New Horizon API calls in PowerCLI 10.1.1

VMware quietly released a new version of PowerCLI last week: 10.1.1. This release is mainly an update for the Horizon View API’s. This to bring it back on level with the current Horizon release at 7.5. The release notes are not very extensive but it has a fix for some people getting time-outs when connecting to a Connection server  plus a bunch of new api calls.

I have dumped the output from the available api calls into two text files and made a comparison:

Since there’s no update yet in the API explorer I will have to make an educated guess on what the functions do:

DesktopTask

When looking at the available method’s for this call it looks like it has everything to do with Desktop task. But it also can’t do a damn thing without an vmware.hv.desktoptaskid. This will most probably bu retrievable using a query. This is something I will further investigate in the future.

DiagOperation

To be honest I have no idea yet what this one does. I have tried created a VMware.Hv.DiagOperationRequest and tried to send it but got an error that no message queue handler was found. This might be something from Horizon 7.5 since I haven’t updated my lab yet.

GatewayAccessUserOrGroup

This one is easy, it creates, deletes, gets and lists remote access users. You can expect a function for this in the near future since it looks easy to build.

JwtToken

According to my sources this is a SSO token between the flex and html5 clients.

LogonTiming

This obviously is created to pull logon timing as the name suggests. I have put a session ID in a variable but sadly the data is not usable from PowerCLI. WHat it seems to be is the api call the Helpdesk client uses to pull the logon time. I didn’t have the timing profiler turned on initially and neither the helpdesk tool or this call gave my any information. Disconnected sessions also don’t give any information and when reconnected it gives the reconnection time not the initial logontime for when the session started. This is the same behaviour as the helpdesk tool.

Apparently the output is in a json format and for now I doubt if it will be usable in a function.

While the session itself has this information.

NetworkProxyConfiguration

No idea yet why there is a networkproxy configuration in here.

Performance

This gets some performance data using a session id as also visible in the helpdesk tool.

RemoteApplication

Gives per session information on the Skype 4 Business pairing mode.

RemoteAssistantTicket

100% sure related to the remote assistance function in the helpdesk tool.

RemoteProcess

Looks like this one gets some information from a query and then kills the process, will have to dig into it some further later on. This for sure is a function in the helpdesk tool.

ViewClient

Again from the helpdesktool, this gives the client version of a session.

Conclusion

For now I only see the DesktopTask and GatewayAccessUserOrGroup ending up in a function in the vmware.hv.helper. The first one will need some digging on how it exactly works but it has the looks of a usable call. The latter on can be in there pretty fast if I find the time to do so. The other ones

 

Update

Already received some extra information about some calls.

New experimental functions for the vmware.hv.helper on github

While working on my presentation for the 2nd vEUCtechcon event in Utrecht (The Netherlands) on may 28th I have added a list of new functions to the vmware.hv.helper module. While I haven’t had the time yet to clean them up to be proper coded scripts I have decided to already publish them on Github. All of them work but might be missing a feature or two and almost all of them are get-hv* or new-hv* type functions. Since the presentation is all about building an environment I have decided to build the remove parts later on. You might have already seen some screenshots on twitter recently:

Added functions that are not in the official module yet:

  • register-hvvirtualcenter
  • set-hveventdatabase
  • set-hvlicense
  • get-hvlicense
  • new-hvinstantcloneadministrator
  • New-HVRole
  • Get-HVRole
  • Get-HVpermission
  • New-HVPermission
  • Get-HVVirtualcenter
  • Get-HVInstantCloneAdministrator
  • Get-HVPod
  • Set-HVPod
  • Get-HVHomeSite
  • New-HVHomeSite

 

The VMware Labs flings monthly for May 2018

It’s June already, time flies when you are having fun right? This month there have been three new and five updated flings. In the category new there is an ESXi Compatibility checker, DRS Entitlement viewer and the Cellular Module User Space USB Driver on ESXi. In the updated category we have the eternal HTML5 vSphere web client, I/O Analyzer, Desktop WatermarkCross vCenter Workload Migration Utility and last but not least Blockchain on Kubernetes.

ESXi Compatibility Checker

This is a new fling that makes it easier to check if you’re hardware is still supported by VMware. It does require python to be installed.

The ESXi Compatibility Checker is a python script that can validate VMware hardware compatibility and upgrade issues of ESXi.

VMware hardware compatibility and product interoperability need to be validated when new hardware is installed on an existing ESXi or when a VC/ESXi version needs to be upgraded. Unfortunately, it is not a trivial task as the compatibility information is scattered in multiple web pages. The user needs to understand the data and validate them one by one manually. This process is tedious, laborious and often prone to error when done at scale.

This Fling will provide a simple and easy way to collect server and IO device details from ESXi and provide a command line interface to validate their VMware compatibility and upgrade issues. Users no longer need to understand compatibility details or manually compare the dataset to find out compatibility or upgrade issues. The Fling can generate a compatibility report for many ESXi managed by a VC with a simple command.

Changelog

  • first release May 15, 2018 v1.0 – Build 8532763

DRS Entitlement Viewer

This HTML5 client plugin shows entitled resources per VM and resource pool.

DRS Entitlement Viewer is installed as a plugin to the vSphere client. It is currently only supported for the HTML5 based vSphere client. Once installed, it gives the hierarchical view of vCenter DRS cluster inventory with entitled CPU and memory resources for each resource pool and VM in the cluster.

Entitled resources can change with VMs’ resource demand and with the VM’s and resource pool’s reservation, limit and shares (RLS) settings. So, customers can get the current entitlements based on the VMs’ current demand and RLS settings of the VMs and resource pools.

DRS Entitlement Viewer also provides 3 different What-If scenarios,
1. Changing RLS settings of a VM and/or resource pool
2. What-If all the VMs’ resource demand is at 100%
3. Both 1 and 2 happen together

Customers can pick one of the 3 scenarios and can get new entitlements without actually changing RLS settings on the cluster.

Finally, DRS Entitlement Viewer also provides an option to export the new RLS values from a What-If scenario as a vSphere powercli command which customers can execute against their vCenter to apply the new settings.

Changelog

  • First public release May 29, 2018 v1.0.2

Cellular Module User Space USB Driver on ESXi

The Cellular Module User Space USB Driver on ESXi provides you with a driver so you are better able to use a cellular module form ESXi.

IoT is growing rapidly so many users would like to enable ESXi on their IoT devices. Driven by VMware’s virtualization technology, which can help them address some challenges like security issues, fragmentation, multi-tenancy, etc. The reality is that many of those IoT devices have a variety of devices and busses that ESXi does not support. The Cellular Module is one of those devices in the case of IoT. Typically, these devices have to communicate with their own remote management center.

This Fling provides a driver to enable deployment on ESXi on their IoT devices. Note that this driver is running in UserSpace mode. While many widely used IoT Edge Gateways are equipped with a cellular module, ESXi does not have a driver to activate that cellular module. So our cellular module userspace USB driver can enable that hardware module to communicate with a remote cloud server.

Changelog

  • First release May 07, 2018 v1.0

vSphere HTML5 Web Client

The fat client’s already gone, the flash client is on its way out so better get used to the vSphere HTML5 Web Client!

Changelog

Fling 3.38 – Build 8535804

New Features

  • Guest OS User Mappings for VMs
  • Serial port support for VMs
  • Improved search including
    • New redesigned search results page
    • VM search results has filters such as power state, guest os, host, clusters, datacenter
    • Save search

Improvements

  • VM Quick power operations

I/O Analyzer

The I/O Analyzer doesn’t get a lot of updates so you might not have heard of it. Like the names says it’s a very usable tool to test your storage performance.

VMware I/O Analyzer is an integrated framework designed to measure storage performance in a virtual environment and to help diagnose storage performance concerns. I/O Analyzer, supplied as an easy-to-deploy virtual appliance, automates storage performance analysis through a unified interface that can be used to configure and deploy storage tests and view graphical results for those tests. I/O Analyzer can use Iometer to generate synthetic I/O loads or a trace replay tool to deploy real application workloads. It uses the VMware VI SDK to remotely collect storage performance statistics from VMware ESX/ESXi hosts. Standardizing load generation and statistics collection allows users and VMware engineers to have a high level of confidence in the data collected. Please post comments and questions regarding this fling to the I/O Analyzer Community.

Features

  • Integrated framework for storage performance testing
  • Readily deployable virtual appliance
  • Easy configuration and launch of storage I/O tests on one or more hosts
  • Integrated performance results at both guest and host levels
  • Storage I/O trace replay as an additional workload generator
  • Ability to upload storage I/O traces for automatic extraction of vital metrics
  • Graphical visualization of workload metrics and performance results

Changelog

New in version 1.6.2u1

  • Support vSphere 6.5 onward
  • Upgrade to OpenSSL 1.0.2o
  • Hot patch script to live upgrade existing 1.6.2 VMs

Desktop Watermark

Desktop Watermark is a tool that adds a visible or invisible watermark to a VDI Desktop. This can be used for auditing for example.

Changelog

Build 20180510

  • Added support for multiple monitors.

Cross vCenter Workload Migration Utility

I used the Cross vCenter Workload Migration Utility myself this week when I wanted to clone my golden image to the not linked vcenter servers in my lab. Yes it can also clone besides just moving the servers. I might end up putting up a seperate blog post about this.

Changelog

Version 2.0, May 4, 2018

  • Added support to select individual host as the placement target
  • Added support for migrating VMs with shared datastore
  • Added clone functionality in addition to relocate
  • Added resource summary details for placement targets
  • Added a prompt to verify site thumbprint during SSL verification
  • Added a link to refresh vm list in the inventory view
  • Updated REST APIs to add operation type parameter

Blockchain on Kubernetes

Not a blockchain person myself (yet) but this is the former Blockchain on vSphere fling that has been renamed to Blockchain on Kubernetes

Blockchain is an emerging technology which has been gaining traction globally throughout the past few years. Industries like finance, logistics, and IoT are actively working on research and pilot projects using blockchain.

Fabric is a sub project under Hyperledger (a LinuxFoundation project), it is probably the most mature blockchain solution available now for business use cases.

The mission of Blockchain on Kubernetes (formerly named Blockchain on vSphere) is to provide an end-to-end blockchain solution, from IaaS, to Blockchain platform and Blockchain applications. It allows organizations to quickly collaborate and evaluate the new business models and processes by using the decentralized blockchain technology.

By using BoK, blockchain developers can use BoK command line tool or a GUI tool provided by BoK PCF Tile to quickly set up an environment to build and test their blockchain applications.

Changelog

May 3 2018, BoK 2.0

  • Provide a new PCF Ops Manager Tile to deploy Hyperledger Fabric. It supports creating Kubernetes cluster via PKS Tile and deploy Hyperledger Fabric in the Kubernetes cluster.
  • Add a central config file bok.yml to specify all BoK configuration. No more manual code change is needed.
  • Support kafka as consensus mode.
  • Other enhancement for stability.
  • Verified against Kubernetes 1.9.7.

Registering an Instantclone administrator using PowerCLI

Another question Sean Massey asked me if it is possible to register an instant clone domain administrator. This is possible using the instantcloneenginedomainadministrator service with the InstantCloneEngineDomainAdministrator_create method. This needs a spec with the following content:

  • spec (vmware.hv.InstantCloneEngineDomainAdministratorSpec)
    • base (vmware.hv.InstantCloneEngineDomainAdministratorBase)
      • username (string)
      • domain (domainid)
      • password(vmware.hv.securestring)

The password can be created using the same scriptlet I used to register a new vCenter server. The domain ID can actually be gotten by listing all domains using

For now I have created a scripts that requires you to give some details so it can register the instant clone domain administrator. It can also be found on Github but I will also definitively add it to the vmware.hv.helper module.

Honoured to be named VMware EUC Champion 2018

You might have seen the announcement on the VMware EUC blog, Twitter or the new EUC Champions page already but I have been named one of the VMware End-User Computing (EUC) Champions for 2018. It is an honour to be awarded this status that only a select few receive each year. For me it feels like a true recognition for the work I have been doing with the Horizon API’s and my activity in the broader (EUC) vCommunity.

What is the EUC Champions Program?

EUC Champions is an experts-only program designed to provide a forum where the end-user computing community and VMware EUC product groups come together and share new product information and ideas through in-person meetings, networking events, industry conferences and webinars. This interaction helps ensure VMware EUC experts receive the most up-to-date information, and VMware product teams hear from industry veterans.

Thought leadership is easier said than done. It takes hard work and an ear to the ground to stay on top of industry trends. Many of our 2018 VMware EUC Champions have been thought leaders for decades, while others are rapidly becoming the go-to experts in their respective area. Whether new or returning, this year’s champions are among the ranks of end-user computing experts, who have done the work, made the commitment and signed up for more of the same in 2018.

What are the requirements to become an EUC Champion?

Not everyone is cut out to be an EUC Champion. It takes deep VMware EUC product expertise, an ability to write about it, a willingness to voice your opinion and the talent to clearly and concisely communicate ideas. EUC Champions are respected by their peers and, most importantly, are respectful of others.

Specifically, we look for candidates that meet the following criteria:

  • Member of the vExpert Program
  • Recognized EUC expert
  • Well regarded member of the greater EUC community
  • Recommended group member

Who are the 2018 EUC Champions?

On the new page there is a nice overview of all 34 EUC Champions

https://www.vmware.com/euc-champions/current-champions.html

Pulling horizon session information using PowerCLI

I should’ve already posted a blog about this but better late then never. At the end of february I posted about several new functions being added to the vmware.hv.helper and two out of three where about pulling session information. Recently I received some questions about using those since it’s the raw data being returned. For my Dutch vmug presentation I used several gif’s that showed what you can do with that data. I might need to update the cmdlets so all information will be shown at once but that’s for another time since it might slow down the cmdlet a lot and I don’t like that.

Usage

Since get-hvglobalsession and get-hvlocalsession show almost similar data I will only show the latter one.

As you see this only shows the methods contained inside the session. We can show the content by pipelining it to  select-object -expandproperty but I prefer the bracket method since these might go several layers deep.

Some of the returned values are logical like the username, machineorrdsservername. The desktop name though is the actual desktop pool the user is connected to. Desktoptype can be Automated, Manual or RDS depending on the type of desktop and Desktopsource can be Virtual_Center (VM’s hosted on vCenter but not managed by Horizon or Full Clone desktops), View_Composer(when using Linked Clones), Instant_Clone_engine (when using Instant Clones), Unmanaged (physical machines, non-vCenter vm’s) or RDS (Terminal Servers). Farmname will be used when it’s an RDS session. The Securitygateway will show the Connection Server the user connected to or the UAG/Security server used.

the same can be done with referencedata and sessiondata

Not a lot of directly usefull information but a bunch of id’s that you might be able to use with the api’s if needed.

A lot of information about the session itself.

The actual code

The get-hvglobalsession actually is a query repeated for all pods. First it connects to the query service and then creates a query to run against each pod and add that to a sessionlist.

The get-hvlocalsession is almost the same, it just doesn’t need to foreach since it doesn’t have multiple pods to query.

In both there is a do while because otherwise it will run into some restrictions about maximum amount of data to return.

The VMware Labs flings monthly for April 2018

It’s been a rather quiet month on the VMware flings front. No wonder with the vSphere 6.7 and other releases this month. Did you already test them? I have to say like vSphere 6.7 but it’s consider the numbering good as well, it wouldn’t have fit to be a 7.* release. One new fling with the PowerCLI for NSX-T Preview, two updated ones with the vSphere HTML5 Web Client and Cross vCenter VM Mobility – CLI. Another fling has gone GA in vSphere 6.7: VMFork for pyVmomi.

PowerCLI Preview for NSX-T

The one thing lacking for NSX-T was PowerCLI availability, this is solved with the release of the PowerCLI Preview for NSX-T fling. Please be aware that the fling still contains bugs and might even be considered an alpha release.

Cross vCenter VM Mobility – CLI

Cross vCenter VM Mobility – CLI is the go to tool when you want to move vm’s between vCenter servers and don’t want to use the GUI fling. The versioning is a bit weird since we already had 1.6 and now they released 1.6.0.

Version 1.6.0

  • Relocate is failing with validation error “cln is missing”.

vSphere HTML5 Web Client

Not sure what exact version of the html5 web client went into the vSphere 6.7 release but here you can find an overview of the functionality, don’t mind the url because the text clearly states it’s for 6.7. If you want an even more updated version or want to get used to it in vSphere 6.* then use the fling.

Fling 3.37 – Build 8313530

New Features

  • Add VM vApp option properties read-only view
  • SRIOV networking in clone wizard customize HW page

Improvements

  • Prevent the user from creating a GOSc spec with no specified timezone
  • Resize the migrate wizard to use the largest possible size based on VMware Clarity design standards

Bug Fixes

  • Drag and Drop VM to folder

 

 

Added functions in vmware.hv.helper

Last Saturday I created a pull request to add some new functionality to the VMware.hv.helper. Together with an older PR that was still open it received an okay on Sunday. This is a list of the functionality I have added:

  • Get-HVHealth
    • Shows the health information for the following services:
      • ADDomain
      • CertificateSSOConnector
      • ConnectionServer,EventDatabase
      • SAMLAuthenticator
      • SecurityServer
      • ViewComposer
      • VirtualCenter
      • Pod
  • new-hvpodfederation
    • Initiates the Cloud Pod Architecture.
  • remove-hvpodfederation
    • Uninitiates the Cloud Pod Architecture.
  • get-hvpodfederation
    • Shows information about the Cloud Pod Architecture.
  • register-hvpod
    • Registers a new pod in the Cloud Pod Architecture.
  • unregister-hvpod
    • Removes a pod from the Cloud Pod Architecture. This can either be gracefully or forced.
  • set-hvpodfederation
    • Sets the name of the Cloud Pod Architecture.
  • get-hvsite
    • Retrieves information about all sites in the Cloud Pod Architecture.
  • new-hvsite
    • Creates a new site in the Cloud Pod Architecture.
  • set-hvsite
    • Sets site properties within the Cloud Pod Architecture.
  • remove-hvsite
    • Removes a site from the Cloud Pod Architecture.

The next functionality on my list is to put the pod service methods from this previous post into functions.

Initiating and managing the Podfederation in a Horizon Cloud Pod Architecture using PowerCLI & API’s

One of the new cmdlets for the vmware.hv.helper that I am currently working on is initiating the Cloud Pod Architecture (CPA) and more actions related to this. This blog post will show the basics about initiating, and joining a CPA using the API’s. Doing things with site’s within the CPA will be covered in a later blogpost.

If we look at the services available in the Horizon API’s you’ll see that podfederation is one of them, let’s take a look at that and what method’s are available.

So we can Eject, Get, Initialize, Join, Unintialize, Unjoin and update a podfederation. If we look at the brackets behind the methods than (un)initializing and unjoin don’t need any extra info so let’s get ahead and initialize the podfederation. To show you there’s nothing there yet I made a screenshot of the admin interface.

Initialize the podfederation

Now to initiate the podfederation

And if you are quick enough in switching to the admin interface will also still show it initializing

Get information about the federation

With podfederation_get() we can grab the configuration information.

Not a lot of information but there isn’t a lot more anyway in the podfederation itself.

Join a federation

I have another pod that I want to join to this federation since we’ve already seen that this needs some more input let’s check what it exactly needs.

So we need a remotepod address, presumable one of the connection servers in that pod will be enough, a username where domain\username will do just like in the admin console and a password of the type vmware.hv.securestring. The last one was new for me but thankfully it was described in one of the examples in the api explorer (https://code.vmware.com/apis/75/view and click on Data Object Types).

With this it’s easy to add the local pod to the podfederation

And again if you are fast enough this is also visible in the admin console

And now a get will also show that it has been enabled

Unjoining a Podfederation

If you are braking down a pod because of whatever reason the best way to do this is to unjoin the pod from the federation. As we saw before there’s no extra information need so you just need to connect to a connection server in that pod and do an unjoin.

this is really fast so over several tries I did not succeed in making a screenshot of the admin console.

Ejecting a pod

This is the only podfederation function not available through the admin console as far as I could see. Ejecting a pod for is for me a last option if a datacenter burned down, everything is gone and you want to get rid of the pod. I did it in my lab against an alive pod and had to uninitialize the (now unlinked) podfederation from that pod to be able to rejoin it to the correct pod. This method also requires some input so let’s see what that is.

So we need the podid of the pod to eject, this information can be get trough the pod service

I want to eject the pod from pod2cbr1

and with $pod I can check if I have the correct one

So let’s serve the eviction notice to the pod.

No feedback, nothing but if we check the pod list it’s gone.

I will show how to remove the remnants in the uninitialize chapter.

Updating a Pod Federation

This one sounds bigger then it is since there’s only one thing that we can update in a federation. To do this it is better to use the helper service then to use the podfederation_update method since that can get complicated very fast sometimes. To use the helper service we will need to create some variables first

and when we do a get method on it

After some trial and error I know we need to getdatahelper method to continue

This only show the updates that are currently in the queue to be applied with a get method it’s possible to see what can be set.

What we need to look for is a set so the only options here are setdisplayname that needs a string value and setupdates that needs a load of information and that probably might also be a way to do it but I will use the setdisplayname.

This will give no feedback and nothing will be changed yet, what needs to be done is to apply this update in the helper service to the service.

and if you now do a get on the podfederation it will show the changed name.

Uninitializing a Podfederation

To show the pod uninitialization step I will use the pod that I have ejected from the podfederation pod2cbr1. It is clear that it is a bit wonky if we look at the pod list from that connection server.

So it knows about the pod federation but doesn’t see itself in it anymore.

This is again a fast one so I couldn’t get it visible in the admin console but when checking the data from a get it shows it has been disabled.

Looking from the other pod it still shows the Podfederation as enabled.

No github scripts this time since I will be adding this functionality into the vmware.hv.helper module.

Remove desktop assignment

In this blogpost I showed how to assign a certain vdi machine to a user. This has been made easier since in the vmware.hv.helper module. These days we can use this:

This week I got the logical question from Brandon Smith in the comments about removing the assignment. First I need to re-assign the desktop (I have been building a VMUG presentation about PowerCLI & Horizon view so things got messed up)

the result:

Now what need to be done is setting the base.user to $null. I am going to do this by connecting to the machine service and utilize the machinehelper to update the userdata.

We now need to connect to the machinehelper by doing a read on the machineservice. $machineservice.read will give us the info we need to be able to do this.

From this it becomes clear that we will need the services service and the machineid we want to edit. First let’s put the machine id into a variable.

Now I will read the properties of this machineid and put this into the $machineinfohelper variable

Since I know the user property is under the base we will need to get the base first and then set the user. This done by doing getbasehelper() on the machineinfohelper and then do .setuser(user) on that but let’s see what’s under the getbasehelper first.

A lot of information but as said the one we need is setuser. To assign a desktop we will need to set this to a userorgroupid value (and that is what the vmware.hv.helper cmdlet does). To clear it we will need to set it to $null.

At this point no changes have been made yet! We will need to apply this update first.

And if we look at the horizon console the entitlement has been removed.

And the complete script:

As usual the script can be found on github.