

New options to carry out some tasks that get undone during Generalize.

  • Disable Superfetch service. This reduces high usage of CPU and RAM.
  • Clean temporary files from the default user profile.

Automate the use of SDelete to zero empty disk space.

  • Overwrites empty disk space with zeros so that the VMDK size can be reduced when it is cloned.
  • This uses SDelete which needs to be downloaded from Microsoft Sysinternals and copied to a location in the path (Windows\System32 or current user directory).

Create Local Group Policies

  • Creates local group policies for computer and user settings that can then be viewed with tools like RSOP and GPEdit.
  • This uses LGPO.exe which can be downloaded as part of the Microsoft Security Compliance Toolkit. LGPO.exe should be copied to a location in the path (Windows\System32 or current user directory).

Command Line

Command line support added for the Generalize step.

Command line support added for the Finalize step. This also simplifies and consolidates the previous system clean tasks (NGEN, DISM, Compact, Disk Cleanup) under the new -Finalize option. These can now be run without specifying a template.

Fixed naming of Paint3D application when wanting to retain this while removing other Windows Store Applications. This had been previously been incorrectly named as MSpaint.

Templates

Windows 10 version 2004 was added to the built-in template Windows 10 1809 – XXXX-Server 2019.

Legacy templates for Horizon Cloud and App Volumes packaging have been removed. The two standard Windows 10 templates should be used instead.

LoginVSI templates are no longer built in. They are still available to download from the public templates interface.

Guides

Updated OSOT user guide: VMware Operating System Optimization Tool Guide.

Updated Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop guide coming soon.

Power vRA Cloud

PowervRA Cloud is a PowerShell module that abstracts the VMware vRealize Automation Cloud APIs to a set of easily used PowerShell functions.

Changelog

Version 1.2

  • Support for vRealize Automation 8.1
  • New cmdlets
  • Connect-vRA-Server
  • New-vRA-Server-CloudAccount-VMC
  • New-vRA-Server-CloudAccount-vSphere

VMware Appliance for [email protected]

This Fling is a vSphere Appliance that contains the [email protected] client software to help the fight against Covid.

Changelog

April 17, 2020 – v1.0.3

  • [email protected] software has been updated to latest 7.6.8
  • Add OVF property (guestinfo.fah_next_unit_percentage) to control Workload Unit Percentage (default value of 90)

VMware-Appliance-FaH_1.0.3.ova
MD5: d82d0829badc64e7e19bf24999a2db1a

April 1, 2020 – v1.0.2

  • [email protected] software has been updated to latest 7.5.1
  • Add OVF DeploymentOption (Small, Medium and Large) to help simplify initial configuration including optimal memory setting for 16 vCPU
  • SSH is now disabled by default (can be enabled during OVF deployment)

VMware-Appliance-FaH_1.0.2.ova
MD5: 44843701611febbf45d72b8b37a0778a

Virtual Machine Compute Optimizer

The Virtual Machine Compute Optimizer (VMCO) is a Powershell script that uses the PowerCLI module to capture information about the hosts and VMS running in your vSphere environment, and reports back on whether the VMs are configured optimally based on the Host CPU and memory.

Changelog

Version 2.0.4

  • Fixed errors with reporting on VMs with odd number of vCPUs
  • Fixed reporting on VMs that have CPU Hot Add enabled

vSAN Performance Monitor

The vSAN performance monitor is a monitoring and visualization tool based on vSAN Performance metrics.

Changelog

Version 1.3

  • Fixed issues related to user login. We have removed the user password configuration screen while deploying the fling. Users will be prompted to change the password after login.
  • Few tweaks related to Grafana charts. Removed the login screen to access graphs.

[HorizonAPI] Registering a Composer Domain Administrator using the api’s

A while ago I blogged about adding an Instant Clone administrator using the api’s. I never looked at creating a linked clone domain administrator though so let’s do that.

When checking the services near the bottom we see a service called ViewComposerDomainAdministrator

Now let’s check the available methods

The difference between ViewComposerDomainAdministrator_Create and ViewComposerDomainAdministrator_CreateByServerDefinition is that for the first you’ll need the virtualcenterid and for the lather the ServerDefinition for the configured vCenter.I will go with the easier first one.

Let’s see what’s required

so we need a spec of the type VMware.Hv.ViewComposerDomainAdministratorSpec this is what the api explorer says about it:

So for the base we actually need another object of the type vmware.hv.ViewComposerDomainAdministratorBase, let’s create both

$spec=new-object  vmware.hv.viewcomposerdomainadministratorspec
$spec.base=new-object VMware.Hv.viewcomposerDomainAdministratorBase

The virtualCenterID is only available by doing a virtualcenter.virtualcenter_list() with a where on the results

$vcenter="pod2vcr1.loft.lab"
$vcenters = $services.virtualcenter.virtualcenter_list()
$vcenterid = ($vcenters.where{$_.serverSpec.serverName -eq $vcenter}).id
$spec.VirtualCenter = $vcenterid

see how I do the where? For this one it doesn’t really matter but doing it this way is muchos faster than using where-object

In the base the username and domain are strings so those are easy. For the password we need to have it encrypted in a certain way. Luckily I already used it in the vCenter adding post that I gave an update last week.

$spec.base.Username = "m_wouter"
$spec.Base.Domain = "loft.lab"
$cmpdomainadminpassword=read-host "Composer domain administrator password?" -assecurestring
$temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($cmpdomainadminpassword)
$PlaincmpdomainadminPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$cmpdomainadminencPassword = New-Object VMware.Hv.SecureString
$enc = [system.Text.Encoding]::UTF8
$cmpdomainadminencPassword.Utf8String = $enc.GetBytes($PlaincmpdomainadminPassword)
$spec.base.password=$cmpdomainadminencPassword

And we bring all of this together by creating the administrator

$services.ViewComposerDomainAdministrator.ViewComposerDomainAdministrator_Create($spec)

To match the post adding vCenter servers I have put all of this together in a nice script, you just need to connect to the connection server first

$hvServer = $global:DefaultHVServers[0]
$services=  $hvServer.ExtensionData

# Create required objects

$spec=new-object  vmware.hv.viewcomposerdomainadministratorspec
$spec.base=new-object VMware.Hv.viewcomposerDomainAdministratorBase
$spec.base.Username = "m_wouter"
$spec.Base.Domain = "loft.lab"
$vcenter="pod2vcr1.loft.lab"
$vcenters = $services.virtualcenter.virtualcenter_list()
$vcenterid = ($vcenters.where{$_.serverSpec.serverName -eq $vcenter}).id
$spec.VirtualCenter = $vcenterid
$cmpdomainadminpassword=read-host "Composer domain administrator password?" -assecurestring
$temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($cmpdomainadminpassword)
$PlaincmpdomainadminPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$cmpdomainadminencPassword = New-Object VMware.Hv.SecureString
$enc = [system.Text.Encoding]::UTF8
$cmpdomainadminencPassword.Utf8String = $enc.GetBytes($PlaincmpdomainadminPassword)
$spec.base.password=$cmpdomainadminencPassword




# This will create the View Composer Domain Admin
$services.ViewComposerDomainAdministrator.ViewComposerDomainAdministrator_Create($spec)

 

 

[Update 23-04-2020]Adding vCenter server to Horizon View using the api’s

Update

I don’t know since what version but somewhere this script stopped working because VMware change some things. In 7.8 there was a change about the thumbprint algorithm to DER_BASE64_PEM so it might have started there. Another change is that in the sslcertthumbprint field they stopped using the thumbprint but actually add the entire certificate.

What is needed to fix this?

Replace:

$spec.CertificateOverride=($services.Certificate.Certificate_Validate($spec.serverspec)).thumbprint

with

$spec.CertificateOverride.SslCertThumbprint=($services.Certificate.Certificate_Validate($spec.serverspec)).certificate
$spec.CertificateOverride.sslCertThumbprintAlgorithm = "DER_BASE64_PEM"

and you should be good. I have already updated the version of the script below.

A big thank you to Mark Brookfield for asking me about this

/update

Yesterday Sean Massey (https://thevirtualhorizon.com/) asked me if it was possible to add a vCenter server + some other things to Horizon View using the api’s. With a quick look at the api explorer I confirmed this should be possible. The other things he asked I will put in a separate blogpost.

It looks like a simple matter of building the spec and I should be good. In the end it turned out to be a bit more work then expected. Some items are not required according to the api explorer but should at least be called in the spec (set them to something empty) while others can safely be left away. The automatic generated ssl certs in my lab also turned out to be a pita. First I copied them from a current spec and later I downloaded the certificate on the Connection server itself and read that cert. Andrew Morgan (http://andrewmorgan.ie/)from VMware helped me out with this by showing their internal script that they use. It turned out that except for the SSL certs I was on the right path. As usual I will add this functionality to the vmware.hv.helper but since that might take a while I decided to create a useful script

$hvServer = $global:DefaultHVServers[0]
$services=  $hvServer.ExtensionData

# Create required objects

$spec=new-object VMware.Hv.VirtualCenterSpec
$spec.serverspec=new-object vmware.hv.serverspec
$spec.viewComposerData=new-object VMware.Hv.virtualcenterViewComposerData

$spec.Certificateoverride=new-object vmware.hv.CertificateThumbprint
$spec.limits=new-object VMware.Hv.VirtualCenterConcurrentOperationLimits
$spec.storageAcceleratorData=new-object VMware.Hv.virtualcenterStorageAcceleratorData

# vCenter Server specs

$spec.ServerSpec.servername="pod2vcr1.loft.lab"        # Required, fqdn for the vCenter server
$spec.ServerSpec.port=443                                 # Required
$spec.ServerSpec.usessl=$true                             # Required
$spec.ServerSpec.username="[email protected]"   # Required [email protected]
$vcpassword=read-host "vCenter User password?" -assecurestring
$temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($vcPassword)
$PlainvcPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$vcencPassword = New-Object VMware.Hv.SecureString
$enc = [system.Text.Encoding]::UTF8
$vcencPassword.Utf8String = $enc.GetBytes($PlainvcPassword)
$spec.ServerSpec.password=$vcencPassword
$spec.ServerSpec.servertype="VIRTUAL_CENTER"

# Description & Displayname, neither is required to be set

#$spec.description="description"              # Not Required
#$spec.displayname="virtualcenterdisplayname" # Not Required
$spec.CertificateOverride=($services.Certificate.Certificate_Validate($spec.serverspec)).thumbprint
$spec.CertificateOverride.SslCertThumbprint=($services.Certificate.Certificate_Validate($spec.serverspec)).certificate
$spec.CertificateOverride.sslCertThumbprintAlgorithm = "DER_BASE64_PEM"


# Limits
# Only change when you want to change the default values. It is required to set these in the spec

$spec.limits.vcProvisioningLimit=20
$spec.Limits.VcPowerOperationsLimit=50
$spec.limits.ViewComposerProvisioningLimit=12
$spec.Limits.ViewComposerMaintenanceLimit=20
$spec.Limits.InstantCloneEngineProvisioningLimit=20

# Storage Accelerator data

$spec.StorageAcceleratorData.enabled=$false
#$spec.StorageAcceleratorData.DefaultCacheSizeMB=1024   # Not Required

# Cmposer
# most can be left empty but they need to be set otherwise you'll get a xml error

$spec.ViewComposerData.viewcomposertype="STANDALONE"  # DISABLED for none, LOCAL_TO_VC for installed with the vcenter and STANDALONE for s standalone composer


if ($spec.ViewComposerData.viewcomposertype -ne "DISABLED"){
    $spec.ViewComposerData.ServerSpec=new-object vmware.hv.serverspec
    $spec.ViewComposerData.CertificateOverride=new-object VMware.Hv.CertificateThumbprint
    $cmppassword=read-host "Composer user password?" -assecurestring
    $temppw = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($cmpPassword)
    $PlaincmpPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
    $cmpencPassword = New-Object VMware.Hv.SecureString
    $enc = [system.Text.Encoding]::UTF8
    $cmpencPassword.Utf8String = $enc.GetBytes($PlaincmpPassword)
    $spec.ViewComposerData.ServerSpec.password=$cmpencPassword
    $spec.ViewComposerData.ServerSpec.servername="pod2cmp1.loft.lab"
    $spec.ViewComposerData.ServerSpec.port=18443
    $spec.ViewComposerData.ServerSpec.usessl=$true
    $spec.ViewComposerData.ServerSpec.username="[email protected]"
    $spec.ViewComposerData.ServerSpec.servertype="VIEW_COMPOSER"

    $spec.ViewComposerData.CertificateOverride=($services.Certificate.Certificate_Validate($spec.ViewComposerData.ServerSpec)).thumbprint
    $spec.ViewComposerData.CertificateOverride.sslCertThumbprint = ($services.Certificate.Certificate_Validate($spec.ViewComposerData.ServerSpec)).certificate
    $spec.ViewComposerData.CertificateOverride.sslCertThumbprintAlgorithm = "DER_BASE64_PEM"
}


# Disk reclamation, this is required to be set to either $false or $true
$spec.SeSparseReclamationEnabled=$false 

# This will create the connection
$services.VirtualCenter.VirtualCenter_Create($spec)

 

Looking at the output it will only ask for the vCenter user’s password and if a Composer server is set for that user’s password.

 

The VMware Labs flings monthly for March 2020

We are living in some crazy times, we have been locked down here already for several weeks and in my area things are improving, just like my dad who is recovering from Corona. The virus didn’t stop the VMware engineers from working on flings though. This includes the new VMware Appliance for [email protected] if you want to help in the battle against Corona or other illnesses. Other new releases are Workspace ONE Mobileconfig Importer and Unified Access Gateway Deployment Utility while the following received an update: vSphere Software Asset Management Tool, Desktop WatermarkvCenter Event Broker Appliance,, Ubuntu OVA for Horizon, Workspace ONE UEM SCIM Adapter, vSphere Mobile Client, Infrastructure Deployer for vCloud NFV and last but not least Horizon View Events Database Export Utility.

New Releases

VMware Appliance for [email protected]

I already spoiler the VMware Appliance for [email protected] but this appliance gives you the opportunity to add your computer power in the search for a solution against Corona or other diseases.

This Fling is a vSphere Appliance that contains the [email protected] client software. Upon deploying the VMware Appliance for [email protected], the user will be prompted to enter information to configure the [email protected] software. Once the appliance is deployed, the [email protected] client is running and ready for Working Units. The Fling is also pre-configured to allow remote management of the [email protected] client. For more information on the [email protected] Project and how we can be a Force for Good against diseases like the Coronavirus, visit the website www.foldingathome.org.

The [email protected] Appliance is configured to automatically join Team VMware ID 52737. Everyone is welcome to join! Check out http://vmwa.re/fah for team and individual statistics.

Workspace ONE Mobileconfig Importer

The Workspace ONE mobileconfig Importer gives you the ability to import existing mobileconfig files directly into a Workspace ONE UEM environment as a Custom Settings profile, import app preference plist files in order to created managed preference profiles, and to create new Custom Settings profiles from scratch. When importing existing configuration profiles, the tool will attempt to separate each PayloadContent dictionary into a separate payload for the Workspace ONE profile.

Unified Access Gateway Deployment Utility

In case the manual deployment is too much work or the PowerCLI based is too difficult engineers have now created Unified Access Gateway Deployment Utility for Mac or Windows to install the uag.

Unified Access Gateway (UAG) Deployment Utility assists the deployment of UAG appliances by running the utility on Windows or macOS machines. This utility provides better user interface, which is self explanatory about the next steps and better error handling through useful messages & tool tips which will make it easier for an admin to deploy single or multiple appliances.

Updated Flings

vSphere Software Asset Management Tool

Changelog

March 2020

  • Minor wording update to the generated software asset management report.

Desktop Watermark

Changelog

v1.1 – Build 20200302-signed

  • Added a new attribute %DATETIME% to show hour and minute info on screen.

vCenter Event Broker Appliance

Changelog

Too damn much so better head over to William Lam’s blogpost.

Ubuntu OVA for Horizon

Changelog

v1.2

  • Special thanks to Robert Guske for testing & feedback
  • Support for Horizon 7.11 and later
  • Support for vSphere 6.7+
  • Updated OVA base image to Ubuntu 18.04.4 LTS
  • Updated Virtual Hardware to v14
  • Added option to configure static networking
  • Added support for USB 3.0 and USB Redirection (via linux-agent-installer.sh)
  • Added KDE Desktop Environment Option
  • Added Gnome Desktop Environment Option (recommended)
  • Developer Desktop Package option
  • Added Keyboard Layout Option
  • Added option to enable SSH
  • Removed runlevel 5 setting
  • Fixed MOTD prompt code
  • Disabled auto software updates
  • Removed greeter modifications to support SSO
  • Numerous improvements to script
  • Script renamed to ‘optimize.sh’

Workspace ONE UEM SCIM Adapter

Changelog

20.03 Release Notes:
Please Note: If you have already setup WS1 SCIM Adapter, it is possible that moving to 20.03 will create new accounts. Please consider resetting Directory Services configuation for the OG you are connecting to.

New Features:

  • Windows 10 OOBE Enrollment now supported
  • Bitnami Node.js 12.16.1-0 now supported with embedded install
  • Various Enterprise and Custom SCIM Schema attributes now supported (see below table)

Bugs Fixed:

  • Resources with special characters in immutableId do not update

vSphere Mobile Client

Changelog

Version 1.10.2

Improvements/Fixes

  • Better support for older devices
  • Fix some issues related to the back button
  • Fix for the annotation not defined issue

Version 1.10.1

  • Fixed “TypeError : Cannot read property of ‘annotation’ of undefined”
  • Errors causing white screen should now have more information about the cause

Infrastructure Deployer for vCloud NFV

Changelog

Version 3.2.1 Update

  • Updated to new version
  • Replaced user guide the new version

Horizon View Events Database Export Utility

Changelog

Version 2.2

Fixed the following issues:

  • Able to return data for All Pools
  • Able to return data on just user logon and logoff events
  • Both of these actions would cause a crash or error in previous versions

[HorizonAPI] Creating Entitlements

So last week I created a blog about gathering Horizon entitlements using the api’s. At the end I promised that my next blog post would be about creating entitlements and guess what: that’s this post 🙂

First a short explanation about what UserEntitlements actually are in Horizon. When you pull the entitlement info the base property has the needed information.

So in short an entitlement is a link between the userorgroup object id and a resource object id. The resource object can be: Application, Desktop, Global Application Entitlement, Global Desktop Entitlement and URLRedirection.

Let’s first grab the id’s that we need, I use 2 queries for that bur first I put the names of the group and the desktop in variables:

$groupname = "example_group"
$poolname = "pod01_pool01"

Than I create two objects called $group and $pool using queries.

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'ADUserOrGroupSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='base.name'; 'value' = "$groupname"}
$group= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'DesktopSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='desktopSummaryData.displayName'; 'value' = "$Poolname"}
$pool= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

Next we create the object to link them together.

$userentitlement= new-object VMware.Hv.UserEntitlementBase
$userentitlement.UserOrGroup = $group.id
$userentitlement.Resource = $pool.id

And we create the actual entitlement, since the output we get from this is the id of the entitlement object I store this in a variable to show you the entitlement in the next step.

and to show the entitlement

($hvservice.UserEntitlement.UserEntitlement_Get($newentitlement)).base

If you want to create entitlements for other resource you’ll need to use the either of the following to build your query:

Name Data object property to filter on
Application ApplicationInfo data.displayName
Desktop DesktopSummaryView DesktopSummaryData.displayName
Global Application Entitlement GlobalApplicationEntitlementInfo base.displayName
Global Desktop Entitlement GlobalEntitlementInfo base.displayName

There is no query for the URLRedirection so you’ll need to use URLRedirection.URLRedirection_List() to get the entire list and select the right one from that.

This is a complete example script that you could use to create a desktop entitlement:

Import-Module VMware.VimAutomation.HorizonView
Import-Module VMware.VimAutomation.Core

$cs = 'pod1cbr1.loft.lab'
$groupname = "example_group"
$poolname = "pod01_pool01"

$hvServer = Connect-HVServer -Server $cs 

$HVService= $hvServer1.ExtensionData

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'ADUserOrGroupSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='base.name'; 'value' = "$groupname"}
$group= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'DesktopSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='desktopSummaryData.displayName'; 'value' = "$Poolname"}
$pool= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

$userentitlement= new-object VMware.Hv.UserEntitlementBase
$userentitlement.UserOrGroup = $group.id
$userentitlement.Resource = $pool.id
$hvservice.UserEntitlement.UserEntitlement_Create($userentitlement)

[HorizonAPI] Pulling entitlement information using the api’s

Somehow I have never really blogged about using the Horizon api’s to gather entitlement data. These are actually stored in entitlement objects and we can find them using a query against either the EntitledUserOrGroupLocalSummaryView or EntitledUserOrGroupGlobalSummaryView objects. Let’s start with the local variety.

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EntitledUserOrGroupLocalSummaryView'
$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$queryService.QueryService_DeleteAll($HVservice)
$queryresults

So we have some property’s and the ID is the easiest one to use since it’s of the VMware.Hv.UserOrGroupId type that we can resolve using aduserorgroup.aduserorgroup_GetInfos(arrayofids)

$hvservice.ADUserOrGroup.ADUserOrGroup_GetInfos($queryResults.id)

and the name is visible using base.displayname

($hvservice.ADUserOrGroup.ADUserOrGroup_GetInfos($queryResults.id)).base.displayname

$

Yes that’s me making a typo, try to talk to me on Slack. I hardly type anything without typo’s. Back to the $queryresults because there’s an easier way to get the group or username because it’s listed under the base property.

$queryresults.base

or

So we now have the group or username now we need to find what they have been entitled to, this information is stored under localdata.

$queryresults.localdata

The Applications and Desktops properties contain the ids where the users have rights to so if we use Desktop.Desktop_GetSummaryViews or Application_GetSummaryViews we end up with the relevant data. I have opened the summarydata for both to make things more visible.

($hvservice.Desktop.Desktop_GetSummaryViews($queryResults.localdata.desktops)).desktopsummarydata
($hvservice.Application.Application_GetSummaryViews($queryResults.localdata.applications)).applicationsummarydata

To create a nice overview of this I have created a small script

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EntitledUserOrGroupLocalSummaryView'
$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$queryService.QueryService_DeleteAll($HVservice)
[email protected]()
foreach ($queryresult in $queryresults){
    $userorgroupname = $queryresult.base.displayname
    $group = $queryresult.base.group
    [email protected]()
    if ($queryresult.localdata.desktops){
        foreach ($desktop in $queryresult.localdata.desktops){
            $desktops+=($hvservice.desktop.desktop_get($desktop)).base.name
        }
    }
    [email protected]()
    if ($queryresult.localdata.applications){
        foreach ($application in $queryresult.localdata.applications){
            $applications+=($hvservice.application.application_get($application)).data.name
        }
    }
    $entitlements+=New-Object PSObject -Property @{
        "Name" = $userorgroupname;
        "group" = $group;
        "desktops" = $desktops;
        "applications" = $applications;
    }
}
$entitlements | select-object Name,group,desktops,applications

as you can see user1 is the lucky SoB that I test everything on.

The difference with global entitlements is that the localdata property is replaced bij globaldata.

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EntitledUserOrGroupGlobalSummaryView'
$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$queryService.QueryService_DeleteAll($HVservice)
$queryresults

And the entitlements are named a bit different

$queryresults.globaldata

To rebuild the script for global entitlements it needed a bit of tinkering but here it is

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EntitledUserOrGroupGlobalSummaryView'
$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$queryService.QueryService_DeleteAll($HVservice)
[email protected]()
foreach ($queryresult in $queryresults){
    $userorgroupname = $queryresult.base.displayname
    $group = $queryresult.base.group
    [email protected]()
    if ($queryresult.globaldata.GlobalEntitlements){
        foreach ($desktop in $queryresult.globaldata.GlobalEntitlements){
            $desktops+=($hvservice.GlobalEntitlement.GlobalEntitlement_Get($desktop)).base.displayname
        }
    }
    [email protected]()
    if ($queryresult.globaldata.GlobalApplicationEntitlements){
        foreach ($application in $queryresult.globaldata.GlobalApplicationEntitlements){
            $applications+=($hvservice.GlobalApplicationEntitlement.GlobalApplicationEntitlement_Get($application)).base.displayname
        }
    }
    $entitlements+=New-Object PSObject -Property @{
        "Name" = $userorgroupname;
        "group" = $group;
        "desktops" = $desktops;
        "applications" = $applications;
    }
}
$entitlements | select-object Name,group,desktops,applications

So here you have the ways to retrieve information about entitlements, locally and globally. Next post will be about creating entitlements.

The VMware Labs flings monthly for February 2020

First of all my excuses for not posting more last month. It was a short but very busy month so I just couldn’t find the time for that. The people behind VMware flings have bee busy though with one new fling and seven updates ones. New is Pallas (for managing edge ESXi hosts) and the following received updates: Virtual Machine Compute Optimizer, USB Network Native Driver for ESXi, vSphere HTML5 Web Client, App Volumes Entitlement Sync, App Volumes Migration Utility, vRealize Build Tools, Power vRA Cloud.

New Releases

pallas

Pallas helps an admin to manage edge ESXi hosts where it’s not possible to manage them using vCenter due to security reasons.

The goal of Pallas is to provide management ability for ESXi hosts that cannot be managed by vCenter due to firewall or network issues.

 

Case 1: You have several ESXi hosts which running in a private network, but you have requirement to management them in the public network.

 

Case 2: Your ESXi host don’t wire connections and must connected through WiFi or Mobile network. For example, you use ESXi running on the oil rig, train head and you want to remote manage the ESXi securely.

 

Case 3: In IOT world you have the virtualized Edge devices requirements (ESXi host on Edge Device) and need remote management the ESXi(like patch, create VM etc.)

 

This solution includes a dominate-agent VM to provide remote management ability on the ESXi. If the ESXi has no wire connection then a pluggable network device (USB WiFi card, 3G/4G/5G sim card or other device that can provide network access ability) is needed, the pluggable network device will be pass-through directly to the dominate-agent VM. A remote manager server that accept connections either in public cloud/hybrid or private datacenter.

 

The dominate agent VM will talk to ESXi through ESXi SDK for workload VM management. There is no direct connection between the workload vm and dominate agent by default.

 

The dominate agent VM will talk to Pallas Manger though MQTT protocol, it will not allow any inbound traffic.

 

Updated Flings

Virtual Machine Compute Optimizer

Virtual Machine Compute Optimizer is a script that analyses vm’s and the hosts running them to see if they run in an optimized way. It does not look into the vm’s themselves, if that is needed vRealize Operations is recommended.

Changelog

Version 2.0.2

  • Modified Get-OptimalvCPU.ps1 to account for vCenters with no clusters
  • Modified Error Catches so they display the line number of the error

USB Network Native Driver for ESXi

The USB Network Native Driver for ESXi was specially made for homelabs that need USB ports for extra network connectivity.

Changelog

February 12, 2020 – v1.4

  • Add SuperMicro/Insyde Software Corp USB Devices in the supported list
  • Resolved 9K Jumbo frame issue on RTL8153 chipset devices
  • Resolved invalid speed reporting for some quick devices by using the default speed

ESXi670-VMKUSB-NIC-FLING-33242987-offline_bundle-15615590.zip
ESXi650-VMKUSB-NIC-FLING-33268102-offline_bundle-15620342.zip

vSphere HTML5 Web Client

And the vSphere html5 client keeps improving and improving.

Changelog

Fling 5.0 – build 15670023

New Features

  • Code Capture new language: the recorded interaction can now be translated to Go.
  • PowerActions: integrating PowerCLI and the vSphere Client. The vSphere Client now provides the ability to execute PowerCLI commands and scripts, and store scripts in a library. Custom actions backed by PowerCLI scripts can be defined and executed on inventory objects.
  • PowerActions must be explicitly enabled on a vSphere Client Fling deployment. For setup instructions and a quick walkthrough, see the file PowerActions_documentation_Fling50.pdf .

Improvements

  • PowerActions: when executing a script from the context menu of an object, the context object is prepopulated, but the object selector control has to be expanded and collapsed in order for this to become visible.

Release Notes

  • The base operating system for the fling is changed to Photon OS.
    Upgrade from previous versions to 5.0 is not supported. A new appliance has to be deployed.

Server.bat Replaced, December 3

Fix a small error where ls.url was printed twice in the resulting webclient.properties which leads to errors when trying to login to the H5 web client.

App Volumes Entitlement Sync

The App Volumes Entitlement Sync helps the App Volumes admin in copying entitlements between various App Volumes environments like from test to production.

Changelog

Version 2.4

  • Fixed problem with sync button being disabled
  • Added check for App Volumes 2.x and App Volumes 4.x managers and will pop up message that they can’t be synced

App Volumes Migration Utility

You might want to use the App Volumes Migration Utility if you are upgrading from App Volumes 2.* to App Volumes 4.

Changelog

Version 1.0.1

  • Fix for Migrated Appstack upload failure in AVM due to JSON parsing error.
  • Instructions doc updated to reflect the name change from “Upload Prepackaged Volume” to “Upload Template” in the AVM UI.

vRealize Build Tools

vRealize Build Tools provides tools to development and release teams implementing solutions based on vRealize Automation (vRA) and vRealize Orchestrator (vRO). The solution targets Virtual Infrastructure Administrators and Solution Developers working in parallel on multiple vRealize-based projects who want to use standard DevOps practices.

Changelog

Version 2.4.18

  • Support vRA 8 support for blueprints, custom forms, subscriptions and flavor-mapping
  • vRO 8 support for existing content management and import
  • Support vRO 8 export of WFs in a folder structure derived from WF tags
  • Support for running WFs on vRO using maven command
  • Support persisting JS Actions IDs in source to allow for actions originating in vRO first to not create conflicts
  • TypeScript Projects (experimental) support improvements and bug fixes
  • General bugs fixing an documentation updates

Power vRA Cloud

Power vRA Cloud makes the vRA API’s more accessible for people already used to PowerCLI or PowerShell.

Changelog

Version 1.1

  • Bug fixes and following new cmdlets
  • Add-vRA-Project-Administrator
  • Add-vRA-Project-Member
  • Get-vRA-DeploymentFilters
  • Get-vRA-DeploymentFilterTypes
  • Get-vRA-FabricNetworksFilter
  • Get-vRA-FabricImagesFilter
  • Remove-vRA-Project-Administrator
  • Remove-vRA-Project-Member
  • Update-vRA-Project-ZoneConfig

 

New challenge ahead! (going Vendor this time)

After years of contracting a new challenge lays ahead for me in the vendor space. Until now I have always been on either the customer or partner side of things but was always curious how things would be from a vendor perspective. Recently I saw an opportunity at ControlUP passing by that I couldn’t resist in asking if it would also be feasible do do this from The Netherlands since it was posted for the UK. The lines where short since I am already working on for them on a freelance base creating Horizon scripts.

PS Engineers are experienced IT professionals that guide customers through their journey of assessing needs and implementing ControlUp solutions. Prospective candidates must be self-motivated, charismatic individuals that are willing to meet customers and work in very dynamic situations that present new, never before seen business and technical challenges on a regular basis. Ideal candidates possess several years of enterprise IT consulting experience and a deep technical skill set covering VMware’s or Citrix virtualization and PowerShell scripting.
Responsibilities
· Professionally represent ControlUp values at all times
· Maintain current knowledge of the entire ControlUp product portfolio
· Become a trusted advisor to both colleagues and customers
· Help our customers succeed by solving their challenging technical problems, from design through to production operations
· Work closely with customers to understand their needs and objectives
· Provide regular transfer of information presentations to customers
· Provide regular feedback to management for process and practice improvements
· Assist with all phases of Couchbase implementations, starting with installation, architecture design and review
· Contribute to internal technical projects, which can include software development, benchmarking, troubleshooting
· Work closely with the sales team and presales team on technical escalations and help grow opportunities in existing accounts
· Assist with customer PoC/Pilots through effective management of acceptance criteria and issue escalation/resolution
· Work with all technical levels from managers, to architects and developers in the Couchbase Server technology and architecture
· Identify and write internal and external technical collateral, like typical deployment architectures or best practices
· Travel to customers at least 25%
Requirements
· 10+ years of experience in information technology- A MUST
· 5+ years of customer-facing professional services or VDI Administration- A MUST
· Fluent Speak and Writing English- A MUST
· Strong VMware or Citrix experience
· Strong Windows desktop OS administration experience
· VCP/CTP/VCPDT strongly preferred
· B.S./B.A./M.S. degree or equivalent technical training & experience
· Proven technical background –You will need to have a strong hands-on understanding of a number of popular technical platforms
· Positive attitude and very customer-centric; always willing to put the customers’ needs first
· MCSE – a plus
While I have been doing mainly VMware for the last few years I also have a bit of history with Citrix so I thought this would fit perfectly. After a couple of zoom calls first I traveled to ControlUP’s yearly Sales Kick-Off in Jerusalem last month to have a face to face meeting but also to feel how things are run inside the company. Looking back at that I have to say I really enjoyed it and was able to connect with just about everyone (I just didn’t have the time to connect with everybody). So when I received the call a week or so later that they wanted to hire me I couldn’t be more happy about that and I will be starting March first as Professional Service Engineer!
tldr: Got hired by ControlUP as Professional Services Engineer starting March first

[HorizonAPI] Configuring the Horizon event database in code

Last week Mark Brookfield asked the question if it is possible to configure the event database in code. My answer was that I thought it should be possible until Stephen Jesse pointed me to the the vmware.hv.helper where there is the set-hveventdatabase cmdlet for this. When looking at the code I noticed something familiar:

.NOTES
Author                      : Wouter Kursten
Author email                : [email protected]
Version                     : 1.0

===Tested Against Environment====
Horizon View Server Version : 7.4
PowerCLI Version            : PowerCLI 10
PowerShell Version          : 5.0

So that’s why I knew it was possible! A good reason to create a quick blogpost though. Mark made a nice script for himself with variables and all those fancy things but I just want to quickly show how you can do it.

$hvedbpw=read-host -AsSecureString
$temppw=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($hvedbpw)
$PlainevdbPassword=[System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$dbupassword=New-Object VMware.Hv.SecureString
$enc=[system.Text.Encoding]::UTF8
$dbupassword.Utf8String=$enc.GetBytes($PlainevdbPassword)
$eventservice=new-object vmware.hv.eventdatabaseservice
$eventservicehelper=$eventservice.getEventDatabaseInfoHelper()
$eventsettings=new-object VMware.Hv.EventDatabaseEventSettings
$eventdatabase=new-object VMware.Hv.EventDatabaseSettings
$eventsettings.ShowEventsForTime="TWO_WEEKS"
$eventsettings.ClassifyEventsAsNewForDays=2
$eventdatabase.Server="labsql01.magneet.lab"
$eventdatabase.type="SQLSERVER"
$eventdatabase.port=1433
$eventdatabase.name="pod1_events"
$eventdatabase.username="sa_view"
$eventdatabase.password=$dbupassword
$eventservicehelper.setDatabase($eventdatabase)
$eventservicehelper.setsettings($eventsettings)
$eventservice.update($hvservice,$eventservicehelper)

The first three line make it possible to not use a plaintext password. If you don’t care about that you can remove those and declare something for $plainevdbpassword.

For the $eventsettings.ShowEventsForTime for time there are several options (same as in the gui) these are:

ONE_WEEK,TWO_WEEKS,THREE_WEEKS,ONE_MONTH,TWO_MONTHS,THREE_MONTHS,SIX_MONTHS
Yes, they are all in capitals!

To show how this works I will first clear the current database.

$hvservice.EventDatabase.EventDatabase_Clear()
$hvservice.EventDatabase.EventDatabase_Get()

Yes this is one of those exceptions where a service_get doesn’t need an id.

Now I run the script with a new _get to show the results.

If you are interested in the details:

[HorizonAPI] Working with UAG’s

Something that was added in the last few versions of the Horizon API is the option to handle UAG’s. Since I had to add an uag to my lab for another project I decided to find out what api calls are possible. First I’ll check what services there are.

$hvservice | Select-Object gateway*

I will ignore the GatewayAccessUserOrGroup since that was already in there so we are left with Gateway and GatewayHealth. Let’s see what methods are available under Gateway.

$hvservice.Gateway | gm

I Gateway_Get and Gateway_List will show the same information as always but with _Get you will need a gateway ID and it only shows the information about one gateway. WIth _List you will get the information about all registered gateways.

$hvservice.Gateway.Gateway_List()
$gw=$hvservice.Gateway.Gateway_List() | select-object -First 1
$hvservice.Gateway.Gateway_Get($gw.id)

Let’s see what’s in that GeneralData (Spoiler: not a lot!)

$gwdata=$hvservice.Gateway.Gateway_Get($gw.id)
$gwdata.GeneralData

To remove a gateway we use Gateway_Unregister with the gatewayid

$hvservice.Gateway.Gateway_Unregister($gw.id)

Now i need to register the Gateway again let’s see what we need for that.

$hvservice.Gateway.Gateway_Register

So we need an object of the type VMware.Hv.GatewaySpec. Let’s define that and see what it looks like.

$gwspec=New-Object VMware.Hv.GatewaySpec
$gwspec

So we only need the GatewayName, please use the exact name that was used to configure the UAG otherwise it can be added but it won’t be showing any data.

$gwspec.GatewayName="pod1uag1"

Now to register the UAG

$hvservice.Gateway.Gateway_Register($gwspec)

So with this we did everything we could with the Gateway service. Next is the GatewayHealth service.

$hvservice.GatewayHealth | Get-Member

as usual there’s only a get and a list so let’s see what data is in there.

$hvservice.GatewayHealth.GatewayHealth_List()
($hvservice.GatewayHealth.GatewayHealth_List()).ConnectionData

Sadly nothing more than the admin interface gives us but enough to build an health check like I did for the vCheck already (that can be found here)

For the type there are several options and those can be found in the API Explorer.

VALUE DESCRIPTION
“AP” AP type is for UAG.
“F5” F5 type is for F5 server.
“SG” SG type is for Security Server.
“SG-cohosted” SG-cohosted type is for Cohosted CS as gateway.
“Unknown” Unknown type is for unrecognized gateway type.

I was told by a VMware employee that SG-cohosted is fancy wording for a connection server.

And that’s everything we can do with UAG’s using the Horizon API’s!