The VMware Labs flings monthly for March 2020

We are living in some crazy times, we have been locked down here already for several weeks and in my area things are improving, just like my dad who is recovering from Corona. The virus didn’t stop the VMware engineers from working on flings though. This includes the new VMware Appliance for [email protected] if you want to help in the battle against Corona or other illnesses. Other new releases are Workspace ONE Mobileconfig Importer and Unified Access Gateway Deployment Utility while the following received an update: vSphere Software Asset Management Tool, Desktop WatermarkvCenter Event Broker Appliance,, Ubuntu OVA for Horizon, Workspace ONE UEM SCIM Adapter, vSphere Mobile Client, Infrastructure Deployer for vCloud NFV and last but not least Horizon View Events Database Export Utility.

New Releases

VMware Appliance for [email protected]

I already spoiler the VMware Appliance for [email protected] but this appliance gives you the opportunity to add your computer power in the search for a solution against Corona or other diseases.

This Fling is a vSphere Appliance that contains the [email protected] client software. Upon deploying the VMware Appliance for [email protected], the user will be prompted to enter information to configure the [email protected] software. Once the appliance is deployed, the [email protected] client is running and ready for Working Units. The Fling is also pre-configured to allow remote management of the [email protected] client. For more information on the [email protected] Project and how we can be a Force for Good against diseases like the Coronavirus, visit the website www.foldingathome.org.

The [email protected] Appliance is configured to automatically join Team VMware ID 52737. Everyone is welcome to join! Check out http://vmwa.re/fah for team and individual statistics.

Workspace ONE Mobileconfig Importer

The Workspace ONE mobileconfig Importer gives you the ability to import existing mobileconfig files directly into a Workspace ONE UEM environment as a Custom Settings profile, import app preference plist files in order to created managed preference profiles, and to create new Custom Settings profiles from scratch. When importing existing configuration profiles, the tool will attempt to separate each PayloadContent dictionary into a separate payload for the Workspace ONE profile.

Unified Access Gateway Deployment Utility

In case the manual deployment is too much work or the PowerCLI based is too difficult engineers have now created Unified Access Gateway Deployment Utility for Mac or Windows to install the uag.

Unified Access Gateway (UAG) Deployment Utility assists the deployment of UAG appliances by running the utility on Windows or macOS machines. This utility provides better user interface, which is self explanatory about the next steps and better error handling through useful messages & tool tips which will make it easier for an admin to deploy single or multiple appliances.

Updated Flings

vSphere Software Asset Management Tool

Changelog

March 2020

  • Minor wording update to the generated software asset management report.

Desktop Watermark

Changelog

v1.1 – Build 20200302-signed

  • Added a new attribute %DATETIME% to show hour and minute info on screen.

vCenter Event Broker Appliance

Changelog

Too damn much so better head over to William Lam’s blogpost.

Ubuntu OVA for Horizon

Changelog

v1.2

  • Special thanks to Robert Guske for testing & feedback
  • Support for Horizon 7.11 and later
  • Support for vSphere 6.7+
  • Updated OVA base image to Ubuntu 18.04.4 LTS
  • Updated Virtual Hardware to v14
  • Added option to configure static networking
  • Added support for USB 3.0 and USB Redirection (via linux-agent-installer.sh)
  • Added KDE Desktop Environment Option
  • Added Gnome Desktop Environment Option (recommended)
  • Developer Desktop Package option
  • Added Keyboard Layout Option
  • Added option to enable SSH
  • Removed runlevel 5 setting
  • Fixed MOTD prompt code
  • Disabled auto software updates
  • Removed greeter modifications to support SSO
  • Numerous improvements to script
  • Script renamed to ‘optimize.sh’

Workspace ONE UEM SCIM Adapter

Changelog

20.03 Release Notes:
Please Note: If you have already setup WS1 SCIM Adapter, it is possible that moving to 20.03 will create new accounts. Please consider resetting Directory Services configuation for the OG you are connecting to.

New Features:

  • Windows 10 OOBE Enrollment now supported
  • Bitnami Node.js 12.16.1-0 now supported with embedded install
  • Various Enterprise and Custom SCIM Schema attributes now supported (see below table)

Bugs Fixed:

  • Resources with special characters in immutableId do not update

vSphere Mobile Client

Changelog

Version 1.10.2

Improvements/Fixes

  • Better support for older devices
  • Fix some issues related to the back button
  • Fix for the annotation not defined issue

Version 1.10.1

  • Fixed “TypeError : Cannot read property of ‘annotation’ of undefined”
  • Errors causing white screen should now have more information about the cause

Infrastructure Deployer for vCloud NFV

Changelog

Version 3.2.1 Update

  • Updated to new version
  • Replaced user guide the new version

Horizon View Events Database Export Utility

Changelog

Version 2.2

Fixed the following issues:

  • Able to return data for All Pools
  • Able to return data on just user logon and logoff events
  • Both of these actions would cause a crash or error in previous versions

[HorizonAPI] Creating Entitlements

So last week I created a blog about gathering Horizon entitlements using the api’s. At the end I promised that my next blog post would be about creating entitlements and guess what: that’s this post 🙂

First a short explanation about what UserEntitlements actually are in Horizon. When you pull the entitlement info the base property has the needed information.

So in short an entitlement is a link between the userorgroup object id and a resource object id. The resource object can be: Application, Desktop, Global Application Entitlement, Global Desktop Entitlement and URLRedirection.

Let’s first grab the id’s that we need, I use 2 queries for that bur first I put the names of the group and the desktop in variables:

$groupname = "example_group"
$poolname = "pod01_pool01"

Than I create two objects called $group and $pool using queries.

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'ADUserOrGroupSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='base.name'; 'value' = "$groupname"}
$group= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'DesktopSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='desktopSummaryData.displayName'; 'value' = "$Poolname"}
$pool= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

Next we create the object to link them together.

$userentitlement= new-object VMware.Hv.UserEntitlementBase
$userentitlement.UserOrGroup = $group.id
$userentitlement.Resource = $pool.id

And we create the actual entitlement, since the output we get from this is the id of the entitlement object I store this in a variable to show you the entitlement in the next step.

and to show the entitlement

($hvservice.UserEntitlement.UserEntitlement_Get($newentitlement)).base

If you want to create entitlements for other resource you’ll need to use the either of the following to build your query:

Name Data object property to filter on
Application ApplicationInfo data.displayName
Desktop DesktopSummaryView DesktopSummaryData.displayName
Global Application Entitlement GlobalApplicationEntitlementInfo base.displayName
Global Desktop Entitlement GlobalEntitlementInfo base.displayName

There is no query for the URLRedirection so you’ll need to use URLRedirection.URLRedirection_List() to get the entire list and select the right one from that.

This is a complete example script that you could use to create a desktop entitlement:

Import-Module VMware.VimAutomation.HorizonView
Import-Module VMware.VimAutomation.Core

$cs = 'pod1cbr1.loft.lab'
$groupname = "example_group"
$poolname = "pod01_pool01"

$hvServer = Connect-HVServer -Server $cs 

$HVService= $hvServer1.ExtensionData

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'ADUserOrGroupSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='base.name'; 'value' = "$groupname"}
$group= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'DesktopSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='desktopSummaryData.displayName'; 'value' = "$Poolname"}
$pool= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

$userentitlement= new-object VMware.Hv.UserEntitlementBase
$userentitlement.UserOrGroup = $group.id
$userentitlement.Resource = $pool.id
$hvservice.UserEntitlement.UserEntitlement_Create($userentitlement)

The VMware Labs flings monthly for February 2020

First of all my excuses for not posting more last month. It was a short but very busy month so I just couldn’t find the time for that. The people behind VMware flings have bee busy though with one new fling and seven updates ones. New is Pallas (for managing edge ESXi hosts) and the following received updates: Virtual Machine Compute Optimizer, USB Network Native Driver for ESXi, vSphere HTML5 Web Client, App Volumes Entitlement Sync, App Volumes Migration Utility, vRealize Build Tools, Power vRA Cloud.

New Releases

pallas

Pallas helps an admin to manage edge ESXi hosts where it’s not possible to manage them using vCenter due to security reasons.

The goal of Pallas is to provide management ability for ESXi hosts that cannot be managed by vCenter due to firewall or network issues.

 

Case 1: You have several ESXi hosts which running in a private network, but you have requirement to management them in the public network.

 

Case 2: Your ESXi host don’t wire connections and must connected through WiFi or Mobile network. For example, you use ESXi running on the oil rig, train head and you want to remote manage the ESXi securely.

 

Case 3: In IOT world you have the virtualized Edge devices requirements (ESXi host on Edge Device) and need remote management the ESXi(like patch, create VM etc.)

 

This solution includes a dominate-agent VM to provide remote management ability on the ESXi. If the ESXi has no wire connection then a pluggable network device (USB WiFi card, 3G/4G/5G sim card or other device that can provide network access ability) is needed, the pluggable network device will be pass-through directly to the dominate-agent VM. A remote manager server that accept connections either in public cloud/hybrid or private datacenter.

 

The dominate agent VM will talk to ESXi through ESXi SDK for workload VM management. There is no direct connection between the workload vm and dominate agent by default.

 

The dominate agent VM will talk to Pallas Manger though MQTT protocol, it will not allow any inbound traffic.

 

Updated Flings

Virtual Machine Compute Optimizer

Virtual Machine Compute Optimizer is a script that analyses vm’s and the hosts running them to see if they run in an optimized way. It does not look into the vm’s themselves, if that is needed vRealize Operations is recommended.

Changelog

Version 2.0.2

  • Modified Get-OptimalvCPU.ps1 to account for vCenters with no clusters
  • Modified Error Catches so they display the line number of the error

USB Network Native Driver for ESXi

The USB Network Native Driver for ESXi was specially made for homelabs that need USB ports for extra network connectivity.

Changelog

February 12, 2020 – v1.4

  • Add SuperMicro/Insyde Software Corp USB Devices in the supported list
  • Resolved 9K Jumbo frame issue on RTL8153 chipset devices
  • Resolved invalid speed reporting for some quick devices by using the default speed

ESXi670-VMKUSB-NIC-FLING-33242987-offline_bundle-15615590.zip
ESXi650-VMKUSB-NIC-FLING-33268102-offline_bundle-15620342.zip

vSphere HTML5 Web Client

And the vSphere html5 client keeps improving and improving.

Changelog

Fling 5.0 – build 15670023

New Features

  • Code Capture new language: the recorded interaction can now be translated to Go.
  • PowerActions: integrating PowerCLI and the vSphere Client. The vSphere Client now provides the ability to execute PowerCLI commands and scripts, and store scripts in a library. Custom actions backed by PowerCLI scripts can be defined and executed on inventory objects.
  • PowerActions must be explicitly enabled on a vSphere Client Fling deployment. For setup instructions and a quick walkthrough, see the file PowerActions_documentation_Fling50.pdf .

Improvements

  • PowerActions: when executing a script from the context menu of an object, the context object is prepopulated, but the object selector control has to be expanded and collapsed in order for this to become visible.

Release Notes

  • The base operating system for the fling is changed to Photon OS.
    Upgrade from previous versions to 5.0 is not supported. A new appliance has to be deployed.

Server.bat Replaced, December 3

Fix a small error where ls.url was printed twice in the resulting webclient.properties which leads to errors when trying to login to the H5 web client.

App Volumes Entitlement Sync

The App Volumes Entitlement Sync helps the App Volumes admin in copying entitlements between various App Volumes environments like from test to production.

Changelog

Version 2.4

  • Fixed problem with sync button being disabled
  • Added check for App Volumes 2.x and App Volumes 4.x managers and will pop up message that they can’t be synced

App Volumes Migration Utility

You might want to use the App Volumes Migration Utility if you are upgrading from App Volumes 2.* to App Volumes 4.

Changelog

Version 1.0.1

  • Fix for Migrated Appstack upload failure in AVM due to JSON parsing error.
  • Instructions doc updated to reflect the name change from “Upload Prepackaged Volume” to “Upload Template” in the AVM UI.

vRealize Build Tools

vRealize Build Tools provides tools to development and release teams implementing solutions based on vRealize Automation (vRA) and vRealize Orchestrator (vRO). The solution targets Virtual Infrastructure Administrators and Solution Developers working in parallel on multiple vRealize-based projects who want to use standard DevOps practices.

Changelog

Version 2.4.18

  • Support vRA 8 support for blueprints, custom forms, subscriptions and flavor-mapping
  • vRO 8 support for existing content management and import
  • Support vRO 8 export of WFs in a folder structure derived from WF tags
  • Support for running WFs on vRO using maven command
  • Support persisting JS Actions IDs in source to allow for actions originating in vRO first to not create conflicts
  • TypeScript Projects (experimental) support improvements and bug fixes
  • General bugs fixing an documentation updates

Power vRA Cloud

Power vRA Cloud makes the vRA API’s more accessible for people already used to PowerCLI or PowerShell.

Changelog

Version 1.1

  • Bug fixes and following new cmdlets
  • Add-vRA-Project-Administrator
  • Add-vRA-Project-Member
  • Get-vRA-DeploymentFilters
  • Get-vRA-DeploymentFilterTypes
  • Get-vRA-FabricNetworksFilter
  • Get-vRA-FabricImagesFilter
  • Remove-vRA-Project-Administrator
  • Remove-vRA-Project-Member
  • Update-vRA-Project-ZoneConfig

 

The VMware Labs flings monthly for January 2020

Here we go again with the new and updated flings for January 2020. It’s been a busy month for me including a visit to Israel but more on that in a future blog post. There have been three new releases in January with the App Volumes Migration Utility, vSphere Software Asset Management and Power vRA Cloud. No less than six received updates: DRS Dump Insight, Horizon Reach, Cross vCenter Workload Migration Utility, vCenter Event Broker Appliance, vSphere Mobile Client and the one and only VMware OS Optimization Tool.

New Releases

App Volumes Migration Utility

The App Volumes Migration Utility has been build to migrate App Volumes 2.18 app stacks to the brand new App Volumes 4 format.

App Volumes Migration Utility allows to migrate appstacks, which are managed by VMware App Volumes 2.18, to the new appstack format of VMware App Volumes 4.0. The format of appstacks in VMware App Volumes 4.0 have changed in order to provide improved login to desktops among many other features. This utility addresses the migration of appstacks so that applications don’t have to be provisioned again after upgrading to VMware App Volumes 4.0.

vSphere Software Asset Management Tool

The vSphere Software Asset Management Tool gives the user insight into license usage of and vSphere environment version 5.5 and up.

The vSphere Software Asset Management (vSAM) is a tool that collects and summarizes vSphere product deployment information. It calls on vSphere APIs for deployment data and produces a PDF report that the customer can consult as a part of their infrastructure review and planning process. This lightweight Java application runs on Windows, Linux or Mac OS.

Features

  • Support both vCenter Server cluster and Standalone ESXi host with a version of vSphere 5.5, 6.X or newer.
  • Generate comprehensive report from various aspects:
    • High-level product deployment summary
    • Product deployment report by targets (standalone ESXi or VC cluster)
    • High level license key usage report
    • License key usage by targets
  • Provide Software Asset Management suggestions on:
    • Evaluation license warning
    • License term
      • Pre-expiration 90 days warning
      • Expiration alert
    • License capacity
      • Potential capacity waste warning based on customized threshold
      • Potential capacity shortage warning based on customized threshold
      • Capacity over-use alert
    • Product support
      • End of General Support info
      • General Support pre-expiration 90 days warning
      • Unsupported product alert
    • Protect customer sensitive information by:
      • Collecting minimal set of information relative with Software Asset Management
      • Masking sensitive info in the report
      • Supporting encryption of raw data file
  • Support merging multi reports into one report
  • Support English and Chinese report
  • Support customization of report

Power vRA Cloud

Power vRA Cloud is a PowerShell module that abstracts the VMware vRealize Automation Cloud APIs to a set of easily used PowerShell functions. This tool provides a comprehensive command line environment for managing your VMware vRealize Automation Cloud environment.

This module is not supported by VMware and comes with no warranties expressed or implied. Please test and validate its functionality before using this product in a production environment.

Updated Flings

DRS Dump Insight

The DRS Dump Insight flings gives an explanation why in the bloody hell a VM was moved from one host to the other.

Changelog

Version 1.1

  • Users can now upload multiple dumps as a folder.
  • Creates a vMotion timeline based on the dumps uploaded, users can navigate through multiple dump analysis.
  • Users can export multiple dump analysis as a PDF at once.
  • Added support to 65u2, 65u3 and 67u3 dumps.
  • Bug fixes and backend improvements

Horizon Reach

I have said this before but Horizon Reach is awesome and gives you an proper overview over all pod’s in an Horizon Cloud Pod setup.

Changelog

Version 1.0.1 brings vCenter performance data along with a myriad of bugfixes!

New Features

  • Gauges, gauges everywhere.
  • Search field! for those huge customers who hate to dig.
  • vCenter performance statistics will now be captured for Pods running version 7.8 or better.
  • vCenter RAM, CPU, sesions and Datastore Usage have all been added to the historical data views.
  • Datastore usage is now calculated only for datastores used by pools or farms.
  • New layouts for Pools, Farms, Pods, Vcenters etc..
  • RDSH Servers load is now correctly measured and a new view is available.
  • Page headers look much better.
  • vCenters now have the pod name listed.
  • Added support for nested groups and some additional LDAP logging on startup.
  • Added the ability to modify a connection rather than just add and delete.
  • Side nav will now collapse if screen space is low.
  • Don’t use internet explorer, friends don’t let friends do that, I’ve added a warning too.
  • Further logging enabled for LDAP integration including a self test on service start.
  • LDAP now supports nested groups.
  • Events view has been deprecated due to a thread exhaustion issue on the server side.

Bug Fixes

  • Farm usage is now accurate, wow that was broken!
  • Many cast errors were found and dealt with.
  • Problem machines now correctly display the vCenter.
  • Fixed a health score bug in the page header.
  • Fixed a problem machines bug in pools and farms.
  • Fixed a bug in pod numbers calculation.
  • Improved the speed of database enumeration of sites and pods.
  • Fixed a bug in global application entitlements where the lack of shortcuts would cause the UI to freak out.
  • Fixed a bug in Datastore usage where it was reporting the wrong value.
  • Fixed a bug where Reach sessions may not be logged off correctly during polling.
  • Fixed a bug where applications were being requested for each farm multiple times.
  • Fixed a bug where pod health would be called twice for no reason.

Cross vCenter Workload Migration Utility

The Cross vCenter Workload Migration Utility helps in moving vm’s between vCenter servers even if they are not connected.

Changelog

Version 3.1, January 22, 2020

  • Support for disk format conversion between Thick (Lazy Zeroed), Thick (Eager Zeroed) and Thin provisioning
  • Support for VM rename pattern for Clone operation
  • Fixed duplicated network selection when performing bulk migration
  • Fixed startup failure when a new home vCenter is specified as a command line argument

vCenter Event Broker Appliance

Sadly there is no real changelog available but just a tweet for the vCenter Event Broker Appliance, a tool that helps the user to create their own events inside vCenter.

Changelog?

Features:

  • Setup no longer require Internet
  • NTP & Proxy Support

vSphere Mobile Client

If you think your Smartphone screen is big enough to manage vSphere the vSphere Mobile Client will help you in that.

Changelog

Version 1.9.1

Features:

  • Added host shutdown quick action

Bug fixes:

  • Fixed an issue where the app would crash when using face ID authentication (iOS)
  • Fixed an issue in the VM card (reversed icons for Windows and Linux)

Version 1.9.0

New features:

  • Ability to save information around a vCenter server (address/username)
  • Use FaceId/Fingerprint recognition to login to a vCenter server

Bug fixes:

  • Do not make first letter uppercase on input fields on the login form
  • Better compatibility with auto-complete applications on the login form

VMware OS Optimization Tool

The one, the only and the real VMware OS Optimization Tool. Simply the best tool out there to optimize your windows image.

Changelog

January, 2020, b1140

Includes various bug fixes.

Optimize Results

  • A new button has been added to the results page that displays once an optimization job has completed. This Export button allows you to save the results page as an HTML file.

Generalize

  • New option and button that simplifies the task of running Sysprep using a standard answer file. You can edit the provided answer file before running Sysprep with it.

Finalize

  • New option and button to automate many common tasks that are typically run as a last step before you shut down Windows to use the VM in Horizon. These include the system clean up tasks (NGEN, DISM, Compact and disk clean up) that were previously provided in the Common Options dialog. This also includes clearing event logs, KMS information and releasing the IP address.

Common Options

  • System clean up tasks have been removed from the common options so will now not run during optimize but instead should be run as part of the Finalize process.
    New tab for Security options. This allows for the quick selection of common settings that might need to be left enabled depending on the security requirements. This offers control over Bitlocker, Firewall, Windows Defender, SmartScreen, HVCI.

Command Line

  • Added command line parameter to allow the tool to run without applying optimizations. This is part of the -o parameter called none that then allows you to run things like the system cleanup tasks (NGEM DISM, etc.) without also having to optimize at the same time.
  • VMwareOSOptimizationTool.exe -o none -t template -systemcleanup 0 1 2 3 WebCache
  • Changed default to not disable Webcache. In testing this was shown to break Edge and IE browsers ability to download and save files. The settings are still available in the Windows 10 templates if you want to disable Webcache.

Guides

  • Updated OSOT user guide: VMware Operating System Optimization Tool Guide.
  • Updated Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop guide coming soon.

[HorizonAPI] Configuring the Horizon event database in code

Last week Mark Brookfield asked the question if it is possible to configure the event database in code. My answer was that I thought it should be possible until Stephen Jesse pointed me to the the vmware.hv.helper where there is the set-hveventdatabase cmdlet for this. When looking at the code I noticed something familiar:

.NOTES
Author                      : Wouter Kursten
Author email                : [email protected]
Version                     : 1.0

===Tested Against Environment====
Horizon View Server Version : 7.4
PowerCLI Version            : PowerCLI 10
PowerShell Version          : 5.0

So that’s why I knew it was possible! A good reason to create a quick blogpost though. Mark made a nice script for himself with variables and all those fancy things but I just want to quickly show how you can do it.

$hvedbpw=read-host -AsSecureString
$temppw=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($hvedbpw)
$PlainevdbPassword=[System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$dbupassword=New-Object VMware.Hv.SecureString
$enc=[system.Text.Encoding]::UTF8
$dbupassword.Utf8String=$enc.GetBytes($PlainevdbPassword)
$eventservice=new-object vmware.hv.eventdatabaseservice
$eventservicehelper=$eventservice.getEventDatabaseInfoHelper()
$eventsettings=new-object VMware.Hv.EventDatabaseEventSettings
$eventdatabase=new-object VMware.Hv.EventDatabaseSettings
$eventsettings.ShowEventsForTime="TWO_WEEKS"
$eventsettings.ClassifyEventsAsNewForDays=2
$eventdatabase.Server="labsql01.magneet.lab"
$eventdatabase.type="SQLSERVER"
$eventdatabase.port=1433
$eventdatabase.name="pod1_events"
$eventdatabase.username="sa_view"
$eventdatabase.password=$dbupassword
$eventservicehelper.setDatabase($eventdatabase)
$eventservicehelper.setsettings($eventsettings)
$eventservice.update($hvservice,$eventservicehelper)

The first three line make it possible to not use a plaintext password. If you don’t care about that you can remove those and declare something for $plainevdbpassword.

For the $eventsettings.ShowEventsForTime for time there are several options (same as in the gui) these are:

ONE_WEEK,TWO_WEEKS,THREE_WEEKS,ONE_MONTH,TWO_MONTHS,THREE_MONTHS,SIX_MONTHS
Yes, they are all in capitals!

To show how this works I will first clear the current database.

$hvservice.EventDatabase.EventDatabase_Clear()
$hvservice.EventDatabase.EventDatabase_Get()

Yes this is one of those exceptions where a service_get doesn’t need an id.

Now I run the script with a new _get to show the results.

If you are interested in the details:

[HorizonAPI] Working with UAG’s

Something that was added in the last few versions of the Horizon API is the option to handle UAG’s. Since I had to add an uag to my lab for another project I decided to find out what api calls are possible. First I’ll check what services there are.

$hvservice | Select-Object gateway*

I will ignore the GatewayAccessUserOrGroup since that was already in there so we are left with Gateway and GatewayHealth. Let’s see what methods are available under Gateway.

$hvservice.Gateway | gm

I Gateway_Get and Gateway_List will show the same information as always but with _Get you will need a gateway ID and it only shows the information about one gateway. WIth _List you will get the information about all registered gateways.

$hvservice.Gateway.Gateway_List()
$gw=$hvservice.Gateway.Gateway_List() | select-object -First 1
$hvservice.Gateway.Gateway_Get($gw.id)

Let’s see what’s in that GeneralData (Spoiler: not a lot!)

$gwdata=$hvservice.Gateway.Gateway_Get($gw.id)
$gwdata.GeneralData

To remove a gateway we use Gateway_Unregister with the gatewayid

$hvservice.Gateway.Gateway_Unregister($gw.id)

Now i need to register the Gateway again let’s see what we need for that.

$hvservice.Gateway.Gateway_Register

So we need an object of the type VMware.Hv.GatewaySpec. Let’s define that and see what it looks like.

$gwspec=New-Object VMware.Hv.GatewaySpec
$gwspec

So we only need the GatewayName, please use the exact name that was used to configure the UAG otherwise it can be added but it won’t be showing any data.

$gwspec.GatewayName="pod1uag1"

Now to register the UAG

$hvservice.Gateway.Gateway_Register($gwspec)

So with this we did everything we could with the Gateway service. Next is the GatewayHealth service.

$hvservice.GatewayHealth | Get-Member

as usual there’s only a get and a list so let’s see what data is in there.

$hvservice.GatewayHealth.GatewayHealth_List()
($hvservice.GatewayHealth.GatewayHealth_List()).ConnectionData

Sadly nothing more than the admin interface gives us but enough to build an health check like I did for the vCheck already (that can be found here)

For the type there are several options and those can be found in the API Explorer.

VALUE DESCRIPTION
“AP” AP type is for UAG.
“F5” F5 type is for F5 server.
“SG” SG type is for Security Server.
“SG-cohosted” SG-cohosted type is for Cohosted CS as gateway.
“Unknown” Unknown type is for unrecognized gateway type.

I was told by a VMware employee that SG-cohosted is fancy wording for a connection server.

And that’s everything we can do with UAG’s using the Horizon API’s!

The VMware Labs flings monthly for December 2019

Happy new year and the very best wishes for 2020!

In december three new flings where published with SyncML Compare, vCenter Plugin for vRealize Network Insight and App Finder for Tunnel. Thee other received an update: Workspace One UEM Workload Migration Tool, Infrastructure Deployer for vCloud NFV and The VMware OS Optimization Tool.

New Releases

SyncML Compare

The SyncML Compare tool is usefull for troubleshooting profiles and applications that are pushed from the Workspace One Console.

SyncML-Compare is an extension to Fiddler application that lets you compare the syncmls pushed from server against the SyncMls received from the device management client on the device.

Comparing SyncMLs is often required to troubleshoot or debug profiles, applications pushed from the WS1 console.

Instead of copying the two syncmls and then manually comparing each syncml node in a separate xml viewer, SyncML compare lets you compare the SyncMLs on the fiddler application itself.
As shown in the below screenshot, you can see the locUris, commandIds and the results using SyncML compare.

This simplifies the SyncML troubleshooting experience as well as speeds up debugging process.

vCenter Plugin for vRealize Network Insight

vRealize Network Insight is a great tool but wouldn’t it even be better when the information is accessible from inside vSphere? The vCenter Plugin for vRealize Network Insight fling takes care of that.

The vCenter Plugin for vRealize Network Insight brings relevant information from Network Insight, directly into vCenter. It allows the virtual infrastructure admins to view networking focused data and statistics in the same interface as where they manage their workloads, without having to have 2 interfaces open. Additionally, this plugin also helps add vCenter as a data source to Network Insight and set up incoming network flows.

Features

Summary view of vCenter activity: VMs, vMotions, and snapshots.
Bring in network information directly to vCenter, such as:Summary view of how network traffic behaves; how much east-west and how much internet traffic there is.
Health check violation for the vCenter and attached NSX environments
Network top talkers, grouped by VMs, Cluster, L2 Network, Subnet, Security Group, Source-Destination Pair, Source & Destination Subnet, Source & Destination IPs.
Most used networks
New Virtual Machines that are accessing the internet
o Top 5 Hosts or Networks that are experiencing the most packet loss
Links to the vRealize Network Insight interface shows the source data and allows you to look closer, apply filters, export information, and more.
Configure vCenter as a data source and configure NetFlow on the available vSphere Distributed Switches.

App Finder for Tunnel

The App Finder for Tunnel fling can be used to flag applications to use the Workspace One Tunnel on MacOS.

This application is a utility which can be used for conveniently flagging the applications to use WorkspaceONE Tunnel on macOS. On macOS, WorkapceONE Tunnel supports per-app VPN feature where only the whitelisted applications can be Tunneled rather than tunneling the entire device traffic. In order to whitelist the application to use Tunnel, admin needs to enter the following details on the Workspace UEM Console under “VMware Tunnel” device traffic rule:

Friendly name
Package ID
Designated requirement
Path (this is used only for the pure non-bundle binaries like Curl and ssh)
This fling application supports the basic drag and drop interface which admin can launch and then drag and drop the application to be flagged to use per-app VPN (Firefox in the following case), once the applicatin is dropped, it’s attributes are listed and then admin can paste those in the UEM console as shown below:

Updated Flings

Workspace One UEM Workload Migration Tool

The Workspace One UEM Workload Migration Tool takes care of migrating applications and devices between different Workspace One environments.

Changelog

Version 2.1.0

  • Fixed app upload issues for Workspace One UEM 1910+
  • Fixed profile search issue for Workspace One UEM 1910+
  • Added profile update support
  • Added template folder structure creation
  • Updated Mac app to support notarization for Catalina

Infrastructure Deployer for vCloud NFV

Infrastructure Deployer for vCloud NFV is an automation-based deployment tool used for setting up the VMware vCloud NFV platform

Changelog

Version 3.2.0 Update

  • Removed internal link in User Guide. Added a link to the correct external location
  • Removed duplicate User Guide document in zip file

VMware OS Optimization Tool

While there is some competition OSOT has been THE tool for optimizing images for VDI or RDSH. The changelog on this on is huge!

Changelog

December, 2019, b1130

  • Command LineAdded command line parameters to allow the control of the common options settings. This allows for the control of visual effect, notification, windows update, store applications, background and system clean up tasks, from the command line.
  • Added list of available templates to the output when run with -h (help).
  • Fixed issues with command line options.

The VMware Operating System Optimization Tool Guide has been updated to include instruction and examples on using the command line.

Visual Effects

  • Changed balanced setting (default) to leave Show shadows under windows enabled. This was making the white on white explorer windows blend in together which did not give the best user experience.

WebCache

  • Added optimization settings to disable WebCache processes from Windows 10. The default is that these optimizations are selected. This removes approximately 40 Mb from each users’ profile on creation and improves logon times.

Horizon Cloud Templates

  • Changed the two Horizon Cloud specific templates (Windows 10 and Windows 7) by removing the item “VMware DaaS Agent Service”. This is no longer required in Horizon Cloud Service.

December, 2019, b1120

Templates

Changed the two existing Windows 10 templates to also cover the associated Server OS and to introduce support for Windows Server 2019.

  • Windows 10 1507-1803 / Server 2016
  • Windows 10 1809-1909 / Server 2019

The old Windows Server 2016 templates have been removed.

System Clean Up

Added System Clean Up options to Common Options dialog. This removed the need for these to be typed and run manually.

  • Deployment Image Servicing and Management (DISM)
    Reduces the size of the WinSxS folder by uninstalling and deleting packages with components that have been replaced by other components with newer versions. Should be run after a Windows update.
  • Native Image Generator (NGEN).
    Optimizes the .NET Framework. Should be run after an update of .NET Framework.
  • Compact
    Compact (Windows 10/ Server 2016/2019). Enables CompactOS to compress specific Windows system files to free up space. Can take several minutes to execute.
  • Disk Cleanup.
    Deletes temporary and unnecessary files.

Background/Wallpaper

  • New Common Options page for Background which allows the choice of color using a picker. This also allows the option to allow the user to be able to change their wallpaper.

Visual Effects options

  • Added a third option where all visual effects are turned off apart from smooth edges and use drop shadows. This is now the default selection.

Windows Store Apps

New page in Common Options that allows more control over removing Windows Store Apps while allowing the user to select common ones to keep. The Windows Store App and the StorePurchaseApp are retained by default.

Applications that will be able to be selected to be kept are:

  • Alarms & Clock
  • Camera
  • Calculator
  • Paint3D
  • Screen Sketch
  • Sound Recorder
  • Sticky Notes
  • Web Extensions

Defaults

The small taskbar option is now no longer selected by default.
In both Windows 10/ Server templates the following services are now no longer selected by default.

  • Application Layering Gateway Service
  • Block Level Backup Engine Service
  • BranchCache
  • Function Discovery Provider Host
  • Function Discovery Resource Publication
  • Internet Connection Sharing
  • IP Helper
  • Microsoft iSCSI Initiator Service
  • Microsoft Software Shadow Copy Provider
  • Secure Socket Tunneling Protocol Service
  • SNMP Trap
  • SSDP Discovery
  • Store Storage Service
  • Volume Shadow Copy Service
  • Windows Biometric Service

Numerous New Optimizations

  • Fully disable Smartscreen.
  • Disable Content Delivery Manager.
  • Disable User Activity History completely.
  • Disable Cloud Content.
  • Disable Shared Experiences.
  • Disable Server Manager when Windows Server OS.
  • Disable Internet Explorer Enhanced Security when Windows Server OS (not selected by default).
  • Disable Storage Sense service.
  • Disable Distributed Link Tracking Client Service.
  • Disable Payments and NFC/SE Manager Service.

Bug and error fixes

  • Fixed condition when Export Analysis Results would fail to create file.

 

The VMware Labs flings monthly for November 2019

None less than eleven newly released and updated flings this month. This includes three that are directly aimed for End use computing including Horizon Reach about which I blogged earlier this week. The three new releases are Horizon Reach, VMware vSAN Live and vCenter Event Broker Appliance. The following received updates: Red Hat OpenShift Container Platform as a Service on vRealize Automation Cloud, Cross vCenter Workload Migration Utility, Infrastructure Deployer for vCloud NFV, Horizon View Events Database Export Utility, Horizon Helpdesk Utility, Kubewise, USB Network Native Driver for ESXi and HCIBench.

New Releases

Horizon Reach

As I said in the blog posts, Horizon Reach is one of the best tools for Horizon ever if not the best by giving the admin insight into the entire Cloud Pod Architecture.

Horizon Reach is a web based, monitoring and alerting fling for VMware Horizon On Prem deployments. Horizon Reach is designed to tackle the disconnect in Enterprise environments wherein each Pod in a Cloud Pod Architecture is its own technology domain and fault domain, or a customer is running multiple, disconnected pods, outside of a Cloud Pod Architecture, but would still like to treat them all as one unit of compute.

Often when troubleshooting these fault domains, it can feel like a game of “Whack a mole” jumping from Pod to Pod trying to find a pertinent session, alarm or event to the problem your user is describing.

Reach tackles this issue by performing health checking and gathering pertinent errors from each separate environment and displaying them all in a single place, creating an easy location for administrators to monitor the environment, along with providing a detailed first step in the troubleshooting process.

VMware vSAN Live

Did you like the vSphere mobile fling? Guess what there is a vSAN mobile fling now as well to give you all the insights while on the go. Personally I expect this one to be merged with the vSphere app at some point but as of now it’s a separate app.

VMware vSAN Live provides vSAN users with instant insights into their hyperconverged infrastructure environments from their mobile devices. Instead of stopping, signing into a laptop and then logging in remotely to view their vSAN environments, users can monitor their HCI clusters while on the go, troubleshooting in just a few clicks.

What’s included in this release?

  • Overview dashboard of vSAN clusters
  • Full-featured Health Checks
  • Cluster inventory view including Fault domain and host status.
  • Easily switch between different vCenter Servers
  • Cluster configuration view including vSAN settings and service status.
  • Full-featured Performance monitoring for VMs and Cluster
  • Full-featured Capacity monitoring

VMware vSAN powers VMware’s hyperconverged infrastructure solution, which combines compute virtualization, storage virtualization and storage networking with unified management into a single system running on industry-standard x86 servers. VMware vSAN, primes businesses for growth through seamless evolution, industry leading deployment flexibility and hybrid-cloud capabilities.

vSAN is native to the market-leading hypervisor, vSphere, simplifying HCI adoption by leveraging existing tools and skillsets. vSAN provides customers industry leading deployment flexibility with over 500+ ReadyNodes, or jointly-certified x86 servers, a turn-key appliance, Dell EMC VxRail, and native services with all of the top public cloud providers: Amazon, Microsoft, Google, Alibaba, IBM and Oracle. vSAN supports the most hybrid cloud uses cases and provides enterprise-grade, general-purpose infrastructure for VM and container-based applications.

vCenter Event Broker Appliance

This is quite a handy appliance when you want some event driven automation for your vSphere environment.

The vCenter Event Broker Appliance (VEBA) enables customers to easily create event-driven automation based on vCenter Server Events. For example, VEBA can drive basic workflows like automatically attaching a vSphere tag when a virtual machine (VM) is created. Even more powerful integrations between datacenter-internal enterprise services and cloud services, for example Slack and Pager Duty, can be created with VEBA out of the box.

VEBA is provided as a Virtual Appliance that can be deployed to any vSphere-based infrastructure, including an on-premises and/or any public cloud environment, running on vSphere such as VMware Cloud on AWS or VMware Cloud on Dell-EMC.

With this appliance, end-users, partners and independent software vendors only have to write minimal business logic without going through a steep learning curve understanding vSphere APIs. As such, we believe this solution not only offers a better user experience in solving existing problems for vSphere operators. More importantly, it will enable new integration use cases and workflows to grow the vSphere ecosystem and community, similar to what AWS has achieved with AWS Lambda.

Continue the conversation with us on Slack: #vcenter-event-broker-appliance on VMware {code}

Updated flings

Red Hat OpenShift Container Platform as a Service on vRealize Automation Cloud

The Red Hat OpenShift Container Platform as a Service on vRealize Automation Cloud fling gives you a tool to automate the end to end deployment of an Openshift Cluster.

Changelog

Version 1.1

  • Updated / Revalidate for Red Hat Enterprise Server 7.7
  • Updated / Revalidate for minor changes in bash scripts
  • Updated/ Revalidate for Ansible playbooks

Cross vCenter Workload Migration Utility

If you need to migrate or clone vm’s between unlinked or even linked vCenters than the Cross vCenter Workload Migration Utility is a very useful tool for you.

Changelog

Version 3.0, Novemember 5, 2019

  • New plugin UI integrated with the vSphere HTML5 Client and supported with both vSphere and VMware Cloud environments
    • Full feature parity with the standalone XVM UI
    • Supports migrations triggered by the host, cluster and resource pool actions from the vSphere Client inventory tree
  • Standalone UI is now deprecated but is still supported
  • Ability to migrate networks with the same name
  • Sorting and filtering of the list of VMs to migrate (plugin only)
  • Error reporting improvements

Infrastructure Deployer for vCloud NFV

Infrastructure Deployer for vCloud NFV is an automation-based deployment tool used for setting up the VMware vCloud NFV platform (NFV 3.2 VCD edition). It is based on VMware vCloud NFV 3.0 Reference Architecture design and targets greenfield deployments only.

There are two components:

The input text file – User enters all details of the environment and component products that need to be deployed, and
The power shell scripts – Executed to do the actual deployment of the products.

Changelog

  • None

Horizon View Events Database Export Utility

While I personally prefer to use the api’s to grab Horizon event logs I still think the Horizon View Events Database Export Utility could be very usefull for people, specially now it has been updated to work with the latest version of Horizon.

Changelog

Version 2.0

  • Added support for RDSH Pools
  • Returns desktop name now
  • Several bug fixes
  • Tested with Horizon 7.11

Horizon Helpdesk Utility

The Horizon Helpdesk Utility still is a 1000 times better than the official java or html5 interfaces and it keeps getting better and better.

Changelog

Version 1.5.0.11

  • Added Named user support in the views
  • Added support for VM image details
  • Added Global search on the overview
  • Added an option to disable the global mutex
  • Fixed numerous bugs

Version 1.5.0.9

  • Updated all binaries to be signed
  • Added full name support for search results
  • Added image status and details for machines view
  • Added a privacy setting to remove the windows title caption
  • Many Bug Fixes

Kubewise

Kubewise is a nifty multi-platform Kubernetes Desktop client. In case you don’t want to type kubctl this could be a replacement.

Changelog

Version 1.1.0

[ Features ]

Terminal command UI – users can now override the default command to open a new terminal window of their choice.
About Info UI – displays the version of currently installed kubectl

[ Bug fixes ]

Fixed an issue where Windows users cannot add a kubeconfig file
Fixed an issue where Linux users cannot list resources due to snap security policies
Switching to YAML format in the Inspect resource view loaded all resources of the same type
Surround path params of kubectl commands with double quotes

[ Misc ]

Save settings file pretty printed
Allign ‘trash’ icons in kubeconfig dropdown
Show loading spinner on application startup

USB Network Native Driver for ESXi

The USB Network Native Driver for ESXi is specially build for homelabs so people can have (fast) enough nic’s even when running smaller systems in the lab.

Changelog

November 27, 2019 – v1.3

  • Resolved USB device detection issue on Intel XHCI controller
  • Resolved packet record issue for ASIX USB network adapters

ESXi670-VMKUSB-NIC-FLING-30899283-offline_bundle-15188556.zip
ESXi650-VMKUSB-NIC-FLING-30940032-offline_bundle-15188510.zip

HCIBench

The HCIBench received 2 updates this month but the second mostly was a bugfix.

Changelog

Version 2.3.1

  • Fixed static IP setting issue
  • Fixed reuse VMs on multi datastores issue
  • Fixed vm/tvm deployment issue
  • MD5 Checksum: 1b220f22575eacf62a965992a4c916e7 HCIBench_2.3.1.ova

Version 2.3.0

[New fling] Horizon Reach: true insights into an entire cloud pod architecture

For years one of the less optimal things about VMware was the fact that you are not able to get an overview over all pods. Yes with other tooling like vRops or 3rd party monitoring this is possibly but all at a cost. At VMworld US Andrew Morgan presented Horizon Reach or Project Heimdall at that time, to the VMware EUC Champions. This tool sounded like the solution to get an easy overview over all pods. While I wasn’t there I definitely was interested and managed to get my hands on some of the early beta releases. With each and every release the stool started to look better and better. It was so good that at VMworld EU it received the first spot in the Top 5 EUC tools that Hans Kraaijeveld and I presented about at the EUC Tapas and Beer Community event.

Yesterday the fling finally was released and announced at Andrews own blog.

Index

Installing

Configuring

The Dashboards

But wait there’s more!

Installing

Installing reach is as easy as unpacking the zip and running the nstall-reachservice.ps1 powershell script. This will also provide you with the standard credentials.

Configuring

After logging in for the first time you need to add the credentials to one of your connection servers.

Hit validate tand accept the certificate when using self signed certificates.

Hit validate again

and hit ok

The installation and configuration is also documented in a video posted at the flings site!

The dashboards

First you’ll see the default dashboard with an overview of your entire environment. The graphs need some time to get data, my lab gets powered down every day so it won’t show much.

The alarms dashboard shows alarms from all pods, from my lab you can see that there are two different pod names

And yes my Full Clone server 2016 RDS is in an error state (probably because it isn’t running)

And I could go on and on about all dashboards

But wait there’s more!

At the top right corner we have some extra configuration options.

Enabling/disabling alarms and some tresholds

Connection settings, do you see that it found the other pod automatically?

Web settings that also gives the option to download the configuration and change the two available accounts

And if you want to do some automation against Reach itself you can use the API

 

 

[Horizon API] Discovering pods and sites

When working with a Cloud Pod Architecture with the Horizon API’s we always have to make our scripts so that we connect to each pod separately. What if there is a way to discover the other available pods in a site or other site’s and connect to those? I already spent a couple of posts on working with pods and site’s. In this post I will be mainly using the get and list commands to get the information we need. First of all it’s the easiest to have the credentials saved somewhere because we will be disconnecting and connecting from and to pods. More on that can be found in this post.

To start we need to find what pod we’re currently connected to, with the following command we can list all pods:

$hvservice.Pod.Pod_List()

You see I have two pods: Cluster-Pod2CBR1 and Cluster-POD1CBR1, both have a property called localpod that provides the locality information we need. What we can’t see is if both pods belong to the same site. This can be done by comparing the VMware.Hv.Siteid object but I would prefer to do that from the site side because we might have several pods inside a site and it might become messy that way. The better was is to use that siteid to get all the information from the site.

$localpod=$hvservice.Pod.Pod_List() | where-object {$_.LocalPod -eq $True}
$localpod

And use the site id to grab the localsite.

$localsite=$hvservice.Site.Site_Get($localpod.site)
$localsite
($localsite).pods

The pods object is an array with all the pods within that site, I have added my second pod to this site to show this. Now I am going to select a connection server from each pod, if you want to connect to all the pods regardless the sites you can use the results from pod_list() to create the same output that we get by using this:

$sitepods=foreach ($sitepod in ($localsite.pods)){$hvservice.Pod.Pod_Get($sitepod)}
$sitepods

we still don’t have the name for the connection servers but those are part of the endpoints. We do this by getting the first podendpoint from all the pods within the site.

$podendpoints=foreach ($sitepod in $sitepods){$hvservice.PodEndpoint.PodEndpoint_Get((($sitepod).endpoints | select-object -first 1))}
$podendpoints

Now we’re getting somewhere, we just can’t connect to the serveraddress directly so we need to strip the things from the url’s

$connectionservers=$Podendpoints.serveraddress.replace("https://","").replace(":8472/","")
$connectionservers

Now we have a list of a connection servers from each pod inside site 1. If we would have used the pod_list() as source we would have ended up with one connection server from all pods within the CPA. The only thing we need to do now is to disconnect and do a foreach with whatever we want to do against the connectionservers.

foreach ($connectionserver in $connectionservers){
    Write-Output "This is connectionserver $connectionserver"
    $hvserver=connect-hvserver -Server $connectionserver -cred $cred
    $hvserver.ExtensionData.ConnectionServerHealth.ConnectionServerHealth_List()
    disconnect-hvserver $hvserver -confirm:$false
}