How to add Rocky Linux (& Other not supported Linux Flavors) to ControlUp

Disclaimer: I am a ControlUp employee but am posting this on my own. We officially only support the Linux flavors here: https://support.controlup.com/hc/en-us/articles/360001497917-Linux-Integration-with-ControlUp

Disclaimer 2: I am NOT a Linux expert, I consider myself a basic user for most Linux things.

With the recent rise of the truly community driven (beta) releases of Rocky Linux I thought it was time to see what would be needed to add Rocky Linux to the ControlUp console. If you want to know more about how and what with Rocky Linux I recommend reading my good friend Angelo Luciani’s blog post here. TLDR: Rocky Linux is a project from one of the CentOS co-founders and is supposed to be enterprise grade once GA is reached.

Adding the linux machines to ControlUp

Fixing Linux to work with ControlUp

Adding linux machines to ControlUp

To compare the process with CentOS 7, 8 and Ubuntu 2004 LTS I have deployed fresh vm’s for these distributions. For Rocky and the CentOS vm’s I selected Server with a GUI, for Ubuntu I picked the default installation. All of them got 1 cpu, 2GB ram and 64GB disk space (overkill, yes I know). I also added the same user to all of them during the deployment. Network wise I just gave them a proper host name and selected dhcp as that was enough for this test.

The setup screen for Rocky Linux

To be able to add unsupported Linux Flavors you need to enable this in Settings > Agents

After deploying all 4 of the vm’s I added them to the ControlUp console with the same Linux Data collector.

I could use another credential that I setup in the past for my domoticz & Unify linux machines, after this click add to add the machines.

I entered the ip range to scan, hit scan, selected the 4 linux machines (note: CentOS 8 is not being reported as a not supported flavor, I have reported a bug for this), click add and hit ok twice.

By default the CentOS 7 machine is the only one working correctly.

if you see some weird negative number for CPU make sure to check your locale settings that it is the same as the regional settings on your Console/Monitor.

Now let’s make sure we get proper metrics in the console 🙂

Fixing Linux machines to work with ControlUp

Rocky Linux needs the same fixes as CentOS 8, Ubuntu needs another step.

  1. Install gcc : for CentOS / Rock
    sudo yum install gcc

    or for Ubuntu

    sudo apt-get install gcc
  2. run
    ps -V
    1. if the output has ps from procps you need to remember the number 6
    2. If the output has ps from procps-ng you need to remember the number 7
  3. Create a file called a.c
    1. run:
      nano a.c

      (or vi, whatever you like)

    2. Add:
      1. #include <stdio.h> 
        int main() 
        {
          printf("6\n");
          return 0;
        }

        replace the 6 with 7 if you had procps-ng in the previous step

    3. save this file
  4. run:
    gcc a.c
  5. run:
    sudo cp a.out /bin/rpm
  6. Install sysstat: For Rocky Linux / CentOS
    sudo yum install sysstat

    or for Ubuntu

    sudo apt-get install sysstat
  7. Reboot ( yes I needed this)

For Rocky Linux and CentOS you’re done

For Ubuntu you will also need to install ifconfig from net-tools before the reboot

  1. run:
    sudo apt-get install net-tools

For me this was enough to have all four of these machines look properly in the ControlUp Console. Remember we might not officially support this way of working but it works good

Creating a RDS farm using the Python module for VMware Horizon

One of the goals and hopes I had with my 100DaysOfCode (I am writing this on day 100!) was that the Horizon REST api’s to create desktop pools and RDS farms would have been available at the end. Only half of that came out and with Horizon 8 2103 we can finally create a RDS farm using those rest api’s. I have decided to add this to the Python module based on a dictionary that the user sends to the new_farm method. I could still add a fully fetched function but that would require a lot of arguments and using **kwargs is an option but than the user would still need to find out what to use.

First I will need to know what json data I actually need, let’s have a look at the api explorer page to get a grip on this

{
  "access_group_id": "6fd4638a-381f-4518-aed6-042aa3d9f14c",
  "automated_farm_settings": {
    "customization_settings": {
      "ad_container_rdn": "CN=Computers",
      "cloneprep_customization_settings": {
        "post_synchronization_script_name": "cloneprep_postsync_script",
        "post_synchronization_script_parameters": "p1 p2 p3",
        "power_off_script_name": "cloneprep_poweroff_script",
        "power_off_script_parameters": "p1 p2 p3",
        "priming_computer_account": "a219420d-4799-4517-8f78-39c74c7c4efc"
      },
      "instant_clone_domain_account_id": "6f85b3a5-e7d0-4ad6-a1e3-37168dd1ed51",
      "reuse_pre_existing_accounts": false
    },
    "enable_provisioning": true,
    "max_session_type": "LIMITED",
    "max_sessions": 50,
    "min_ready_vms": 0,
    "nics": [
      {
        "network_interface_card_id": "c9896e51-48a2-4d82-ae9e-a0246981b473",
        "network_label_assignment_specs": [
          {
            "enabled": true,
            "max_label": 1,
            "max_label_type": "LIMITED",
            "network_label_name": "vm-network"
          }
        ]
      }
    ],
    "pattern_naming_settings": {
      "max_number_of_rds_servers": 5,
      "naming_pattern": "vm-{n}-sales"
    },
    "provisioning_settings": {
      "base_snapshot_id": "snapshot-1",
      "datacenter_id": "datacenter-1",
      "host_or_cluster_id": "domain-s425",
      "im_stream_id": "6f85b3a5-e7d0-4ad6-a1e3-37168dd1ed51",
      "im_tag_id": "3d45b3a5-e7d0-4ad6-a1e3-37168dd1ed51",
      "parent_vm_id": "vm-2",
      "resource_pool_id": "resgroup-1",
      "vm_folder_id": "group-v1"
    },
    "stop_provisioning_on_error": true,
    "storage_settings": {
      "datastores": [
        {
          "datastore_id": "datastore-1"
        }
      ],
      "replica_disk_datastore_id": "datastore-1",
      "use_separate_datastores_replica_and_os_disks": false,
      "use_view_storage_accelerator": false,
      "use_vsan": false
    },
    "transparent_page_sharing_scope": "VM",
    "vcenter_id": "f148f3e8-db0e-4abb-9c33-7e5205ccd360"
  },
  "description": "Farm Description",
  "display_name": "ManualFarm",
  "display_protocol_settings": {
    "allow_users_to_choose_protocol": true,
    "default_display_protocol": "PCOIP",
    "grid_vgpus_enabled": true,
    "session_collaboration_enabled": false
  },
  "enabled": true,
  "load_balancer_settings": {
    "cpu_threshold": 10,
    "disk_queue_length_threshold": 15,
    "disk_read_latency_threshold": 10,
    "disk_write_latency_threshold": 15,
    "include_session_count": true,
    "memory_threshold": 10
  },
  "name": "ManualFarm",
  "rds_server_ids": [
    "5134796a-322g-5fe5-343f-4daa5d25ebfe",
    "2a43f96c-102b-4ed3-953f-35deg43d43b0ge"
  ],
  "server_error_threshold": 0,
  "session_settings": {
    "disconnected_session_timeout_minutes": 5,
    "disconnected_session_timeout_policy": "NEVER",
    "empty_session_timeout_minutes": 5,
    "empty_session_timeout_policy": "AFTER",
    "logoff_after_timeout": false,
    "pre_launch_session_timeout_minutes": 10,
    "pre_launch_session_timeout_policy": "AFTER"
  },
  "type": "MANUAL",
  "use_custom_script_for_load_balancing": false
}

This also includes some that are not required so for my own farm I settled with this json. This is for an Instant Clone farm.

{
    "access_group_id": "6fd4638a-381f-4518-aed6-042aa3d9f14c",
    "automated_farm_settings": {
        "customization_settings": {
            "ad_container_rdn": "OU=Pod1,OU=RDS,OU=VMware,OU=EUC",
            "instant_clone_domain_account_id": "6f85b3a5-e7d0-4ad6-a1e3-37168dd1ed51",
            "reuse_pre_existing_accounts": true
        },
        "enable_provisioning": false,
        "max_session_type": "LIMITED",
        "max_sessions": 50,
        "min_ready_vms": 1,
        "pattern_naming_settings": {
            "max_number_of_rds_servers": 2,
            "naming_pattern": "vm-{n}-sales"
        },
        "provisioning_settings": {
            "base_snapshot_id": "snapshot-1",
            "datacenter_id": "datacenter-1",
            "host_or_cluster_id": "domain-s425",
            "parent_vm_id": "vm-2",
            "resource_pool_id": "resgroup-1",
            "vm_folder_id": "group-v1"
        },
        "stop_provisioning_on_error": true,
        "storage_settings": {
            "datastores": [
                {
                    "datastore_id": "datastore-1"
                }
            ],
            "use_separate_datastores_replica_and_os_disks": false,
            "use_view_storage_accelerator": false,
            "use_vsan": false
        },
        "transparent_page_sharing_scope": "VM",
        "vcenter_id": "f148f3e8-db0e-4abb-9c33-7e5205ccd360"
    },
    "description": "demo_farm",
    "display_name": "demo_farm",
    "display_protocol_settings": {
        "allow_users_to_choose_protocol": true,
        "default_display_protocol": "BLAST",
        "grid_vgpus_enabled": false,
        "session_collaboration_enabled": true
    },
    "enabled": false,
    "load_balancer_settings": {
        "cpu_threshold": 10,
        "disk_queue_length_threshold": 15,
        "disk_read_latency_threshold": 10,
        "disk_write_latency_threshold": 15,
        "include_session_count": true,
        "memory_threshold": 10
    },
    "name": "demo_farm",
    "server_error_threshold": 0,
    "session_settings": {
        "disconnected_session_timeout_minutes": 5,
        "disconnected_session_timeout_policy": "NEVER",
        "empty_session_timeout_minutes": 5,
        "empty_session_timeout_policy": "AFTER",
        "logoff_after_timeout": false,
        "pre_launch_session_timeout_minutes": 10,
        "pre_launch_session_timeout_policy": "AFTER"
    },
    "type": "AUTOMATED",
    "use_custom_script_for_load_balancing": false
}

As said I send a dictionary to the method so let’s import data into a dict called data and I will print it to screen. The dictionary needs to follow this specific order of lines so that’s why a json is very useful to start with.

with open('/mnt/d/homelab/farm.json') as f:
    data = json.load(f)

As you can see in both the json and the output there’s a lot of things we can change and some things that we need to change lik id’s for all the components like vCenter, base vm, base snapshot and more. First I need the access_group_id this can be retreived using the get_local_access_groups method. For all of these I will also set the variable in the dictionary that we need.

local_access_group = next(item for item in (config.get_local_access_groups()) if item["name"] == "Root")
data["access_group_id"] = local_access_group["id"]

Than it’s time for the Instant Clone Admin id

ic_domain_account = next(item for item in (config.get_ic_domain_accounts()) if item["username"] == "administrator")
data["automated_farm_settings"]["customization_settings"]["instant_clone_domain_account_id"] = ic_domain_account["id"]

For the basevm and snapshot id’s I used the same method but a bit differently as I had already used this method in another script

vcenters = monitor.virtual_centers()
vcid = vcenters[0]["id"]
dcs = external.get_datacenters(vcenter_id=vcid)
dcid = dcs[0]["id"]

base_vms = external.get_base_vms(vcenter_id=vcid,datacenter_id=dcid,filter_incompatible_vms=True)

base_vm = next(item for item in base_vms if item["name"] == "srv2019-p1-2020-10-13-08-44")
basevmid=base_vm["id"]

base_snapshots = external.get_base_snapshots(vcenter_id=vcid, base_vm_id=base_vm["id"])

base_snapshot = next(item for item in base_snapshots if item["name"] == "Created by Packer")

snapid=base_snapshot["id"]
data["automated_farm_settings"]["provisioning_settings"]["base_snapshot_id"] = snapid
data["automated_farm_settings"]["provisioning_settings"]["parent_vm_id"] = basevmid

Host or cluster id

host_or_clusters = external.get_hosts_or_clusters(vcenter_id=vcid, datacenter_id=dcid)
for i in host_or_clusters:
    if (i["details"]["name"]) == "Cluster_Pod1":
        host_or_cluster = i
data["automated_farm_settings"]["provisioning_settings"]["host_or_cluster_id"] = host_or_cluster["id"]

Resource Pool

resource_pools = external.get_resource_pools(vcenter_id=vcid, host_or_cluster_id=host_or_cluster["id"])
for i in resource_pools:
    # print(i)
    if (i["type"] == "CLUSTER"):
        resource_pool = i
data["automated_farm_settings"]["provisioning_settings"]["resource_pool_id"] = resource_pool["id"]

VM folder again is a bit different as I have to get the id from one of the children objects

vm_folders = external.get_vm_folders(vcenter_id=vcid, datacenter_id=dcid)
for i in vm_folders:
    children=(i["children"])
    for ii in children:
        # print(ii["name"])
        if (ii["name"]) == "Pod1":
            vm_folder = i
data["automated_farm_settings"]["provisioning_settings"]["vm_folder_id"] = vm_folder["id"]

Datacenter and vcenter id’s I already had to grab for the base vm and base snapshot so I can just add them

data["automated_farm_settings"]["provisioning_settings"]["datacenter_id"] = dcid
data["automated_farm_settings"]["vcenter_id"] = vcid

Datastores is a bit more funky as there can be multiple so I needed to create a list first and than populate that based on the name of the datastores I have.

datastore_list = []
datastores = external.get_datastores(vcenter_id=vcid, host_or_cluster_id=host_or_cluster["id"])
for i in datastores:
    # print(i)
    if (i["name"] == "VDI-500") or i["name"] == "VDI-200":
        ds = {}
        ds["datastore_id"] = i["id"]
        datastore_list.append(ds)
data["automated_farm_settings"]["storage_settings"]["datastores"] = datastore_list

For my final script I put them in a bit different order and I decided to change a whole lot more options but if you have your json perfected this shouldn’t always be required. Also take note that for true/false in the json that I use the True/False from python.

import requests, getpass, urllib, json

import vmware_horizon

requests.packages.urllib3.disable_warnings()
url = input("URL\n")

username = input("Username\n")

domain = input("Domain\n")

pw = getpass.getpass()

hvconnectionobj = vmware_horizon.Connection(username = username,domain = domain,password = pw,url = url)
hvconnectionobj.hv_connect()
print("connected")

monitor = obj=vmware_horizon.Monitor(url=hvconnectionobj.url, access_token=hvconnectionobj.access_token)
external=vmware_horizon.External(url=hvconnectionobj.url, access_token=hvconnectionobj.access_token)
inventory=vmware_horizon.Inventory(url=hvconnectionobj.url, access_token=hvconnectionobj.access_token)
config=vmware_horizon.Config(url=hvconnectionobj.url, access_token=hvconnectionobj.access_token)

with open('/mnt/d/homelab/farm.json') as f:
    data = json.load(f)

vcenters = monitor.virtual_centers()
vcid = vcenters[0]["id"]
dcs = external.get_datacenters(vcenter_id=vcid)
dcid = dcs[0]["id"]

base_vms = external.get_base_vms(vcenter_id=vcid,datacenter_id=dcid,filter_incompatible_vms=True)

base_vm = next(item for item in base_vms if item["name"] == "srv2019-p1-2020-10-13-08-44")
basevmid=base_vm["id"]

base_snapshots = external.get_base_snapshots(vcenter_id=vcid, base_vm_id=base_vm["id"])

base_snapshot = next(item for item in base_snapshots if item["name"] == "Created by Packer")

snapid=base_snapshot["id"]

host_or_clusters = external.get_hosts_or_clusters(vcenter_id=vcid, datacenter_id=dcid)
for i in host_or_clusters:
    if (i["details"]["name"]) == "Cluster_Pod1":
        host_or_cluster = i

resource_pools = external.get_resource_pools(vcenter_id=vcid, host_or_cluster_id=host_or_cluster["id"])
for i in resource_pools:
    # print(i)
    if (i["type"] == "CLUSTER"):
        resource_pool = i

vm_folders = external.get_vm_folders(vcenter_id=vcid, datacenter_id=dcid)
for i in vm_folders:
    children=(i["children"])
    for ii in children:
        # print(ii["name"])
        if (ii["name"]) == "Pod1":
            vm_folder = i

datastore_list = []
datastores = external.get_datastores(vcenter_id=vcid, host_or_cluster_id=host_or_cluster["id"])
for i in datastores:
    # print(i)
    if (i["name"] == "VDI-500") or i["name"] == "VDI-200":
        ds = {}
        ds["datastore_id"] = i["id"]
        datastore_list.append(ds)

local_access_group = next(item for item in (config.get_local_access_groups()) if item["name"] == "Root")
ic_domain_account = next(item for item in (config.get_ic_domain_accounts()) if item["username"] == "administrator")

data["access_group_id"] = local_access_group["id"]
data["automated_farm_settings"]["customization_settings"]["ad_container_rdn"] = "OU=Pod1,OU=RDS,OU=VMware,OU=EUC"
data["automated_farm_settings"]["customization_settings"]["reuse_pre_existing_accounts"] = True
data["automated_farm_settings"]["customization_settings"]["instant_clone_domain_account_id"] = ic_domain_account["id"]
data["automated_farm_settings"]["enable_provisioning"] = False
data["automated_farm_settings"]["max_sessions"] = 50
data["automated_farm_settings"]["min_ready_vms"] = 3
data["automated_farm_settings"]["pattern_naming_settings"]["max_number_of_rds_servers"] = 4
data["automated_farm_settings"]["pattern_naming_settings"]["naming_pattern"] = "farmdemo-{n:fixed=3}"
data["automated_farm_settings"]["provisioning_settings"]["base_snapshot_id"] = snapid
data["automated_farm_settings"]["provisioning_settings"]["parent_vm_id"] = basevmid
data["automated_farm_settings"]["provisioning_settings"]["host_or_cluster_id"] = host_or_cluster["id"]
data["automated_farm_settings"]["provisioning_settings"]["resource_pool_id"] = resource_pool["id"]
data["automated_farm_settings"]["provisioning_settings"]["vm_folder_id"] = vm_folder["id"]
data["automated_farm_settings"]["provisioning_settings"]["datacenter_id"] = dcid
data["automated_farm_settings"]["stop_provisioning_on_error"] = True
data["automated_farm_settings"]["storage_settings"]["datastores"] = datastore_list
data["automated_farm_settings"]["transparent_page_sharing_scope"] = "GLOBAL"
data["automated_farm_settings"]["vcenter_id"] = vcid
data["description"] = "Python_demo_farm"
data["display_name"] = "Python_demo_farm"
data["display_protocol_settings"]["allow_users_to_choose_protocol"] = True
data["display_protocol_settings"]["default_display_protocol"] = "BLAST"
data["display_protocol_settings"]["session_collaboration_enabled"] = True
data["enabled"] = False
data["load_balancer_settings"]["cpu_threshold"] = 12
data["load_balancer_settings"]["disk_queue_length_threshold"] = 16
data["load_balancer_settings"]["disk_read_latency_threshold"] = 12
data["load_balancer_settings"]["disk_write_latency_threshold"] = 16
data["load_balancer_settings"]["include_session_count"] = True
data["load_balancer_settings"]["memory_threshold"] = 12
data["name"] = "Python_demo_farm"
data["session_settings"]["disconnected_session_timeout_minutes"] = 5
data["session_settings"]["disconnected_session_timeout_policy"] = "NEVER"
data["session_settings"]["empty_session_timeout_minutes"] = 6
data["session_settings"]["empty_session_timeout_policy"] = "AFTER"
data["session_settings"]["logoff_after_timeout"] = False
data["session_settings"]["pre_launch_session_timeout_minutes"] = 12
data["session_settings"]["pre_launch_session_timeout_policy"] = "AFTER"
data["type"] = "AUTOMATED"

inventory.new_farm(farm_data=data)

end=hvconnectionobj.hv_disconnect()
print(end)

How does this look? Actually you don’t see a lot happening but the farm will have been created

As always the script can be found on my github in the examples folder together with the json file.

With this I am closing my 100DaysOfCode challenge but I pledge to keep maintaining the python module and I will extend it when new REST api calls arrive for VMware Horizon.

The VMware Labs flings monthly for March 2021 – New Website

A day late but never late than never, this is your monthly overview with all the latest and greatest VMware flings. The flings site received a new fresh look head out to https://flings.vmware.com to have a look yourself. I am not sure if the (are they new?) tags for updated or new flings are okay yet as one has been marked updated but it seems to be new while one new one I could find a blog post for from last month but I missed it for my overview, not sure what happened there. Overall I see four new flings and ten received an update.

New Releases

Configuration Wizard for Nuance PowerMic

vRealize Automation Code Stream CLI

Hillview: Distributed Data Visualization

SDDC Import/Export for VMware Cloud on AWS

Updates

Workspace ONE Mobileconfig Importer

Workspace One UEM Workload Migration Tool

vSAN Hardware Compatibility List Checker

Vmss2core

vRealize Build Tools

Horizon Cloud Pod Architecture Tools

Workspace ONE App Analyzer for macOS

App Volumes Packaging Utility

DoD Security Technical Implementation Guide(STIG) ESXi VIB

VMware OS Optimization Tool

New Releases

Configuration Wizard for Nuance PowerMic

Nuance PowerMics are the leading dictation device used in Healthcare today.
This handy standalone Fling will assist in determining the optimal PowerMic configuration for a specific customer environment.

To determine the configuration that works best for you, we need to know a few details about the customer environment:

  • Endpoint type
  • Endpoint vendor
  • Endpoint operating system
  • Single/nested mode
  • Horizon protocol

The PowerMic Configuration Wizard will then provide the specific settings for optimal PowerMic performance and accuracy in the customers environment.

vRealize Automation Code Stream CLI

vRealize Automation Code Stream CLI is a command line tool written in Go to interact with the vRealize Automation Code Stream APIs. This Fling is written to help automate Code Stream and provide a simple way to migrate content between Code Stream instances and projects.

  • Import and Export Code Stream artefacts such as Pipelines, Variables, Endpoints
  • Perform CRUD operations on Code Stream artefacts such as Pipelines, Variables, Endpoints
  • Trigger Executions of Pipelines

Hillview: Distributed Data Visualization

Hillview is a simple cloud-based spreadsheet program for browsing large data collections. The data manipulated is read-only. Users can sort, find, filter, transform, query, zoom-in/out, and chart data. Operations are performed using direct manipulation in the GUI. Hillview is designed to work on very large data sets (billions of rows). Hillview can import data from a variety of sources: CSV files, ORC files, Parquet files, databases, parallel databases; new connectors can be added with relatively little effort. Hillview takes advantage of all the cores of the worker machines for fast visualizations.

Hillview is a distributed system, composed of two pieces:

  • A distributed set of one or many workers, which should be installed close to the data (e.g., on the machines that host the data).
  • A front-end service that runs a web server and aggregates data from all workers.

The source code of Hillview is available as an open-source project with an Apache-2 license from Hillview’s github repository. For any questions, feature requests or bug reports please file an issue on github.

SDDC Import/Export for VMware Cloud on AWS

The SDDC Import/Export for VMware Cloud on AWS tool enables you to save and restore your VMware Cloud on AWS (VMC) Software-Defined Data Center (SDDC) networking and security configuration.

There are many situations when customers want to migrate from an existing SDDC to a different one. While HCX addresses the data migration challenge, this tool offers customers the ability to copy the configuration from a source to a destination SDDC.

A few example migration scenarios are:

  • SDDC to SDDC migration from bare-metal (i3) to a different bare-metal type (i3en)
  • SDDC to SDDC migration from VMware-based org to an AWS-based org
  • SDDC to SDDC migration from region (i.e. London) to a different region (i.e. Dublin).

Other use cases are:

  • Backups – save the entire SDDC configuration
  • Lab purposes – customers or partners might want to deploy SDDCs with a pre-populated configuration.
  • DR purposes – deploy a pre-populated configuration in conjunction with VMware Site Recovery or VMware Cloud Disaster Recovery

Detailed instructions can be found on the Instructions tab, in the README.md included in the Zip file or on Patrick’s blog (http://www.patrickkremer.com/sddc-import-export/).

Details about the use cases and origins of the project can be found on Nico’s blog (https://nicovibert.com/2021/02/08/fling-sddc-import-export-for-vmware-cloud-on-aws/).

Updates

Workspace ONE Mobileconfig Importer

The Workspace ONE mobileconfig Importer gives you the ability to import existing mobileconfig files directly into a Workspace ONE UEM environment as a Custom Settings profile, import app preference plist files in order to created managed preference profiles, and to create new Custom Settings profiles from scratch. When importing existing configuration profiles, the tool will attempt to separate each PayloadContent dictionary into a separate payload for the Workspace ONE profile.

Changelog

Version 1.1

  • Support for Big Sur
  • Updated icon

Workspace One UEM Workload Migration Tool

Quite a few updates for this fling already!

The Workspace One UEM Workload Migration Tool allows a seamless migration of Applications and Device configurations between different Workspace One UEM environments. With the push of a button, workloads move from UAT to Production, instead of having to manually enter the information or upload files manually. Therefore, decreasing the time to move data between Dev/UAT environments to Production.

Changelog

Version 2.1.0

  • Fixed app upload issues for Workspace One UEM 1910+
  • Fixed profile search issue for Workspace One UEM 1910+
  • Added profile update support
  • Added template folder structure creation
  • Updated Mac app to support notarization for Catalina

Version 2.0.1

  • Fixed Baseline Migration issue
  • Fixed Profile Errors not displaying in the UI

Version 2.0.0

  • Baseline Migration Support
  • MacOS application
  • UI refactoring to make bulk migrations easier
  • Added support for script detection with Win32 applications

Version 1.0.1

  • Fixed issue with expired credentials.

vSAN Hardware Compatibility List Checker

The vSAN Hardware Compatibility List Checker is a tool that verifies all installed storage adapters against the vSAN supported storage controller list. The tool will verify if the model, driver and firmware version of the storage adapter are supported.

Changelog

Version 2.2

  • Support multi-platforms for Windows, Linux and MacOS
  • Bug fixed

Vmss2core

Vmss2core is a tool to convert VMware checkpoint state files into formats that third party debugger tools understand. It can handle both suspend (.vmss) and snapshot (.vmsn) checkpoint state files (hereafter referred to as a ‘vmss file’) as well as both monolithic and non-monolithic (separate .vmem file) encapsulation of checkpoint state data.

Changelog

Version 1.0.1

  • Fixed running out of memory issues
  • Added support for more versions of Windows 10/Windows 2016

vRealize Build Tools

vRealize Build Tools provides tools to development and release teams implementing solutions based on vRealize Automation (vRA) and vRealize Orchestrator (vRO). The solution targets Virtual Infrastructure Administrators and Solution Developers working in parallel on multiple vRealize-based projects who want to use standard DevOps practices.

Changelog

Version 2.12.5 Update

  • [vRBT] Package installer – Add support for installation on a standalone vRO (not embedded) version 8.x with basic authentication
  • [vRA] Added catalog entitlements and examples to the vra-ng archetype
  • [vRO] Support / in Workflow name or path, by substituting it with dash (-) character.
  • [vRBT] Added http / socket timeouts support in the installer
  • [ABX] Support for ABX actions
  • [vRO] Support of placeholders in workflow description
  • [vRA] Import vRA8 custom resources before blueprints
  • [vROPS] Fixed policy import / export problem with vROPs 8.2, maintaining backward compatibility
  • [MVN] Fixed ussue with installer timeouts
  • [TS] vRO pkg – Adds support for slash in workflow path or name
  • [vRBT] Package installer – updated documentation, added checking of workflow input, writing of workflow error message to file, setting of installer exit code when executing of a workflow
  • [TS] Allow additional trigger events for policies trigered by the vcd mqtt plugin
  • [MVN] Fix Missing vRA Tenant After Successful package import
  • [MVN] Fix vROPS import fails on certain assets

Horizon Cloud Pod Architecture Tools

The Horizon Cloud Pod Architecture Tools mainly acts as a wrapper around the lmvutil for Horizon Cloud Pod Archtitecture.

Changelog

Version 1.1

Based on the customer requests, have added few more command line options for CSV reports generation and AD LDS data cleanup.

What’s New:

Adds support to cleanup stale global local entitlement assignments from ADAM DB.

  • Global AD LDS Command:
    adlds-analyzer.cmd –resolve-localpool-ga
  • Scans the cloud pod database and resolves the stale entries of local pool global assignments.
    Note: This resolves deleted local pool conflicts of current pod only. If dashboard session data load error or session search fails in a different pod, a scan and resolve has to be executed in that pod.
  • List of new commands added to Local AD LDS:
    adlds-analyzer.cmd –export-machine
  • All machine data exported as CSV file. Compatibility: Horizon 7.10 and above, 8.x
    adlds-analyzer.cmd –export-machine -pool=”DesktopPool1,DesktopPool2″
  • All machine data exported as CSV file. Use -pool= to filter machines by desktop pool name. Compatibility: Horizon 7.10 and above, 8.x
  • Spaces are not allowed in -pool= optional argument.
    adlds-analyzer.cmd –export-session
  • All local sessions data exported as CSV file. Compatibility: Horizon 7.10 and above, 8.x
    adlds-analyzer.cmd –export-session -pool=”PoolName1,PoolName2″ -farm=”FarmName1,FarmName2″
  • All local session data exported as CSV file. Use -pool= to filter sessions by desktop pool name. -farm= filter sessions by RDS farm name. Compatibility: Horizon 7.10 and above, 8.x
  • Spaces are not allowed in -pool= and -farm= optional argument.
    adlds-analyzer.cmd –check-apps-integrity
  • Scans and lists the stale application icons in local ADLDS instance.
    adlds-analyzer.cmd –check-apps-integrity -input=”AbsoluteFilePath1″,”AbsoluteFilePath2″
  • Reads the list of adam LDIF files in “-input=” for parsing and exports the stale application icons data to a file.
    adlds-analyzer.cmd –export-named-lic-users
  • Exports the utilized and un-utilized named license users list information.

Workspace ONE App Analyzer for macOS

The Workspace ONE macOS App Analyzer will determine any Privacy Permissions, Kernel Extensions, or System Extensions needed by an installed macOS application, and can be used to automatically create profiles in Workspace ONE UEM to whitelist those same settings when deploying apps to managed devices.

Changelog

Version 1.2.1

  • Fixed bug that caused crash with certain System Extension configurations

App Volumes Packaging Utility

This App Volumes Packaging Utility helps to package applications. With this fling, packagers can add the necessary metadata to MSIX app attach VHDs so they can be used alongside existing AV format packages. The MSIX format VHDs will require App Volumes 4, version 2006 or later and Windows 10, version 2004 or later.

Changelog

Version 1.2 Update

  • Fixed bugs found in internal testing.

DoD Security Technical Implementation Guide(STIG) ESXi VIB

The DoD Security Technical Implementation Guide (‘STIG’) ESXi VIB is a Fling that provides a custom VMware-signed ESXi vSphere Installation Bundle (‘VIB’) to assist in remediating Defense Information Systems Agency STIG controls for ESXi. This VIB has been developed to help customers rapidly implement the more challenging aspects of the vSphere STIG. These include the fact that installation is time consuming and must be done manually on the ESXi hosts. In certain cases, it may require complex scripting, or even development of an in-house VIB that would not be officially digitally signed by VMware (and therefore would not be deployed as a normal patch would). The need for a VMware-signed VIB is due to the system level files that are to be replaced. These files cannot be modified at a community supported acceptance level. The use of the VMware-signed STIG VIB provides customers the following benefits:

  • The ability to use vSphere Update Manager (‘VUM’) to quickly deploy the VIB to ESXi hosts (you cannot do this with a customer created VIB)
  • The ability to use VUM to quickly check if all ESXi hosts have the STIG VIB installed and therefore are also in compliance
  • No need to manually replace and copy files directly on each ESXi host in your environment
  • No need to create complex shell scripts that run each time ESXi boots to re-apply settings

Changelog

Update March 2021

  • New ESXi 7.0 STIG VIB release
  • Updated sshd_config file to meet the ESXi 7.0 Draft STIG which is also now the default config in 7.0 U2 with the exception of permitting root user logins.
  • Removed /etc/vmware/welcome file from VIB since it can be configured via the UI or PowerCLI now with issue.
  • Draft ESXi content can be found here: https://github.com/vmware/dod-compliance-and-automation/tree/master/vsphere/7.0/docs
  • See the updated Overview and Installation guide included in the download.

VMware OS Optimization Tool

No comments needed, just use the OS Optimization Tool when creating your golden images!

Changelog

March 2021, b2002

  • Fixed issue where the theme file was being updated by a Generalize task and the previously selected optimizations including wallpaper color were being lost.
  • The administrator username used during Generalize was not getting passed through properly to the unattend answer file. This resulted in a mismatch when using some languages versions of Windows.
  • Removed legacy code GPO Policy corruption
  • Removed CMD.exe box that displayed at logon.
  • Windows Store Apps were not being removed properly on Windows 10 version 20H2. Fixed the optimizations to cope with the differences introduced in this version.

Optimizations

Changed step Block all consumer Microsoft account user authentication to be unselected by default. When disabled this was causing failures to login to Edge and Windows store.

Changed the step Turn off Thumbnail Previews in File Explorer to be unselected by default. This was causing no thumbnails to show for store apps in search results.

Windows Update

On Non-Enterprise editions of Windows 10, KB4023057 installs a new application called Microsoft Update Health Tools: https://support.microsoft.com/en-us/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a. Added logic to ensure that the Windows Update Medic Service is disabled including after re-enabling and disabling Windows Updates using the Update tab.

Templates

Windows 8 and 8.1 templates have been removed from the list of built-in templates. To optimize these versions of Windows, use the separate download for version b1130.

Removed old Windows 10 templates from the Public Templates repository:

  • Windows 10 1809-2004-Server 2019
  • Windows 10 1507-1803-Server 2016

January 2021, b2001 Bug Fixes

  • All optimization entries have been added back into the main user template. This allows manual tuning and selection of all optimizations.
  • Fixed two hardware acceleration selections were not previously controlled by the Common Option for Visual Effect to disable hardware acceleration.

Optimize

  • During an Optimize, the optimization selections are automatically exported to a default json file (%ProgramData%\VMware\OSOT\OptimizedTemplateData.json).

Analyze

  • When an Analyze is run, if the default json file exists (meaning that this image has already been optimized), this is imported and used to select the optimizations and the Common Options selections with the previous choices.
  • If the default selections are required, on subsequent runs of the OS Optimization Tool, delete the default json file, relaunch the tool and run Analyze.

Command Line

  • The OptimizedTemplateData.json file can also be used from the command line with the -applyoptimization parameter.

Optimizations

  • Changed entries for Hyper-V services to not be selected by default. These services are required for VMs deployed onto Azure. Windows installation sets these to manual (trigger) so these so not cause any overhead on vSphere, when left with the default setting.

The VMware Labs flings monthly for February 2021 – Reach alert!

It’s been a busy month on the flings front, no less than 17(!!) new releases and updated flings. This is how my browser tabs look:

If I have therm all correct there are 6 new releases and 10 updates (2 1 of which update without a changelog so a boo for that!) so this post is going to be a long one!

New Releases

Community NVMe Driver for ESXi

VMware Cloud Foundation Powernova

Workspace ONE Access Migration Tool

Sample Data Platform Deployment on Virtualized Cloud Infrastructure

Community Networking Driver for ESXi

Code Stream Concourse Integrator

Updates

ESXi Compatibility Checker

VMware Machine Learning Platform

Virtualized High Performance Computing Toolkit

Horizon Peripherals Intelligence

Workspace ONE App Analyzer for macOS

VMware OS Optimization Tool

Horizon Helpdesk Utility

HCIBench

Horizon Reach

Workspace ONE Discovery

App Volumes Migration Utility

New Releases

Community NVMe Driver for ESXi

This Fling is a collection of ESXi Native Drivers which enables ESXi to recognize and consume various NVMe-based storage devices. These devices are not officially on the VMware HCL and have been developed to enable and support the VMware Community.

Currently, this Fling provides an emulated NVMe driver for the Apple 2018 Intel Mac Mini 8,1 and the Apple 2019 Intel Mac Pro 7,1 allowing customers to use the local NVMe SSD with ESXi. This driver is packaged up as an Offline Bundle and is only activated when it detects ESXi has been installed on either an Apple Mac Mini or Apple Mac Pro.

VMware Cloud Foundation Powernova

VMware Cloud Foundation Powernova is a Fling built on top of VCF that provides the users the ability to perform Power Operations (Power ON, Power OFF) seamlessly across the entire inventory. It has a sleek UI to visualize the entire VCF inventory (which is the first of its kind for VCF) across the domains of VCF.

The UI is easy to use and elucidates the current Health and Power State of each node in the VCF inventory. Powernova lets the user work on the Power Operations on the components with domain specific inter dependencies automatically resolved.

Powernova also performs valid health checks on all nodes in the VCF inventory to ensure Power Operations are performed only on healthy nodes. Powernova takes minimal input (4 user defined inputs on their VCF system) and does all the magic for the users behind the scenes.

If any infrastructure maintenance activity, VCF migration activity, or power operations need to be performed only on specific domains in VCF, then Powernova is the one stop solution for all VCF users.

Workspace ONE Access Migration Tool

Workspace ONE Access Migration Tool helps ease migration of Apps from one WS1 Access tenant to another (on-premises to SaaS or SaaS to SaaS) and use cases that require mirroring one tenant to another (for setting up UAT from PROD or vice versa) by providing capabilities listed below

Features
  • Copying of App Categories
  • Migrating Weblinks (3rd party IDP), icons as is
  • Creating a link to federated apps and copying the icons (to maintain the same user experience)
  • Copying App Assignment to a Category mapping

Sample Data Platform Deployment on Virtualized Cloud Infrastructure

Data is king and your users need a sample data platform quickly.

With this Fling, you will leverage your VMware Cloud Foundation 4.0 with vRealize Automation deployment and stand a sample data platform based on vSphere Virtual Machines in less than 20-minutes comprising of Kafka, Spark, Solr, and ELK.

You can also choose whether to deploy a wavefront proxy and configure the components to send data to the wavefront proxy or use your own.

Community Networking Driver for ESXi

This Fling is a collection of ESXi Native Drivers which enables ESXi to recognize and consume various PCIe-based network adapters (See Requirements for details). These devices are not officially on the VMware HCL and have been developed to enable and support the VMware Community.

Code Stream Concourse Integrator

The Code Stream Concourse Integrator (CSCI) Fling provides integration between a vRealize Automation Code Stream and Concourse CI tools with which users can trigger Concourse CI pipelines from Code Stream pipelines without any additional tooling/scripting. This enables users to use the features from both the tools flexibly and seamlessly as per their needs. This solution is built using Code Stream’s extensibility feature named Custom Integration.

Updates

ESXi Compatibility Checker

The ESXi Compatibility Checker helps the vSphere admin out in checking if their environment will work with later versions of ESXi. [non-sponsored advertisement]Also check Runecast, they can run a simulation for you as well.[/non-sponsored advertisement]

Changelog

Build 20210219

  • Fix for ESX / VC 7.0 U1 Versioning issues
  • A new logo 😉

VMware Machine Learning Platform

Our goal is to provide an end-to-end ML platform for Data Scientists to perform their job more effectively by running ML workloads on top of VMware infrastructure.

Using vMLP allows to:

Save the costs by enabling efficient use of shared GPUs for ML workfloads
Reduce the risks of broken Data Science workflows by leveraging well-tested and ready-to-use demos and project templates
Faster “go-to-market” for ML models by utilizing end-to-end oriented tooling including fast and easy model deployment and serving via standardized REST API

Changelog

Version 0.4.1

  • Jupyter: R Kernel
  • Jupyter: BitFusion 2.5.0 Demo
  • Jupyter: MADlib/RTS4MADlib on Greenplum Demo
  • Multiple bug fixes

Virtualized High Performance Computing Toolkit

This toolkit is intended to facilitate managing the lifecycle of these special configurations by leveraging vSphere APIs. It also includes features that help vSphere administrators perform some common vSphere tasks that are related to creating such high-performing environments, such as VM cloning, setting Latency Sensitivity, and sizing vCPUs, memory, etc.

Changelog

Nope 🙁

Horizon Peripherals Intelligence

Horizon Peripherals Intelligence is an online self-serviced diagnosis service that can help increase the satisfaction when using peripheral devices with Horizon product by both the end users and the admin user. Currently, we support diagnosis for the following device categories – USB storage devices, USB printers, USB scanners, Cameras. We will continue to cover more device categories in the future

Changelog

Version 1.0

  • Add support for USB Audios, Speechmics, Signaturepads, Barcode scanners
  • Add support for L10n of web pages in simplified Chinese, traditional Chinese and English
  • Add support for window 7 and windows 2012R2
  • Add support for 32 bits OS
  • Add support for cmdline installation

Workspace ONE App Analyzer for macOS

The Workspace ONE macOS App Analyzer will determine any Privacy Permissions, Kernel Extensions, or System Extensions needed by an installed macOS application, and can be used to automatically create profiles in Workspace ONE UEM to whitelist those same settings when deploying apps to managed devices.

Changelog

Version 1.2 

  • Added support for Big Sur
  • Updated icon

VMware OS Optimization Tool

Image optimize you must with osot!

Changelog

  • nope 🙁

Update: OSOT didn’t receive an update, someone only edited the page according to Hilko.

Horizon Helpdesk Utility

Besides ControlUp the helpdesk fling  is the best tool to help your users.

Changelog

Version 1.5.0.24

  • Added support for Horizon 8.1

HCIBench

HCIBench stands for “Hyper-converged Infrastructure Benchmark”. It’s essentially an automation wrapper around the popular and proven open source benchmark tools: Vdbench and Fio that make it easier to automate testing across a HCI cluster. HCIBench aims to simplify and accelerate customer POC performance testing in a consistent and controlled way. The tool fully automates the end-to-end process of deploying test VMs, coordinating workload runs, aggregating test results, performance analysis and collecting necessary data for troubleshooting purposes.

Changelog

Version 2.5.3

  • Fixed graphite permission issue which blocked vdbench/fio grafana display
  • Updated drop cache script to make it compatible with upcoming vSphere
  • md5sum: 622625cc7a551bd7bf07ff4f19a57a17 HCIBench_2.5.3.ova

Horizon Reach

Again if you’re not a ControlUp customer Reach is the next best thing to manage you’re Horizon environment.

Changelog

Version 1.3.1.2

  • Added support for Horizon 8.1
  • Bugfixes

Workspace ONE Discovery

VMware Workspace ONE UEM is used to manage Windows 10 endpoints, whether it be Certificate Management, Application Deployment or Profile Management. The Discovery Fling enables you to view these from the device point of view and review the Workspace ONE related services, which applications have been successfully deployed, use the granular view to see exactly what has been configured with Profiles, view User & Machine certificates and see which Microsoft Windows Updates have been applied.

Changelog

February, 16, 2021 – Version 1.2

  • Replaced icon
  • New logo 🙂

App Volumes Migration Utility

App Volumes Migration Utility allows admins to migrate AppStacks managed by VMware App Volumes 2.18, to the new application package format of App Volumes 4. The format of these packages in App Volumes 4 have evolved to improve performance and help simplify application management.

Changelog

Version 1.0.7 Update

  • Migration fails if their are blacklisted registry entries containing embedded NULL chars.
  • File system migration fails if their are directories having a trailing DOT name ( ex- Microsoft. ).

Filtering/Searching and pagination with the Python module for VMware Horizon

Yesterday I added the first method to the VMware Horizon Python module that makes use of filtering while the day before that I added pagination. VMware{Code} has a document describing available options for both but let me give some explanation.

Pagination

Pagination is where you perform a query but only get an x amount of objects returned by default. The rest of the objects are available on the next page or pages. This is exactly what I ran into with the vmware.hv.helper Powershell module a long time ago. With the REST api’s this is rather easy to add since if there are more pages/objects left the headers will contain a key named HAS_MORE_RECORDS. For all the methods that I add where pagination is supported you don’t need to handle this though as I have added it to the method itself. What I did add was the option the change the maximum page size. I default to 100 and the maximum is 1000, if you supply an interrupt higher than 1000 this will be corrected to 1000.

Filtering

Filtering needs some more work from the user of the module to be able to use it.

What options are there for filtering?

For the type we have: And, Or and Not

For the filters themselves there are: Equals, NotEquals, Contains, StartsWith and Between.

The formula is you pick one from the first row and combine that with one or more from the second row.

To apply these the document describes the base schema like this:

{
    “type”: ”And”,
    “filter”: <filter object>
}

and a filter object looks like this:

{
    "type":"Equals",
    "name":"domain",
    "value":"ad-example0"
}

or this for a range:

{
    "type":"Between",
    "name":"assignedUsers",
    "fromValue":"10",
    "toValue":"20"
}

Combining both into a single object looks like this:

{
    "type":"Not",
    "filter": {
        "type":"Equals",
        "name":"domain",
        "value":"ad-example0"
    }
}

This all looks like a dictionary with a nested dictionary when translating it to Python but when you have multiple filters it suddenly looks like this:

{
    "type":"And",
  "filters": [
        {
            "type":"Equals", 
            "name":"domain",
            "value":"ad-example0"
        },
        {
            "type":"StartsWith", 
            "name":"name",
            "value":"test"
        }
    ]
}

otherwise know as a dictionary with a list of dictionaries in it and since the latter also works with a single dict inside the list I have taken that route. The document also describes encoding and minifying the code to it works for a REST api call but I have done all of that for you so no need to worry about it, just build the dictionary and you are good!

Now let’s actually perform a search

First I create my base object with the type AND and a list for the filters key

filter_dict = {}
filter_dict["type"] = "And"
filter_dict["filters"] = []

Next I create the filters object where the type is contains and I filter on the field name with the value LP-00

filter1={}
filter1["type"] = "Contains"
filter1["name"] = "name"
filter1["value"] = "LP-00"

And now I add the filters1 object to the filter_dict filters list

filter["filters"].append(filter1)

and I get the machines with a pagesize of 1 to show the pagination (the pool with these machines only has 2 😉 )

machines = obj.get_machines(maxpagesize=1, filter = filter_dict)

And this would be the entire python script

import requests, getpass, urllib, json
import vmware_horizon

requests.packages.urllib3.disable_warnings()

url="https://loftcbr01.loft.lab"
username = "m_wouter"
domain = "loft.lab"
pw = getpass.getpass()

hvconnectionobj = vmware_horizon.Connection(username = username,domain = domain,password = pw,url = url)
hvconnectionobj.hv_connect()

obj = vmware_horizon.Inventory(url=hvconnectionobj.url, access_token=hvconnectionobj.access_token)

filter_dict = {}
filter_dict["type"] = "And"
filter_dict["filters"] = []
filter1={}
filter1["type"] = "Contains"
filter1["name"] = "name"
filter1["value"] = "LP-00"

filter["filters"].append(filter1)

machines = obj.get_machines(maxpagesize=1, filter = filter_dict)

for i in machines:
    print(i["name"])

hvconnectionobj.hv_disconnect()

And it shows this in python:

Calling the EMEA #vCommunity for a Monthly Virtual #vBreakfast EMEA!

For years Fred Hofer has been organizing the vBreakfast for VMworld EMEA across the street of the Fira in a very nice place. A big thank you to Fred to do this every year!! Due to the mess this world currently is in we couldn’t do it in person this year and we moved virtual. Big thanks to Runecast for organizing the virtual space we could use but sadly we had to do it without the vWorldfamous Grumpy Waiter. I really like the way it was setup with separate tables and everything. The only issue was that it seemed to use whatever Microphone, speaker and webcam that where configured in Chrome and switching was almost impossible.

During this meeting we came up with the idea to organize a monthly virtual vBreakfast for EMEA. Kev Johnson offered to do it again on the site that Runecast used for this but I think it would be more flexible if we used something like zoom. Luckily I can use a paid license so it’s no problem to make this a 2 hour long come and go whenever you like session. The talk can be tech, it can be non-tech whatever you like!

When?

Every Last Friday of the month (yes we’ll move the december one!)

How late?

7.30am UK time to 9.30 (8.30 Amsterdam to 10.30, 9.30 Israel time to11.30, you get what I am saying)

How do I attend?

Drop me an email at wouter.kursten at controlup.com and I will forward you the invite

But I don’t live in EMEA can I still attend?

Hell yeah, I don’t give a flying F..K where you are from, everyone is welcome and the more the better!

I don’t use VMware but Nutanix or Hyper-V or Citrix?

Didn’t I just say everyone is welcome? Yes I also don’t care what hypervisor or EUC platform you use!

I work for company XYZ and want to sponsor this!

I think the only way of sponsoring that could work is if you organize a real breakfast for everyone that signs up. If you are prepared to do that we won’t offer more in return than a mention and a thank you as this is an organized unstructured meeting to meetup with friends.

[HorizonAPI] Getting started with the Horizon REST api

Until now all of my blogging about the Horizon api’s was about consuming the SOAP api using PowerCLI. Since a couple of releases Horizon also has a REST api and since 7.12 we are also able to change some settings using that. So now it’s time for me to dive into the Horizon REST api’s. I will consume them using Powershell since I am the most comfortable using that but you can use whatever method you prefer..

The REST api is just like the soap api documented at the VMware{CODE} api explorer.

First of all we need to create an accesstoken, we can do this by using some code that I simply stole from Andrew Morgan because why would I re-invent the wheel? From his git repository I grabbed three basic functions: get-HRHeader, Open-HRConnection and close-hrconnection. there’s also a refresh-hrconnection but I won’t need that for now.

function Get-HRHeader(){
    param($accessToken)
    return @{
        'Authorization' = 'Bearer ' + $($accessToken.access_token)
        'Content-Type' = "application/json"
    }
}

function Open-HRConnection(){
    param(
        [string] $username,
        [string] $password,
        [string] $domain,
        [string] $url
    )

    $Credentials = New-Object psobject -Property @{
        username = $username
        password = $password
        domain = $domain
    }

    return invoke-restmethod -Method Post -uri "$url/rest/login" -ContentType "application/json" -Body ($Credentials | ConvertTo-Json)
}

function Close-HRConnection(){
    param(
        $accessToken,
        $url
    )
    return Invoke-RestMethod -Method post -uri "$url/rest/logout" -ContentType "application/json" -Body ($accessToken | ConvertTo-Json)
}
$accessToken = Open-HRConnection -username $username -password $password -domain $Domain -url $url

But we can’t do anything with only these functions, somehow we also need to supply username and password

$url = read-host -prompt "Connection server url"
$username = read-host -prompt "Username"
$password = read-host -prompt "Password" -AsSecureString
$Domain = read-host -Prompt "Domain"

$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

(I am grabbing it from the command line here but when I run the scripts I have my creds hardcoded to make my life for the duration of this blog post a bit easier)

Next up is actually getting some data. The first thing that I wil do is show the connection servers. This can be done with the following API call. The part after -uri “$url/rest/ is what you can find int he api explorer. The method is the method also shown in the api explorer.

Invoke-RestMethod -Method Get -uri "$url/rest/monitor/connection-servers" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

and the result:

Since one of the few things that you can already change using the rest api’s are the general settings I will take those as the next example

Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/settings" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

This works but I can’t say that it’s really usable. Now this is not the first time I do something with REST api’s (haven’t done it a lot though to be honest) so I know this can easily be converted to json to make it visible. What I will do is that I put it in a variable first.

$settings=Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/settings" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)
$settings | ConvertTo-Json

Now this DOES look usable! Let’s take a look what is under general_settings

$settings.general_settings

Let’s say I want to change the forced logoff message

$settings.general_settings.forced_logoff_message="Get lost, the Bastard Operator From Hell is here."

Now my variable has the change but I need to send this to the server. This can be done using a put method and the settings variable has to be added as json. The second line is to pull the new settings from my connection server showing it directly in a json format.

 

Invoke-RestMethod -Method Put -uri "$url/rest/config/v1/settings" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) -body ($settings | ConvertTo-Json)
Invoke-RestMethod -Method Get -uri "$url/rest/config/v1/settings" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken) | ConvertTo-Json

and in the admin interface:

That’s it for my 1ste blog post about the horizon REST api’s hopefully it’s useful! Below is an example of the script that I used.

$url = read-host -prompt "Connection server url" 
$username = read-host -prompt "Username" 
$password = read-host -prompt "Password" -AsSecureString 
$Domain = read-host -Prompt "Domain" 

#$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password) 
#$UnsecurePassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)

function Get-HRHeader(){
    param($accessToken)
    return @{
        'Authorization' = 'Bearer ' + $($accessToken.access_token)
        'Content-Type' = "application/json"
    }
}
function Open-HRConnection(){
    param(
        [string] $username,
        [string] $password,
        [string] $domain,
        [string] $url
    )

    $Credentials = New-Object psobject -Property @{
        username = $username
        password = $password
        domain = $domain
    }

    return invoke-restmethod -Method Post -uri "$url/rest/login" -ContentType "application/json" -Body ($Credentials | ConvertTo-Json)
}

function Close-HRConnection(){
    param(
        $accessToken,
        $url
    )
    return Invoke-RestMethod -Method post -uri "$url/rest/logout" -ContentType "application/json" -Body ($accessToken | ConvertTo-Json)
}

$accessToken = Open-HRConnection -username $username -password $password -domain $Domain -url $url

Invoke-RestMethod -Method Get -uri "$url/rest/monitor/connection-servers" -ContentType "application/json" -Headers (Get-HRHeader -accessToken $accessToken)

The VMware Labs flings monthly for January 2020

Here we go again with the new and updated flings for January 2020. It’s been a busy month for me including a visit to Israel but more on that in a future blog post. There have been three new releases in January with the App Volumes Migration Utility, vSphere Software Asset Management and Power vRA Cloud. No less than six received updates: DRS Dump Insight, Horizon Reach, Cross vCenter Workload Migration Utility, vCenter Event Broker Appliance, vSphere Mobile Client and the one and only VMware OS Optimization Tool.

New Releases

App Volumes Migration Utility

The App Volumes Migration Utility has been build to migrate App Volumes 2.18 app stacks to the brand new App Volumes 4 format.

App Volumes Migration Utility allows to migrate appstacks, which are managed by VMware App Volumes 2.18, to the new appstack format of VMware App Volumes 4.0. The format of appstacks in VMware App Volumes 4.0 have changed in order to provide improved login to desktops among many other features. This utility addresses the migration of appstacks so that applications don’t have to be provisioned again after upgrading to VMware App Volumes 4.0.

vSphere Software Asset Management Tool

The vSphere Software Asset Management Tool gives the user insight into license usage of and vSphere environment version 5.5 and up.

The vSphere Software Asset Management (vSAM) is a tool that collects and summarizes vSphere product deployment information. It calls on vSphere APIs for deployment data and produces a PDF report that the customer can consult as a part of their infrastructure review and planning process. This lightweight Java application runs on Windows, Linux or Mac OS.

Features

  • Support both vCenter Server cluster and Standalone ESXi host with a version of vSphere 5.5, 6.X or newer.
  • Generate comprehensive report from various aspects:
    • High-level product deployment summary
    • Product deployment report by targets (standalone ESXi or VC cluster)
    • High level license key usage report
    • License key usage by targets
  • Provide Software Asset Management suggestions on:
    • Evaluation license warning
    • License term
      • Pre-expiration 90 days warning
      • Expiration alert
    • License capacity
      • Potential capacity waste warning based on customized threshold
      • Potential capacity shortage warning based on customized threshold
      • Capacity over-use alert
    • Product support
      • End of General Support info
      • General Support pre-expiration 90 days warning
      • Unsupported product alert
    • Protect customer sensitive information by:
      • Collecting minimal set of information relative with Software Asset Management
      • Masking sensitive info in the report
      • Supporting encryption of raw data file
  • Support merging multi reports into one report
  • Support English and Chinese report
  • Support customization of report

Power vRA Cloud

Power vRA Cloud is a PowerShell module that abstracts the VMware vRealize Automation Cloud APIs to a set of easily used PowerShell functions. This tool provides a comprehensive command line environment for managing your VMware vRealize Automation Cloud environment.

This module is not supported by VMware and comes with no warranties expressed or implied. Please test and validate its functionality before using this product in a production environment.

Updated Flings

DRS Dump Insight

The DRS Dump Insight flings gives an explanation why in the bloody hell a VM was moved from one host to the other.

Changelog

Version 1.1

  • Users can now upload multiple dumps as a folder.
  • Creates a vMotion timeline based on the dumps uploaded, users can navigate through multiple dump analysis.
  • Users can export multiple dump analysis as a PDF at once.
  • Added support to 65u2, 65u3 and 67u3 dumps.
  • Bug fixes and backend improvements

Horizon Reach

I have said this before but Horizon Reach is awesome and gives you an proper overview over all pod’s in an Horizon Cloud Pod setup.

Changelog

Version 1.0.1 brings vCenter performance data along with a myriad of bugfixes!

New Features

  • Gauges, gauges everywhere.
  • Search field! for those huge customers who hate to dig.
  • vCenter performance statistics will now be captured for Pods running version 7.8 or better.
  • vCenter RAM, CPU, sesions and Datastore Usage have all been added to the historical data views.
  • Datastore usage is now calculated only for datastores used by pools or farms.
  • New layouts for Pools, Farms, Pods, Vcenters etc..
  • RDSH Servers load is now correctly measured and a new view is available.
  • Page headers look much better.
  • vCenters now have the pod name listed.
  • Added support for nested groups and some additional LDAP logging on startup.
  • Added the ability to modify a connection rather than just add and delete.
  • Side nav will now collapse if screen space is low.
  • Don’t use internet explorer, friends don’t let friends do that, I’ve added a warning too.
  • Further logging enabled for LDAP integration including a self test on service start.
  • LDAP now supports nested groups.
  • Events view has been deprecated due to a thread exhaustion issue on the server side.

Bug Fixes

  • Farm usage is now accurate, wow that was broken!
  • Many cast errors were found and dealt with.
  • Problem machines now correctly display the vCenter.
  • Fixed a health score bug in the page header.
  • Fixed a problem machines bug in pools and farms.
  • Fixed a bug in pod numbers calculation.
  • Improved the speed of database enumeration of sites and pods.
  • Fixed a bug in global application entitlements where the lack of shortcuts would cause the UI to freak out.
  • Fixed a bug in Datastore usage where it was reporting the wrong value.
  • Fixed a bug where Reach sessions may not be logged off correctly during polling.
  • Fixed a bug where applications were being requested for each farm multiple times.
  • Fixed a bug where pod health would be called twice for no reason.

Cross vCenter Workload Migration Utility

The Cross vCenter Workload Migration Utility helps in moving vm’s between vCenter servers even if they are not connected.

Changelog

Version 3.1, January 22, 2020

  • Support for disk format conversion between Thick (Lazy Zeroed), Thick (Eager Zeroed) and Thin provisioning
  • Support for VM rename pattern for Clone operation
  • Fixed duplicated network selection when performing bulk migration
  • Fixed startup failure when a new home vCenter is specified as a command line argument

vCenter Event Broker Appliance

Sadly there is no real changelog available but just a tweet for the vCenter Event Broker Appliance, a tool that helps the user to create their own events inside vCenter.

Changelog?

Features:

  • Setup no longer require Internet
  • NTP & Proxy Support

vSphere Mobile Client

If you think your Smartphone screen is big enough to manage vSphere the vSphere Mobile Client will help you in that.

Changelog

Version 1.9.1

Features:

  • Added host shutdown quick action

Bug fixes:

  • Fixed an issue where the app would crash when using face ID authentication (iOS)
  • Fixed an issue in the VM card (reversed icons for Windows and Linux)

Version 1.9.0

New features:

  • Ability to save information around a vCenter server (address/username)
  • Use FaceId/Fingerprint recognition to login to a vCenter server

Bug fixes:

  • Do not make first letter uppercase on input fields on the login form
  • Better compatibility with auto-complete applications on the login form

VMware OS Optimization Tool

The one, the only and the real VMware OS Optimization Tool. Simply the best tool out there to optimize your windows image.

Changelog

January, 2020, b1140

Includes various bug fixes.

Optimize Results

  • A new button has been added to the results page that displays once an optimization job has completed. This Export button allows you to save the results page as an HTML file.

Generalize

  • New option and button that simplifies the task of running Sysprep using a standard answer file. You can edit the provided answer file before running Sysprep with it.

Finalize

  • New option and button to automate many common tasks that are typically run as a last step before you shut down Windows to use the VM in Horizon. These include the system clean up tasks (NGEN, DISM, Compact and disk clean up) that were previously provided in the Common Options dialog. This also includes clearing event logs, KMS information and releasing the IP address.

Common Options

  • System clean up tasks have been removed from the common options so will now not run during optimize but instead should be run as part of the Finalize process.
    New tab for Security options. This allows for the quick selection of common settings that might need to be left enabled depending on the security requirements. This offers control over Bitlocker, Firewall, Windows Defender, SmartScreen, HVCI.

Command Line

  • Added command line parameter to allow the tool to run without applying optimizations. This is part of the -o parameter called none that then allows you to run things like the system cleanup tasks (NGEM DISM, etc.) without also having to optimize at the same time.
  • VMwareOSOptimizationTool.exe -o none -t template -systemcleanup 0 1 2 3 WebCache
  • Changed default to not disable Webcache. In testing this was shown to break Edge and IE browsers ability to download and save files. The settings are still available in the Windows 10 templates if you want to disable Webcache.

Guides

  • Updated OSOT user guide: VMware Operating System Optimization Tool Guide.
  • Updated Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop guide coming soon.

[HorizonAPI] Configuring the Horizon event database in code

Last week Mark Brookfield asked the question if it is possible to configure the event database in code. My answer was that I thought it should be possible until Stephen Jesse pointed me to the the vmware.hv.helper where there is the set-hveventdatabase cmdlet for this. When looking at the code I noticed something familiar:

.NOTES
Author                      : Wouter Kursten
Author email                : wouter@retouw.nl
Version                     : 1.0

===Tested Against Environment====
Horizon View Server Version : 7.4
PowerCLI Version            : PowerCLI 10
PowerShell Version          : 5.0

So that’s why I knew it was possible! A good reason to create a quick blogpost though. Mark made a nice script for himself with variables and all those fancy things but I just want to quickly show how you can do it.

$hvedbpw=read-host -AsSecureString
$temppw=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($hvedbpw)
$PlainevdbPassword=[System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$dbupassword=New-Object VMware.Hv.SecureString
$enc=[system.Text.Encoding]::UTF8
$dbupassword.Utf8String=$enc.GetBytes($PlainevdbPassword)
$eventservice=new-object vmware.hv.eventdatabaseservice
$eventservicehelper=$eventservice.getEventDatabaseInfoHelper()
$eventsettings=new-object VMware.Hv.EventDatabaseEventSettings
$eventdatabase=new-object VMware.Hv.EventDatabaseSettings
$eventsettings.ShowEventsForTime="TWO_WEEKS"
$eventsettings.ClassifyEventsAsNewForDays=2
$eventdatabase.Server="labsql01.magneet.lab"
$eventdatabase.type="SQLSERVER"
$eventdatabase.port=1433
$eventdatabase.name="pod1_events"
$eventdatabase.username="sa_view"
$eventdatabase.password=$dbupassword
$eventservicehelper.setDatabase($eventdatabase)
$eventservicehelper.setsettings($eventsettings)
$eventservice.update($hvservice,$eventservicehelper)

The first three line make it possible to not use a plaintext password. If you don’t care about that you can remove those and declare something for $plainevdbpassword.

For the $eventsettings.ShowEventsForTime for time there are several options (same as in the gui) these are:

ONE_WEEK,TWO_WEEKS,THREE_WEEKS,ONE_MONTH,TWO_MONTHS,THREE_MONTHS,SIX_MONTHS
Yes, they are all in capitals!

To show how this works I will first clear the current database.

$hvservice.EventDatabase.EventDatabase_Clear()
$hvservice.EventDatabase.EventDatabase_Get()

Yes this is one of those exceptions where a service_get doesn’t need an id.

Now I run the script with a new _get to show the results.

If you are interested in the details:

The VMware Labs flings monthly for August 2019

It’s been a bit quiet on the fling front with VMworld US happening. None the less there have been two new releases and three updates. New releases are the vSAN Performance monitor and Enterprise OpenShift as a Service on Cloud Automation Services flings. Updated where the vSphere Mobile Client, vRealize Operations REST Notifications Helper and Virtual Machine Compute Optimizer.

New Releases

vSAN Performance Monitor

The vSAN performance monitor is a monitoring and visualization tool based on vSAN Performance metrics. It will collect vSAN Performance and other metrics periodically from the clusters configured. The data collected is visualized in a more efficient and user-friendly way. The vSAN performance monitor comes with preconfigured dashboards which will help customers evaluate the performance of vSAN clusters, identify and diagnose problems, and understand current and future bottlenecks. The dashboards are heavily inspired by vSAN Observer.

The vSAN performance monitor is delivered in a virtual appliance with three major components, i.e., a Telegraf collector, InfluxDB, and a Grafana frontend.

  • Telegraf: Telegraf is the agent that collects metrics from vSAN cluster and stores them in InfluxDB.
  • InfluxDB: InfluxDB is the database to store the metrics
  • Grafana: We use Grafana as the frontend to virtualize the metrics stored in the InfluxDB

Once deployed, users will need to do some simple configuration changes to point the collector to target vSAN cluster(s) and start the service. After that, the data will be collected periodically and can be visualized for meaningful insights.

Enterprise OpenShift as a Service on Cloud Automation Services

This Fling enables a cloud admin to download the package, integrate with Cloud Assembly and other Infrastructure services and be able to provide an “OpenShift Cluster as a Service” offering. This Fling automates the end to end deployment process. End users can simply request for and get an enterprise grade distributed instance of OpenShift Cluster. This Fling provides all the required packages to configure and deploy an enterprise production grade OpenShift cluster using VMware Cloud Assembly Services with minimal effort and in a repeatable, fully automated fashion.

Updated Flings

vSphere Mobile Client

The vSphere Mobile Client is under heavy development to make sure we have the best experience in managing our vSphere environments using our mobile phones.

Changelog

Version 1.4.0

New features

  • Cluster view

Improvements

  • Confirmation dialog on VM quick actions

New Bug Fixes

  • Task card layout improvements
  • Alarms and events truncation issue has been fixed
  • iOS crash report improvementsVersion 1.3.0

New features:

  • Hosts view
  • vCenter dashboard now includes items with most alerts

Improvements

  • Crash reporting for iOS
  • Event categories are now visible (alarm, error, warning)

Bug Fixes

  • Better handling of vCenter name retrieval

vRealize Operations REST Notifications Helper

The vRealize Operations REST Notifications Helper helps in creating better REST notifications of alerts.

Changelog

Version 1.2.1

  • Updated instructions for v1.2
  • Minor fixes and improvements

Version 1.2.0

  • Multiple endpoint configurations
  • Blacklist
  • Windows support
  • Minor new features, improvements and fixes

Virtual Machine Compute Optimizer

The Virtual Machine Compute Optimizer (VMCO) is a Powershell script that uses the PowerCLI module to capture information about the hosts and VMS running in your vSphere environment, and reports back on whether the VMs are configured optimally based on the Host CPU and memory.

Changelog

Version 1.0.4

  • Added a -Property filter to the Get-View commands for hosts and VMs to reduce time and amount of returned data
  • Removed if statement in Get_Optimal_CPU function that included $hostCPUs as it was not yet being used