[HorizonAPI] Creating Entitlements

So last week I created a blog about gathering Horizon entitlements using the api’s. At the end I promised that my next blog post would be about creating entitlements and guess what: that’s this post 🙂

First a short explanation about what UserEntitlements actually are in Horizon. When you pull the entitlement info the base property has the needed information.

So in short an entitlement is a link between the userorgroup object id and a resource object id. The resource object can be: Application, Desktop, Global Application Entitlement, Global Desktop Entitlement and URLRedirection.

Let’s first grab the id’s that we need, I use 2 queries for that bur first I put the names of the group and the desktop in variables:

$groupname = "example_group"
$poolname = "pod01_pool01"

Than I create two objects called $group and $pool using queries.

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'ADUserOrGroupSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='base.name'; 'value' = "$groupname"}
$group= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'DesktopSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='desktopSummaryData.displayName'; 'value' = "$Poolname"}
$pool= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

Next we create the object to link them together.

$userentitlement= new-object VMware.Hv.UserEntitlementBase
$userentitlement.UserOrGroup = $group.id
$userentitlement.Resource = $pool.id

And we create the actual entitlement, since the output we get from this is the id of the entitlement object I store this in a variable to show you the entitlement in the next step.

and to show the entitlement

($hvservice.UserEntitlement.UserEntitlement_Get($newentitlement)).base

If you want to create entitlements for other resource you’ll need to use the either of the following to build your query:

Name Data object property to filter on
Application ApplicationInfo data.displayName
Desktop DesktopSummaryView DesktopSummaryData.displayName
Global Application Entitlement GlobalApplicationEntitlementInfo base.displayName
Global Desktop Entitlement GlobalEntitlementInfo base.displayName

There is no query for the URLRedirection so you’ll need to use URLRedirection.URLRedirection_List() to get the entire list and select the right one from that.

This is a complete example script that you could use to create a desktop entitlement:

Import-Module VMware.VimAutomation.HorizonView
Import-Module VMware.VimAutomation.Core

$cs = 'pod1cbr1.loft.lab'
$groupname = "example_group"
$poolname = "pod01_pool01"

$hvServer = Connect-HVServer -Server $cs 

$HVService= $hvServer1.ExtensionData

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'ADUserOrGroupSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='base.name'; 'value' = "$groupname"}
$group= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'DesktopSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='desktopSummaryData.displayName'; 'value' = "$Poolname"}
$pool= ($queryService.queryService_create($HVService, $defn)).results
$queryService.QueryService_DeleteAll($HVService)

$userentitlement= new-object VMware.Hv.UserEntitlementBase
$userentitlement.UserOrGroup = $group.id
$userentitlement.Resource = $pool.id
$hvservice.UserEntitlement.UserEntitlement_Create($userentitlement)

[HorizonAPI] Pulling entitlement information using the api’s

Somehow I have never really blogged about using the Horizon api’s to gather entitlement data. These are actually stored in entitlement objects and we can find them using a query against either the EntitledUserOrGroupLocalSummaryView or EntitledUserOrGroupGlobalSummaryView objects. Let’s start with the local variety.

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EntitledUserOrGroupLocalSummaryView'
$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$queryService.QueryService_DeleteAll($HVservice)
$queryresults

So we have some property’s and the ID is the easiest one to use since it’s of the VMware.Hv.UserOrGroupId type that we can resolve using aduserorgroup.aduserorgroup_GetInfos(arrayofids)

$hvservice.ADUserOrGroup.ADUserOrGroup_GetInfos($queryResults.id)

and the name is visible using base.displayname

($hvservice.ADUserOrGroup.ADUserOrGroup_GetInfos($queryResults.id)).base.displayname

$

Yes that’s me making a typo, try to talk to me on Slack. I hardly type anything without typo’s. Back to the $queryresults because there’s an easier way to get the group or username because it’s listed under the base property.

$queryresults.base

or

So we now have the group or username now we need to find what they have been entitled to, this information is stored under localdata.

$queryresults.localdata

The Applications and Desktops properties contain the ids where the users have rights to so if we use Desktop.Desktop_GetSummaryViews or Application_GetSummaryViews we end up with the relevant data. I have opened the summarydata for both to make things more visible.

($hvservice.Desktop.Desktop_GetSummaryViews($queryResults.localdata.desktops)).desktopsummarydata
($hvservice.Application.Application_GetSummaryViews($queryResults.localdata.applications)).applicationsummarydata

To create a nice overview of this I have created a small script

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EntitledUserOrGroupLocalSummaryView'
$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$queryService.QueryService_DeleteAll($HVservice)
[email protected]()
foreach ($queryresult in $queryresults){
    $userorgroupname = $queryresult.base.displayname
    $group = $queryresult.base.group
    [email protected]()
    if ($queryresult.localdata.desktops){
        foreach ($desktop in $queryresult.localdata.desktops){
            $desktops+=($hvservice.desktop.desktop_get($desktop)).base.name
        }
    }
    [email protected]()
    if ($queryresult.localdata.applications){
        foreach ($application in $queryresult.localdata.applications){
            $applications+=($hvservice.application.application_get($application)).data.name
        }
    }
    $entitlements+=New-Object PSObject -Property @{
        "Name" = $userorgroupname;
        "group" = $group;
        "desktops" = $desktops;
        "applications" = $applications;
    }
}
$entitlements | select-object Name,group,desktops,applications

as you can see user1 is the lucky SoB that I test everything on.

The difference with global entitlements is that the localdata property is replaced bij globaldata.

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EntitledUserOrGroupGlobalSummaryView'
$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$queryService.QueryService_DeleteAll($HVservice)
$queryresults

And the entitlements are named a bit different

$queryresults.globaldata

To rebuild the script for global entitlements it needed a bit of tinkering but here it is

$queryService = New-Object VMware.Hv.QueryServiceService
$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'EntitledUserOrGroupGlobalSummaryView'
$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$queryService.QueryService_DeleteAll($HVservice)
[email protected]()
foreach ($queryresult in $queryresults){
    $userorgroupname = $queryresult.base.displayname
    $group = $queryresult.base.group
    [email protected]()
    if ($queryresult.globaldata.GlobalEntitlements){
        foreach ($desktop in $queryresult.globaldata.GlobalEntitlements){
            $desktops+=($hvservice.GlobalEntitlement.GlobalEntitlement_Get($desktop)).base.displayname
        }
    }
    [email protected]()
    if ($queryresult.globaldata.GlobalApplicationEntitlements){
        foreach ($application in $queryresult.globaldata.GlobalApplicationEntitlements){
            $applications+=($hvservice.GlobalApplicationEntitlement.GlobalApplicationEntitlement_Get($application)).base.displayname
        }
    }
    $entitlements+=New-Object PSObject -Property @{
        "Name" = $userorgroupname;
        "group" = $group;
        "desktops" = $desktops;
        "applications" = $applications;
    }
}
$entitlements | select-object Name,group,desktops,applications

So here you have the ways to retrieve information about entitlements, locally and globally. Next post will be about creating entitlements.

The VMware Labs flings monthly for January 2020

Here we go again with the new and updated flings for January 2020. It’s been a busy month for me including a visit to Israel but more on that in a future blog post. There have been three new releases in January with the App Volumes Migration Utility, vSphere Software Asset Management and Power vRA Cloud. No less than six received updates: DRS Dump Insight, Horizon Reach, Cross vCenter Workload Migration Utility, vCenter Event Broker Appliance, vSphere Mobile Client and the one and only VMware OS Optimization Tool.

New Releases

App Volumes Migration Utility

The App Volumes Migration Utility has been build to migrate App Volumes 2.18 app stacks to the brand new App Volumes 4 format.

App Volumes Migration Utility allows to migrate appstacks, which are managed by VMware App Volumes 2.18, to the new appstack format of VMware App Volumes 4.0. The format of appstacks in VMware App Volumes 4.0 have changed in order to provide improved login to desktops among many other features. This utility addresses the migration of appstacks so that applications don’t have to be provisioned again after upgrading to VMware App Volumes 4.0.

vSphere Software Asset Management Tool

The vSphere Software Asset Management Tool gives the user insight into license usage of and vSphere environment version 5.5 and up.

The vSphere Software Asset Management (vSAM) is a tool that collects and summarizes vSphere product deployment information. It calls on vSphere APIs for deployment data and produces a PDF report that the customer can consult as a part of their infrastructure review and planning process. This lightweight Java application runs on Windows, Linux or Mac OS.

Features

  • Support both vCenter Server cluster and Standalone ESXi host with a version of vSphere 5.5, 6.X or newer.
  • Generate comprehensive report from various aspects:
    • High-level product deployment summary
    • Product deployment report by targets (standalone ESXi or VC cluster)
    • High level license key usage report
    • License key usage by targets
  • Provide Software Asset Management suggestions on:
    • Evaluation license warning
    • License term
      • Pre-expiration 90 days warning
      • Expiration alert
    • License capacity
      • Potential capacity waste warning based on customized threshold
      • Potential capacity shortage warning based on customized threshold
      • Capacity over-use alert
    • Product support
      • End of General Support info
      • General Support pre-expiration 90 days warning
      • Unsupported product alert
    • Protect customer sensitive information by:
      • Collecting minimal set of information relative with Software Asset Management
      • Masking sensitive info in the report
      • Supporting encryption of raw data file
  • Support merging multi reports into one report
  • Support English and Chinese report
  • Support customization of report

Power vRA Cloud

Power vRA Cloud is a PowerShell module that abstracts the VMware vRealize Automation Cloud APIs to a set of easily used PowerShell functions. This tool provides a comprehensive command line environment for managing your VMware vRealize Automation Cloud environment.

This module is not supported by VMware and comes with no warranties expressed or implied. Please test and validate its functionality before using this product in a production environment.

Updated Flings

DRS Dump Insight

The DRS Dump Insight flings gives an explanation why in the bloody hell a VM was moved from one host to the other.

Changelog

Version 1.1

  • Users can now upload multiple dumps as a folder.
  • Creates a vMotion timeline based on the dumps uploaded, users can navigate through multiple dump analysis.
  • Users can export multiple dump analysis as a PDF at once.
  • Added support to 65u2, 65u3 and 67u3 dumps.
  • Bug fixes and backend improvements

Horizon Reach

I have said this before but Horizon Reach is awesome and gives you an proper overview over all pod’s in an Horizon Cloud Pod setup.

Changelog

Version 1.0.1 brings vCenter performance data along with a myriad of bugfixes!

New Features

  • Gauges, gauges everywhere.
  • Search field! for those huge customers who hate to dig.
  • vCenter performance statistics will now be captured for Pods running version 7.8 or better.
  • vCenter RAM, CPU, sesions and Datastore Usage have all been added to the historical data views.
  • Datastore usage is now calculated only for datastores used by pools or farms.
  • New layouts for Pools, Farms, Pods, Vcenters etc..
  • RDSH Servers load is now correctly measured and a new view is available.
  • Page headers look much better.
  • vCenters now have the pod name listed.
  • Added support for nested groups and some additional LDAP logging on startup.
  • Added the ability to modify a connection rather than just add and delete.
  • Side nav will now collapse if screen space is low.
  • Don’t use internet explorer, friends don’t let friends do that, I’ve added a warning too.
  • Further logging enabled for LDAP integration including a self test on service start.
  • LDAP now supports nested groups.
  • Events view has been deprecated due to a thread exhaustion issue on the server side.

Bug Fixes

  • Farm usage is now accurate, wow that was broken!
  • Many cast errors were found and dealt with.
  • Problem machines now correctly display the vCenter.
  • Fixed a health score bug in the page header.
  • Fixed a problem machines bug in pools and farms.
  • Fixed a bug in pod numbers calculation.
  • Improved the speed of database enumeration of sites and pods.
  • Fixed a bug in global application entitlements where the lack of shortcuts would cause the UI to freak out.
  • Fixed a bug in Datastore usage where it was reporting the wrong value.
  • Fixed a bug where Reach sessions may not be logged off correctly during polling.
  • Fixed a bug where applications were being requested for each farm multiple times.
  • Fixed a bug where pod health would be called twice for no reason.

Cross vCenter Workload Migration Utility

The Cross vCenter Workload Migration Utility helps in moving vm’s between vCenter servers even if they are not connected.

Changelog

Version 3.1, January 22, 2020

  • Support for disk format conversion between Thick (Lazy Zeroed), Thick (Eager Zeroed) and Thin provisioning
  • Support for VM rename pattern for Clone operation
  • Fixed duplicated network selection when performing bulk migration
  • Fixed startup failure when a new home vCenter is specified as a command line argument

vCenter Event Broker Appliance

Sadly there is no real changelog available but just a tweet for the vCenter Event Broker Appliance, a tool that helps the user to create their own events inside vCenter.

Changelog?

Features:

  • Setup no longer require Internet
  • NTP & Proxy Support

vSphere Mobile Client

If you think your Smartphone screen is big enough to manage vSphere the vSphere Mobile Client will help you in that.

Changelog

Version 1.9.1

Features:

  • Added host shutdown quick action

Bug fixes:

  • Fixed an issue where the app would crash when using face ID authentication (iOS)
  • Fixed an issue in the VM card (reversed icons for Windows and Linux)

Version 1.9.0

New features:

  • Ability to save information around a vCenter server (address/username)
  • Use FaceId/Fingerprint recognition to login to a vCenter server

Bug fixes:

  • Do not make first letter uppercase on input fields on the login form
  • Better compatibility with auto-complete applications on the login form

VMware OS Optimization Tool

The one, the only and the real VMware OS Optimization Tool. Simply the best tool out there to optimize your windows image.

Changelog

January, 2020, b1140

Includes various bug fixes.

Optimize Results

  • A new button has been added to the results page that displays once an optimization job has completed. This Export button allows you to save the results page as an HTML file.

Generalize

  • New option and button that simplifies the task of running Sysprep using a standard answer file. You can edit the provided answer file before running Sysprep with it.

Finalize

  • New option and button to automate many common tasks that are typically run as a last step before you shut down Windows to use the VM in Horizon. These include the system clean up tasks (NGEN, DISM, Compact and disk clean up) that were previously provided in the Common Options dialog. This also includes clearing event logs, KMS information and releasing the IP address.

Common Options

  • System clean up tasks have been removed from the common options so will now not run during optimize but instead should be run as part of the Finalize process.
    New tab for Security options. This allows for the quick selection of common settings that might need to be left enabled depending on the security requirements. This offers control over Bitlocker, Firewall, Windows Defender, SmartScreen, HVCI.

Command Line

  • Added command line parameter to allow the tool to run without applying optimizations. This is part of the -o parameter called none that then allows you to run things like the system cleanup tasks (NGEM DISM, etc.) without also having to optimize at the same time.
  • VMwareOSOptimizationTool.exe -o none -t template -systemcleanup 0 1 2 3 WebCache
  • Changed default to not disable Webcache. In testing this was shown to break Edge and IE browsers ability to download and save files. The settings are still available in the Windows 10 templates if you want to disable Webcache.

Guides

  • Updated OSOT user guide: VMware Operating System Optimization Tool Guide.
  • Updated Creating an Optimized Windows Image for a VMware Horizon Virtual Desktop guide coming soon.

[HorizonAPI] Configuring the Horizon event database in code

Last week Mark Brookfield asked the question if it is possible to configure the event database in code. My answer was that I thought it should be possible until Stephen Jesse pointed me to the the vmware.hv.helper where there is the set-hveventdatabase cmdlet for this. When looking at the code I noticed something familiar:

.NOTES
Author                      : Wouter Kursten
Author email                : [email protected]
Version                     : 1.0

===Tested Against Environment====
Horizon View Server Version : 7.4
PowerCLI Version            : PowerCLI 10
PowerShell Version          : 5.0

So that’s why I knew it was possible! A good reason to create a quick blogpost though. Mark made a nice script for himself with variables and all those fancy things but I just want to quickly show how you can do it.

$hvedbpw=read-host -AsSecureString
$temppw=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($hvedbpw)
$PlainevdbPassword=[System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$dbupassword=New-Object VMware.Hv.SecureString
$enc=[system.Text.Encoding]::UTF8
$dbupassword.Utf8String=$enc.GetBytes($PlainevdbPassword)
$eventservice=new-object vmware.hv.eventdatabaseservice
$eventservicehelper=$eventservice.getEventDatabaseInfoHelper()
$eventsettings=new-object VMware.Hv.EventDatabaseEventSettings
$eventdatabase=new-object VMware.Hv.EventDatabaseSettings
$eventsettings.ShowEventsForTime="TWO_WEEKS"
$eventsettings.ClassifyEventsAsNewForDays=2
$eventdatabase.Server="labsql01.magneet.lab"
$eventdatabase.type="SQLSERVER"
$eventdatabase.port=1433
$eventdatabase.name="pod1_events"
$eventdatabase.username="sa_view"
$eventdatabase.password=$dbupassword
$eventservicehelper.setDatabase($eventdatabase)
$eventservicehelper.setsettings($eventsettings)
$eventservice.update($hvservice,$eventservicehelper)

The first three line make it possible to not use a plaintext password. If you don’t care about that you can remove those and declare something for $plainevdbpassword.

For the $eventsettings.ShowEventsForTime for time there are several options (same as in the gui) these are:

ONE_WEEK,TWO_WEEKS,THREE_WEEKS,ONE_MONTH,TWO_MONTHS,THREE_MONTHS,SIX_MONTHS
Yes, they are all in capitals!

To show how this works I will first clear the current database.

$hvservice.EventDatabase.EventDatabase_Clear()
$hvservice.EventDatabase.EventDatabase_Get()

Yes this is one of those exceptions where a service_get doesn’t need an id.

Now I run the script with a new _get to show the results.

If you are interested in the details:

The VMware Labs flings monthly for September 2019

And yet another month gone, next week I will be in Kopenhagen for Nutanix .Next and the month after that I will be speaking at VMworld Barcelona. Will I see you at either of these two events? Last month one new fling was released:  Kubernetes eXtensible Desktop Client (KXDC) , seven received updates: App Volumes Entitlement Sync, vSphere HTML5 Web Client, DoD Security Technical Implementation Guide(STIG) ESXi VIB, VMware OS Optimization Tool, vSphere Mobile Client, Workspace One UEM Workload Migration Tool, USB Network Native Driver for ESXi and one was marked deprecated: VIB Author.

New releases

Kubernetes eXtensible Desktop Client (KXDC)

The Kubernetes eXtensible Desktop Client (KXDC) is a simple and multi-platform desktop client for Kubernetes (K8S). In the same way the kubectl command requires only a valid kubeconfig file to run commands against a K8S cluster, KXDC requires you just to configure one or more valid kubeconfig files to interact with one or more K8S clusters.

Main features:

  • Support for multiple kubeconfig files.
  • UI-driven interaction with the most frequently used K8S entities.
  • One-click terminal with the proper KUBECONFIG env variable set.
  • Generation of custom kubeconfig files for a given namespace.
  • Highlight sustainability and security-related data.

Updated flings

App Volumes Entitlement Sync

The App Volumes Entitlement Sync fling will read, sync and compare entitlements between various App Volumes instances.

Changelog

Version 2.2

  • Ignore Extra AppStacks on Primary or Secondary Server – these would cause compare to crash
  • Export Primary or Secondary Server Entitlements to XML

vSphere HTML5 Web Client

Do you want to have the latest version of the html5 client? Than you need the vSphere HTML5 Web Client fling!

Changelog

Fling 4.3.0 – Build 14483008
New Features

  • Ability to customize the header color per vCenter to differentiate vCenter servers. Go to Administration -> System Configuration and select the vCenter for which you want to change the header color. If you have more than one vCenter server in linked mode, you can change the color for each of the vCenter servers

Bug fixes

  • Upload OVF files to Content Library

Release Notes

  • vSphere Perspective Management has been removed

DoD Security Technical Implementation Guide(STIG) ESXi VIB

The DoD Security Technical Implementation Guide(STIG) ESXi VIB fling helps in hardening your vSphere environment.

Changelog

Update September 2019

  • New ESXi 6.7 STIG VIB release
  • Updated sshd_config file. Removed protocol 2 setting as it is deprecated. Added “FipsMode yes” setting. Updated Ciphers and MACs for newer version of OpenSSH
  • Removed /etc/issue and /etc/pam.d/passwd files from VIB as those settings can be set via advanced settings now
  • Note – This VIB is based on draft STIG content! It is recommended to use this over the previous 6.5-7 STIG VIB

VMware OS Optimization Tool

The VMware OS Optimization Tool or OSOT in short is one of the best tools around to optimize your VDI image before publishing a desktop or rds host.

Changelog

September, 2019, b1110

  • New Common Options button – Allows you to quickly choose and set preferences to control common functionality. These would normally involve configuring multiple individual settings but can now be done with a single selection through this new interface
  • Split Windows 10 into two templates to better handle the differences between the versions; one for 1507-1803 and one for 1809-1909
  • Improved and new optimizations for Windows 10, especially for 1809 to 1909.

Updated and changed template settings for newer Windows 10 versions to cope with changes in the OS, registry keys and functionality:

  • Move items from mandatory user and current user to default user
  • Add 34 new items for group policies related to OneDrive, Microsoft Edge, privacy, Windows Update, Notification, Diagnostics
  • Add 6 items in group of Disable Services
  • Add 1 item in group of Disable Scheduled Tasks
  • Add 1 item in group of Apply HKEY_USERS\temp Settings to Registry
  • Add 2 items in group of Apply HKLM Settings
  • Removing Windows built-in apps is now simplified. Removes all built-in apps except the Windows Store.

Numerous bug and error fixes:

  • Reset view after saving customized template
  • Unavailable links in reference tab
  • Windows Store is unavailable after optimizing
  • Start menu may delay after optimizing
  • VMware Tools stops running after optimizing
  • Analysis Summary Graph is cropped

vSphere Mobile Client

Personally I think a phone screen is too small but this was one of the most asked questions the last few years: when can we manage vSphere from our phones? Well now you can with the vSphere Mobile Client fling.

Changelog

Version 1.5.0

New features

  • Direct connections to the ESXi hosts are now supported
  • Host can now be put in maintenance mode

Improvements

  • Going back from the details pages would not refresh the VM list
  • Improvements to how we indicate the user is in focused mode
  • Cluster card now shows issues, DRS, HA and number of vMotion events
  • Host card now shows issues, number of VMs, uptime and connection status

Bug Fixes

  • Removing a bookmark when in focused mode removes the item from the list too

Workspace One UEM Workload Migration Tool

With the Workspace One UEM Workload Migration Tool it’s easy to move devies and applications between WS One UEM environments.

Changelog

Version 2.0.0

  • Baseline Migration Support
  • MacOS application
  • UI refactoring to make bulk migrations easier
  • Added support for script detection with Win32 applications

USB Network Native Driver for ESXi

For the USB Network Native Driver for ESXi fling we need to thank WIlliam Lam I guess. For me it at least seems like he is the driving factor behind this fling.

Changelog

September 27, 2019 – v1.2

  • Added support for Aquantia Multi-Gig (1G/2.5G/5G) USB network adapter (see Requirements page for more details)
  • Added support for Auto Speed/Connection detection for RTL8153/RTL8152 chipsets

ESXi670-VMKUSB-NIC-FLING-28903484-offline_bundle-14722970.zip
ESXi650-VMKUSB-NIC-FLING-28903792-offline_bundle-14722993.zip

The VMware Labs flings monthly for August 2019

It’s been a bit quiet on the fling front with VMworld US happening. None the less there have been two new releases and three updates. New releases are the vSAN Performance monitor and Enterprise OpenShift as a Service on Cloud Automation Services flings. Updated where the vSphere Mobile Client, vRealize Operations REST Notifications Helper and Virtual Machine Compute Optimizer.

New Releases

vSAN Performance Monitor

The vSAN performance monitor is a monitoring and visualization tool based on vSAN Performance metrics. It will collect vSAN Performance and other metrics periodically from the clusters configured. The data collected is visualized in a more efficient and user-friendly way. The vSAN performance monitor comes with preconfigured dashboards which will help customers evaluate the performance of vSAN clusters, identify and diagnose problems, and understand current and future bottlenecks. The dashboards are heavily inspired by vSAN Observer.

The vSAN performance monitor is delivered in a virtual appliance with three major components, i.e., a Telegraf collector, InfluxDB, and a Grafana frontend.

  • Telegraf: Telegraf is the agent that collects metrics from vSAN cluster and stores them in InfluxDB.
  • InfluxDB: InfluxDB is the database to store the metrics
  • Grafana: We use Grafana as the frontend to virtualize the metrics stored in the InfluxDB

Once deployed, users will need to do some simple configuration changes to point the collector to target vSAN cluster(s) and start the service. After that, the data will be collected periodically and can be visualized for meaningful insights.

Enterprise OpenShift as a Service on Cloud Automation Services

This Fling enables a cloud admin to download the package, integrate with Cloud Assembly and other Infrastructure services and be able to provide an “OpenShift Cluster as a Service” offering. This Fling automates the end to end deployment process. End users can simply request for and get an enterprise grade distributed instance of OpenShift Cluster. This Fling provides all the required packages to configure and deploy an enterprise production grade OpenShift cluster using VMware Cloud Assembly Services with minimal effort and in a repeatable, fully automated fashion.

Updated Flings

vSphere Mobile Client

The vSphere Mobile Client is under heavy development to make sure we have the best experience in managing our vSphere environments using our mobile phones.

Changelog

Version 1.4.0

New features

  • Cluster view

Improvements

  • Confirmation dialog on VM quick actions

New Bug Fixes

  • Task card layout improvements
  • Alarms and events truncation issue has been fixed
  • iOS crash report improvementsVersion 1.3.0

New features:

  • Hosts view
  • vCenter dashboard now includes items with most alerts

Improvements

  • Crash reporting for iOS
  • Event categories are now visible (alarm, error, warning)

Bug Fixes

  • Better handling of vCenter name retrieval

vRealize Operations REST Notifications Helper

The vRealize Operations REST Notifications Helper helps in creating better REST notifications of alerts.

Changelog

Version 1.2.1

  • Updated instructions for v1.2
  • Minor fixes and improvements

Version 1.2.0

  • Multiple endpoint configurations
  • Blacklist
  • Windows support
  • Minor new features, improvements and fixes

Virtual Machine Compute Optimizer

The Virtual Machine Compute Optimizer (VMCO) is a Powershell script that uses the PowerCLI module to capture information about the hosts and VMS running in your vSphere environment, and reports back on whether the VMs are configured optimally based on the Host CPU and memory.

Changelog

Version 1.0.4

  • Added a -Property filter to the Get-View commands for hosts and VMs to reduce time and amount of returned data
  • Removed if statement in Get_Optimal_CPU function that included $hostCPUs as it was not yet being used

 

Generating a clean Host Profile using PowerCLI

First of all: I love Host Profiles! But they’re easy to mess up as well, leave something selected related to hardware and an update in ESXi, vib’s or even a firmware update might break it. For a customer where we are going to do the entire vSphere build from scratch I got the idea to generate an empty Host Profile and extend that one using scripting. At first I though this would be an easy thing but it definitely isn’t, a reply from PowerCLI guru Luc Dekens at the VMware{Code} forums set me on the right path to do so. Luc’s remark that editing Host Profiles might take some reverse engineering for the lack of documentation is a huge understatement. It has cost me many many hours to build the script below.

I strongly recommend having the reference host as clean as possible.

These are the steps the script takes

  1. connect to vCenter
  2. extract a new Host Profile
  3. Gets the new Host Profile
  4. Copies all members of the new Host Profile to an object that can be edited
  5. Sets everything that I could find in my environment to false
  6. Updates the Host Profile with the edited object

Required parameters

  • vCenter
    • Your vCenter host
  • Referencehost
    • the name of the host in vCenter
  • Hostprofilename
    • Name for the Host Profile

There are also a couple of optional parameters:

  • dnshost
    • It’s mandatory to have a DNS set in the defaulttcpipstack. With this parameter you can change this.
  • domainname
    • Like DNS it’s mandatory to have a domainname set in the defaulttcpipstack. With this parameter you can change this
  • Cleanup
    • This one defaults to false but can be set to true. It will remove all NFS Datastores, vmkernel ports, portgroups, device aliases and direct i/o profiles.
    • Use this one with care, if you apply it to a host it will most probably remove all networking details for that host making it unusable.

This is how a manual extracted Host Profile looks

This is how a Host Profile looks after using my script without the cleanup option, everything is deselected but the device aliases for example are kept.

.\create_clean_hostprofile.ps1 -vcenter vCenter -Hostprofilename demo_no_cleanup -referencehost hostname

And this is how it looks with the cleanup used.

.\create_clean_hostprofile.ps1 -vcenter vCenter -Hostprofilename demo_no_cleanup -referencehost hostname -cleanup $true

The script itself can be found on Github as well:

#-------------------------------------------------
# Generates a clean Host Profile
#
# Build using PowerCLI 11
#
# Version 1.0
# 17-08-2019
# Created by: Wouter Kursten
# Website: https://www.retouw.nl
#
#-------------------------------------------------

param(
[Parameter(Mandatory=$true)][String]$Hostprofilename,
[Parameter(Mandatory=$true)][String]$vcenter,
[Parameter(Mandatory=$true)][String]$referencehost,
[Parameter()][String]$dnshost,
[Parameter()][String]$domainname,
[Parameter()][bool]$Cleanup = $false
)

# I grabbed this function somewhere from an example by Luc Dekens
function Copy-Property ($From, $To, $PropertyName ="*"){
    foreach ($p in Get-Member -In $From -MemberType Property -Name $propertyName){
        trap {
            Add-Member -In $To -MemberType NoteProperty -Name $p.Name -Value $From.$($p.Name) -Force
            continue
        }
    $To.$($P.Name) = $From.$($P.Name)
    }
}

#connect to the vCenter
connect-viserver $vcenter

# This deletes any existing Host Profile with the same name as we're using in this script
get-vmhostprofile -name $Hostprofilename  -ErrorAction SilentlyContinue | Remove-VMHostProfile -Confirm:$false

# This creates a new Host Profile from the referencehost
new-vmhostprofile -name $Hostprofilename -referencehost $referencehost

# Retrieves the newly created Host Profile
$hp = Get-VMHostProfile -Name $Hostprofilename

# Creates the spec where the cleanup is done
$spec = New-Object VMware.Vim.HostProfileCompleteConfigSpec

# Copies all properties of the new Host Profile to the spec
Copy-Property -From $hp.ExtensionData.Config -To $spec

# This removes everything that could be specific to the referencehost
if ($cleanup -eq $true){
    $spec.ApplyProfile.Network.Vswitch=$null
    $spec.ApplyProfile.Network.VMportgroup=$null
    $spec.ApplyProfile.Network.HostPortGroup=$null
    $spec.ApplyProfile.Network.pnic=$null
    $spec.ApplyProfile.Storage.NasStorage=$null
    ($spec.ApplyProfile.Property | where-object {$_.PropertyName -like "*DeviceAlias*"}).profile=$null
    ($spec.ApplyProfile.Property | where-object {$_.PropertyName -like "*PCI*"}).profile.property.profile=$null
}

# From here it's just disabling of items except for:
# -items under storage> PSA Configuration (profiles are removed)
# -Properties of the fixed DNS config (set to the default values from this scripts parameters)
$spec.ApplyProfile.Datetime.Enabled=$False
$spec.ApplyProfile.Authentication.Enabled=$False
$spec.ApplyProfile.Authentication.ActiveDirectory.Enabled=$False

foreach ($o in $spec.applyprofile.Option){
    if ($o.Enabled){
        $o.Enabled=$False
    }
}

foreach ($p in $spec.ApplyProfile.Property.Profile){
    if ($p.Enabled){
        $p.Enabled=$False
    }
    foreach ($pa in $p.Property.Profile){
            if ($pa.Enabled){
                $pa.Enabled=$False
                }
        foreach ($paa in $pa.Property.Profile){
                if ($paa.Enabled){
                    $paa.Enabled=$False
                }
        }
    }
}

foreach ($s in $spec.ApplyProfile.Storage.Nasstorage){
    if ($s.Enabled){
        $s.Enabled=$False
    }
    foreach ($sa in $s){
        if ($sa.Enabled){
            $sa.Enabled=$False
        }
    }
}

foreach ($s in $spec.ApplyProfile.Storage.Property.Profile){
    if ($s.Enabled){
        $s.Enabled=$False
    }

    if ($s.ProfileTypeName -eq "psa_psaProfile_PluggableStorageArchitectureProfile" -AND $cleanup -eq $true){
        foreach ($sa in $s.property){
            if ($sa.propertyname -like "*psa_psaProfile_PsaDevice*"){
                [email protected]()
            }
        }
    }
    foreach ($sa in $s.Property.Profile){
        if ($sa.Enabled){
            $sa.Enabled=$False
            }
        foreach ($saa in $sa.Property.Profile){
            if ($saa.Enabled){
                $saa.Enabled=$False
            }
        }
    }
}

foreach ($f in $spec.ApplyProfile.Firewall.ruleset){
    if ($f.Enabled){
        $f.Enabled=$False
    }
}

foreach ($n in $spec.ApplyProfile.Network.vswitch){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
        foreach ($naa in $na.link){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NumPorts){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NetworkPolicy){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.pnic){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.VmPortGroup){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
        foreach ($naa in $na.Vlan){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.Vswitch){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NetworkPolicy){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.HostPortGroup){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
        foreach ($naa in $na.IpConfig){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.Vlan){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.Vswitch){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NetworkPolicy){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.Property.Profile){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n.Property.Profile){
        if ($na.Enabled){
            $na.Enabled=$False
            }
        foreach ($np in $na.policy.policyoption){
            if ($np.id -eq "FixedDnsConfig"){
                foreach ($npp in $np.parameter){
                    if ($dnshost){
                        if ($npp.key -eq "address") {
                            [string[]][email protected]($dnshost)
                            $npp.value=$dnsarray
                        }
                    }
                    if ($domainname){
                        if ($npp.key -eq "domainName"){
                            $npp.value=$domainname
                        }
                    }
                }
            }
        }
        foreach ($naa in $na.Property.Profile){
            if ($naa.Enabled){
                $naa.Enabled=$False
            }
            foreach ($naaa in $naa.Property.Profile){
                if ($naaa.Enabled){
                    $naaa.Enabled=$False
                }
            }
        }
    }
}


(Get-VMHostProfile $Hostprofilename).ExtensionData.Updatehostprofile($spec)
disconnect-viserver $vcenter -confirm:$False

And yes that’s a lot of foreach’s.

 

 

I have been named EUC Champion for 2019!

A couple of weeks ago I was informed that I would be awarded the EUC Champion for the second time.  The EUC Champions program grew from 35 to 42 and you can find all of us over here: https://www.vmware.com/euc-champions/current-champions.html As you can see in that list my very good friend and vmug stage buddy Hans Kraaijeveld was also awarded the EUC Champion title as well into this EUC elite group of people.

So what are the EUC Champions?

What is the EUC Champions program?
EUC Champions is an experts-only program that provides a forum for the EUC community and VMware EUC product teams to share industry trends, new product information and ideas through in-person meetings, networking events, industry conferences and webinars.

This is the official statement but there is more. We also have access to dedicated EUC Champions Slack channels at the VMware slack with direct contact to some of the EUC product teams. Also the knowledge sharing between each other has been awesome in my opinion. Plus we get to test some flings that Andrew Morgan created that might or might not be released at https://labs.vmware.com/flings

Do you also think you have it to become an EUC Champion? You can find more info at https://www.vmware.com/euc-champions.html

What did I do to become an EUC Champion? Well it’s my blogging over here but certainly also presenting at vmug’s about EUC related things.

 

[API]How to successfully logoff users in Horizon

One of the things that annoy me about the Horizon admin interface is the fact that if you give a session the logoff command that this only works if the user is active aka when the desktop is not locked. With the api’s though (and Andrew implemented this in the helpdesk fling) it is possible to force a logoff. Let’s look at the available method’s first.

So we have a logoff and logoffForced. But there are also the logoffsessions and LofoffSessionsForced, I guess those let you logoff multiple sessions. this is what the extensiondata says about them.

So for the singular method’s we need a single id and for the sessions we need an array of ids. At first I will use get-hvglobalsession (yes, this works against sessions in other pod’s in a cloud pod architecture as well!) to get the id’s to show how it works. I have 5 sessions running from my desktop

$services1.Session.Session_Logoff((get-hvglobalsession | select -first 1).id)

Damn locked, let’s force this bastard from his desktop.

$services1.Session.Session_LogoffForced((get-hvglobalsession | select -first 1).id)

Aaaand it’s gone

And to show that it works I had to make sure the first session wasn’t locked.

And now the big bang fuck all of you!

$services1.Session.Session_LogoffSessionsForced((Get-HVGlobalSession).id)

As you can see one of my users was a but slow in logging off (nested esxi with only a couple vcpu’s for that one) I have also created a script that asks for the user whom you want to logoff and which session you want to logoff in case they have multiple. It’s not the cleanest code that I have written but it works 🙂

$hvserver1=connect-hvserver servername -user user -domain domain -password passwords
$Services1= $hvServer1.ExtensionData

$username= Read-Host "Which user do you want to logoff? (no wildcards needed, part of the name is enough)"

$queryService = New-Object VMware.Hv.QueryServiceService
$userdefn = New-Object VMware.Hv.QueryDefinition
$userdefn.queryEntityType = 'ADUserOrGroupSummaryView'
$userfilter1= New-Object VMware.Hv.QueryFilterContains
$userfilter1.membername='base.name'
$userfilter1.value=$username
$userfilter2= New-Object VMware.Hv.QueryFilterEquals
$userfilter2.membername='base.group'
$userfilter2.value=$False
$userfilter=new-object vmware.hv.QueryFilterAnd
[email protected]($userfilter1, $userfilter2)
$userdefn.filter=$userfilter
$users=($queryService.QueryService_Create($Services1, $userdefn)).results

$menu = @{}
for ($i=1;$i -le $users.count; $i++){ 
    Write-Host "$i. $($users[$i-1].base.name)" 
    $menu.Add($i,($users[$i-1].id))
}
[int]$ans = read-host "Please select the correct user"
$user=$menu.Item($ans)

$GlobalSessionQueryService = new-object VMware.Hv.GlobalSessionQueryServiceService
$sessionfilterspec=new-object vmware.hv.GlobalSessionQueryServiceQuerySpec
$sessionfilterspec.user=$user
$sessions=($GlobalSessionQueryService.GlobalSessionQueryService_QueryWithSpec($services1, $sessionfilterspec)).results

$menu = @{}
for ($i=1;$i -le $sessions.count; $i++){ 
    Write-Host "$i. $($sessions[$i-1].namesdata.basenames.MachineOrRDSServerName)" 
    $menu.Add($i,($sessions[$i-1].id))
}
[int]$ans = read-host "Please select the correct VDI Desktop"
$session=$menu.Item($ans)

$Services1.Session.Session_Logoffforced($session)
$queryService.QueryService_DeleteAll($services1)

This script forces the logoff for the sessions since I haven’t been able yet to find where the desktop status (locked or not) is visible.

Updates to the VMware Horizon Helpdesk fling

Today a new version has been released of the VMware Horizon Helpdesk fling by Andrew Morgan. One big change is that the Helpdesk license isn’t required anymore so at least a part of the functionality is available to owners of advanced or standard Horizon licenses.

the entire changelog:

Version 1.4.0.1

  • No longer requires a helpdesk license! Yay!
  • Added the ability to interact with vCenter machines
  • Added the ability to open vCenter VM consoles
  • Added the ability to perform bulk machine actions
  • Added the ability to perform refresh / recompose tasks directly from helpdesk.
  • Fixed performance issues with multiple windows open (see single instance).
  • Fixed a crash when logon durations could not be accessed.
  • Added polling to allow logon durations to be received if notavailable when the session page is requested.
  • Fixed a crash in the ending of processes.
  • Fixed a metric ton of bugs with delegated administration.
  • Fixed a memory leak in the tray icon menu, of all places.
  • Removed the logon page graphic as it was to much of a pain to change it’s colour when changing themes
  • Fixed some layout issues when changing themes.
  • Removed empty sites from the viewon the change pod tray menu.
  • Added preliminary support for Horizon 7.9.

 

Let’s look into some of the new options (will do the options without the helpdesk license last)

Added the ability to interact with vCenter machines 

From the pool view you’ll see an extra button for vCenter actions

And that will give these options

These all speak for themselves in functionality.

Added the ability to open vCenter VM consoles 

Open VM console will give an popup that asks for vCenter credentials.

Hit logon and a vrmc client should start if it’s installed

Added the ability to perform bulk machine actions 

The vCenter actions above can be done against multiple vm’s but also the various actions from View itself

Added the ability to perform refresh / recompose tasks directly from helpdesk. 

No longer requires a helpdesk license! Yay! 

when you use the std license the biggest difference is that you can’t view any specifics inside sessions since that’s all limited to the helpdesk license.