The VMware Labs flings monthly for February 2020

First of all my excuses for not posting more last month. It was a short but very busy month so I just couldn’t find the time for that. The people behind VMware flings have bee busy though with one new fling and seven updates ones. New is Pallas (for managing edge ESXi hosts) and the following received updates: Virtual Machine Compute Optimizer, USB Network Native Driver for ESXi, vSphere HTML5 Web Client, App Volumes Entitlement Sync, App Volumes Migration Utility, vRealize Build Tools, Power vRA Cloud.

New Releases

pallas

Pallas helps an admin to manage edge ESXi hosts where it’s not possible to manage them using vCenter due to security reasons.

The goal of Pallas is to provide management ability for ESXi hosts that cannot be managed by vCenter due to firewall or network issues.

 

Case 1: You have several ESXi hosts which running in a private network, but you have requirement to management them in the public network.

 

Case 2: Your ESXi host don’t wire connections and must connected through WiFi or Mobile network. For example, you use ESXi running on the oil rig, train head and you want to remote manage the ESXi securely.

 

Case 3: In IOT world you have the virtualized Edge devices requirements (ESXi host on Edge Device) and need remote management the ESXi(like patch, create VM etc.)

 

This solution includes a dominate-agent VM to provide remote management ability on the ESXi. If the ESXi has no wire connection then a pluggable network device (USB WiFi card, 3G/4G/5G sim card or other device that can provide network access ability) is needed, the pluggable network device will be pass-through directly to the dominate-agent VM. A remote manager server that accept connections either in public cloud/hybrid or private datacenter.

 

The dominate agent VM will talk to ESXi through ESXi SDK for workload VM management. There is no direct connection between the workload vm and dominate agent by default.

 

The dominate agent VM will talk to Pallas Manger though MQTT protocol, it will not allow any inbound traffic.

 

Updated Flings

Virtual Machine Compute Optimizer

Virtual Machine Compute Optimizer is a script that analyses vm’s and the hosts running them to see if they run in an optimized way. It does not look into the vm’s themselves, if that is needed vRealize Operations is recommended.

Changelog

Version 2.0.2

  • Modified Get-OptimalvCPU.ps1 to account for vCenters with no clusters
  • Modified Error Catches so they display the line number of the error

USB Network Native Driver for ESXi

The USB Network Native Driver for ESXi was specially made for homelabs that need USB ports for extra network connectivity.

Changelog

February 12, 2020 – v1.4

  • Add SuperMicro/Insyde Software Corp USB Devices in the supported list
  • Resolved 9K Jumbo frame issue on RTL8153 chipset devices
  • Resolved invalid speed reporting for some quick devices by using the default speed

ESXi670-VMKUSB-NIC-FLING-33242987-offline_bundle-15615590.zip
ESXi650-VMKUSB-NIC-FLING-33268102-offline_bundle-15620342.zip

vSphere HTML5 Web Client

And the vSphere html5 client keeps improving and improving.

Changelog

Fling 5.0 – build 15670023

New Features

  • Code Capture new language: the recorded interaction can now be translated to Go.
  • PowerActions: integrating PowerCLI and the vSphere Client. The vSphere Client now provides the ability to execute PowerCLI commands and scripts, and store scripts in a library. Custom actions backed by PowerCLI scripts can be defined and executed on inventory objects.
  • PowerActions must be explicitly enabled on a vSphere Client Fling deployment. For setup instructions and a quick walkthrough, see the file PowerActions_documentation_Fling50.pdf .

Improvements

  • PowerActions: when executing a script from the context menu of an object, the context object is prepopulated, but the object selector control has to be expanded and collapsed in order for this to become visible.

Release Notes

  • The base operating system for the fling is changed to Photon OS.
    Upgrade from previous versions to 5.0 is not supported. A new appliance has to be deployed.

Server.bat Replaced, December 3

Fix a small error where ls.url was printed twice in the resulting webclient.properties which leads to errors when trying to login to the H5 web client.

App Volumes Entitlement Sync

The App Volumes Entitlement Sync helps the App Volumes admin in copying entitlements between various App Volumes environments like from test to production.

Changelog

Version 2.4

  • Fixed problem with sync button being disabled
  • Added check for App Volumes 2.x and App Volumes 4.x managers and will pop up message that they can’t be synced

App Volumes Migration Utility

You might want to use the App Volumes Migration Utility if you are upgrading from App Volumes 2.* to App Volumes 4.

Changelog

Version 1.0.1

  • Fix for Migrated Appstack upload failure in AVM due to JSON parsing error.
  • Instructions doc updated to reflect the name change from “Upload Prepackaged Volume” to “Upload Template” in the AVM UI.

vRealize Build Tools

vRealize Build Tools provides tools to development and release teams implementing solutions based on vRealize Automation (vRA) and vRealize Orchestrator (vRO). The solution targets Virtual Infrastructure Administrators and Solution Developers working in parallel on multiple vRealize-based projects who want to use standard DevOps practices.

Changelog

Version 2.4.18

  • Support vRA 8 support for blueprints, custom forms, subscriptions and flavor-mapping
  • vRO 8 support for existing content management and import
  • Support vRO 8 export of WFs in a folder structure derived from WF tags
  • Support for running WFs on vRO using maven command
  • Support persisting JS Actions IDs in source to allow for actions originating in vRO first to not create conflicts
  • TypeScript Projects (experimental) support improvements and bug fixes
  • General bugs fixing an documentation updates

Power vRA Cloud

Power vRA Cloud makes the vRA API’s more accessible for people already used to PowerCLI or PowerShell.

Changelog

Version 1.1

  • Bug fixes and following new cmdlets
  • Add-vRA-Project-Administrator
  • Add-vRA-Project-Member
  • Get-vRA-DeploymentFilters
  • Get-vRA-DeploymentFilterTypes
  • Get-vRA-FabricNetworksFilter
  • Get-vRA-FabricImagesFilter
  • Remove-vRA-Project-Administrator
  • Remove-vRA-Project-Member
  • Update-vRA-Project-ZoneConfig

 

[HorizonAPI] Configuring the Horizon event database in code

Last week Mark Brookfield asked the question if it is possible to configure the event database in code. My answer was that I thought it should be possible until Stephen Jesse pointed me to the the vmware.hv.helper where there is the set-hveventdatabase cmdlet for this. When looking at the code I noticed something familiar:

.NOTES
Author                      : Wouter Kursten
Author email                : [email protected]
Version                     : 1.0

===Tested Against Environment====
Horizon View Server Version : 7.4
PowerCLI Version            : PowerCLI 10
PowerShell Version          : 5.0

So that’s why I knew it was possible! A good reason to create a quick blogpost though. Mark made a nice script for himself with variables and all those fancy things but I just want to quickly show how you can do it.

$hvedbpw=read-host -AsSecureString
$temppw=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($hvedbpw)
$PlainevdbPassword=[System.Runtime.InteropServices.Marshal]::PtrToStringAuto($temppw)
$dbupassword=New-Object VMware.Hv.SecureString
$enc=[system.Text.Encoding]::UTF8
$dbupassword.Utf8String=$enc.GetBytes($PlainevdbPassword)
$eventservice=new-object vmware.hv.eventdatabaseservice
$eventservicehelper=$eventservice.getEventDatabaseInfoHelper()
$eventsettings=new-object VMware.Hv.EventDatabaseEventSettings
$eventdatabase=new-object VMware.Hv.EventDatabaseSettings
$eventsettings.ShowEventsForTime="TWO_WEEKS"
$eventsettings.ClassifyEventsAsNewForDays=2
$eventdatabase.Server="labsql01.magneet.lab"
$eventdatabase.type="SQLSERVER"
$eventdatabase.port=1433
$eventdatabase.name="pod1_events"
$eventdatabase.username="sa_view"
$eventdatabase.password=$dbupassword
$eventservicehelper.setDatabase($eventdatabase)
$eventservicehelper.setsettings($eventsettings)
$eventservice.update($hvservice,$eventservicehelper)

The first three line make it possible to not use a plaintext password. If you don’t care about that you can remove those and declare something for $plainevdbpassword.

For the $eventsettings.ShowEventsForTime for time there are several options (same as in the gui) these are:

ONE_WEEK,TWO_WEEKS,THREE_WEEKS,ONE_MONTH,TWO_MONTHS,THREE_MONTHS,SIX_MONTHS
Yes, they are all in capitals!

To show how this works I will first clear the current database.

$hvservice.EventDatabase.EventDatabase_Clear()
$hvservice.EventDatabase.EventDatabase_Get()

Yes this is one of those exceptions where a service_get doesn’t need an id.

Now I run the script with a new _get to show the results.

If you are interested in the details:

[HorizonAPI] Working with UAG’s

Something that was added in the last few versions of the Horizon API is the option to handle UAG’s. Since I had to add an uag to my lab for another project I decided to find out what api calls are possible. First I’ll check what services there are.

$hvservice | Select-Object gateway*

I will ignore the GatewayAccessUserOrGroup since that was already in there so we are left with Gateway and GatewayHealth. Let’s see what methods are available under Gateway.

$hvservice.Gateway | gm

I Gateway_Get and Gateway_List will show the same information as always but with _Get you will need a gateway ID and it only shows the information about one gateway. WIth _List you will get the information about all registered gateways.

$hvservice.Gateway.Gateway_List()
$gw=$hvservice.Gateway.Gateway_List() | select-object -First 1
$hvservice.Gateway.Gateway_Get($gw.id)

Let’s see what’s in that GeneralData (Spoiler: not a lot!)

$gwdata=$hvservice.Gateway.Gateway_Get($gw.id)
$gwdata.GeneralData

To remove a gateway we use Gateway_Unregister with the gatewayid

$hvservice.Gateway.Gateway_Unregister($gw.id)

Now i need to register the Gateway again let’s see what we need for that.

$hvservice.Gateway.Gateway_Register

So we need an object of the type VMware.Hv.GatewaySpec. Let’s define that and see what it looks like.

$gwspec=New-Object VMware.Hv.GatewaySpec
$gwspec

So we only need the GatewayName, please use the exact name that was used to configure the UAG otherwise it can be added but it won’t be showing any data.

$gwspec.GatewayName="pod1uag1"

Now to register the UAG

$hvservice.Gateway.Gateway_Register($gwspec)

So with this we did everything we could with the Gateway service. Next is the GatewayHealth service.

$hvservice.GatewayHealth | Get-Member

as usual there’s only a get and a list so let’s see what data is in there.

$hvservice.GatewayHealth.GatewayHealth_List()
($hvservice.GatewayHealth.GatewayHealth_List()).ConnectionData

Sadly nothing more than the admin interface gives us but enough to build an health check like I did for the vCheck already (that can be found here)

For the type there are several options and those can be found in the API Explorer.

VALUE DESCRIPTION
“AP” AP type is for UAG.
“F5” F5 type is for F5 server.
“SG” SG type is for Security Server.
“SG-cohosted” SG-cohosted type is for Cohosted CS as gateway.
“Unknown” Unknown type is for unrecognized gateway type.

I was told by a VMware employee that SG-cohosted is fancy wording for a connection server.

And that’s everything we can do with UAG’s using the Horizon API’s!

[HorizonAPI] Changing the amount of desktops or RDS hosts in a pool/farm

Sometimes there is a need to change the amount of desktops/rds hosts in a pool/farm. Since doing this in the GUI sucks (although that seems to have gotten slightly better with 7.11) I prefer to do it using the API’s. Let’s start with a Desktop pool.

The easiest way to change pool settings is to use the helper function of a service. After connecting to the connection server we first need to query for the ID of the desktoppool that we need to change.

[VMware.Hv.QueryServiceService]$queryService = New-Object VMware.Hv.QueryServiceService
[VMware.Hv.QueryDefinition]$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'DesktopSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='desktopSummaryData.name'; 'value' = "Pod01_Pool01"}
[array]$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$hvpoolid=$queryResults.id

To actually change the pool it’s the best to use the helper function of a service so we first put the desktopservice into an object

$desktopservice=new-object vmware.hv.DesktopService

The next step is to read the current settings into another object.

$desktophelper=$desktopservice.read($HVservice, $HVPoolID)

If you want to see what’s in here we’ll just do this

$desktophelper | get-member

With the get helper method’s it’s possible to get things while you can change them with their set counterpart. Don’t forget to use brackets when you want to go deeper.

$desktophelper.getAutomatedDesktopDataHelper() | get-member

And we can go on and on with this but I happen to already have found where the amount of desktops is listed.

$desktophelper.getAutomatedDesktopDataHelper().getVmNamingSettingsHelper().getPatternNamingSettingsHelper() | get-member

Let’s take a look at the getMaxNumberOfMachines method.

$desktophelper.getAutomatedDesktopDataHelper().getVmNamingSettingsHelper().getPatternNamingSettingsHelper().getMaxNumberOfMachines()

And we can actually use this with setMaxNumberOfMachines

$desktophelper.getAutomatedDesktopDataHelper().getVmNamingSettingsHelper().getPatternNamingSettingsHelper().setMaxNumberOfMachines(10)

But nothing has changed yet (and yes I am lazy so I will show it using the vmware.hv.helper module.

(get-hvpool -PoolName pod01_pool01).automateddesktopdata.VmNamingSettings.PatternNamingSettings

To apply the change to 10 vm’s we need to apply the helper using the update method

$desktopservice.update($hvservice, $desktophelper)

And when we check this with get-hvpool.

And we can do almost the same for RDS farms just a few details that are different in the naming of various objects.

[VMware.Hv.QueryServiceService]$queryService = New-Object VMware.Hv.QueryServiceService
[VMware.Hv.QueryDefinition]$defn = New-Object VMware.Hv.QueryDefinition
$defn.queryEntityType = 'FarmSummaryView'
$defn.Filter = New-Object VMware.Hv.QueryFilterEquals -property @{'memberName'='data.name'; 'value' = "pod1_rds_IC"}
[array]$queryResults= ($queryService.queryService_create($HVservice, $defn)).results
$hvfarmid=($queryResults).id
(Get-HVFarm -FarmName pod1_rds_ic).automatedfarmdata.RdsServerNamingSettings.PatternNamingSettings
[VMware.Hv.FarmService]$farmservice=new-object vmware.hv.FarmService
$farmhelper=$farmservice.read($HVservice, $HVFarmID)
$farmhelper.getAutomatedFarmDataHelper().getRdsServerNamingSettingsHelper().getPatternNamingSettingsHelper().setMaxNumberOfRDSServers(3)
$farmservice.update($HVservice, $farmhelper)

 

The VMware Labs flings monthly for September 2019

And yet another month gone, next week I will be in Kopenhagen for Nutanix .Next and the month after that I will be speaking at VMworld Barcelona. Will I see you at either of these two events? Last month one new fling was released:  Kubernetes eXtensible Desktop Client (KXDC) , seven received updates: App Volumes Entitlement Sync, vSphere HTML5 Web Client, DoD Security Technical Implementation Guide(STIG) ESXi VIB, VMware OS Optimization Tool, vSphere Mobile Client, Workspace One UEM Workload Migration Tool, USB Network Native Driver for ESXi and one was marked deprecated: VIB Author.

New releases

Kubernetes eXtensible Desktop Client (KXDC)

The Kubernetes eXtensible Desktop Client (KXDC) is a simple and multi-platform desktop client for Kubernetes (K8S). In the same way the kubectl command requires only a valid kubeconfig file to run commands against a K8S cluster, KXDC requires you just to configure one or more valid kubeconfig files to interact with one or more K8S clusters.

Main features:

  • Support for multiple kubeconfig files.
  • UI-driven interaction with the most frequently used K8S entities.
  • One-click terminal with the proper KUBECONFIG env variable set.
  • Generation of custom kubeconfig files for a given namespace.
  • Highlight sustainability and security-related data.

Updated flings

App Volumes Entitlement Sync

The App Volumes Entitlement Sync fling will read, sync and compare entitlements between various App Volumes instances.

Changelog

Version 2.2

  • Ignore Extra AppStacks on Primary or Secondary Server – these would cause compare to crash
  • Export Primary or Secondary Server Entitlements to XML

vSphere HTML5 Web Client

Do you want to have the latest version of the html5 client? Than you need the vSphere HTML5 Web Client fling!

Changelog

Fling 4.3.0 – Build 14483008
New Features

  • Ability to customize the header color per vCenter to differentiate vCenter servers. Go to Administration -> System Configuration and select the vCenter for which you want to change the header color. If you have more than one vCenter server in linked mode, you can change the color for each of the vCenter servers

Bug fixes

  • Upload OVF files to Content Library

Release Notes

  • vSphere Perspective Management has been removed

DoD Security Technical Implementation Guide(STIG) ESXi VIB

The DoD Security Technical Implementation Guide(STIG) ESXi VIB fling helps in hardening your vSphere environment.

Changelog

Update September 2019

  • New ESXi 6.7 STIG VIB release
  • Updated sshd_config file. Removed protocol 2 setting as it is deprecated. Added “FipsMode yes” setting. Updated Ciphers and MACs for newer version of OpenSSH
  • Removed /etc/issue and /etc/pam.d/passwd files from VIB as those settings can be set via advanced settings now
  • Note – This VIB is based on draft STIG content! It is recommended to use this over the previous 6.5-7 STIG VIB

VMware OS Optimization Tool

The VMware OS Optimization Tool or OSOT in short is one of the best tools around to optimize your VDI image before publishing a desktop or rds host.

Changelog

September, 2019, b1110

  • New Common Options button – Allows you to quickly choose and set preferences to control common functionality. These would normally involve configuring multiple individual settings but can now be done with a single selection through this new interface
  • Split Windows 10 into two templates to better handle the differences between the versions; one for 1507-1803 and one for 1809-1909
  • Improved and new optimizations for Windows 10, especially for 1809 to 1909.

Updated and changed template settings for newer Windows 10 versions to cope with changes in the OS, registry keys and functionality:

  • Move items from mandatory user and current user to default user
  • Add 34 new items for group policies related to OneDrive, Microsoft Edge, privacy, Windows Update, Notification, Diagnostics
  • Add 6 items in group of Disable Services
  • Add 1 item in group of Disable Scheduled Tasks
  • Add 1 item in group of Apply HKEY_USERS\temp Settings to Registry
  • Add 2 items in group of Apply HKLM Settings
  • Removing Windows built-in apps is now simplified. Removes all built-in apps except the Windows Store.

Numerous bug and error fixes:

  • Reset view after saving customized template
  • Unavailable links in reference tab
  • Windows Store is unavailable after optimizing
  • Start menu may delay after optimizing
  • VMware Tools stops running after optimizing
  • Analysis Summary Graph is cropped

vSphere Mobile Client

Personally I think a phone screen is too small but this was one of the most asked questions the last few years: when can we manage vSphere from our phones? Well now you can with the vSphere Mobile Client fling.

Changelog

Version 1.5.0

New features

  • Direct connections to the ESXi hosts are now supported
  • Host can now be put in maintenance mode

Improvements

  • Going back from the details pages would not refresh the VM list
  • Improvements to how we indicate the user is in focused mode
  • Cluster card now shows issues, DRS, HA and number of vMotion events
  • Host card now shows issues, number of VMs, uptime and connection status

Bug Fixes

  • Removing a bookmark when in focused mode removes the item from the list too

Workspace One UEM Workload Migration Tool

With the Workspace One UEM Workload Migration Tool it’s easy to move devies and applications between WS One UEM environments.

Changelog

Version 2.0.0

  • Baseline Migration Support
  • MacOS application
  • UI refactoring to make bulk migrations easier
  • Added support for script detection with Win32 applications

USB Network Native Driver for ESXi

For the USB Network Native Driver for ESXi fling we need to thank WIlliam Lam I guess. For me it at least seems like he is the driving factor behind this fling.

Changelog

September 27, 2019 – v1.2

  • Added support for Aquantia Multi-Gig (1G/2.5G/5G) USB network adapter (see Requirements page for more details)
  • Added support for Auto Speed/Connection detection for RTL8153/RTL8152 chipsets

ESXi670-VMKUSB-NIC-FLING-28903484-offline_bundle-14722970.zip
ESXi650-VMKUSB-NIC-FLING-28903792-offline_bundle-14722993.zip

New Horizon API explorer posted (new queries!)

While watching the VMworld US 2019 video of Sean Massey presenting about getting started with the Horizon API’s I decided to check if the API explorer has been updated. To my surprise it was and it is good to see that several queries have been added besides the method’s that I previously found.

The new queries that I found are:

  • DesktopAssignmentView
    • Description:
      • Desktop id + Desktop assignment data which will include desktop pool information, operation system, global entitlement.
  • DesktopHealthInfo
    • Description:
      • Desktop health Information. This data will be populated only for the desktops which support application remoting.
  • GlobalEntitlementSummaryView
    • Description:
      • Summary information about Global Entitlements.
  • MachineSummaryView
    • Description:
      • This View includes summary data of all entities related to this Machine

So the DesktopAssignmentView seems to give a lot of similar data to what the DesktopSummaryData query already gives. They both give global entitlement data plus user assignment data. The big difference is that it gives way more detailed information about the desktop pool itself like vGPU settings. The names should have been DesktopInfo in my opinion.

Desktophealthinfo is created for the new Windows 10 App remoting and the monitoring for that. The globalentitlementsummaryview and machinesummaryview are linked to GlobalEntitlementInfo and MachineDetailsView from which they give a subset of data.

I hope to have a new blog post soon with more detailed information of what the new method’s and queries will bring but I wanted to update you with the fact that the api explorer has been updated as soon as possible.

Generating a clean Host Profile using PowerCLI

First of all: I love Host Profiles! But they’re easy to mess up as well, leave something selected related to hardware and an update in ESXi, vib’s or even a firmware update might break it. For a customer where we are going to do the entire vSphere build from scratch I got the idea to generate an empty Host Profile and extend that one using scripting. At first I though this would be an easy thing but it definitely isn’t, a reply from PowerCLI guru Luc Dekens at the VMware{Code} forums set me on the right path to do so. Luc’s remark that editing Host Profiles might take some reverse engineering for the lack of documentation is a huge understatement. It has cost me many many hours to build the script below.

I strongly recommend having the reference host as clean as possible.

These are the steps the script takes

  1. connect to vCenter
  2. extract a new Host Profile
  3. Gets the new Host Profile
  4. Copies all members of the new Host Profile to an object that can be edited
  5. Sets everything that I could find in my environment to false
  6. Updates the Host Profile with the edited object

Required parameters

  • vCenter
    • Your vCenter host
  • Referencehost
    • the name of the host in vCenter
  • Hostprofilename
    • Name for the Host Profile

There are also a couple of optional parameters:

  • dnshost
    • It’s mandatory to have a DNS set in the defaulttcpipstack. With this parameter you can change this.
  • domainname
    • Like DNS it’s mandatory to have a domainname set in the defaulttcpipstack. With this parameter you can change this
  • Cleanup
    • This one defaults to false but can be set to true. It will remove all NFS Datastores, vmkernel ports, portgroups, device aliases and direct i/o profiles.
    • Use this one with care, if you apply it to a host it will most probably remove all networking details for that host making it unusable.

This is how a manual extracted Host Profile looks

This is how a Host Profile looks after using my script without the cleanup option, everything is deselected but the device aliases for example are kept.

.\create_clean_hostprofile.ps1 -vcenter vCenter -Hostprofilename demo_no_cleanup -referencehost hostname

And this is how it looks with the cleanup used.

.\create_clean_hostprofile.ps1 -vcenter vCenter -Hostprofilename demo_no_cleanup -referencehost hostname -cleanup $true

The script itself can be found on Github as well:

#-------------------------------------------------
# Generates a clean Host Profile
#
# Build using PowerCLI 11
#
# Version 1.0
# 17-08-2019
# Created by: Wouter Kursten
# Website: https://www.retouw.nl
#
#-------------------------------------------------

param(
[Parameter(Mandatory=$true)][String]$Hostprofilename,
[Parameter(Mandatory=$true)][String]$vcenter,
[Parameter(Mandatory=$true)][String]$referencehost,
[Parameter()][String]$dnshost,
[Parameter()][String]$domainname,
[Parameter()][bool]$Cleanup = $false
)

# I grabbed this function somewhere from an example by Luc Dekens
function Copy-Property ($From, $To, $PropertyName ="*"){
    foreach ($p in Get-Member -In $From -MemberType Property -Name $propertyName){
        trap {
            Add-Member -In $To -MemberType NoteProperty -Name $p.Name -Value $From.$($p.Name) -Force
            continue
        }
    $To.$($P.Name) = $From.$($P.Name)
    }
}

#connect to the vCenter
connect-viserver $vcenter

# This deletes any existing Host Profile with the same name as we're using in this script
get-vmhostprofile -name $Hostprofilename  -ErrorAction SilentlyContinue | Remove-VMHostProfile -Confirm:$false

# This creates a new Host Profile from the referencehost
new-vmhostprofile -name $Hostprofilename -referencehost $referencehost

# Retrieves the newly created Host Profile
$hp = Get-VMHostProfile -Name $Hostprofilename

# Creates the spec where the cleanup is done
$spec = New-Object VMware.Vim.HostProfileCompleteConfigSpec

# Copies all properties of the new Host Profile to the spec
Copy-Property -From $hp.ExtensionData.Config -To $spec

# This removes everything that could be specific to the referencehost
if ($cleanup -eq $true){
    $spec.ApplyProfile.Network.Vswitch=$null
    $spec.ApplyProfile.Network.VMportgroup=$null
    $spec.ApplyProfile.Network.HostPortGroup=$null
    $spec.ApplyProfile.Network.pnic=$null
    $spec.ApplyProfile.Storage.NasStorage=$null
    ($spec.ApplyProfile.Property | where-object {$_.PropertyName -like "*DeviceAlias*"}).profile=$null
    ($spec.ApplyProfile.Property | where-object {$_.PropertyName -like "*PCI*"}).profile.property.profile=$null
}

# From here it's just disabling of items except for:
# -items under storage> PSA Configuration (profiles are removed)
# -Properties of the fixed DNS config (set to the default values from this scripts parameters)
$spec.ApplyProfile.Datetime.Enabled=$False
$spec.ApplyProfile.Authentication.Enabled=$False
$spec.ApplyProfile.Authentication.ActiveDirectory.Enabled=$False

foreach ($o in $spec.applyprofile.Option){
    if ($o.Enabled){
        $o.Enabled=$False
    }
}

foreach ($p in $spec.ApplyProfile.Property.Profile){
    if ($p.Enabled){
        $p.Enabled=$False
    }
    foreach ($pa in $p.Property.Profile){
            if ($pa.Enabled){
                $pa.Enabled=$False
                }
        foreach ($paa in $pa.Property.Profile){
                if ($paa.Enabled){
                    $paa.Enabled=$False
                }
        }
    }
}

foreach ($s in $spec.ApplyProfile.Storage.Nasstorage){
    if ($s.Enabled){
        $s.Enabled=$False
    }
    foreach ($sa in $s){
        if ($sa.Enabled){
            $sa.Enabled=$False
        }
    }
}

foreach ($s in $spec.ApplyProfile.Storage.Property.Profile){
    if ($s.Enabled){
        $s.Enabled=$False
    }

    if ($s.ProfileTypeName -eq "psa_psaProfile_PluggableStorageArchitectureProfile" -AND $cleanup -eq $true){
        foreach ($sa in $s.property){
            if ($sa.propertyname -like "*psa_psaProfile_PsaDevice*"){
                [email protected]()
            }
        }
    }
    foreach ($sa in $s.Property.Profile){
        if ($sa.Enabled){
            $sa.Enabled=$False
            }
        foreach ($saa in $sa.Property.Profile){
            if ($saa.Enabled){
                $saa.Enabled=$False
            }
        }
    }
}

foreach ($f in $spec.ApplyProfile.Firewall.ruleset){
    if ($f.Enabled){
        $f.Enabled=$False
    }
}

foreach ($n in $spec.ApplyProfile.Network.vswitch){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
        foreach ($naa in $na.link){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NumPorts){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NetworkPolicy){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.pnic){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.VmPortGroup){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
        foreach ($naa in $na.Vlan){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.Vswitch){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NetworkPolicy){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.HostPortGroup){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
        foreach ($naa in $na.IpConfig){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.Vlan){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.Vswitch){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NetworkPolicy){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.Property.Profile){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n.Property.Profile){
        if ($na.Enabled){
            $na.Enabled=$False
            }
        foreach ($np in $na.policy.policyoption){
            if ($np.id -eq "FixedDnsConfig"){
                foreach ($npp in $np.parameter){
                    if ($dnshost){
                        if ($npp.key -eq "address") {
                            [string[]][email protected]($dnshost)
                            $npp.value=$dnsarray
                        }
                    }
                    if ($domainname){
                        if ($npp.key -eq "domainName"){
                            $npp.value=$domainname
                        }
                    }
                }
            }
        }
        foreach ($naa in $na.Property.Profile){
            if ($naa.Enabled){
                $naa.Enabled=$False
            }
            foreach ($naaa in $naa.Property.Profile){
                if ($naaa.Enabled){
                    $naaa.Enabled=$False
                }
            }
        }
    }
}


(Get-VMHostProfile $Hostprofilename).ExtensionData.Updatehostprofile($spec)
disconnect-viserver $vcenter -confirm:$False

And yes that’s a lot of foreach’s.

 

 

I have been named EUC Champion for 2019!

A couple of weeks ago I was informed that I would be awarded the EUC Champion for the second time.  The EUC Champions program grew from 35 to 42 and you can find all of us over here: https://www.vmware.com/euc-champions/current-champions.html As you can see in that list my very good friend and vmug stage buddy Hans Kraaijeveld was also awarded the EUC Champion title as well into this EUC elite group of people.

So what are the EUC Champions?

What is the EUC Champions program?
EUC Champions is an experts-only program that provides a forum for the EUC community and VMware EUC product teams to share industry trends, new product information and ideas through in-person meetings, networking events, industry conferences and webinars.

This is the official statement but there is more. We also have access to dedicated EUC Champions Slack channels at the VMware slack with direct contact to some of the EUC product teams. Also the knowledge sharing between each other has been awesome in my opinion. Plus we get to test some flings that Andrew Morgan created that might or might not be released at https://labs.vmware.com/flings

Do you also think you have it to become an EUC Champion? You can find more info at https://www.vmware.com/euc-champions.html

What did I do to become an EUC Champion? Well it’s my blogging over here but certainly also presenting at vmug’s about EUC related things.

 

The VMware Labs flings monthly for June 2019

Wow there are already six months gone in 2019. Both my kids passed passed their schoolyears and this month there have been three new fling releases and four that have received updates. The new ones are: vSphere Mobile Client, Workspace ONE UEM SCIM Adapter and FlowGate. The ones that received updates are USB Network Native Driver for ESXi, HCIBench, IOBlazer and the Horizon DaaS Migration Tool.

New Releases

vSphere Mobile Client

I already posted a short blog about this fling over here.

vSphere Mobile Client enables administrators to monitor and manage vSphere infrastructure directly from any mobile device. Whether you want to check on the current or historical resource consumption; you want to get notifications on long running tasks; or you want to check the currently running tasks – the vSphere Mobile Client is there to help.

Features

  • VM overview: Review the status of your VMs including state (powered on/off), resource usage and configuration information
  • VM management: Change the power state of a VM or restart it. Locating the virtual machine to operate on can be done through search.
  • Task monitoring: Subscribe to any running task and receive a notification on your mobile device upon task completion, even when your device is in-active or you have another application running on the foreground.
  • Performance charts: Monitor the resource usage of a VM in real time or a day, week, month or year back. Counters include CPU, Memory, Storage and Network.

NOTE: vSphere Mobile Client is currently available for Android and iOS devices and vCenter 6.0+ deployments. Check the “Requirements” tab for more details. Access to vSphere infrastructure may require a secure access method such as VPN on a mobile device.

This is a technical preview release and as such it only has a limited subset of the intended functionality. The team would be releasing updates with new features regularly, but our main task is to gather feedback so please do not hesitate to reach out to us.

Workspace ONE UEM SCIM Adapter

Workspace ONE UEM SCIM Adapter provides SCIM user/group management capabilities to Workspace ONE UEM. The middleware translates the System for Cross-Domain Identity Management, SCIM, to a CRUD REST framework that Workspace ONE UEM can interpret. This capability allows Workspace ONE UEM to synchronize cloud-based identity resources (users/groups/entitlements) without the need for an LDAP endpoint (service to service model). Examples include Azure AD, Okta, and Sailpoint.

Flowgate

The Flowgate fling is all about linking IT & Facility systems with each other.

In enterprise data centers, IT infrastructure and facility are generally managed separately, which leads to information gaps. Collaboration between facility and IT infrastructure systems are limited or manual, and virtualization adds more complexity.

The goal of Flowgate is to make facility awareness in IT management system and make IT operations management and automation better on high availability, cost saving and improved sustainability, with more information on power, cooling, environment (e.g. humidity, temperature) and security.

Built-in adapter for multiple DCIM and CMDB system integration:

  • Nlyte
  • PowerIQ
  • Infoblox
  • Labsdb
  • IBIS(TODO)
  • Pulse IoT Center (TODO)
  • Open for other facility system integration

Built-in adapter for multiple IT stack systems:

  • vCenter Server
  • vRealise Operation Manager
  • Open for other IT stack integration. More systems will coming soon.

 

  • UI based Integration process: One click integration.
  • Role based access control: API level access control support.
  • RESTFul API support: Provide unified facility information querying services. APIs for all operations and data query make it easy to integrate with other systems.

Updated flings

USB Network Native Driver for ESXi

Are you building an awesome homelab but received some funky USB Network adapters? The USB Network Native Driver for ESXi might just have the correct drivers for you.

Changelog

June 17, 2019 – v1.1

  • Added support for 9 additional USB NIC devices including USB 2.0 RTL8152 & TPLINK (see Requirements page for complete list)
  • Added support for Jumbo Frames (up to 4K) for RTL8153 & AX88179
    ESXi670-VMKUSB-NIC-FLING-24524132-offline_bundle-13958648.zip
    ESXi650-VMKUSB-NIC-FLING-24599816-offline_bundle-13964320.zip

HCIBench

HCIBench is one of two benchmarking utilities that received an update.

Changelog

Version 2.1

  • Switched UI to dark theme
  • Redesigned VMDK preparation methodology, which can complete much faster using RANDOM on deduped storage
  • Added VMDK preparation process update
  • Added Graphite port check into prevalidation
  • Added vCenter/Host password obfuscation
  • Added “Delete Guest VM” button
  • Fixed Grafana display issue
  • Fixed FIO blank results issue
  • Bug fixes
    MD5 checksum of HCIBench_2.1.ova: d37e6f164ed962a6e7ccbe104ba9eaec

IOBLazer

It looks like the IOBlazer fling was first released in 2014(!!!!) as a tool to benchmark all kinds of storage systems. Since I haven’t posted about it here yet let me give you the overview:

IOBlazer is a multi-platform storage stack micro-benchmark. IOBlazer runs on Linux, Windows and OSX and it is capable of generating a highly customizable workload. Parameters like IO size and pattern, burstiness (number of outstanding IOs), burst interarrival time, read vs. write mix, buffered vs. direct IO, etc., can be configured independently. IOBlazer is also capable of playing back VSCSI traces captured using vscsiStats. The performance metrics reported are throughput (in terms of both IOPS and bytes/s) and IO latency.

IOBlazer evolved from a minimalist MS SQL Server emulator which focused solely on the IO component of said workload. The original tool had limited capabilities as it was able to generate a very specific workload based on the MS SQL Server IO model (Asynchronous, Un-buffered, Gather/Scatter). IOBlazer has now a far more generic IO model, but two limitations still remain:

  1. The alignment of memory accesses on 4 KB boundaries (i.e., a memory page)
  2. The alignment of disk accesses on 512 B boundaries (i.e., a disk sector).

Both limitations are required by the gather/scatter and un-buffered IO models.

A very useful new feature is the capability to playback VSCSI traces captured on VMware ESX through the vscsiStats utility. This allows IOBlazer to generate a synthetic workload absolutely identical to the disk activity of a Virtual Machine, ensuring 100% experiment repeatability.

Changelog

Updates in IOBlazer 1.01:

  • Added configurable IO alignment
  • Increased the robustness of the trace file parser in the face of spurious lines
  • Increased the robustness of the build process by automatically detecting target OS and arch within the Makefile
  • In the Windows version, changed the raw access mode from volume to physical drive to avoid unnecessary mount/unmount operations at every test run.

Horizon DaaS Migration Tool

The Horizon DaaS Migration Tool is for the Horizon DaaS providers to migrate their customers to the latest version of Horizon DaaS.

Changelog

Version 2.1.0

  • Fix for the bug on “Requested Capacity” at the pool/assignment summary page showing inappropriate values.
  • Intelligently handling import of new VMs skipping previously imported VMs.

[API]Resetting Desktops

This is the first post in a series of shorts that I will be posting about various methods that you can use with the VMware Horizon API’s. This time it will be about resetting desktops. When looking at the API Explorer you’ll see that there are two ways do do this from the machine service.

So the first is for a single VDI desktop and the latter for multiple.

First we need to get a list of vm’s I will be using the machines in pod1pool02 as victims for this post.

$queryservice=new-object VMware.Hv.QueryServiceService
$defn=New-Object VMware.Hv.QueryDefinition
$defn.QueryEntityType="MachineNamesView"
$filter=new-object VMware.Hv.QueryFilterContains
$filter.MemberName='base.name'
$filter.Value="Pod1Pool2"
$defn.filter=$filter
$results=($queryservice.QueryService_Query($services1, $defn)).results

with this result:

From this we’ll make a variable with all of them and one with a single one

$singlevm=$results | select-object -first 1
$multiplevms=$results

Before I will reset the single VM I will show the state of all the vm’s.

($queryservice.QueryService_Query($services1, $defn)).results.base.basicstate

And now let’s reset the vm.

$services1.machine.machine_reset($singlevm.id)

Since this is an instant clone you’ll see provisioned and not reset. Now let’s reset the rest as well.

$services1.Machine.Machine_ResetMachines($multiplevms.id)

And this method will work for all managed vdi desktops full, linked or instant clones.