The VMware Labs flings monthly for January 2020

Here we go again with the new and updated flings for January 2020. It’s been a busy month for me including a visit to Israel but more on that in a future blog post. There have been three new releases in January with the App Volumes Migration Utility, vSphere Software Asset Management and Power vRA Cloud. No less than six received updates: DRS Dump Insight, Horizon Reach, Cross vCenter Workload Migration Utility, vCenter Event Broker Appliance, vSphere Mobile Client and the one and only VMware OS Optimization Tool.

New Releases

App Volumes Migration Utility

The App Volumes Migration Utility has been build to migrate App Volumes 2.18 app stacks to the brand new App Volumes 4 format.

App Volumes Migration Utility allows to migrate appstacks, which are managed by VMware App Volumes 2.18, to the new appstack format of VMware App Volumes 4.0. The format of appstacks in VMware App Volumes 4.0 have changed in order to provide improved login to desktops among many other features. This utility addresses the migration of appstacks so that applications don’t have to be provisioned again after upgrading to VMware App Volumes 4.0.

vSphere Software Asset Management Tool

The vSphere Software Asset Management Tool gives the user insight into license usage of and vSphere environment version 5.5 and up.

The vSphere Software Asset Management (vSAM) is a tool that collects and summarizes vSphere product deployment information. It calls on vSphere APIs for deployment data and produces a PDF report that the customer can consult as a part of their infrastructure review and planning process. This lightweight Java application runs on Windows, Linux or Mac OS.

Features

  • Support both vCenter Server cluster and Standalone ESXi host with a version of vSphere 5.5, 6.X or newer.
  • Generate comprehensive report from various aspects:
    • High-level product deployment summary
    • Product deployment report by targets (standalone ESXi or VC cluster)
    • High level license key usage report
    • License key usage by targets
  • Provide Software Asset Management suggestions on:
    • Evaluation license warning
    • License term
      • Pre-expiration 90 days warning
      • Expiration alert
    • License capacity
      • Potential capacity waste warning based on customized threshold
      • Potential capacity shortage warning based on customized threshold
      • Capacity over-use alert
    • Product support
      • End of General Support info
      • General Support pre-expiration 90 days warning
      • Unsupported product alert
    • Protect customer sensitive information by:
      • Collecting minimal set of information relative with Software Asset Management
      • Masking sensitive info in the report
      • Supporting encryption of raw data file
  • Support merging multi reports into one report
  • Support English and Chinese report
  • Support customization of report

Power vRA Cloud

Power vRA Cloud is a PowerShell module that abstracts the VMware vRealize Automation Cloud APIs to a set of easily used PowerShell functions. This tool provides a comprehensive command line environment for managing your VMware vRealize Automation Cloud environment.

This module is not supported by VMware and comes with no warranties expressed or implied. Please test and validate its functionality before using this product in a production environment.

Updated Flings

DRS Dump Insight

The DRS Dump Insight flings gives an explanation why in the bloody hell a VM was moved from one host to the other.

Changelog

Version 1.1

  • Users can now upload multiple dumps as a folder.
  • Creates a vMotion timeline based on the dumps uploaded, users can navigate through multiple dump analysis.
  • Users can export multiple dump analysis as a PDF at once.
  • Added support to 65u2, 65u3 and 67u3 dumps.
  • Bug fixes and backend improvements

Horizon Reach

I have said this before but Horizon Reach is awesome and gives you an proper overview over all pod’s in an Horizon Cloud Pod setup.

Changelog

Version 1.0.1 brings vCenter performance data along with a myriad of bugfixes!

New Features

  • Gauges, gauges everywhere.
  • Search field! for those huge customers who hate to dig.
  • vCenter performance statistics will now be captured for Pods running version 7.8 or better.
  • vCenter RAM, CPU, sesions and Datastore Usage have all been added to the historical data views.
  • Datastore usage is now calculated only for datastores used by pools or farms.
  • New layouts for Pools, Farms, Pods, Vcenters etc..
  • RDSH Servers load is now correctly measured and a new view is available.
  • Page headers look much better.
  • vCenters now have the pod name listed.
  • Added support for nested groups and some additional LDAP logging on startup.
  • Added the ability to modify a connection rather than just add and delete.
  • Side nav will now collapse if screen space is low.
  • Don’t use internet explorer, friends don’t let friends do that, I’ve added a warning too.
  • Further logging enabled for LDAP integration including a self test on service start.
  • LDAP now supports nested groups.
  • Events view has been deprecated due to a thread exhaustion issue on the server side.

Bug Fixes

  • Farm usage is now accurate, wow that was broken!
  • Many cast errors were found and dealt with.
  • Problem machines now correctly display the vCenter.
  • Fixed a health score bug in the page header.
  • Fixed a problem machines bug in pools and farms.
  • Fixed a bug in pod numbers calculation.
  • Improved the speed of database enumeration of sites and pods.
  • Fixed a bug in global application entitlements where the lack of shortcuts would cause the UI to freak out.
  • Fixed a bug in Datastore usage where it was reporting the wrong value.
  • Fixed a bug where Reach sessions may not be logged off correctly during polling.
  • Fixed a bug where applications were being requested for each farm multiple times.
  • Fixed a bug where pod health would be called twice for no reason.

Cross vCenter Workload Migration Utility

The Cross vCenter Workload Migration Utility helps in moving vm’s between vCenter servers even if they are not connected.

Changelog

Version 3.1, January 22, 2020

  • Support for disk format conversion between Thick (Lazy Zeroed), Thick (Eager Zeroed) and Thin provisioning
  • Support for VM rename pattern for Clone operation
  • Fixed duplicated network selection when performing bulk migration
  • Fixed startup failure when a new home vCenter is specified as a command line argument

vCenter Event Broker Appliance

Sadly there is no real changelog available but just a tweet for the vCenter Event Broker Appliance, a tool that helps the user to create their own events inside vCenter.

Changelog?

Features:

  • Setup no longer require Internet
  • NTP & Proxy Support

vSphere Mobile Client

If you think your Smartphone screen is big enough to manage vSphere the vSphere Mobile Client will help you in that.

Changelog

Version 1.9.1

Features:

  • Added host shutdown quick action

Bug fixes:

  • Fixed an issue where the app would crash when using face ID authentication (iOS)
  • Fixed an issue in the VM card (reversed icons for Windows and Linux)

Version 1.9.0

New features:

  • Ability to save information around a vCenter server (address/username)
  • Use FaceId/Fingerprint recognition to login to a vCenter server

Bug fixes:

  • Do not make first letter uppercase on input fields on the login form
  • Better compatibility with auto-complete applications on the login form

VMware OS Optimization Tool

The one, the only and the real VMware OS Optimization Tool. Simply the best tool out there to optimize your windows image.

Changelog

January, 2020, b1140

Includes various bug fixes.

Optimize Results

  • A new button has been added to the results page that displays once an optimization job has completed. This Export button allows you to save the results page as an HTML file.

Generalize

  • New option and button that simplifies the task of running Sysprep using a standard answer file. You can edit the provided answer file before running Sysprep with it.

Finalize

  • New option and button to automate many common tasks that are typically run as a last step before you shut down Windows to use the VM in Horizon. These include the system clean up tasks (NGEN, DISM, Compact and disk clean up) that were previously provided in the Common Options dialog. This also includes clearing event logs, KMS information and releasing the IP address.

Common Options

  • System clean up tasks have been removed from the common options so will now not run during optimize but instead should be run as part of the Finalize process.
    New tab for Security options. This allows for the quick selection of common settings that might need to be left enabled depending on the security requirements. This offers control over Bitlocker, Firewall, Windows Defender, SmartScreen, HVCI.

Command Line

  • Added command line parameter to allow the tool to run without applying optimizations. This is part of the -o parameter called none that then allows you to run things like the system cleanup tasks (NGEM DISM, etc.) without also having to optimize at the same time.
  • VMwareOSOptimizationTool.exe -o none -t template -systemcleanup 0 1 2 3 WebCache
  • Changed default to not disable Webcache. In testing this was shown to break Edge and IE browsers ability to download and save files. The settings are still available in the Windows 10 templates if you want to disable Webcache.

Guides

  • Updated OSOT user guide: VMware Operating System Optimization Tool Guide.
  • Updated Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop guide coming soon.

[HorizonAPI] Configuring the Horizon event database in code

Last week Mark Brookfield asked the question if it is possible to configure the event database in code. My answer was that I thought it should be possible until Stephen Jesse pointed me to the the vmware.hv.helper where there is the set-hveventdatabase cmdlet for this. When looking at the code I noticed something familiar:

.NOTES
Author                      : Wouter Kursten
Author email                : [email protected]
Version                     : 1.0

===Tested Against Environment====
Horizon View Server Version : 7.4
PowerCLI Version            : PowerCLI 10
PowerShell Version          : 5.0

So that’s why I knew it was possible! A good reason to create a quick blogpost though. Mark made a nice script for himself with variables and all those fancy things but I just want to quickly show how you can do it.

$hvedbpw=read-host -AsSecureString
$temppw=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($hvedbpw)
$PlainevdbPassword=[System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$dbupassword=New-Object VMware.Hv.SecureString
$enc=[system.Text.Encoding]::UTF8
$dbupassword.Utf8String=$enc.GetBytes($PlainevdbPassword)
$eventservice=new-object vmware.hv.eventdatabaseservice
$eventservicehelper=$eventservice.getEventDatabaseInfoHelper()
$eventsettings=new-object VMware.Hv.EventDatabaseEventSettings
$eventdatabase=new-object VMware.Hv.EventDatabaseSettings
$eventsettings.ShowEventsForTime="TWO_WEEKS"
$eventsettings.ClassifyEventsAsNewForDays=2
$eventdatabase.Server="labsql01.magneet.lab"
$eventdatabase.type="SQLSERVER"
$eventdatabase.port=1433
$eventdatabase.name="pod1_events"
$eventdatabase.username="sa_view"
$eventdatabase.password=$dbupassword
$eventservicehelper.setDatabase($eventdatabase)
$eventservicehelper.setsettings($eventsettings)
$eventservice.update($hvservice,$eventservicehelper)

The first three line make it possible to not use a plaintext password. If you don’t care about that you can remove those and declare something for $plainevdbpassword.

For the $eventsettings.ShowEventsForTime for time there are several options (same as in the gui) these are:

ONE_WEEK,TWO_WEEKS,THREE_WEEKS,ONE_MONTH,TWO_MONTHS,THREE_MONTHS,SIX_MONTHS
Yes, they are all in capitals!

To show how this works I will first clear the current database.

$hvservice.EventDatabase.EventDatabase_Clear()
$hvservice.EventDatabase.EventDatabase_Get()

Yes this is one of those exceptions where a service_get doesn’t need an id.

Now I run the script with a new _get to show the results.

If you are interested in the details:

The VMware Labs flings monthly for August 2019

It’s been a bit quiet on the fling front with VMworld US happening. None the less there have been two new releases and three updates. New releases are the vSAN Performance monitor and Enterprise OpenShift as a Service on Cloud Automation Services flings. Updated where the vSphere Mobile Client, vRealize Operations REST Notifications Helper and Virtual Machine Compute Optimizer.

New Releases

vSAN Performance Monitor

The vSAN performance monitor is a monitoring and visualization tool based on vSAN Performance metrics. It will collect vSAN Performance and other metrics periodically from the clusters configured. The data collected is visualized in a more efficient and user-friendly way. The vSAN performance monitor comes with preconfigured dashboards which will help customers evaluate the performance of vSAN clusters, identify and diagnose problems, and understand current and future bottlenecks. The dashboards are heavily inspired by vSAN Observer.

The vSAN performance monitor is delivered in a virtual appliance with three major components, i.e., a Telegraf collector, InfluxDB, and a Grafana frontend.

  • Telegraf: Telegraf is the agent that collects metrics from vSAN cluster and stores them in InfluxDB.
  • InfluxDB: InfluxDB is the database to store the metrics
  • Grafana: We use Grafana as the frontend to virtualize the metrics stored in the InfluxDB

Once deployed, users will need to do some simple configuration changes to point the collector to target vSAN cluster(s) and start the service. After that, the data will be collected periodically and can be visualized for meaningful insights.

Enterprise OpenShift as a Service on Cloud Automation Services

This Fling enables a cloud admin to download the package, integrate with Cloud Assembly and other Infrastructure services and be able to provide an “OpenShift Cluster as a Service” offering. This Fling automates the end to end deployment process. End users can simply request for and get an enterprise grade distributed instance of OpenShift Cluster. This Fling provides all the required packages to configure and deploy an enterprise production grade OpenShift cluster using VMware Cloud Assembly Services with minimal effort and in a repeatable, fully automated fashion.

Updated Flings

vSphere Mobile Client

The vSphere Mobile Client is under heavy development to make sure we have the best experience in managing our vSphere environments using our mobile phones.

Changelog

Version 1.4.0

New features

  • Cluster view

Improvements

  • Confirmation dialog on VM quick actions

New Bug Fixes

  • Task card layout improvements
  • Alarms and events truncation issue has been fixed
  • iOS crash report improvementsVersion 1.3.0

New features:

  • Hosts view
  • vCenter dashboard now includes items with most alerts

Improvements

  • Crash reporting for iOS
  • Event categories are now visible (alarm, error, warning)

Bug Fixes

  • Better handling of vCenter name retrieval

vRealize Operations REST Notifications Helper

The vRealize Operations REST Notifications Helper helps in creating better REST notifications of alerts.

Changelog

Version 1.2.1

  • Updated instructions for v1.2
  • Minor fixes and improvements

Version 1.2.0

  • Multiple endpoint configurations
  • Blacklist
  • Windows support
  • Minor new features, improvements and fixes

Virtual Machine Compute Optimizer

The Virtual Machine Compute Optimizer (VMCO) is a Powershell script that uses the PowerCLI module to capture information about the hosts and VMS running in your vSphere environment, and reports back on whether the VMs are configured optimally based on the Host CPU and memory.

Changelog

Version 1.0.4

  • Added a -Property filter to the Get-View commands for hosts and VMs to reduce time and amount of returned data
  • Removed if statement in Get_Optimal_CPU function that included $hostCPUs as it was not yet being used

 

Generating a clean Host Profile using PowerCLI

First of all: I love Host Profiles! But they’re easy to mess up as well, leave something selected related to hardware and an update in ESXi, vib’s or even a firmware update might break it. For a customer where we are going to do the entire vSphere build from scratch I got the idea to generate an empty Host Profile and extend that one using scripting. At first I though this would be an easy thing but it definitely isn’t, a reply from PowerCLI guru Luc Dekens at the VMware{Code} forums set me on the right path to do so. Luc’s remark that editing Host Profiles might take some reverse engineering for the lack of documentation is a huge understatement. It has cost me many many hours to build the script below.

I strongly recommend having the reference host as clean as possible.

These are the steps the script takes

  1. connect to vCenter
  2. extract a new Host Profile
  3. Gets the new Host Profile
  4. Copies all members of the new Host Profile to an object that can be edited
  5. Sets everything that I could find in my environment to false
  6. Updates the Host Profile with the edited object

Required parameters

  • vCenter
    • Your vCenter host
  • Referencehost
    • the name of the host in vCenter
  • Hostprofilename
    • Name for the Host Profile

There are also a couple of optional parameters:

  • dnshost
    • It’s mandatory to have a DNS set in the defaulttcpipstack. With this parameter you can change this.
  • domainname
    • Like DNS it’s mandatory to have a domainname set in the defaulttcpipstack. With this parameter you can change this
  • Cleanup
    • This one defaults to false but can be set to true. It will remove all NFS Datastores, vmkernel ports, portgroups, device aliases and direct i/o profiles.
    • Use this one with care, if you apply it to a host it will most probably remove all networking details for that host making it unusable.

This is how a manual extracted Host Profile looks

This is how a Host Profile looks after using my script without the cleanup option, everything is deselected but the device aliases for example are kept.

.\create_clean_hostprofile.ps1 -vcenter vCenter -Hostprofilename demo_no_cleanup -referencehost hostname

And this is how it looks with the cleanup used.

.\create_clean_hostprofile.ps1 -vcenter vCenter -Hostprofilename demo_no_cleanup -referencehost hostname -cleanup $true

The script itself can be found on Github as well:

#-------------------------------------------------
# Generates a clean Host Profile
#
# Build using PowerCLI 11
#
# Version 1.0
# 17-08-2019
# Created by: Wouter Kursten
# Website: https://www.retouw.nl
#
#-------------------------------------------------

param(
[Parameter(Mandatory=$true)][String]$Hostprofilename,
[Parameter(Mandatory=$true)][String]$vcenter,
[Parameter(Mandatory=$true)][String]$referencehost,
[Parameter()][String]$dnshost,
[Parameter()][String]$domainname,
[Parameter()][bool]$Cleanup = $false
)

# I grabbed this function somewhere from an example by Luc Dekens
function Copy-Property ($From, $To, $PropertyName ="*"){
    foreach ($p in Get-Member -In $From -MemberType Property -Name $propertyName){
        trap {
            Add-Member -In $To -MemberType NoteProperty -Name $p.Name -Value $From.$($p.Name) -Force
            continue
        }
    $To.$($P.Name) = $From.$($P.Name)
    }
}

#connect to the vCenter
connect-viserver $vcenter

# This deletes any existing Host Profile with the same name as we're using in this script
get-vmhostprofile -name $Hostprofilename  -ErrorAction SilentlyContinue | Remove-VMHostProfile -Confirm:$false

# This creates a new Host Profile from the referencehost
new-vmhostprofile -name $Hostprofilename -referencehost $referencehost

# Retrieves the newly created Host Profile
$hp = Get-VMHostProfile -Name $Hostprofilename

# Creates the spec where the cleanup is done
$spec = New-Object VMware.Vim.HostProfileCompleteConfigSpec

# Copies all properties of the new Host Profile to the spec
Copy-Property -From $hp.ExtensionData.Config -To $spec

# This removes everything that could be specific to the referencehost
if ($cleanup -eq $true){
    $spec.ApplyProfile.Network.Vswitch=$null
    $spec.ApplyProfile.Network.VMportgroup=$null
    $spec.ApplyProfile.Network.HostPortGroup=$null
    $spec.ApplyProfile.Network.pnic=$null
    $spec.ApplyProfile.Storage.NasStorage=$null
    ($spec.ApplyProfile.Property | where-object {$_.PropertyName -like "*DeviceAlias*"}).profile=$null
    ($spec.ApplyProfile.Property | where-object {$_.PropertyName -like "*PCI*"}).profile.property.profile=$null
}

# From here it's just disabling of items except for:
# -items under storage> PSA Configuration (profiles are removed)
# -Properties of the fixed DNS config (set to the default values from this scripts parameters)
$spec.ApplyProfile.Datetime.Enabled=$False
$spec.ApplyProfile.Authentication.Enabled=$False
$spec.ApplyProfile.Authentication.ActiveDirectory.Enabled=$False

foreach ($o in $spec.applyprofile.Option){
    if ($o.Enabled){
        $o.Enabled=$False
    }
}

foreach ($p in $spec.ApplyProfile.Property.Profile){
    if ($p.Enabled){
        $p.Enabled=$False
    }
    foreach ($pa in $p.Property.Profile){
            if ($pa.Enabled){
                $pa.Enabled=$False
                }
        foreach ($paa in $pa.Property.Profile){
                if ($paa.Enabled){
                    $paa.Enabled=$False
                }
        }
    }
}

foreach ($s in $spec.ApplyProfile.Storage.Nasstorage){
    if ($s.Enabled){
        $s.Enabled=$False
    }
    foreach ($sa in $s){
        if ($sa.Enabled){
            $sa.Enabled=$False
        }
    }
}

foreach ($s in $spec.ApplyProfile.Storage.Property.Profile){
    if ($s.Enabled){
        $s.Enabled=$False
    }

    if ($s.ProfileTypeName -eq "psa_psaProfile_PluggableStorageArchitectureProfile" -AND $cleanup -eq $true){
        foreach ($sa in $s.property){
            if ($sa.propertyname -like "*psa_psaProfile_PsaDevice*"){
                [email protected]()
            }
        }
    }
    foreach ($sa in $s.Property.Profile){
        if ($sa.Enabled){
            $sa.Enabled=$False
            }
        foreach ($saa in $sa.Property.Profile){
            if ($saa.Enabled){
                $saa.Enabled=$False
            }
        }
    }
}

foreach ($f in $spec.ApplyProfile.Firewall.ruleset){
    if ($f.Enabled){
        $f.Enabled=$False
    }
}

foreach ($n in $spec.ApplyProfile.Network.vswitch){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
        foreach ($naa in $na.link){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NumPorts){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NetworkPolicy){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.pnic){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.VmPortGroup){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
        foreach ($naa in $na.Vlan){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.Vswitch){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NetworkPolicy){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.HostPortGroup){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
        foreach ($naa in $na.IpConfig){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.Vlan){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.Vswitch){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NetworkPolicy){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.Property.Profile){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n.Property.Profile){
        if ($na.Enabled){
            $na.Enabled=$False
            }
        foreach ($np in $na.policy.policyoption){
            if ($np.id -eq "FixedDnsConfig"){
                foreach ($npp in $np.parameter){
                    if ($dnshost){
                        if ($npp.key -eq "address") {
                            [string[]][email protected]($dnshost)
                            $npp.value=$dnsarray
                        }
                    }
                    if ($domainname){
                        if ($npp.key -eq "domainName"){
                            $npp.value=$domainname
                        }
                    }
                }
            }
        }
        foreach ($naa in $na.Property.Profile){
            if ($naa.Enabled){
                $naa.Enabled=$False
            }
            foreach ($naaa in $naa.Property.Profile){
                if ($naaa.Enabled){
                    $naaa.Enabled=$False
                }
            }
        }
    }
}


(Get-VMHostProfile $Hostprofilename).ExtensionData.Updatehostprofile($spec)
disconnect-viserver $vcenter -confirm:$False

And yes that’s a lot of foreach’s.

 

 

I have been named EUC Champion for 2019!

A couple of weeks ago I was informed that I would be awarded the EUC Champion for the second time.  The EUC Champions program grew from 35 to 42 and you can find all of us over here: https://www.vmware.com/euc-champions/current-champions.html As you can see in that list my very good friend and vmug stage buddy Hans Kraaijeveld was also awarded the EUC Champion title as well into this EUC elite group of people.

So what are the EUC Champions?

What is the EUC Champions program?
EUC Champions is an experts-only program that provides a forum for the EUC community and VMware EUC product teams to share industry trends, new product information and ideas through in-person meetings, networking events, industry conferences and webinars.

This is the official statement but there is more. We also have access to dedicated EUC Champions Slack channels at the VMware slack with direct contact to some of the EUC product teams. Also the knowledge sharing between each other has been awesome in my opinion. Plus we get to test some flings that Andrew Morgan created that might or might not be released at https://labs.vmware.com/flings

Do you also think you have it to become an EUC Champion? You can find more info at https://www.vmware.com/euc-champions.html

What did I do to become an EUC Champion? Well it’s my blogging over here but certainly also presenting at vmug’s about EUC related things.

 

[API]How to successfully logoff users in Horizon

One of the things that annoy me about the Horizon admin interface is the fact that if you give a session the logoff command that this only works if the user is active aka when the desktop is not locked. With the api’s though (and Andrew implemented this in the helpdesk fling) it is possible to force a logoff. Let’s look at the available method’s first.

So we have a logoff and logoffForced. But there are also the logoffsessions and LofoffSessionsForced, I guess those let you logoff multiple sessions. this is what the extensiondata says about them.

So for the singular method’s we need a single id and for the sessions we need an array of ids. At first I will use get-hvglobalsession (yes, this works against sessions in other pod’s in a cloud pod architecture as well!) to get the id’s to show how it works. I have 5 sessions running from my desktop

$services1.Session.Session_Logoff((get-hvglobalsession | select -first 1).id)

Damn locked, let’s force this bastard from his desktop.

$services1.Session.Session_LogoffForced((get-hvglobalsession | select -first 1).id)

Aaaand it’s gone

And to show that it works I had to make sure the first session wasn’t locked.

And now the big bang fuck all of you!

$services1.Session.Session_LogoffSessionsForced((Get-HVGlobalSession).id)

As you can see one of my users was a but slow in logging off (nested esxi with only a couple vcpu’s for that one) I have also created a script that asks for the user whom you want to logoff and which session you want to logoff in case they have multiple. It’s not the cleanest code that I have written but it works 🙂

$hvserver1=connect-hvserver servername -user user -domain domain -password passwords
$Services1= $hvServer1.ExtensionData

$username= Read-Host "Which user do you want to logoff? (no wildcards needed, part of the name is enough)"

$queryService = New-Object VMware.Hv.QueryServiceService
$userdefn = New-Object VMware.Hv.QueryDefinition
$userdefn.queryEntityType = 'ADUserOrGroupSummaryView'
$userfilter1= New-Object VMware.Hv.QueryFilterContains
$userfilter1.membername='base.name'
$userfilter1.value=$username
$userfilter2= New-Object VMware.Hv.QueryFilterEquals
$userfilter2.membername='base.group'
$userfilter2.value=$False
$userfilter=new-object vmware.hv.QueryFilterAnd
[email protected]($userfilter1, $userfilter2)
$userdefn.filter=$userfilter
$users=($queryService.QueryService_Create($Services1, $userdefn)).results

$menu = @{}
for ($i=1;$i -le $users.count; $i++){ 
    Write-Host "$i. $($users[$i-1].base.name)" 
    $menu.Add($i,($users[$i-1].id))
}
[int]$ans = read-host "Please select the correct user"
$user=$menu.Item($ans)

$GlobalSessionQueryService = new-object VMware.Hv.GlobalSessionQueryServiceService
$sessionfilterspec=new-object vmware.hv.GlobalSessionQueryServiceQuerySpec
$sessionfilterspec.user=$user
$sessions=($GlobalSessionQueryService.GlobalSessionQueryService_QueryWithSpec($services1, $sessionfilterspec)).results

$menu = @{}
for ($i=1;$i -le $sessions.count; $i++){ 
    Write-Host "$i. $($sessions[$i-1].namesdata.basenames.MachineOrRDSServerName)" 
    $menu.Add($i,($sessions[$i-1].id))
}
[int]$ans = read-host "Please select the correct VDI Desktop"
$session=$menu.Item($ans)

$Services1.Session.Session_Logoffforced($session)
$queryService.QueryService_DeleteAll($services1)

This script forces the logoff for the sessions since I haven’t been able yet to find where the desktop status (locked or not) is visible.

Updates to the VMware Horizon Helpdesk fling

Today a new version has been released of the VMware Horizon Helpdesk fling by Andrew Morgan. One big change is that the Helpdesk license isn’t required anymore so at least a part of the functionality is available to owners of advanced or standard Horizon licenses.

the entire changelog:

Version 1.4.0.1

  • No longer requires a helpdesk license! Yay!
  • Added the ability to interact with vCenter machines
  • Added the ability to open vCenter VM consoles
  • Added the ability to perform bulk machine actions
  • Added the ability to perform refresh / recompose tasks directly from helpdesk.
  • Fixed performance issues with multiple windows open (see single instance).
  • Fixed a crash when logon durations could not be accessed.
  • Added polling to allow logon durations to be received if notavailable when the session page is requested.
  • Fixed a crash in the ending of processes.
  • Fixed a metric ton of bugs with delegated administration.
  • Fixed a memory leak in the tray icon menu, of all places.
  • Removed the logon page graphic as it was to much of a pain to change it’s colour when changing themes
  • Fixed some layout issues when changing themes.
  • Removed empty sites from the viewon the change pod tray menu.
  • Added preliminary support for Horizon 7.9.

 

Let’s look into some of the new options (will do the options without the helpdesk license last)

Added the ability to interact with vCenter machines 

From the pool view you’ll see an extra button for vCenter actions

And that will give these options

These all speak for themselves in functionality.

Added the ability to open vCenter VM consoles 

Open VM console will give an popup that asks for vCenter credentials.

Hit logon and a vrmc client should start if it’s installed

Added the ability to perform bulk machine actions 

The vCenter actions above can be done against multiple vm’s but also the various actions from View itself

Added the ability to perform refresh / recompose tasks directly from helpdesk. 

No longer requires a helpdesk license! Yay! 

when you use the std license the biggest difference is that you can’t view any specifics inside sessions since that’s all limited to the helpdesk license.

The VMware Labs flings monthly for June 2019

Wow there are already six months gone in 2019. Both my kids passed passed their schoolyears and this month there have been three new fling releases and four that have received updates. The new ones are: vSphere Mobile Client, Workspace ONE UEM SCIM Adapter and FlowGate. The ones that received updates are USB Network Native Driver for ESXi, HCIBench, IOBlazer and the Horizon DaaS Migration Tool.

New Releases

vSphere Mobile Client

I already posted a short blog about this fling over here.

vSphere Mobile Client enables administrators to monitor and manage vSphere infrastructure directly from any mobile device. Whether you want to check on the current or historical resource consumption; you want to get notifications on long running tasks; or you want to check the currently running tasks – the vSphere Mobile Client is there to help.

Features

  • VM overview: Review the status of your VMs including state (powered on/off), resource usage and configuration information
  • VM management: Change the power state of a VM or restart it. Locating the virtual machine to operate on can be done through search.
  • Task monitoring: Subscribe to any running task and receive a notification on your mobile device upon task completion, even when your device is in-active or you have another application running on the foreground.
  • Performance charts: Monitor the resource usage of a VM in real time or a day, week, month or year back. Counters include CPU, Memory, Storage and Network.

NOTE: vSphere Mobile Client is currently available for Android and iOS devices and vCenter 6.0+ deployments. Check the “Requirements” tab for more details. Access to vSphere infrastructure may require a secure access method such as VPN on a mobile device.

This is a technical preview release and as such it only has a limited subset of the intended functionality. The team would be releasing updates with new features regularly, but our main task is to gather feedback so please do not hesitate to reach out to us.

Workspace ONE UEM SCIM Adapter

Workspace ONE UEM SCIM Adapter provides SCIM user/group management capabilities to Workspace ONE UEM. The middleware translates the System for Cross-Domain Identity Management, SCIM, to a CRUD REST framework that Workspace ONE UEM can interpret. This capability allows Workspace ONE UEM to synchronize cloud-based identity resources (users/groups/entitlements) without the need for an LDAP endpoint (service to service model). Examples include Azure AD, Okta, and Sailpoint.

Flowgate

The Flowgate fling is all about linking IT & Facility systems with each other.

In enterprise data centers, IT infrastructure and facility are generally managed separately, which leads to information gaps. Collaboration between facility and IT infrastructure systems are limited or manual, and virtualization adds more complexity.

The goal of Flowgate is to make facility awareness in IT management system and make IT operations management and automation better on high availability, cost saving and improved sustainability, with more information on power, cooling, environment (e.g. humidity, temperature) and security.

Built-in adapter for multiple DCIM and CMDB system integration:

  • Nlyte
  • PowerIQ
  • Infoblox
  • Labsdb
  • IBIS(TODO)
  • Pulse IoT Center (TODO)
  • Open for other facility system integration

Built-in adapter for multiple IT stack systems:

  • vCenter Server
  • vRealise Operation Manager
  • Open for other IT stack integration. More systems will coming soon.

 

  • UI based Integration process: One click integration.
  • Role based access control: API level access control support.
  • RESTFul API support: Provide unified facility information querying services. APIs for all operations and data query make it easy to integrate with other systems.

Updated flings

USB Network Native Driver for ESXi

Are you building an awesome homelab but received some funky USB Network adapters? The USB Network Native Driver for ESXi might just have the correct drivers for you.

Changelog

June 17, 2019 – v1.1

  • Added support for 9 additional USB NIC devices including USB 2.0 RTL8152 & TPLINK (see Requirements page for complete list)
  • Added support for Jumbo Frames (up to 4K) for RTL8153 & AX88179
    ESXi670-VMKUSB-NIC-FLING-24524132-offline_bundle-13958648.zip
    ESXi650-VMKUSB-NIC-FLING-24599816-offline_bundle-13964320.zip

HCIBench

HCIBench is one of two benchmarking utilities that received an update.

Changelog

Version 2.1

  • Switched UI to dark theme
  • Redesigned VMDK preparation methodology, which can complete much faster using RANDOM on deduped storage
  • Added VMDK preparation process update
  • Added Graphite port check into prevalidation
  • Added vCenter/Host password obfuscation
  • Added “Delete Guest VM” button
  • Fixed Grafana display issue
  • Fixed FIO blank results issue
  • Bug fixes
    MD5 checksum of HCIBench_2.1.ova: d37e6f164ed962a6e7ccbe104ba9eaec

IOBLazer

It looks like the IOBlazer fling was first released in 2014(!!!!) as a tool to benchmark all kinds of storage systems. Since I haven’t posted about it here yet let me give you the overview:

IOBlazer is a multi-platform storage stack micro-benchmark. IOBlazer runs on Linux, Windows and OSX and it is capable of generating a highly customizable workload. Parameters like IO size and pattern, burstiness (number of outstanding IOs), burst interarrival time, read vs. write mix, buffered vs. direct IO, etc., can be configured independently. IOBlazer is also capable of playing back VSCSI traces captured using vscsiStats. The performance metrics reported are throughput (in terms of both IOPS and bytes/s) and IO latency.

IOBlazer evolved from a minimalist MS SQL Server emulator which focused solely on the IO component of said workload. The original tool had limited capabilities as it was able to generate a very specific workload based on the MS SQL Server IO model (Asynchronous, Un-buffered, Gather/Scatter). IOBlazer has now a far more generic IO model, but two limitations still remain:

  1. The alignment of memory accesses on 4 KB boundaries (i.e., a memory page)
  2. The alignment of disk accesses on 512 B boundaries (i.e., a disk sector).

Both limitations are required by the gather/scatter and un-buffered IO models.

A very useful new feature is the capability to playback VSCSI traces captured on VMware ESX through the vscsiStats utility. This allows IOBlazer to generate a synthetic workload absolutely identical to the disk activity of a Virtual Machine, ensuring 100% experiment repeatability.

Changelog

Updates in IOBlazer 1.01:

  • Added configurable IO alignment
  • Increased the robustness of the trace file parser in the face of spurious lines
  • Increased the robustness of the build process by automatically detecting target OS and arch within the Makefile
  • In the Windows version, changed the raw access mode from volume to physical drive to avoid unnecessary mount/unmount operations at every test run.

Horizon DaaS Migration Tool

The Horizon DaaS Migration Tool is for the Horizon DaaS providers to migrate their customers to the latest version of Horizon DaaS.

Changelog

Version 2.1.0

  • Fix for the bug on “Requested Capacity” at the pool/assignment summary page showing inappropriate values.
  • Intelligently handling import of new VMs skipping previously imported VMs.

Small recap of the Belgian VMUG meet on 14-06-2019

Last Friday it was time for my annual trip tot he Belgian vmug meeting. I consider this my home vmug away from home and have been visiting for years. This was the first time I could give back in Belgium since Hans & mine session was accepted in the call for papers.

Our session

Right after the keynote (from which we sadly had to miss a couple of minutes to get setup) we did our presentation in front of about 22-23 people in the attick of the building. Just like at the Dutch vmug we did it about flings & tools for Vmware Horizon. Luckily we could do some of our demo’s locally because the wifi & 4G weren’t delivering a good speed to connect to our labs.One thing is for sure we did the session in the brightest manner ever.

If you are interested in the slidedeck we partially used you can find it here.

Other sessions

Firts of all the keynote by Joe Baguley was great as always. His vision on how things works or should be done has been evolving over the years but always seems to around the same lines. The 2nd keynote bij Johan van Amersfoor about VDI by day,compute by night wasn’t the first time I have seen this session but it’s so good that I don’t mind watching it several times.

The session about Kubernetes by Eric de Witte contained some usefull information since I haven’t done a whole lot with kubernetes yet. The last two sessions for me where Luc Dekens talking PowerCLI (what else?) and Valentin Bondzio about the computational cost of security. Luc’s session was about his style of coding and steps he takes to write codes plus a bit about working with instant clones.

Conclusion

During the day Hans and I had great fun with the people from EG Innovations and 10Zig in the exhibition area. As usual at the BE vmug the day ended with a great BBQ, those belgians do know their food! While not as big as the Dutch vmug UserCon the Belgian vmug meets are always high quality so I will beep going if my schedule allows me too and yes if needed I will take a PTO day for it.

The VMware Labs flings monthly for May 2019

Originally I created this post with only 2 updated and one new fling. Some engineers though added two more new flings so 3 new ones and 2 have received an update. The new ones are the Distributed Trust Incident Reporting fling, vRealize Build Tools and Cloud Automation Services SDK for Python. while the Horizon Toolbox and Horizon Migration Tool have received updates.

New Releases

vRealize Build Tools

vRealize Build Tools provides tools to development and release teams implementing solutions based on vRealize Automation (vRA) and vRealize Orchestrator (vRO). The solution targets Virtual Infrastructure Administrators and Solution Developers working in parallel on multiple vRealize-based projects who want to use standard DevOps practices.

This Fling is focused on code quality, code reusability, unit testing, dependency management and parallel releases of vRealize projects. In practice, it is a set of Maven extensions, packaged in a Maven repository format, that support the use of IDE (via Maven) and CLI to develop, test and deliver vRA and vRO-based solutions. It includes a vRO plug-in that exposes autocomplete information for standard and third-party scripting objects and actions and CLI that can deploy packages to vRO and vRA via the standard APIs.

Cloud Automation Services SDK for Python

The Cloud Automation Services SDK for Python is a set of Python classes to simplify automation against several aspects of the Cloud Assembly, Service Broker, and Code Stream API when using Python.

Note: The github repo will be public soon!

 

Distributed Trust Incident Reporting

The Distributed Trust Incident Reporting fling is an  open source security incident tracker.

Security incidents are important to track so that all parties know the status of a breach and can respond in concert and with appropriate speed. Current methods to track incidents are generally paper-based manual processes. More recent systems are based on a centralized database with some web interface to interact with the record and response tracking.

We propose that this does not work well enough in the scenarios where:

  • security incidents may affect more than a single entity
  • where more than one entity must respond to an incident
  • some or all entities have no trust in the others
  • no party can or will be responsible for hosting the full system

For example, a security breach in the supply chain for a food manufacturer could result in several retail businesses with products on shelf that contain a pathogen. Current methods of notifying the proper authorities require a phone tree to call all the correct parties which then react as individuals or local committees. In addition the incident must either be initially submitted to each entity separately or one entity must take responsibility to notify the others.

This Fling:

  • allows all parties (e.g. retail, governmental, public) to see the incident via a single report transaction
  • allows all parties to respond in concert as required
  • allows automated systems to report incidents
  • allows transparency across all organizations

Updated flings

Horizon Toolbox

The Horizon toolbox is an extension to the Horizon Admin Console giving all kinds of user and session information. It is no replacement for the Horizon Helpdesk (or the fling).

Changelog

May 28, 2019, 7.8.0

  • Fix some incompatible issues
  • Only support Horizon View 7.7 & 7.8

Horizon Migration Tool

The Horizon Migration Tool helps you migrating from Citrix to an On-Prem Horizon Environment.

Changelog

Version 3.0.2

  • Updated the binary package and the document accordingly