New Year, new month, new job!

2018 already proved to become an awesome year for me. I became Nutanix Technology Champion again for 2018 and I also decided to change employers. While Detron has been a great employer for over three years it was time to change. My ambitions for what I wanted to do proved to be hard for them to match in jobs to do. I do have to thank them though for the great support I had in these years in which I started blogging, public speaking and managed to enter several community programs like VMware vExpert, Nutanix Technology Champion and more recently the newly announced Liquidware Tech Insiders started by former colleague and Liquidware Pre-sales Director Northern Europe Bas van Kaam.

Starting February first I will be joining TenICT in the Netherlands as VMware Consultant. This company was recently nominated as Most promising Partner of the year for The Netherlands by VMware. They also recently signed a VMware PSO contract so will be taking on PSO jobs as well in the near future. In short it looks like it’s going to be an awesome 2018.

Again I want to thank Detron for the three great years I had with them and I will definitely miss the people and the fun we had!

Goodbye 2017, hello 2018        

While I already finished my first blogpost of the year I decided it was time for me to write another one. The kind that I usually avoid like a plague to write: a post looking back at 2017 and forward to 2018. For me these kinds of posts are on the same level as stupid lists: I frigging always hated creating and evaded them! Essentially though my monthly flings posts are lists so why wouldn’t I write a the looking back & forward posts as well?

2017

Presenting

This mentality is exactly something what I started doing in 2016 and certainly continued in 2017: challenging myself to new things. The presenting bit I had already introduced myself to in 2016 but last year I also did my first presentation at a VMUG not in my own country but I travelled to Germany for their UserCon to present three of my favorite VMware flings. After the short vBrownbag at VMworld US in 2016 this was only my second time presenting in English. It also was my first time to exactly hit the spot timewise in the 30-minute timeslot I had.  Luckily the base for the presentation was good since I had done it at the Dutch VMUG UserCon (sorry it’s in Dutch) a couple of months earlier together with my good friend Hans Kraaijeveld. I had ten extra minutes though so instead of showing the slide deck I decided to show the tools instead of boring screenshots. Next time I just need to improve on some things and make a script on beforehand (thank you Johan for the Feedback) on what to do, but since I decided to change this the evening before in my hotel room preparation was suboptimal.

Besides the vmug’s I also managed to find me a spot on the vBrownbag schedule for VMworld Europe. I can’t really say that my presentation was a success, I was tired and just didn’t get into the proper flow for it. I did pick up some extra essential experience doing it though. Beside my own presentation I also had lots of fun on the vExpert daily broadcast.

Community

In 2017, I have started being more active on Reddit & VMTN. Specially reddit can be a flamewar every now and then but there are very decent topics and replies as well. On vmtn it’s really hit and miss about quality, some are decent posts but lots also prove that the ts (topicstarter) totally didn’t do their homework or have had any experience with the product they are trying to use.

The most fun community wise I had at the VMware Code Hackathon at VMworld EU. While our project didn’t go smoothly we had lots of fun and everyone learned at least a couple of things. Next time I will just make sure we have our own infrastructure available to us. And those hippie shirts simply rule.

VMworld itself was an awesome community event for me as well. While I still visited some sessions the hanging around with other vExperts and bloggers made it again an awesome event for me. At the beginning of November, I also visited the Nutanix .Next event and while there where less people over there that I knew I made some friends right away (or not Dugi?) and kept having fun with those selfies after I got some comments on looking grumpy at the first one. It was also good to finally meet some of the other NTC’s.

Events

2017 was a year with lots of awesome events for me. I visited not only the Dutch and German VMUG but also managed to squeeze the Belgium VMUG in my schedule was well. Then again VMworld EU and Nutanix .Next and in December I also visited the inaugural Dutch vEUC Techcon that had lots of great content.

Learning

In the learning zone, I managed more then I planned for in the beginning of 2017. I had agreed with my manager that it would be a quiet year for me an oh boy I did not keep myself to that agreement. First, there was the Certification ME work I did and got the certifications for: vcp-dcv 6.5, vcap7-dtm design and the vca-dbt exam. Ok this is not learning and doing the exam but by creating and checking the questions one can learn just as much in my opinion.

I did two actual exams in 2017: vcp7-dtm and vcap6-dtm deploy. The first one I passed and the 2nd one I sadly failed on, since it was my first vcap deploy I didn’t expect anything else and overall it was a good experience in preparing for the next one. Something certainly needed is an HD monitor and proper amounts of coffee in advance because the you need to stay sharp and time will be an issue.

As side projects in the learning department I also was active as content checker for three Packt videos and one book:

  • Videos
    • Learning VMware App Volumes
    • Designing and Deploying VMware Horizon View 7 and
    • Managing a Horizon 7 environment
  • Book
    • Mastering vSphere 6.5

Again, I learned a lot by working at these projects but they are very time intensive so I don’t know how eager I would be for coming projects.

 

2018

So, what am I expecting for 2018 personally? Hopefully I will be allowed again to speak at the Dutch VMUG Usercon, I proposed one personal session in the CfP and one session together with Hans Kraaijeveld. Also, I would love to extend my personal session and build it out to a VMworld quality and be able to deliver it there as well. Besides VMworld I would like to visit the BE vmug and Nutanix .Next also again this year.

In the community, I want to keep at least as active since my Nutanix NTC is already extended to 2018 and hopefully I will also receive vExpert again in 2018. The vExpert & NutanixNTC slack channels simply rock. Both have awesome vibes with lots of people always eager to help you with any questions you ask.

I only have one real learning goal so far for 2018 and that is to pass the vcap7-dtm deploy exam. Sadly, it hasn’t been released yet but that doesn’t say I can’t prepare for it either. My ultimate goal would be to become vcdx but that’s something I will only start working on this year, don’t expect me to submit soon. As something for fun, I might try my hands on the nsx certifications even though I am not a networking person or maybe something from Amazon since a lot of VMware admins seem to be heading that way as well.

 

For the rest, I have only this to add: Happy New Year and have an awesome 2018!

 

The VMware Labs flings monthly for December 2017

Another month, another year, welcome to 2018 where I will continue this monthly series about updated and new VMware labs flings. This month there where two new fling: The Cross vCenter Workload Migration Utility and Simple Natural Language Processing for iOS plus three updated flings: VMware OS Optimization Tool, vSphere HTML5 Web Client, and last but not least the App Volumes Backup Utility. Some familiar faces and some not so familiar let’s see what changed:

[sta_anchor id=”xvcenterutil” /]

Cross vCenter Workload Migration Utility

The first Fling is the brand new Cross vCenter Workload Migration Utility, previously one had to go command line to move VMs across vCenter servers but now the less CLI inclined people (or lazy people like me sometimes) can do it via a gui. This can be done within the same SSO domain but also across SSO domains. WIlliam Lam also wrote a good post about it.

Key Features

  • Completely UI-driven workflow for VM migration
  • Provides REST API for managing migration operations
  • Works with vCenter not a part of the same SSO domain
  • Support for batch migration of multiple VMs in parallel
  • Supports both live as well as cold migration of VMs
  • Performs storage vMotion, not requiring shared storage
  • Flexible network mappings between source and destination sites

[sta_anchor id=”sios” unsan=”SiOS” /]

Simple Natural Language Processing for iOS

To be honest: i have no clue what Simple Natural Language Processing for iOS is for, looks like something to use in your code to talk to the voice processing in iOS without cost and privacy concerns for using cloud based solutions.

Simple Natural Language Processing for iOS provides developers with a convenient framework for integrating Natural Language Processing (NLP) into their iOS Apps. When the developer provides a set of training phrases, Simple NLP will use Naïve Bayes Classification to predict the intent of an unfamiliar phrase and extract parameters such as a person’s name and dates.

While numerous cloud based solutions already exist to provide similar functionality, they may have associated cost and privacy concerns. With Simple NLP for iOS, your data won’t be sent to a server or cloud service for prediction. All NLP functionality is constrained to the device and processed natively.

We hope that you will find this Fling easy to use and beneficial to your project.

[sta_anchor id=”osot” unsan=”OSOT” /]

VMware OS Optimization Tool

Just a short update for the OSOT this month, more tools have been coming out that can do this but this one is stall my favorite OS Optimizer.

Changelog

December 14, 2017

  • Template update. Detailed change log for each template is in the online version of each template (accessed from Public Templates tab)

[sta_anchor id=”appvol” /]

App Volumes Backup Utility

As far as I know this is still the only way to backup those Appstacks and writable volumes and using a fling for that might be a risk.

Changelog

Version 2.0

  • Updated to use only PowerCLI to connect to vCenter/vSphere. Previous versions used the vSphere SOAP API along with PowerCLI which locked the application to a specific version of PowerCLI. Versions 2.0 and later of this application will work with any version of PowerCLI (6.0 and later). This change improves the speed of enumerating vCenter items
  • Added additional checks for PowerCLI and PowerShell
  • Additional optimizations and minor bug fixes

[sta_anchor id=”vspherehtml5″ /]

vSphere HTML5 Web Client

Like always the HTML5 Web Client received multiple updates, two to be exactly in december.

Changelog

Fling 3.31 – Build 7343373

New Features

  • Performance charts counter selection can be persisted. The counter selection are persisted per object type. The data is persisted in browser local storage.

Bug Fixes

  • Resume fault tolerance in manual DRS cluster will show DRS recommendations.
Fling 3.30 – Build 7271216

New Features

  • View License assets (Host/Cluster/Solutions)(Read-only)
  • License and Products features details
  • VC and Host License details (Configure > Licensing)
  • VDS health checks

Improvements

  • Warning dialog when the file download is blocked by the Browser’s Pop-up blocker

Bug Fixes

  • Issue where host advanced settings filter doesn’t work in edit is resolved.

The VMware Labs flings monthly for November 2017

A couple of days late this time but here is your monthly dose of Flings! No new ones but seven flings have been updated by VMware labs this month. The Horizon Toolbox, vSphere HTML5 Web Client and the ESXi Embedded host client make their almost monthly appearances while at least two other received updates in a long time: Cross vCenter Vm Mobility – CLI and the VMFork for pyVmomi. The HCIBench and Desktop Watermark also received an update.

 


ESXi Embedded Host Client

By now we should all be using the embedded host Client unless you are forced by greater powers to run on some ancient version of ESXi.

Version 1.24.0 build 7119706 (Fling 19) – November 13, 2017

Minor features and bugfixes
  • GeneralFix failure to deploy OVF/OVA image with disks attached to multiple disk controllers
  • Address race condition when adding new Network Adapter to virtual machine
  • Allow datastore browser to browse VVOL datastores
  • Address timeout issue in datastore browser when client receives unknown datatypes from host
  • Address issue disabling autostart for a VM
  • Allow downloading of flat VMDK files in datastore browser
  • Show the correct VMware Tools version string in VM summary
  • Show pager in VM editor when VM has many hard disks
  • Support OVF properties with pre-defined values, showing dropdowns
  • Allow modifications of root user’s permissions
  • Support for selecting dependent PCI devices when enabling passthrough
  • Other minor bug fixes


vSphere HTML5 Web Client

Like always the HTML5 Web Client received multiple updates in November so the changelog is rather long.

Fling 3.29 – Build 7157335

New Features

  • Configure traffic filtering and marking rules on distributed port groups
  • Export and import distributed switches and distributed port groups

Improvements

  • Configure the policies of distributed port groups inside the New Distributed Port Group wizard

Bug Fixes

  • Fixed an error when trying to edit the settings of VMs with failed installation or update of the VM tools
Fling 3.28 – Build 7110681

New Features

  • Configure advanced CPU Identification Mask
  • Select PVRDMA adapter type for a VM network

Improvements

  • Thanks to the fling users who gave the steps to replace the certificates for FAMI UI running at port 5490, added these instructions to v4 of “Create a new certificate for a HTML5 client fling” document

Bug Fixes

  • Licensing views should be visible for 6.0 VC/PSCs
Fling 3.27 – Build 7055108

New Features

  • Popout the Datastore File browser
  • License Details
  • View License VC assets (Read-only)

Improvements

  • Set license name in the Add License workflow

Known Issues

  • License UI might not work against 6.0 VCs, in particular Windows VCs/PSCs.
  • If you see error in the vSphere Client (HTML5) similar to this – ‘getHostIsAssignLicenseActionAvailable’, then you can resolve this error by following below steps:
    • If vSphere Client (HTML5) Fling appliance is pointed to a vCenter Server Appliance (VCSA), then you should reregister the fling appliance by logging in to FAMI UI (or by running the config-ui CLI). Refer the instructions document to follow the steps for configuring Fling appliance for VCSA.
    • If vSphere Client (HTML5) Fling appliance is pointed to a Windows vCenter Server, then reregister by downloading latest server-configure.bat from the Download section of this website. Refer the instructions document to follow the steps for configuring Fling appliance for Windows vCenter Server.


VMFork for pyVmomi

This fling has been around for a while and if you ever wanted to fork your VM’s without having to study PowerCLi then this one is for you. It has a warning that it only supports vSphere 6.0 and 6.5 and no newer releases but hey there are none yet so please use it if you like.

Changelog

Version 1.0.3

  • Fixed a bug that prevented CreateChildSpec from being referenced in versions of 6.5 of pyVmomi
  • Updated the requirement to include pyVmomi 6.5 only, up from 6.0, due to a dependency issue

Version 1.0.2

  • Bug fixes & Improvements


Desktop Watermark

Want to make sure screenshots will show that it is your Image being used then the Desktop Watermark fling can be the tool of choice. It can be used for auditing or exhibition purposes or any other way you like. And yes that type in the changelog is a straight copy/paste from the site.

Changelog

Build 1027

Addition

  • Password protection for the configuration & uninstllation


Cross vCenter VM Mobility – CLI

Ever needed to migrate or clones VM’s form one vCenter to the other while there they are not linked? then the Cross vCenter VM Mobility – CLI might be a good tool in your toolbox.

Changelog

Version 1.4

  • While migrating multiple vms with destination network option, only one vm used to get migrated.This issue has been fixed.


HCIBench

Need to benchmark a Hyperconverged Infrastructure? VDbench is one of the tools to use and VMware labs create the HCIBench to automate this tool. It received a couple of updates since my last post about it.

Changelog

Version 1.6.5.1

  • Enhanced IP segment selection
  • Set open file limit to 4096
  • Updated vm-tools to the latest version
  • Bug fixes

Version 1.6.5

  • Enhanced 95th percentile calculation.
  • Added Curve and Multi Run calculation.
  • Added SSH Service validation.
  • Replaced DHCP Service with Static IP Service.
  • Added IP conflict check.
  • Fixed bunch of bugs.
  • Change the default client VM RAM from 4GB to 8GB


Horizon Toolbox

Being an EUC guy myself this is one of my favorites. The Horizon Toolbox adds some very good tools for servicedesk and operations employees.

Changelog

2017 Nov 30

  • Add a new “Export” button to the clients table

 

Updated and new VMware Labs Flings for Oktober 2017

“Listen very carefully; I shall say this only once.”

Even after years this for me is one of the best quotes from any comedy series. Allo Allo always was so much fun to watch even though it looks pregistoric these days in video quality. For the people who don’t know Allo Allo please check out Michell from the resistance saying it herself over here. This months version of this post has two new flings and two updated ones. As almost always the vSphere HTML5 Web Client makes an appearance with the Horizon Toolbox as secondant, as you can see they have dropped the version number for the toolbox. New ones are the Blockchain on vSphere and the Desktop Watermark.

[sta_anchor id=”new” unsan=”New” /]

New Flings

[sta_anchor id=”watermark” unsan=”Watermark” /]

Desktop Watermark

Desktop Watermark is a Windows native application that adds a watermark to a desktop for Virtual Desktop Infrastructure (VDI) auditing or exhibition purposes. A watermark has the ability to be visible or invisible. Invisible watermarks, seen in the screenshot, can be revealed by a tool bundled in the Fling. The tool should be configured by an administrator and enforced on the end user’s desktop.

Changelog
Build 1019
Issue Fixes
  • Windows 10 – Installation failure on some machine with domain account
  • Issue fix – Windows 10 – During uninstallation the service is not automatically stopped

[sta_anchor id=”blockchain” unsan=”Blockchain” /]

Blockchain on vSphere

Blockchain is an emerging technology which has been gaining traction globally throughout the past few years. Industries like finance, logistics, and IoT are actively working on research and pilot projects using blockchain.

Fabric is a sub project under Hyperledger (a LinuxFoundation project), it is probably the most mature blockchain solution available now for business use cases.

The mission of Blockchain on vSphere is to provide an end-to-end blockchain solution, from IaaS, to Blockchain platform and Blockchain applications. It allows organizations to quickly collaborate and evaluate the new business models and processes by using the decentralized blockchain technology.

By using BoV, blockchain developers can quickly set up an environment to build and test their blockchain applications.

Changelog

Not yet

[sta_anchor id=”updated” unsan=”Updated” /]

Updated Flings

[sta_anchor id=”toolbox” unsan=”Toolbox” /]

Horizon Toolbox

Good old Horizon toolbox as said dropped its version number but continues to give you some features that the regular View Admin doesn’t have. Auditing on client versions, snapshots, usage and others are the great additions this tool gives.

Changelog

2017 Oct 12

  • Auditing – Clients are enhanced
  • Horizon 7.3.1 is supported
  • Some bugs are fixed

[sta_anchor id=”webclient” /]

vSphere HTML5 Web Client

What do I need to say about this one? Just update you’re existing version and enjoy this almost perfect vSphere client.

Changelog
Fling 3.26 – Build 6984758

New Features

  • License Products Details
  • Add New License action

Improvements

  • Enhanced the performance of the Datastore File Browser

Known Issues

  • If you see error in the vSphere Client (HTML5) similar to this – ‘getHostIsAssignLicenseActionAvailable’, then you can resolve this error by following below steps:
    • If vSphere Client (HTML5) Fling appliance is pointed to a vCenter Server Appliance (VCSA), then you should reregister the fling appliance by logging in to FAMI UI (or by running the config-ui CLI). Refer the instructions document to follow the steps for configuring Fling appliance for VCSA.
    • If vSphere Client (HTML5) Fling appliance is pointed to a Windows vCenter Server, then reregister by downloading latest server-configure.bat from the Download section of this website. Refer the instructions document to follow the steps for configuring Fling appliance for Windows vCenter Server.
Fling 3.25 – Build 6929189

New Features

  • Edit the properties and policies of distributed ports
  • Licenses list
  • License Products list (Read-only)
  • Rename and Remove License action
  • You can now deploy VM from a VM template by choosing New VM wizard > Deploy from template > Data center tab

Improvements

  • Rescan storage action is done in parallel when is executed on Cluster or Datacenter level
  • Replication groups can be managed through Edit VM Storage Policy action
  • Showing the number of pending upload sessions and size uploaded in Datastore File Browser

Bug Fixes

  • Template icon missing issue is resolved
  • After creating some Tags or accessing the Content Library and leaving the H5 client idle, the UI starts to spin and fails to display requested info. The following error starts to appear constantly: “The query execution timed out because of a back-end data adapter ‘com.vmware.vise.data.adapters.core.DataServiceCoreAdapter’”. This bug is fixed in this release and the time out error should no longer appear.

Known Issues

  • If you see error in the vSphere Client (HTML5) similar to this – ‘getHostIsAssignLicenseActionAvailable’, then you can resolve this error by following below steps:
    • If vSphere Client (HTML5) Fling appliance is pointed to a vCenter Server Appliance (VCSA), then you should reregister the fling appliance by logging in to FAMI UI (or by running the config-ui CLI). Refer the instructions document to follow the steps for configuring Fling appliance for VCSA.
    • If vSphere Client (HTML5) Fling appliance is pointed to a Windows vCenter Server, then reregister by downloading latest server-configure.bat from the Download section of this website. Refer the instructions document to follow the steps for configuring Fling appliance for Windows vCenter Server.
Fling 3.24 – Build 6862396

New Features

  • Ability to customize all network properties, incl. default gateways, when applying GOS customization spec to a VM (during cloning or customizing GOS on existing VM)
  • Add NVMe controller for an existing VM or for a new VM

Improvements

  • Enhanced Compatibility details view in VM provisioning wizards

Known Issues

  • Fling appliances pointed to vCenter 6.5 seems to have timeout issues. These issues are being investigated and are not related to fling itself. In some cases, restart the Fling Appliance could solve this problem
  • If you see error in the vSphere Client (HTML5) similar to this – ‘getHostIsAssignLicenseActionAvailable’, then you can resolve this error by following below steps:
    • If vSphere Client (HTML5) Fling appliance is pointed to a vCenter Server Appliance (VCSA), then you should reregister the fling appliance by logging in to FAMI UI (or by running the config-ui CLI). Refer the instructions document to follow the steps for configuring Fling appliance for VCSA.
    • If vSphere Client (HTML5) Fling appliance is pointed to a Windows vCenter Server, then reregister by downloading latest server-configure.bat from the Download section of this website. Refer the instructions document to follow the steps for configuring Fling appliance for Windows vCenter Server.

Removing faulty Horizon desktops using PowerCLI

So last week there where a couple of posts on vmtn about people wanting to automatically removing or refreshing faulty Horizon desktops. With faulty I mean desktops in Agent Unreachable or in error state or whatever status are available. Since this was something i had been investigating anyway I decided to make a script for it that had separate menu’s for the status the desktop needs to be and to pick the desktop to be deleted. The latter part can be rebuild to do all those desktops at once  in case something breaks pretty badly during a recompose of the pool.

The largest part of the script is for creating the menu’s. Since the amount of returned desktops is variable and names differ it’s not possible to use a static menu. Instead I have used a menu structure created by Roman Gelman and that can be found inside this script on github. The part that gets things done i have listed below. The $spec array doesn’t need to be created but it is required in the API call to remove the desktop, Powershell assumes everything true by default when it’s empty but it just has to be called otherwise you will get a big fat red error. To remove multiple desktops at once machine_deletemachines needs to be used with an array filled with desktop id’s and $spec.

$spec = New-Object VMware.Hv.machinedeletespec
$spec.deleteFromDisk=$TRUE

$desktops=@()
$desktops=get-hvmachine -state $targetstate
$selectdesktop=@()
foreach ($desktop in $desktops){
    $selectdesktop+= New-Object PSObject -Property @{"Name" = $desktop.base.name
    "ID" = $desktop.id;
    }
}

$selectdesktop=write-menu -menu ($desktops.base.name) -header "Select the desktop you want to remove"
$removedesktop=$desktops | where {$_.base.name -eq $selectdesktop}


try {
	$services1.machine.machine_delete($removedesktop.id, $spec)
	#$services1.machine.machine_reset($removedesktop.id, $spec)	
	write-host "$selectdesktop will be marked for deletion" -ForegroundColor Green
}
catch {
	write-host "Error deleting $selectdesktop" -ForegroundColor Red
}

As always the complete script can be found at Github where it will also be updated. This is how it looks in the end:

Update

After the comment below I decided to create the script to delete all desktops in a certain state. It’s a variation of the script above, just a bit shorter. Again it can be found on Github. Please be aware that due to a limitation in get-hvmachine both these scripts will only handle 1000 desktops at a time. It is safe to just repeat the script to do the rest.

https://github.com/Magneet/Various_Scripts/blob/master/remove_faulty_VDI_desktop.ps1

https://github.com/Magneet/Various_Scripts/blob/master/remove_multiple_faulty_VDI_desktops.ps1

Creating local ESXi user in a locked down situation and add it to exception list

So my customer asked for a solution to add local users on ESXi hosts that are in lockdown mode. A side quest was to add these to the lockdown exception list. The use case for this is app volumes, they want to be able to keep using them in case the vCenter server goes down. The trick to this that you need to talk to two different viserver entities. The vCenter server and the local ESXi host since you can add those users via vCenter.

Offcourse PowerCLI to the rescue! I decided to do everything in a try catch construction for some error handling and to give some visual output. These cab be stripped if you want but i like some feedback.

Some of the outtakes:

(get-vmhost $vmhost | get-view).ExitLockdownMode()
(get-vmhost $vmhost | get-view).EnterLockdownMode()

These two disable and enable the current lockdown mode, this is necessary before being able to create the local user.

Try {
$account = Get-VMHostAccount -server $vmhost.name -Id $accountName -ErrorAction Stop |
Set-VMHostAccount -server $vmhost.name -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($accountPswd))) -Description $accountDescription 
}
Catch   {
$account = New-VMHostAccount -server $vmhost.name -Id $accountName -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($accountPswd))) -Description $accountDescription -UserAccount -GrantShellAccess 
}

Some encryption stuff in here but that’s because I dislike having password visible as plain tekst. This first test if the account exists and then sets the password and description. If the user doesn’t exist it will create the user for you.

 $rootFolder = Get-Folder -server $vmhost.name -Name ha-folder-root
 New-VIPermission -server $vmhost.name -Entity $rootFolder -Principal $account -Role admin

This gives the newly created or edited user the admin role. If you want to use a custom role this could be added to the script, we decided to go for the admin role since app volumes needs an awful lot of rights anyway. In that case i would recommend to use a variable for role name and create it per host using new-VIrole

$HostAccessManager = Get-View -Server $vCenter $vmhost.ExtensionData.ConfigManager.HostAccessManager
$HostAccessManager.UpdateLockdownExceptions($accountName)

This simply adds the user to the lockdown exception list.

So now the complete script:

#-------------------------------------------------
# Create local ESXi user with admin rights and lockdown exception while the host is in lockdown mode
# 
# Requires PowerCLI 6.5 or higher (module based not snappin)
# Based on scripts by Luc Dekens and others
#
# Version 1.0
# 09-10-2017
# Created by: Wouter Kursten
#
#-------------------------------------------------
#
# Load the required VMware modules (for PowerShell only)

Write-Host "Loading VMware PowerCLI Modules" -ForegroundColor Green
try	{
    get-module -listavailable vm* | import-module -erroraction stop
}
catch	{
    write-host "No Powercli found" -ForegroundColor Red
}

#Ask for connection information

$vcenter=Read-Host "Enter vCenter server name"
$Target = Read-Host "Which hosts? (i.e. server*)"
$rootpassword = Read-Host "Enter root Password" -AsSecureString
$accountName = $userPassword = Read-Host "Enter New Username"
$accountDescription = $userPassword = Read-Host "Enter New User description"
$accountPswd = Read-Host "Enter New User Password" -AsSecureString
$rootuser="root"

# Connect to vCenter
$connectedvCenter = $global:DefaultVIServer

if($connectedvCenter.name -ne $vcenter){
	Connect-VIServer $vCenter -wa 0 | Out-Null
	Write-Host "Connected"
	Write-Host " "
}

# Get the host inventory from vCenter
$vmhosts = Get-VMHost $Target | Sort Name

foreach($vmhost in $vmhosts){
    try {
        (get-vmhost $vmhost | get-view).ExitLockdownMode()
        write-host "Lockdown disabled for $vmhost" -foregroundcolor green
    }
    catch   {
        write-host "can't disable lockdown for $vmhost maybe it's already disabled" -foregroundcolor Red
    }

    connect-viserver -server $vmhost -user $rootuser -password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($rootpassword))) -wa 0 -notdefault | Out-Null

    Try {
        $account = Get-VMHostAccount -server $vmhost.name -Id $accountName -ErrorAction Stop |
        Set-VMHostAccount -server $vmhost.name -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($accountPswd))) -Description $accountDescription 
    }
    Catch   {
        $account = New-VMHostAccount -server $vmhost.name -Id $accountName -Password ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($accountPswd))) -Description $accountDescription -UserAccount -GrantShellAccess 
    }
    
    $rootFolder = Get-Folder -server $vmhost.name -Name ha-folder-root
    New-VIPermission -server $vmhost.name -Entity $rootFolder -Principal $account -Role admin

    #Adding the new user to the Lockdown Exceptions list
    $HostAccessManager = Get-View -Server $vCenter $vmhost.ExtensionData.ConfigManager.HostAccessManager
    $HostAccessManager.UpdateLockdownExceptions($accountName)
     
      
    Disconnect-VIServer $vmhost.name -Confirm:$false  
    try {	
        (get-vmhost $vmhost | get-view).EnterLockdownMode()
        write-host "Lockdown enabled for $vmhost" -foregroundcolor green
    }
    catch   {
        write-host "can't disable lockdown for $vmhost maybe it's already Enabled?" -foregroundcolor Red}
    }
}

    Disconnect-VIServer -Confirm:$false

Future versions of this script will not be edited on here so always check the latest version on github.

 

Horizon view vCheck : Pool Overview plugin

So one of the things still missing in the Horizon View vCheck was a plugin that simply gives an overview of all Pools with their status. In short what I am talking about is a translation from this view:

Although this sounds easy there where a lot of challenges for this one. First of all there are three separate pool types: Automated,Manual and RDS and all of them have subtypes like VIEW_COMPOSER,VIRTUAL_CENTER,FULL_CLONES,INSTANT_CLONE_ENGINE,UNMANAGED or RDS and not all of these subtypes are available for all pool types. This gives a lot of options that need to be separated for the pool types. Also the VIRTUAL_CENTER subtype is used for both manually added desktops that reside on a vSphere environment and for an automatic pool creating full clones. The FULL_CLONES subtype I haven’t been able to create in my lab yet.

Further outputs like true, false or any of the subtypes above weren’t clear enough for me to use as output. For this I learned a new trick in my book called switch.

switch ($source)
		{
			VIRTUAL_CENTER {$sourceoutput="vCenter Managed Desktop"}
			FULL_CLONES {$sourceoutput="Full Clones"}
			VIEW_COMPOSER {$sourceoutput="Linked Clones"}
			INSTANT_CLONE_ENGINE {$sourceoutput="Instant Clones"}
			UNMANAGED {$sourceoutput="Non-vCenter Desktops"}
			RDS {$sourceoutput="RDS Desktops"}
			{$_ -eq "VIRTUAL_CENTER" -AND $pool.type -eq "Automated"} {$sourceoutput="Full Clones"}
			{$_ -eq "VIRTUAL_CENTER" -AND $pool.type -eq "MANUAL"} {$sourceoutput="Manually Added vCenter Managed Desktops"}
			default {$sourceoutput="No Source data available"}
		}

Some documentation for the switch command can be found here but what it in short does is match the variable u use as input and sets or gives some output based on that. Also it can do a comparison as in above example so I was able to distinguish between Full Clones and Manually Added vCenter Managed Desktops. One thing to be aware of is that it will go trough the complete list. At first I had the two lines with the comparison in it at the top but that got overwritten since below it VIRTUAL_CENTER was recognized and the $sourceoutput would be based on that.

The Automated and Manual pools use a very similar set of code, the biggest difference is that one gets the data from the AutomatedDesktopData propertywhile the other gets it from the manualdesktopdata property.

	if ($pool.type -eq "Automated"){
		$Automaticassignment=$pool.AutomatedDesktopData.UserAssignment.AutomaticAssignment
		switch ($Automaticassignment)
		{
			$TRUE {$Automaticassignmentoutput="Automatic"}
			$FALSE {$Automaticassignmentoutput="Manual"}
			default {$Automaticassignmentoutput="No Assignment Status Available"}
		}
		$Pooloverview+=New-Object PSObject -Property @{"Name" = $pool.base.name;
			"Displayname" = $pool.base.DisplayName;
			"Description" = $pool.base.Description;
			"Status" = $poolstatusoutput;
			"Provisioning" = $ProvisioningStatusoutput;
			"Type" = $pool.type;
			"Source" = $sourceoutput;
			"User_Assignment" = $pool.AutomatedDesktopData.UserAssignment.userassignment;
			"Assignment_Type" = $Automaticassignmentoutput;
			}
		}
	elseif ($pool.type -eq "MANUAL"){
		$Automaticassignment= $pool.manualdesktopdata.UserAssignment.AutomaticAssignment
		switch ($Automaticassignment)
		{
			$TRUE {$Automaticassignmentoutput="Automatic"}
			$FALSE {$Automaticassignmentoutput="Manual"}
			default {$Automaticassignmentoutput="No Assignment Status Available"}
		}
		$Pooloverview+=New-Object PSObject -Property @{"Name" = $pool.base.name;
		"Displayname" = $pool.base.DisplayName;
		"Description" = $pool.base.Description;
		"Status" = $poolstatusoutput;
		"Provisioning" = $ProvisioningStatusoutput;
		"Type" = $pool.type;
		"Source" = $sourceoutput;
		"User_Assignment" = $pool.manualdesktopdata.UserAssignment.UserAssignment;
		"Assignment_Type" = $Automaticassignmentoutput;
			}
		}

The RDS block gives a totally different view though. The information had to be pulled from the farms that are the backend for the desktops.

	elseif ($pool.type -eq "RDS"){
		$source=($services1.farm.farm_get($pool.rdsdesktopdata.farm)).source
		$ProvisioningStatus=($services1.farm.farm_get($pool.rdsdesktopdata.farm)).automatedfarmdata.VirtualCenterProvisioningSettings.enableprovisioning
		switch ($source)
		{
			VIEW_COMPOSER {$sourceoutput="Linked Clones RDS Hosts"}
			INSTANT_CLONE_ENGINE {$sourceoutput="Instant Clones RDS Hosts"}
			default {$sourceoutput="Manually Added RDS Hosts"}
		}

		switch ($ProvisioningStatus)
		{
			$True {$ProvisioningStatusoutput="Enabled"}
			$False {$ProvisioningStatusoutput="Disabled"}
			default {$ProvisioningStatusoutput="N/A"}
		}

		$Pooloverview+=New-Object PSObject -Property @{"Name" = $pool.base.name;
		"Displayname" = $pool.base.DisplayName;
		"Description" = $pool.base.Description;
		"Status" = $poolstatusoutput;
		"Provisioning" = $ProvisioningStatusoutput;
		"Type" = ($services1.farm.farm_get($pool.rdsdesktopdata.farm)).type;
		"Source" = $sourceoutput;
		"User_Assignment" = "N/A";
		"Assignment_Type" = "N/A";
			}
		}

And when done I ended up with the following script. As usual it might get some improvements or I need to squash some bug so better check the latest version on Github.

# Start of Settings
# End of Settings

$Pooloverview=@()
foreach ($pool in $pools){
	$poolstatus=$pool.DesktopSettings.Enabled 
	$ProvisioningStatus=$pool.AutomatedDesktopData.VirtualCenterProvisioningSettings.enableprovisioning
	$source=$pool.source
	switch ($poolstatus)
		{
			$True {$poolstatusoutput="Enabled"}
			$False {$poolstatusoutput="Disabled"}
			default {$poolstatusoutput="No Pool Status available"}
		}

	switch ($ProvisioningStatus)
		{
			$True {$ProvisioningStatusoutput="Enabled"}
			$False {$ProvisioningStatusoutput="Disabled"}
			default {$ProvisioningStatusoutput="No Pool Provisioning Status available"}
		}

	switch ($source)
		{
			VIRTUAL_CENTER {$sourceoutput="vCenter Managed Desktop"}
			FULL_CLONES {$sourceoutput="Full Clones"}
			VIEW_COMPOSER {$sourceoutput="Linked Clones"}
			INSTANT_CLONE_ENGINE {$sourceoutput="Instant Clones"}
			UNMANAGED {$sourceoutput="Non-vCenter Desktops"}
			RDS {$sourceoutput="RDS Desktops"}
			{$_ -eq "VIRTUAL_CENTER" -AND $pool.type -eq "Automated"} {$sourceoutput="Full Clones"}
			{$_ -eq "VIRTUAL_CENTER" -AND $pool.type -eq "MANUAL"} {$sourceoutput="Manually Added vCenter Managed Desktops"}
			default {$sourceoutput="No Source data available"}
		}

	if ($pool.type -eq "Automated"){
		$Automaticassignment=$pool.AutomatedDesktopData.UserAssignment.AutomaticAssignment
		switch ($Automaticassignment)
		{
			$TRUE {$Automaticassignmentoutput="Automatic"}
			$FALSE {$Automaticassignmentoutput="Manual"}
			default {$Automaticassignmentoutput="No Assignment Status Available"}
		}
		$Pooloverview+=New-Object PSObject -Property @{"Name" = $pool.base.name;
			"Displayname" = $pool.base.DisplayName;
			"Description" = $pool.base.Description;
			"Status" = $poolstatusoutput;
			"Provisioning" = $ProvisioningStatusoutput;
			"Type" = $pool.type;
			"Source" = $sourceoutput;
			"User_Assignment" = $pool.AutomatedDesktopData.UserAssignment.userassignment;
			"Assignment_Type" = $Automaticassignmentoutput;
			}
		}

	elseif ($pool.type -eq "MANUAL"){
		$Automaticassignment= $pool.manualdesktopdata.UserAssignment.AutomaticAssignment
		switch ($Automaticassignment)
		{
			$TRUE {$Automaticassignmentoutput="Automatic"}
			$FALSE {$Automaticassignmentoutput="Manual"}
			default {$Automaticassignmentoutput="No Assignment Status Available"}
		}
		$Pooloverview+=New-Object PSObject -Property @{"Name" = $pool.base.name;
		"Displayname" = $pool.base.DisplayName;
		"Description" = $pool.base.Description;
		"Status" = $poolstatusoutput;
		"Provisioning" = $ProvisioningStatusoutput;
		"Type" = $pool.type;
		"Source" = $sourceoutput;
		"User_Assignment" = $pool.manualdesktopdata.UserAssignment.UserAssignment;
		"Assignment_Type" = $Automaticassignmentoutput;
			}
		}	

	elseif ($pool.type -eq "RDS"){
		$source=($services1.farm.farm_get($pool.rdsdesktopdata.farm)).source
		$ProvisioningStatus=($services1.farm.farm_get($pool.rdsdesktopdata.farm)).automatedfarmdata.VirtualCenterProvisioningSettings.enableprovisioning
		switch ($source)
		{
			VIEW_COMPOSER {$sourceoutput="Linked Clones RDS Hosts"}
			INSTANT_CLONE_ENGINE {$sourceoutput="Instant Clones RDS Hosts"}
			default {$sourceoutput="Manually Added RDS Hosts"}
		}

		switch ($ProvisioningStatus)
		{
			$True {$ProvisioningStatusoutput="Enabled"}
			$False {$ProvisioningStatusoutput="Disabled"}
			default {$ProvisioningStatusoutput="N/A"}
		}

		$Pooloverview+=New-Object PSObject -Property @{"Name" = $pool.base.name;
		"Displayname" = $pool.base.DisplayName;
		"Description" = $pool.base.Description;
		"Status" = $poolstatusoutput;
		"Provisioning" = $ProvisioningStatusoutput;
		"Type" = ($services1.farm.farm_get($pool.rdsdesktopdata.farm)).type;
		"Source" = $sourceoutput;
		"User_Assignment" = "N/A";
		"Assignment_Type" = "N/A";
			}
		}
}

$Pooloverview | select Name,Displayname,Description,Status,Provisioning,Type,Source,User_Assignment,Assignment_Type
$Title = "Overview of all Pools"
$Header = "Overview of all Pools"
$Comments = "Gives an overview of the general status of all pools"
$Display = "Table"
$Author = "Wouter Kursten"
$PluginVersion = 0.1
$PluginCategory = "View"

And a screenshot of the result:

VMworld EU 2017 Day 3

Day three, the last one, was a short day for me this year. I had an appointment with the VMware Design studio at 8am but the gates didn’t open until 8 as well and I had to drop my suitcase first so I rescheduled it to 9.15 while talking to the guy that I would have the session with! After this I decided to go to the vmtn area to finish up my powerpoint for the vBrownbag I would be doing by noon. I kept changing and changing stuf and somehow managed to remove the one slide you need when generating output: the output itself. Also during the presentation I never got into a good flow so I wasn’t happy with the end result. After this there where some rumors about horrible queues at the airport so I scrambled to get there but in the end the line to drop off my suitcase took longer then security.

VMworld EU 2017 Day 2

Holy Guacamole (say that loud, sounds good) what a rush VMworld has been so far for me. After the keynote I was one of the guests on the vExpert daily show which is just a chat about VMworld so far,w hat you expect and any new stuff. The most fun we had was with my answer on my favorite taste of icecream: smurfs.

I did a couple of breakouts today. Both have been about Horizon, one was a good overview about the new stuf to expect from VMware and the other a real deep dive into the Blast Extreme protocol. That one helped me a lot about understanding what happens with it. Later in the afternoon I did a quick hands on lab and a couple of vBrownbag sessions. This was before getting a tour at the Mare Nostrum Supercomputer site. This is the 13th fastest in the world and it was really nice to see how this is build. An even more fun part where the old systems they used in the past over there. I will add some pictures of that in a couple of days.

The evening it was time for the Kaiser Chiefs but after a couple of songs and more beers I decided to tap out and head back to the hotel. Stepcount for the day was 16077.