Powercli script to (forcefully) log off Horizon users

A long time ago in a galaxy far far away I wrote this blog post to log a user off from their vdi session. Today I got an inquiry from Robin Stolpe that he was trying to make it a script with arguments instead if the menu’s but was having some issues with that. This gave me the chance to make it a bit nicer of a script with the option to user username/domain/password as credentials but also a credentialfile , optional forcefully logging off the users and with Robin’s requirements of being able to provide the exact username and the machine that user is working on.

The script can be ran like this:

D:\GIT\Scripts\logoff_user.ps1 -Credentialfile "D:\homelab\creds.xml" -TargetUser "loft.lab\m_wouter" -TargetMachine "lp-001.loft.lab" -ConnectionServerFQDN loftcbr01.loft.lab

or with credentials and the -force parameter

D:\GIT\Scripts\logoff_user.ps1 -TargetUser "loft.lab\m_wouter" -TargetMachine "lp-001.loft.lab" -ConnectionServerFQDN loftcbr01.loft.lab -Username m_wouter -domain loft.lab -password "HAHAHAHA" -force

Now let’s have a look how the script is build.

So I started with the parameters and for that I included 2 parameter sets so you can either choose to have the separate credentials or to use a credentials file.

[CmdletBinding()]
Param
(
    [Parameter(Mandatory=$False,
    ParameterSetName="separatecredentials",
    HelpMessage='Enter a username' )]
    [ValidateNotNullOrEmpty()]
    [string] $Username,

    [Parameter(Mandatory=$false,
    ParameterSetName="separatecredentials",
    HelpMessage='Domain i.e. loft.lab' )]
    [string] $Domain,

    [Parameter(Mandatory=$false,
    ParameterSetName="separatecredentials",
    HelpMessage='Password in plain text' )]
    [string] $Password,

    [Parameter(Mandatory=$true,  HelpMessage='FQDN of the connectionserver' )]
    [ValidateNotNullOrEmpty()]
    [string] $ConnectionServerFQDN,

    [Parameter(Mandatory=$false,
    ParameterSetName="credsfile",
    HelpMessage='Path to credentials xml file' )]
    [ValidateNotNullOrEmpty()]
    [string] $Credentialfile,

    [Parameter(Mandatory=$false, HelpMessage='Synchronise the local site only' )]
    [switch] $Force,

    [Parameter(Mandatory=$false,  HelpMessage='username of the user to logoff (domain\user i.e. loft.lab\user1')]
    [ValidateNotNullOrEmpty()]
    [string] $TargetUser,

    [Parameter(Mandatory=$false, HelpMessage='dns name of the machine the user is on i.d. lp-002.loft.lab')]
  [string] $TargetMachine
)

Than I check if a credential file was supplied and if I can actually import it

if($Credentialfile -and ((test-path $Credentialfile) -eq $true)){
    try{
        write-host "Using credentialsfile"
        $credentials=Import-Clixml $Credentialfile
        $username=($credentials.username).split("\")[1]
        $domain=($credentials.username).split("\")[0]
        $secpw=$credentials.password
        $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secpw)
        $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
    }
    catch{
        write-error -Message "Error importing credentials"
        break
    }
}
elseif($Credentials -and ((test-path $credentials) -eq $false)){
    write-error "Invalid Path to credentials file"
}
elseif($username -and $Domain -and $Password){
    write-host "Using separate credentials"
}

The file doesn’t exist:

Or an error importing the xml (duh, what do you think what happoens when you use a json instead of xml, fool!)

Then it’s a matter of logging in, performing a query and checking if there’s really a session for this user. As you can see I am using machineOrRDSServerDNS so it should also work for RDS sessions.

$hvserver1=connect-hvserver $ConnectionServerFQDN -user $username -domain $domain -password $password
$Services1= $hvServer1.ExtensionData

$queryService = New-Object VMware.Hv.QueryServiceService
$sessionfilterspec = New-Object VMware.Hv.QueryDefinition
$sessionfilterspec.queryEntityType = 'SessionLocalSummaryView'
$sessionfilter1= New-Object VMware.Hv.QueryFilterEquals
$sessionfilter1.membername='namesData.userName'
$sessionfilter1.value=$TargetUser
$sessionfilter2= New-Object VMware.Hv.QueryFilterEquals
$sessionfilter2.membername='namesData.machineOrRDSServerDNS'
$sessionfilter2.value=$TargetMachine
$sessionfilter=new-object vmware.hv.QueryFilterAnd
$sessionfilter.filters=@($sessionfilter1, $sessionfilter2)
$sessionfilterspec.filter=$sessionfilter
$session=($queryService.QueryService_Create($Services1, $sessionfilterspec)).results
$queryService.QueryService_DeleteAll($services1)
if($session.count -eq 0){
    write-host "No session found for $targetuser on $targetmachine"
    break
}

And last but not least logging the user of with or without the -force option

if($Force){
    write-host "Forcefully logging off $targetUser from $targetmachine"
    $Services1.Session.Session_Logoffforced($session.id)
}
else{
    write-host "Logging off $targetUser from $targetmachine"
    try{
        $Services1.Session.Session_Logoff($session.id)
    }
    catch{
        write-error "error logging the user off, maybe the sessions was locked. Try with -force"
    }
}

This session was locked

So let’s force that thing

And here’s the entire script but you can also find it on my github.

[CmdletBinding()]
Param
(
    [Parameter(Mandatory=$False,
    ParameterSetName="separatecredentials",
    HelpMessage='Enter a username' )]
    [ValidateNotNullOrEmpty()]
    [string] $Username,

    [Parameter(Mandatory=$false,
    ParameterSetName="separatecredentials",
    HelpMessage='Domain i.e. loft.lab' )]
    [string] $Domain,

    [Parameter(Mandatory=$false,
    ParameterSetName="separatecredentials",
    HelpMessage='Password in plain text' )]
    [string] $Password,

    [Parameter(Mandatory=$true,  HelpMessage='FQDN of the connectionserver' )]
    [ValidateNotNullOrEmpty()]
    [string] $ConnectionServerFQDN,

    [Parameter(Mandatory=$false,
    ParameterSetName="credsfile",
    HelpMessage='Path to credentials xml file' )]
    [ValidateNotNullOrEmpty()]
    [string] $Credentialfile,

    [Parameter(Mandatory=$false, HelpMessage='Synchronise the local site only' )]
    [switch] $Force,

    [Parameter(Mandatory=$false,  HelpMessage='username of the user to logoff (domain\user i.e. loft.lab\user1')]
    [ValidateNotNullOrEmpty()]
    [string] $TargetUser,

    [Parameter(Mandatory=$false, HelpMessage='dns name of the machine the user is on i.d. lp-002.loft.lab')]
  [string] $TargetMachine
)

if($Credentialfile -and ((test-path $Credentialfile) -eq $true)){
    try{
        write-host "Using credentialsfile"
        $credentials=Import-Clixml $Credentialfile
        $username=($credentials.username).split("\")[1]
        $domain=($credentials.username).split("\")[0]
        $secpw=$credentials.password
        $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secpw)
        $password = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
    }
    catch{
        write-error -Message "Error importing credentials"
        break
    }
}
elseif($Credentials -and ((test-path $credentials) -eq $false)){
    write-error "Invalid Path to credentials file"
    break
}
elseif($username -and $Domain -and $Password){
    write-host "Using separate credentials"
}


$hvserver1=connect-hvserver $ConnectionServerFQDN -user $username -domain $domain -password $password
$Services1= $hvServer1.ExtensionData

$queryService = New-Object VMware.Hv.QueryServiceService
$sessionfilterspec = New-Object VMware.Hv.QueryDefinition
$sessionfilterspec.queryEntityType = 'SessionLocalSummaryView'
$sessionfilter1= New-Object VMware.Hv.QueryFilterEquals
$sessionfilter1.membername='namesData.userName'
$sessionfilter1.value=$TargetUser
$sessionfilter2= New-Object VMware.Hv.QueryFilterEquals
$sessionfilter2.membername='namesData.machineOrRDSServerDNS'
$sessionfilter2.value=$TargetMachine
$sessionfilter=new-object vmware.hv.QueryFilterAnd
$sessionfilter.filters=@($sessionfilter1, $sessionfilter2)
$sessionfilterspec.filter=$sessionfilter
$session=($queryService.QueryService_Create($Services1, $sessionfilterspec)).results
$queryService.QueryService_DeleteAll($services1)
if($session.count -eq 0){
    write-host "No session found for $targetuser on $targetmachine"
    break
}

if($Force){
    write-host "Forcefully logging off $targetUser from $targetmachine"
    $Services1.Session.Session_Logoffforced($session.id)
}
else{
    write-host "Logging off $targetUser from $targetmachine"
    try{
        $Services1.Session.Session_Logoff($session.id)
    }
    catch{
        write-error "error logging the user off, maybe the sessions was locked. Try with -force"
    }
}

Quickly grabbing all available REST api url’s for your Horizon version

One of the challenges with the Horizon REST API’s is that they are not feature complete yet and if you ain’t on the latest version you need to scroll trough the api explorer or Swagger UI to find if the URL you need is available. I have created a short script for both python and powershell that will show all the available urls.

If you’ve taken a good look at the Swagger page you’ll see there’s a link to the api docs almost at the top

If you open this you get something that looks like a json but it’s not readable (yet!)

Let’s grab the url’s with powershell first

$data = Invoke-WebRequest https://pod2cbr1.loft.lab/rest/v1/api-docs?group=Default
$json = $data |ConvertFrom-Json
$json.paths

this will give you all the available url’s from the docs and the methods they support

Now if you want to drill down deeper you can do a select -expandproperty on the url’s and with a get-member you get the available calls

$json.paths | select -expandproperty "/inventory/v1/rds-servers/{id}" | Get-Member

and with another select -expandproperty you see all the details

$json.paths | select -expandproperty "/inventory/v1/rds-servers/{id}" | select -ExpandProperty get

With Python you can start with something similar

import json,requests,urllib 
requests.packages.urllib3.disable_warnings() 
response = requests.get("https://pod2cbr1.loft.lab/rest/v1/api-docs?group=Default" , verify=False) 
data = response.json() 
for i in data["paths"]: 
    print(i)

but this will just give the url’s

To be able to drill down I decided to bring the url, method and the description into a list and print that if needed. This example is just with the method and url but you can add the description as well. The list is to make it easier to filter on.

import json,requests,urllib
requests.packages.urllib3.disable_warnings()
response = requests.get("https://pod2cbr1.loft.lab/rest/v1/api-docs?group=Default" , verify=False)

data = response.json()

list=[]
paths=data["paths"]

for i in paths:
    for method in paths[i]:
        obj = {}
        obj["method"] = method
        obj["url"] = i
        obj["description"] = paths[i][method]
        list.append(obj)

for i in list:
    print(i["method"], i["url"])

The VMware Labs flings monthly for February 2021 – Reach alert!

It’s been a busy month on the flings front, no less than 17(!!) new releases and updated flings. This is how my browser tabs look:

If I have therm all correct there are 6 new releases and 10 updates (2 1 of which update without a changelog so a boo for that!) so this post is going to be a long one!

New Releases

Community NVMe Driver for ESXi

VMware Cloud Foundation Powernova

Workspace ONE Access Migration Tool

Sample Data Platform Deployment on Virtualized Cloud Infrastructure

Community Networking Driver for ESXi

Code Stream Concourse Integrator

Updates

ESXi Compatibility Checker

VMware Machine Learning Platform

Virtualized High Performance Computing Toolkit

Horizon Peripherals Intelligence

Workspace ONE App Analyzer for macOS

VMware OS Optimization Tool

Horizon Helpdesk Utility

HCIBench

Horizon Reach

Workspace ONE Discovery

App Volumes Migration Utility

New Releases

[sta_anchor id=”cndfe” /]

Community NVMe Driver for ESXi

This Fling is a collection of ESXi Native Drivers which enables ESXi to recognize and consume various NVMe-based storage devices. These devices are not officially on the VMware HCL and have been developed to enable and support the VMware Community.

Currently, this Fling provides an emulated NVMe driver for the Apple 2018 Intel Mac Mini 8,1 and the Apple 2019 Intel Mac Pro 7,1 allowing customers to use the local NVMe SSD with ESXi. This driver is packaged up as an Offline Bundle and is only activated when it detects ESXi has been installed on either an Apple Mac Mini or Apple Mac Pro.

[sta_anchor id=”vcfp” /]

VMware Cloud Foundation Powernova

VMware Cloud Foundation Powernova is a Fling built on top of VCF that provides the users the ability to perform Power Operations (Power ON, Power OFF) seamlessly across the entire inventory. It has a sleek UI to visualize the entire VCF inventory (which is the first of its kind for VCF) across the domains of VCF.

The UI is easy to use and elucidates the current Health and Power State of each node in the VCF inventory. Powernova lets the user work on the Power Operations on the components with domain specific inter dependencies automatically resolved.

Powernova also performs valid health checks on all nodes in the VCF inventory to ensure Power Operations are performed only on healthy nodes. Powernova takes minimal input (4 user defined inputs on their VCF system) and does all the magic for the users behind the scenes.

If any infrastructure maintenance activity, VCF migration activity, or power operations need to be performed only on specific domains in VCF, then Powernova is the one stop solution for all VCF users.

[sta_anchor id=”wsoamt” /]

Workspace ONE Access Migration Tool

Workspace ONE Access Migration Tool helps ease migration of Apps from one WS1 Access tenant to another (on-premises to SaaS or SaaS to SaaS) and use cases that require mirroring one tenant to another (for setting up UAT from PROD or vice versa) by providing capabilities listed below

Features
  • Copying of App Categories
  • Migrating Weblinks (3rd party IDP), icons as is
  • Creating a link to federated apps and copying the icons (to maintain the same user experience)
  • Copying App Assignment to a Category mapping

[sta_anchor id=”sdpdovci” /]

Sample Data Platform Deployment on Virtualized Cloud Infrastructure

Data is king and your users need a sample data platform quickly.

With this Fling, you will leverage your VMware Cloud Foundation 4.0 with vRealize Automation deployment and stand a sample data platform based on vSphere Virtual Machines in less than 20-minutes comprising of Kafka, Spark, Solr, and ELK.

You can also choose whether to deploy a wavefront proxy and configure the components to send data to the wavefront proxy or use your own.

[sta_anchor id=”cndfe” /]

Community Networking Driver for ESXi

This Fling is a collection of ESXi Native Drivers which enables ESXi to recognize and consume various PCIe-based network adapters (See Requirements for details). These devices are not officially on the VMware HCL and have been developed to enable and support the VMware Community.

[sta_anchor id=”csci” /]

Code Stream Concourse Integrator

The Code Stream Concourse Integrator (CSCI) Fling provides integration between a vRealize Automation Code Stream and Concourse CI tools with which users can trigger Concourse CI pipelines from Code Stream pipelines without any additional tooling/scripting. This enables users to use the features from both the tools flexibly and seamlessly as per their needs. This solution is built using Code Stream’s extensibility feature named Custom Integration.

Updates

[sta_anchor id=”ecc” /]

ESXi Compatibility Checker

The ESXi Compatibility Checker helps the vSphere admin out in checking if their environment will work with later versions of ESXi. [non-sponsored advertisement]Also check Runecast, they can run a simulation for you as well.[/non-sponsored advertisement]

Changelog

Build 20210219

  • Fix for ESX / VC 7.0 U1 Versioning issues
  • A new logo 😉

[sta_anchor id=”vmlp” /]

VMware Machine Learning Platform

Our goal is to provide an end-to-end ML platform for Data Scientists to perform their job more effectively by running ML workloads on top of VMware infrastructure.

Using vMLP allows to:

Save the costs by enabling efficient use of shared GPUs for ML workfloads
Reduce the risks of broken Data Science workflows by leveraging well-tested and ready-to-use demos and project templates
Faster “go-to-market” for ML models by utilizing end-to-end oriented tooling including fast and easy model deployment and serving via standardized REST API

Changelog

Version 0.4.1

  • Jupyter: R Kernel
  • Jupyter: BitFusion 2.5.0 Demo
  • Jupyter: MADlib/RTS4MADlib on Greenplum Demo
  • Multiple bug fixes

[sta_anchor id=”vhpct” /]

Virtualized High Performance Computing Toolkit

This toolkit is intended to facilitate managing the lifecycle of these special configurations by leveraging vSphere APIs. It also includes features that help vSphere administrators perform some common vSphere tasks that are related to creating such high-performing environments, such as VM cloning, setting Latency Sensitivity, and sizing vCPUs, memory, etc.

Changelog

Nope 🙁

[sta_anchor id=”hpi” /]

Horizon Peripherals Intelligence

Horizon Peripherals Intelligence is an online self-serviced diagnosis service that can help increase the satisfaction when using peripheral devices with Horizon product by both the end users and the admin user. Currently, we support diagnosis for the following device categories – USB storage devices, USB printers, USB scanners, Cameras. We will continue to cover more device categories in the future

Changelog

Version 1.0

  • Add support for USB Audios, Speechmics, Signaturepads, Barcode scanners
  • Add support for L10n of web pages in simplified Chinese, traditional Chinese and English
  • Add support for window 7 and windows 2012R2
  • Add support for 32 bits OS
  • Add support for cmdline installation

[sta_anchor id=”woaafm” /]

Workspace ONE App Analyzer for macOS

The Workspace ONE macOS App Analyzer will determine any Privacy Permissions, Kernel Extensions, or System Extensions needed by an installed macOS application, and can be used to automatically create profiles in Workspace ONE UEM to whitelist those same settings when deploying apps to managed devices.

Changelog

Version 1.2 

  • Added support for Big Sur
  • Updated icon

[sta_anchor id=”osot” /]

VMware OS Optimization Tool

Image optimize you must with osot!

Changelog

  • nope 🙁

Update: OSOT didn’t receive an update, someone only edited the page according to Hilko.

[sta_anchor id=”hhu” /]

Horizon Helpdesk Utility

Besides ControlUp the helpdesk fling  is the best tool to help your users.

Changelog

Version 1.5.0.24

  • Added support for Horizon 8.1

[sta_anchor id=”hcibench” /]

HCIBench

HCIBench stands for “Hyper-converged Infrastructure Benchmark”. It’s essentially an automation wrapper around the popular and proven open source benchmark tools: Vdbench and Fio that make it easier to automate testing across a HCI cluster. HCIBench aims to simplify and accelerate customer POC performance testing in a consistent and controlled way. The tool fully automates the end-to-end process of deploying test VMs, coordinating workload runs, aggregating test results, performance analysis and collecting necessary data for troubleshooting purposes.

Changelog

Version 2.5.3

  • Fixed graphite permission issue which blocked vdbench/fio grafana display
  • Updated drop cache script to make it compatible with upcoming vSphere
  • md5sum: 622625cc7a551bd7bf07ff4f19a57a17 HCIBench_2.5.3.ova

[sta_anchor id=”reach” /]

Horizon Reach

Again if you’re not a ControlUp customer Reach is the next best thing to manage you’re Horizon environment.

Changelog

Version 1.3.1.2

  • Added support for Horizon 8.1
  • Bugfixes

[sta_anchor id=”wsod” /]

Workspace ONE Discovery

VMware Workspace ONE UEM is used to manage Windows 10 endpoints, whether it be Certificate Management, Application Deployment or Profile Management. The Discovery Fling enables you to view these from the device point of view and review the Workspace ONE related services, which applications have been successfully deployed, use the granular view to see exactly what has been configured with Profiles, view User & Machine certificates and see which Microsoft Windows Updates have been applied.

Changelog

February, 16, 2021 – Version 1.2

  • Replaced icon
  • New logo 🙂

[sta_anchor id=”avmu” /]

App Volumes Migration Utility

App Volumes Migration Utility allows admins to migrate AppStacks managed by VMware App Volumes 2.18, to the new application package format of App Volumes 4. The format of these packages in App Volumes 4 have evolved to improve performance and help simplify application management.

Changelog

Version 1.0.7 Update

  • Migration fails if their are blacklisted registry entries containing embedded NULL chars.
  • File system migration fails if their are directories having a trailing DOT name ( ex- Microsoft. ).

Managing application pools using the VMware Horizon Python Module

Earlier this week I added several methods to the VMware Horizon Python Module that are centered about application pools and I promised a blog post so here it is 🙂 In the module we have the following methods in the Inventory about Application Pools:

Preparation

In order to use the methods I am using this as standard configuration in my script

import requests, getpass, urllib, json, operator
import vmware_horizon
requests.packages.urllib3.disable_warnings()

url="https://loftcbr01.loft.lab"
username = "m_wouter"
domain = "loft.lab"
pw = getpass.getpass()


hvconnectionobj = vmware_horizon.Connection(username = username,domain = domain,password = pw,url = url)
hvconnectionobj.hv_connect()
print("connected")
monitor = obj=vmware_horizon.Monitor(url=hvconnectionobj.url, access_token=hvconnectionobj.access_token)
external=vmware_horizon.External(url=hvconnectionobj.url, access_token=hvconnectionobj.access_token)
inventory=vmware_horizon.Inventory(url=hvconnectionobj.url, access_token=hvconnectionobj.access_token)
entitlements=vmware_horizon.Entitlements(url=hvconnectionobj.url, access_token=hvconnectionobj.access_token)

All of the connects at the bottom is so I don’t need to think to do those if I need them when testing.

I end with

end=hvconnectionobj.hv_disconnect()
print(end)

Both the connected and end prints aren’t required at all but give me feedback about the status of the connection.

[sta_anchor id=”get_application_pools” /]

get_application_pools

This is the easiest method to use as it doesn’t require anything. It does allow for setting page sizes and filtering if needed. See this article if you want to know more about filtering: https://retouw.eu/2021/02/14/filtering-searching-and-pagination-with-the-python-module-for-vmware-horizon/ The method will return a list of dicts, for the first example I will show only the names of the items.

ap = inventory.get_application_pools(maxpagesize=100)
for i in ap:
    print(i["name"])

Or just with the entire list returned

ap = inventory.get_application_pools(maxpagesize=100)
print(ap)

[sta_anchor id=”get_application_pool” /]

get_application_pool

To get a single application pool you can use get_application_pool and it requires an application_pool_id, I will use the first one of the list of application to show it.

ap = inventory.get_application_pools(maxpagesize=100)
firstap=ap[0]
print(inventory.get_application_pool(application_pool_id=firstap["id"]))

[sta_anchor id=”delete_application_pool” /]

delete_application_pool

To delete an application pool we again only need the application_pool_id I will combine both the get methods to show all application pools before and after the deletion. (with some prints not relevant for the code so I won’t show them below)

ap = inventory.get_application_pools(maxpagesize=100)
for i in ap:
    print(i["name"])
firstap=ap[0]

print(inventory.get_application_pool(application_pool_id=firstap["id"]))

inventory.delete_application_pool(application_pool_id=firstap["id"])

ap = inventory.get_application_pools(maxpagesize=100)
for i in ap:
    print(i["name"])

[sta_anchor id=”new_application_pool” /]

new_application_pool

Since I just deleted my firefox pool I will need to recreate it. The new_application_pool method requires a dict with quite a lof of values. This is the standard list that the swagger-ui gives you

{
  "anti_affinity_data": {
    "anti_affinity_count": 10,
    "anti_affinity_patterns": [
      "*pad.exe",
      "*notepad.???"
    ]
  },
  "category_folder_name": "dir1\\dir2\\dir3\\dir4",
  "cs_restriction_tags": [
    "Internal",
    "External"
  ],
  "description": "string",
  "desktop_pool_id": "0103796c-102b-4ed3-953f-3dfe3d23e0fe",
  "display_name": "Firefox",
  "enable_client_restrictions": false,
  "enable_pre_launch": false,
  "enabled": true,
  "executable_path": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Firefox.lnk",
  "farm_id": "855ea6c5-720a-41e1-96f4-958c90e6e424",
  "max_multi_sessions": 5,
  "multi_session_mode": "DISABLED",
  "name": "Firefox",
  "parameters": "-p myprofile",
  "publisher": "Mozilla Corporation",
  "shortcut_locations": [
    "START_MENU"
  ],
  "start_folder": "string",
  "supported_file_types_data": {
    "enable_auto_update_file_types": true,
    "enable_auto_update_other_file_types": true,
    "file_types": [
      {
        "description": "Firefox Document",
        "type": ".html"
      }
    ],
    "other_file_types": [
      {
        "description": "Firefox URL",
        "name": "https",
        "type": "URL"
      }
    ]
  },
  "version": "72.0.2"
}

This does not say that all of these are required, what I have found to be an easy way to find what the minimums are is to  create an application pool with a single key value pair. display_name is always required so I will use that one. Experience has learned that this might require several tries so let’s go.

new_app_pool = {}
new_app_pool["display_name"] = "Firefox"

inventory.new_application_pool(application_pool_data=new_app_pool)

So the first hard requirements are display_name, executable_path and name, let’s add these and see what happens

new_app_pool = {}
new_app_pool["display_name"] = "Firefox"
new_app_pool["name"] = "Firefox"
new_app_pool["executable_path"] = "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Firefox.lnk"

inventory.new_application_pool(application_pool_data=new_app_pool)

It looks like we actually need some more: at least desktop_pool_id or farm_id since I am doing this against a connection server with no farms I’ll use a desktop pool.

desktop_pools = inventory.get_desktop_pools()
firstpool = desktop_pools[0]

new_app_pool = {}
new_app_pool["display_name"] = "Firefox"
new_app_pool["name"] = "Firefox"
new_app_pool["executable_path"] = "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Firefox.lnk"
new_app_pool["desktop_pool_id"] = firstpool["id"]

inventory.new_application_pool(application_pool_data=new_app_pool)

No errors and a peak in the admin console shows me that I again have a firefox application

[sta_anchor id=”update_application_pool” /]

update_application_pool

To update the pools we need the application_pool_id and again a dict, this time the dict needs things we want to update. Experience again learned me there are a few required key value pairs while the example in the swagger-ui shows lots, so let’s find those. I am going to use my new firefox app as the source for this. What I actually am going to try to change is the display_name so I will use that as the first key value pair.

filter = {}
filter["type"] = "And"
filter["filters"] = []
filter1={}

filter1["type"] = "Equals"
filter1["name"] = "name"
filter1["value"] = "Firefox"
filter["filters"].append(filter1)
ap = (inventory.get_application_pools(filter=filter))[0]
appid = ap["id"]
update_app = {}
update_app["display_name"] = "FF2"
inventory.update_application_pool(application_pool_id=appid, application_pool_data=update_app)

So here different key value pairs are required than when creating a new application pool, strange but there is nothing I can do about it! I will add these from the ap object I retrieve earlier in the script.

aps = inventory.get_application_pools(maxpagesize=100)
for i in aps:
    print(i["display_name"])
filter = {}
filter["type"] = "And"
filter["filters"] = []
filter1={}

filter1["type"] = "Equals"
filter1["name"] = "name"
filter1["value"] = "Firefox"
filter["filters"].append(filter1)
ap = (inventory.get_application_pools(filter=filter))[0]
appid = ap["id"]
update_app = {}
update_app["display_name"] = "FF2"
update_app["executable_path"] = ap["executable_path"]
update_app["multi_session_mode"] = ap["multi_session_mode"]
update_app["enable_pre_launch"] = ap["enable_pre_launch"]

inventory.update_application_pool(application_pool_id=appid, application_pool_data=update_app)

aps = inventory.get_application_pools(maxpagesize=100)
for i in aps:
    print(i["display_name"])

So with that you have the basics to retrieve, create, update and delete application pools using python

Filtering/Searching and pagination with the Python module for VMware Horizon

Yesterday I added the first method to the VMware Horizon Python module that makes use of filtering while the day before that I added pagination. VMware{Code} has a document describing available options for both but let me give some explanation.

Pagination

Pagination is where you perform a query but only get an x amount of objects returned by default. The rest of the objects are available on the next page or pages. This is exactly what I ran into with the vmware.hv.helper Powershell module a long time ago. With the REST api’s this is rather easy to add since if there are more pages/objects left the headers will contain a key named HAS_MORE_RECORDS. For all the methods that I add where pagination is supported you don’t need to handle this though as I have added it to the method itself. What I did add was the option the change the maximum page size. I default to 100 and the maximum is 1000, if you supply an interrupt higher than 1000 this will be corrected to 1000.

Filtering

Filtering needs some more work from the user of the module to be able to use it.

What options are there for filtering?

For the type we have: And, Or and Not

For the filters themselves there are: Equals, NotEquals, Contains, StartsWith and Between.

The formula is you pick one from the first row and combine that with one or more from the second row.

To apply these the document describes the base schema like this:

{
    “type”: ”And”,
    “filter”: <filter object>
}

and a filter object looks like this:

{
    "type":"Equals",
    "name":"domain",
    "value":"ad-example0"
}

or this for a range:

{
    "type":"Between",
    "name":"assignedUsers",
    "fromValue":"10",
    "toValue":"20"
}

Combining both into a single object looks like this:

{
    "type":"Not",
    "filter": {
        "type":"Equals",
        "name":"domain",
        "value":"ad-example0"
    }
}

This all looks like a dictionary with a nested dictionary when translating it to Python but when you have multiple filters it suddenly looks like this:

{
    "type":"And",
  "filters": [
        {
            "type":"Equals", 
            "name":"domain",
            "value":"ad-example0"
        },
        {
            "type":"StartsWith", 
            "name":"name",
            "value":"test"
        }
    ]
}

otherwise know as a dictionary with a list of dictionaries in it and since the latter also works with a single dict inside the list I have taken that route. The document also describes encoding and minifying the code to it works for a REST api call but I have done all of that for you so no need to worry about it, just build the dictionary and you are good!

Now let’s actually perform a search

First I create my base object with the type AND and a list for the filters key

filter_dict = {}
filter_dict["type"] = "And"
filter_dict["filters"] = []

Next I create the filters object where the type is contains and I filter on the field name with the value LP-00

filter1={}
filter1["type"] = "Contains"
filter1["name"] = "name"
filter1["value"] = "LP-00"

And now I add the filters1 object to the filter_dict filters list

filter["filters"].append(filter1)

and I get the machines with a pagesize of 1 to show the pagination (the pool with these machines only has 2 😉 )

machines = obj.get_machines(maxpagesize=1, filter = filter_dict)

And this would be the entire python script

import requests, getpass, urllib, json
import vmware_horizon

requests.packages.urllib3.disable_warnings()

url="https://loftcbr01.loft.lab"
username = "m_wouter"
domain = "loft.lab"
pw = getpass.getpass()

hvconnectionobj = vmware_horizon.Connection(username = username,domain = domain,password = pw,url = url)
hvconnectionobj.hv_connect()

obj = vmware_horizon.Inventory(url=hvconnectionobj.url, access_token=hvconnectionobj.access_token)

filter_dict = {}
filter_dict["type"] = "And"
filter_dict["filters"] = []
filter1={}
filter1["type"] = "Contains"
filter1["name"] = "name"
filter1["value"] = "LP-00"

filter["filters"].append(filter1)

machines = obj.get_machines(maxpagesize=1, filter = filter_dict)

for i in machines:
    print(i["name"])

hvconnectionobj.hv_disconnect()

And it shows this in python:

My #100DaysOfCode #Python Challenge == VMware_Horizon Module

So after 5 weeks of following the #Python training for my 100DaysOfCode challenge I have decided that my main goal for the challenge itself will be to work on the Horizon Python Module. With the course some things I find really boring and I need a real target to really learn things instead of just repeating someone else is doing as well.

I will still do some of the fun parts of it in time like databases and such when I need it but for now I will focus on the module. This weekend I added handling of the Instant Clone domain accounts to the module and also added documentation both in the module and the github repository. I know I will still learn heaps because almost all of it is still rather new and repetition works best for me.

Added Methods to the module

  • External Class
    • get_ad_domains
  • Settings class
    • get_ic_domain_accounts
    • get_ic_domain_account
    • new_ic_domain_account
    • update_ic_domain_account
    • delete_ic_domain_account

Updates to the VMware Horizon Python Module

I have just pushed some changes to the Horizon Python module. With these changes I am more complying with the Python coding standards by initiating an object before being able to use the functions inside a class. Also I added a bunch of the api calls available in the monitor parts.

To connect you now start like this:

import requests, getpass
import vmware_horizon

requests.packages.urllib3.disable_warnings()
url = input("URL\n")
username = input("Username\n")
domain = input("Domain\n")
pw = getpass.getpass()

hvconnectionobj = vmware_horizon.Connection(username = username,domain = domain,password = pw,url = url)
hvconnectionobj.hv_connect()

so technically you first initiate a Connection class object and than you use the hv_connect function inside that class after which the access token is stored inside the object itself.

Now to use the monitors for example you create an object for this.

monitor = vmware_horizon.Monitor(url=hvconnectionobj.url, access_token=hvconnectionobj.access_token)

To see what functions are available you can combine print with dir.

print(dir(monitor))

and the full list, the ones with (id) require an id:

  • ad_domain
  • connection_servers
  • connection_server(id)
  • event_database
  • farms
  • farm(id)
  • gateways
  • gateway(id)
  • rds_servers
  • rds_server(id)
  • saml_authenticators
  • saml_authenticator(id)
  • view_composers
  • view_composer(vcId)
  • virtual_centers
  • virtual_center(id)
  • remote_pods
  • remote_pod(id)
  • true_sso

As you can see I had to work with underscores instead of hyphens as python doesn’t like those in the names of functions

As said some of these might require an id but connection_servers works without one for example
print(monitor.connection_servers())

Todo: Error handling for wrong passwords, documentation

The VMware Labs flings monthly for November 2020: time for a new OSOT

In November only one new fling was released while seven other received update. One that received an update was the Horizon Session Recording fling that I blogged about at the time of release. Also it looks like the VSAN team is letting all its tools loose on the community because yet another tool for VSAN has been released (Storage Simulator Using Cellular Automata). The OS Optimization tool received some nice command-line features to improve your automated Golden images builds.

New Release

Storage Simulator Using Cellular Automata

Updates

VMware OS Optimization Tool

Supernova – Accelerating Machine Learning Inference

vRealize Build Tools

Horizon Session Recording

Sample Data Platform on VMware Cloud Foundation with VMware Tanzu for Kubernetes Provisioning

VMware Appliance for Folding@Home

ESXi Arm Edition

New Release

[sta_anchor id=”ssuca” /]

Storage Simulator Using Cellular Automata

Storage Simulator Using Cellular Automata is loosely based on the principles of cellular automata (CA) to model the performance characteristics of data path in a vSAN cluster. In general, CA can used to model and study any complex system with number of elements operating in parallel having short range relationships that as whole exhibit emergent behavior. When simulating a storage stack, we are modelling transmission of data blocks across a network of hardware resources communicating with each other through various interconnects. These includes processors, caches, DRAM, SSDs HDDs, PCIe links, ethernet links etc.

When modelling an IO request such as read/write, vSAN software stack applies various functions as the data block moves through this network. These functions include, data replication, parity calculation, checksum, encryption, compression etc. Some of these can lead to IO amplification.

This Fling implements a standalone vSAN simulation utility to aid developers in getting ideal speed-of-light (SOL) performance of a given cluster. This can be used as a starting point to rapidly iterate various ideas/features by making small changes to simulator and quantifying its potential performance impact. It can also be used by customers/partners to identify potential bottlenecks of their deployment under various type of workloads.

Updates

[sta_anchor id=”osot” /]

VMware OS Optimization Tool

Always good to see the OSOT getting some new features, bug fixes but laso some nice new command line features and also very important extra knobs to use for Office.

Changelog

November, 2020, b2000

Bug Fixes

  • Resolved the issue that stopped automatic logon in Server and WVD edition after Sysprep process.
  • Resolved a reboot prompt problem which displayed in process of generalizing on Win10 1607 LTSB.
  • Resolved the issue of failing to disable anti-virus feature on Windows 10 2004.
  • Fixed issue where re-enabling Windows Update would pull down feature updates by default.

Common Options

  • Common options selections are now remembered between different runs of the OSOT.
  • For all tabs, user now can apply different Common Options settings multiple times on optimized system.
  • Under Update tab, introduce a new option to switch on/off update feature of Office 365, 2016, 2019
  • Under Store Apps tab, disable checkbox for removed built-in apps

Update

  • New option to defer or directly trigger feature updates
  • New option to defer or directly trigger quality updates
  • New option to skip Office Click-to-Run updates
  • Added commands to stop and disable the App Volumes services when re-enabling Windows Update. These are then set back to automatic when Windows Update is disabled again.

Optimizations

  • Added the ability to export and import selected optimization items on the Optimize page (Export Selections and Import Selections).

Changes:

  • Default for “Touch Keyboard and Handwriting Panel Service” is now unselected by default to resolve missed language bar issue.
  • Default for “Connected Devices Platform Service” is now unselected by default.

New:

  • Turn off account privacy notifications in Office 365 and Office 2019

[sta_anchor id=”samli” /]

Supernova – Accelerating Machine Learning Inference

Project Supernova is to build a common machine learning inference service framework by enabling machine learning inference accelerators across edge endpoint devices, edge systems and cloud, with or without hardware accelerators.

Changelog

Version 1.1 Update

Support Bitfusion
K8S and docker-compose deployment

[sta_anchor id=”vbt” /]

vRealize Build Tools

vRealize Build Tools provides tools to development and release teams implementing solutions based on vRealize Automation (vRA) and vRealize Orchestrator (vRO). The solution targets Virtual Infrastructure Administrators and Solution Developers working in parallel on multiple vRealize-based projects who want to use standard DevOps practices.

Changelog

Version 2.10.0 Update

  • [MVN] Improvements in package installer
  • [vROps] Regex support in YAML definitions for vROps content
  • [vRLI] Regex support in YAML definitions for vRLI content
  • [POL] Added Polyglot and ABX support:
    • NodeJS, Python and PowerShell code support
  • new archetype: com.vmware.pscoe.polyglot.archetypes:package-polyglot-archetype
    • two new project types: com.vmware.pscoe.polyglot:polyglot-project; com.vmware.pscoe.serverless:serverless-project
    • tooling for compiling, bundling and packaging: polyglotpkg
  • [TS] Added support for description field for workflow inputs and outputs in the Workflow decorator
  • [vRA-NG] Fixed NPE error during custom resources import

[sta_anchor id=”hsr” /]

Horizon Session Recording

No need to explain the Horizon Session Recording anymore, just hit the link that I have posted at the beginning of this post.

Changelog

Version 2.2.0

Server Changes:

  • Added the ability to import server settings easily from another running server.
  • Added the ability to filter searches based on farm / pool.
  • Added the ability to lock and unlock sessions from the session view page.

Agent Changes:

1: Misc bugfixes.
2: PowerShell API to interact with the Recording agent, to perform such tasks as:

  • Start a session recording.
  • Stop a session recording.
  • Troubleshoot connectivity issues.
  • View machine configuration
  • Add a trusted certificate.

[sta_anchor id=”sdpvcfvtk” /]

Sample Data Platform on VMware Cloud Foundation with VMware Tanzu for Kubernetes Provisioning

With this Fling, you will leverage your VMware Cloud Foundation 4.0 deployment and stand a sample data platform on a Tanzu Kubernetes Grid guest cluster in less than 20-minutes comprising of Kafka, Spark, Solr, and ELK.

Changelog

Version Update 1.1

  • Bug fix for storage class for bitnami kafka

[sta_anchor id=”vaffh” /]

VMware Appliance for Folding@Home

This Fling is a vSphere Appliance that contains the Folding@Home client software. Upon deploying the VMware Appliance for Folding@Home, the user will be prompted to enter information to configure the Folding@Home software. Once the appliance is deployed, the Folding@Home client is running and ready for Working Units. The Fling is also pre-configured to allow remote management of the Folding@Home client. For more information on the Folding@Home Project and how we can be a Force for Good against diseases like the Coronavirus, visit the website www.foldingathome.org.

Nov 18, 2020 – v1.0.5

  • F@H software has been updated to latest 7.6.21

VMware-Appliance-FaH_1.0.5.ova
MD5: 31d1a0c3dd4c308694f24cae77baee95

[sta_anchor id=”esxiae” /]

ESXi Arm Edition

Hello ESXi-Arm Fling participants!

Over the past several years, you’ve seen us demonstrate our virtualization technology on the Arm platform across several use cases, everything from running mission critical workloads on a windmill, to running on the SmartNIC, to running on AWS Graviton in the cloud. We realized that the resilient platform created for the datacenter can be equally valuable in non-traditional environments. We’ve learned a lot from exploratory discussions with customers and Arm Silicon Partners.

Changelog

November 30, 2020 – v1.2

Note: Upgrade is NOT possible, only fresh installation is supported. If you select “Preserve VMFS” option, you can re-register your existing Virtual Machines.

  • UI: Disable datastore browsing when no datastores are present
  • PSCI: Fix missing context_id argument for CPU_ON calls
  • GICv2: Always enable SGIs, as GIC-500
  • arm64: Support for big-endian guests
  • Remove requirements/restrictions on initrd for UEFI-less VMs

Build 17230755
VMware-VMvisor-Installer-7.0.0-17230755.aarch64.iso

ControlUp loves Horizon Session Recording!

Ok maybe it’s more me than ControlUp but the usual audience on this blogs knows that I work for ControlUp and that I love the VMware flings. Recently we received the question from several South-America based customers if we where able to start the Horizon Session Recordings using a Script Based Action. Technically we would have been able to but with the current version we would have to add the user to an ad group that was configured for this and than would be at the mercy of AD replication for the recording to actually start. Que Trentent Tye who reached out to the one and only Andrew Morgan (imho king of the VMware Horizon related flings) if it would be possible to add an API or PowerShell module to start the recordings. I guess Andrew’s reaction was that he saw the use case for this and within no-time he had a beta version ready for us that had a Powershell module. By the time you read this the new version has been added to the flings site that includes all of these goodies and you can find it here.

<I wanted to insert a picture of Andrew here wearing a crown but that was too much>

The Horizon Session Recording fling

First let’s look at what the Horizon Session Recording fling actually does.

VMware Horizon Session Recording allows administrators of a VMware Horizon environment to record their users activity in their Blast Extreme virtual desktop and application sessions. Recordings are uploaded from the agent devices to the central web service, for central storage and ease of viewing.

The Session Recordings are stored as MP4 files for watching via the web console or downloading to play in a local player.

So we have an agent> server application where the videos are stored on the server. During the setup I found that this was very easy but configuring a proper SSL certificate makes things a lot easier as you otherwise need to supply the thumbprint of the self-signed certificate during installation of the agent or in the registry.

The server interface is easy enough with the standard dashboard showing recent recordings while on the Recordings tab you can search for for specific recordings.

The agent is a plain installer that only asks for the server location and the SSL certificate thumbprint. The last one is only needed when the certificate itself is not trusted, if you used a VA signed certificate for the server there’s no need to enter the thumbprint.

Starting a recording

As said in the previous versions of the recorder it was required to configure an ad group and add users to that group to record their sessions. With this version we get a powershell module installed with the agent. It gets even better because if you copy the entire /api folder from the agent installation folder to another system you’re perfectly able to start recordings from there.

Starting a recording using powershell is a matter of importing the proper dll

import-module Horizon.SessionRecording.PowerShell.dll

And now the user can start the recording themselves if they have too many rights by using Start-HSRSessionRecording -SessionID %sessionid%. The session ID can be found as a metric in ControlUp or in the task manager if you add the column under users.

Start-HSRSessionRecording -SessionID 1

My user clearly didn’t have enough rights on the system so I got an error, actually not a bad thing so users can’t easily overload the server this way.

Update: Andrew confirmed this is by design to stop users from recording each other.

Starting the recording remote is a matter of adding the computername to the command

Start-HSRSessionRecording -ComputerName pod02-2001 -SessionID 1

Here you also see in the bottom right corner the message that the user receives when a recording is started.

And stopping is a matter of this command.

Stop-HSRSessionRecording -ComputerName pod02-2001 -SessionID 1

Other Cmdlets in the PS module

Integrating with ControlUp

To integrate the Horizon session recording with ControlUp I have created two basic Script Actions. both use three arguments, besides the required SessionId I add the username and machine name in the output so it’s obvious for whom the recording was started.

$sessionId=$args[0]
$username=$args[1]
$computer=$args[2]

try{
    $InstallDir = Get-ItemPropertyValue -path "hklm:\SOFTWARE\VMware, Inc.\VMware Blast\SessionRecordingAgent" -Name installdir
}
catch{
    write-host "Error determining the Horizon Session recording installation location. Please make sure the Horizon Sesison recording Agent is Installed."
}
try{
    import-module "$($InstallDir)\api\horizon.sessionrecording.powershell.dll"
}
catch{
    write-host "Error loading the Horizon Session Recording PowerShell Module. Make sure the latest vesrion of the Horizon Session Recording Agent is installed"
}
try{
    Start-HSRSessionRecording -SessionID $sessionId
}
Catch{
    write-host "Error starting the recording"
}

write-host "Started session recording for $username on $computer"
$sessionId=$args[0]
$username=$args[1]
$computer=$args[2]

try{
    $InstallDir = Get-ItemPropertyValue -path "hklm:\SOFTWARE\VMware, Inc.\VMware Blast\SessionRecordingAgent" -Name installdir
}
catch{
    write-host "Error determining the Horizon Session recording installation location. Please make sure the Horizon Sesison recording Agent is Installed."
}
try{
    import-module "$($InstallDir)\api\horizon.sessionrecording.powershell.dll"
}
catch{
    write-host "Error loading the Horizon Session Recording PowerShell Module. Make sure the latest vesrion of the Horizon Session Recording Agent is installed"
}
try{
    stop-HSRSessionRecording -SessionID $sessionId
}
Catch{
    write-host "Error stopping the recording"
}

write-host "Stopped session recording for $username on $computer"

Both these script will get better error handling and notifications in the future but you still see the old error in the background but with the notification that the recording was started.

And stopping the recording

And that shows how easy it is to control the Horizon Session Recording using a Script Based Action. If you combine this with a trigger, cpu usage for example you might be able to capture what is causing that spike, just remember to also create a trigger than stops it after the cpu goes down again.

Changelog

Version 2.2.0

Server Changes:

  • Added the ability to import server settings easily from another running server.
  • Added the ability to filter searches based on farm / pool.
  • Added the ability to lock and unlock sessions from the session view page.

Agent Changes:

1: Misc bugfixes.
2: PowerShell API to interact with the Recording agent, to perform such tasks as:

  • Start a session recording.
  • Stop a session recording.
  • Troubleshoot connectivity issues.
  • View machine configuration
  • Add a trusted certificate.

The VMware Labs flings monthly for October 2020

First of all I hope that everyone is staying safe en sound and keeping their social distance. Over here we’ve been back to a light lockdown again but at least most of the shops are still open. I just opened the flings site and the VMware engineers have been dam busy! This are the tabs I had after opening all of them.

If I count it right I have six new flings and another eight received updates, I can’t remember the last time we had so much activity on the flings front. The new flings include one of the most anticipated VMware products for the last years: ESXi on Arm!

New Releases

Sample Data Platform on VMware Cloud Foundation with VMware Tanzu for Kubernetes Provisioning

vSphere Pod Autoscaler

Workspace ONE Discovery

ESXi Arm Edition

Horizon Peripherals Intelligence

Storage Performance Tester

Updating Flings

vRealize Build Tools

VMCA Certificate Generator

USB Network Native Driver for ESXi

Demo Appliance for Tanzu Kubernetes Grid

Workspace ONE App Analyzer for macOS

App Volumes Migration Utility

True SSO Diagnostic Utility

HCIBench

New Releases

[sta_anchor id=”sdpvcfvtkp” /]

Sample Data Platform on VMware Cloud Foundation with VMware Tanzu for Kubernetes Provisioning

With this Fling, you will leverage your VMware Cloud Foundation 4.0 deployment and stand a sample data platform on a Tanzu Kubernetes Grid guest cluster in less than 20-minutes comprising of Kafka, Spark, Solr, and ELK.

Additionally, this Fling comes with a market data sample application (using real market data from dxFeed) that shows how all these data platform components work together.

[sta_anchor id=”vpa” /]

vSphere Pod Autoscaler

This Fling is useful for vSphere PodVM users who want to perform auto-scaling on vSphere PodVMs based on memory utilization.

This python script is intended to implement the Horizontal Pod Autoscaler algorithm for podVM for the vSphere 7.0 with Kubernetes. The implementation follows the algorithm from the official Kubernetes documents: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/

This script will automatically scale the number of PodVMs in the environment. The script will perform the following actions:

  1. The script will retrieve the memory utilization of PodVMs in the environment
  2. The script will then allow users to provide the memory threshold for PodVMs
  3. The script will then calculate the desired number of replicas based on the memory threshold and utilization
  4. The script will automatically scale the PodVMs to the desired number of replicas calculated in step #3

[sta_anchor id=”wsoned” /]

Workspace ONE Discovery

VMware Workspace ONE UEM is used to manage Windows 10 endpoints, whether it be Certificate Management, Application Deployment or Profile Management. The Discovery Fling enables you to view these from the device point of view and review the Workspace ONE related services, which applications have been successfully deployed, use the granular view to see exactly what has been configured with Profiles, view User & Machine certificates and see which Microsoft Windows Updates have been applied.

Discovery provides you a view of the Managed device and can be used to help with troubleshooting.

[sta_anchor id=”esxiae” /]

ESXi Arm Edition

Hello ESXi-Arm Fling participants!

Over the past several years, you’ve seen us demonstrate our virtualization technology on the Arm platform across several use cases, everything from running mission critical workloads on a windmill, to running on the SmartNIC, to running on AWS Graviton in the cloud. We realized that the resilient platform created for the datacenter can be equally valuable in non-traditional environments. We’ve learned a lot from exploratory discussions with customers and Arm Silicon Partners.

Now we’d like to give our customers a chance to evaluate this technology in their own environments. This evaluation program is for the enterprise architects who are considering the viability of virtualizing Arm workloads, for the test/dev team looking for a way to spin up Arm environments, and for the tinkerers who simply want to explore running ESXi-Arm in a small form factor Edge environment. We’re interested to understand what features you will find most valuable, and how you will want to deploy this technology.

As there has been an update for this fling already here’s the changelog:

Changelog

October 22, 2020 – v1.1

Note: Upgrade is NOT possible, only fresh installation is supported. If you select “Preserve VMFS” option, you can re-register your existing Virtual Machines.

  • Fix for https://flings.vmware.com/esxi-arm-edition/bugs/1098 (PSOD adding to VDS)
  • Support for Arm N1 SDP platform
  • Support for VMs on Neoverse N1 CPU
  • Pass-thru stability improvements to LS1046A and LX2160A platforms
  • Fix for vCenter/DRS incorrect CPU usage
  • Fix for VM crash when VM storage fills up
  • Stability fix for non-coherent DMA device support
  • Installer: tolerate RAM size within 4% of 4GB instead of 3.125 (for the otherwise unsupported RK3399 boards)
  • Serial port handling improvements (for unsupported/unknown boards, to be a bit more resilient of firmware configuration errors)
    • Documentation Updates:
      Moved and expanded iSCSI doc for Pi doc to main ESXi-Arm Fling doc
    • Added LS1046ARDB docs (including ref to it from main ESXi-Arm doc and Fling website)
    • Fixed Ampere server name and links (its HR330A/HR350A, not SR-something)
    • Added Arm N1SDP document (including ref to it from main ESXi-Arm doc)
    • Updated GuestOSes known to work with ESXi-Arm including new “Verified” section
    • Updated instruction to update EEPROM for Pi doc

Build 17068872
VMware-VMvisor-Installer-7.0.0-17068872.aarch64.iso

October 06, 2020 – v1.0 (Initial Release)

Build 16966451

VMware-VMvisor-Installer-7.0.0-16966451.aarch64.iso

[sta_anchor id=”hpi” /]

Horizon Peripherals Intelligence

Horizon Peripherals Intelligence is an online self-serviced diagnosis service that can help increase the satisfaction when using peripheral devices with Horizon product by both the end users and the admin user. Currently, we support diagnosis for the following device categories – USB storage devices, USB printers, USB scanners, Cameras. We will continue to cover more device categories in the future.

[sta_anchor id=”spt” /]

Storage Performance Tester

Storage Performance Tester is a one-click storage performance test tool, which is able to collect IOPS, latency and CPU cycles per I/O for ESXi storage stack. This tool automates all the testing steps including the customized VMs deployment, I/O workload running, and storage performance analysis. It displays the performance metrics through multiple visualized graphical charts. The only thing that users need to do is enter one command and wait for the performance report of your server.

This tool is designed to be a developer-friendly tool help troubleshoot and identify storage performance issues. It could be used to validate the maximum performance of new storage hardwares/drivers and setups of vSphere/vSAN. For more details please check the guild located in the instructions

Updated Flings

[sta_anchor id=”vmcacg” /]

VMCA Certificate Generator

The VMCA Certificate Generator is useful to create your own certificates using the VMCA in vCenter if you don’t have access to a purpose build system in your network.

Changelog

Version 1.0 Update

  • Added the open source license file.

[sta_anchor id=”vrbt” /]

vRealize Build Tools

vRealize Build Tools provides tools to development and release teams implementing solutions based on vRealize Automation (vRA) and vRealize Orchestrator (vRO). The solution targets Virtual Infrastructure Administrators and Solution Developers working in parallel on multiple vRealize-based projects who want to use standard DevOps practices.

Changelog

Version 2.8.8 Update

  • [MVN] Support SHA1 checksum generation for JS,TS,XML,vRA,vRANG project types.
  • [MVN] Include the pom.xml description content as description of the built vRO package artifact
  • [TS-AutoGen] Define a property for storing the version of the API for which this project is generated.
  • [TS-AutoGen] Store the API version as part of the vRO package description.
  • [vRA-NG] Adds support for import/export of custom resources and resource actions.
  • [TS] Typescript projects for vRO, now support syntax for specifying a description for a configuration element attribute.
  • [vRA-NG] Adds support for using project name when managing vRA-NG content.
  • [vROps] Adds support for vROps 8.1
  • [vROps] Change default authentication provider to Token-based Authentication
  • [TS] Extend vropkg tool to support Polyglot bundle
  • [TS] Support for skipping unmapped dependencies, e.g. –skipUnmappedDeps
  • [TS] Bumped up Typescript version to 3.8.3
  • [TS] Added support for tsconfig file override using the project option of the tsc executable.
  • [MVN] Updated vRBT infrastructure project with latest dependencies and improved installation robustness
  • [vROps] Fixes a problem with resource kind during alert definition import
  • [TS] Use fixed node package versions
  • [vROps] Support for policy assignment to custom groups
  • [vRA] Fixes a problem with vra-ng authentication always setting System Domain and users not being able to authenticate with different domain
  • [vROps] Removed sshHost from Installer. Use host instead.
  • [TS] Make dependency:go-offline execution conditional
  • [TS] All version of Node are supported from 10.x and above
  • [TS] npm repository is no longer needed [TS] Support for RequireJS imports/exports
  • [TS] Support for yaml configurations
  • [TS] Improved workflows and policy templates transpilation
  • [TS] Improved diagnostic messages
  • [TS] Improved handling of cycle references
  • [TS] Extended workflow support
  • [TS] Support for ES2017.String

[sta_anchor id=”unndfe” /]

USB Network Native Driver for ESXi

USB has become one the most widely adopted connection type in the world & USB network adapters are also popular among Edge computing platforms. In some platforms, there is either limited or no PCI/PCIe slots for I/O expansion & in some cases, an Ethernet port is not even available. Another advantage of a USB-based network adapter is that it can be hot-plugged into an system without a reboot which means no impact to the workload, same is true for hot-remove.

This Fling supports the most popular USB network adapter chipsets found in the market. The ASIX USB 2.0 gigabit network ASIX88178a, ASIX USB 3.0 gigabit network ASIX88179, Realtek USB 3.0 gigabit network RTL8152/RTL8153 and Aquantia AQC111U. These are relatively inexpensive devices that many of our existing vSphere customers are already using and are familiar with.

Changelog

October 26, 2020 – v1.7

  • Added support for ESXi 7.0 Update 1
  • USB NIC Bindings are now automatically persistent
  • 5GbE USB NICs now properly show Full vs Half Duplex

Note: This is ONLY for ESXi 7.0 Update 1, for ESXi 7.0/6.7/6.5, please ensure you are using the correct version of driver.

ESXi701-VMKUSB-NIC-FLING-40599856-component-17078334.zip

[sta_anchor id=”daftkg” /]

Demo Appliance for Tanzu Kubernetes Grid

The Demo Appliance for Tanzu Kubernetes grid includes all the things needed tolearn about and run a Tanzu Kubernetes Grid.

Changelog

Oct 28, 2020 – v1.2.0

  • Support for latest TKG 1.2.0 release
  • Support for TKG Workload Cluster upgrade workflow from K8s 1.18.8 to 1.19.1
  • Updated to latest version of Harbor (1.10.5), Docker Compose (1.27.4), Kubectl (1.18.10), Octant (0.16.1), TMC (6867ad54), TKG Crashd (0.3.1) CLI in appliance

TKG-Demo-Appliance-1.2.0.ova
MD5: 0f0c60358a867b432698144820f8e8b0

[sta_anchor id=”wsoneaafm” /]

Workspace ONE App Analyzer for macOS

The Workspace ONE macOS App Analyzer will determine any Privacy Permissions, Kernel Extensions, or System Extensions needed by an installed macOS application, and can be used to automatically create profiles in Workspace ONE UEM to whitelist those same settings when deploying apps to managed devices.

Changelog

Version 1.1 Update

  • 10/27/2020 – Fixed bug that prevented Privacy Preferences from loading when default shell was set to zsh.

[sta_anchor id=”avmu” /]

App Volumes Migration Utility

App Volumes Migration Utility allows admins to migrate AppStacks managed by VMware App Volumes 2.18, to the new application package format of App Volumes 4. The format of these packages in App Volumes 4 have evolved to improve performance and help simplify application management.

Changelog

1.0.6 Version Update

  • Create meta_json.zip in migrated appstacks.

[sta_anchor id=”hcibench” /]

HCIBench

HCIBench is THE tool to test the performance of your VSAN cluster. Always use your own metrics based on the actual requirements for your environment.

HCIBench stands for “Hyper-converged Infrastructure Benchmark”. It’s essentially an automation wrapper around the popular and proven open source benchmark tools: Vdbench and Fio that make it easier to automate testing across a HCI cluster. HCIBench aims to simplify and accelerate customer POC performance testing in a consistent and controlled way. The tool fully automates the end-to-end process of deploying test VMs, coordinating workload runs, aggregating test results, performance analysis and collecting necessary data for troubleshooting purposes.

HCIBench is not only a benchmark tool designed for vSAN, but also could be used to evaluate the performance of all kinds of Hyper-Converged Infrastructure Storage in vSphere environment.

Changelog

Version 2.5.1 Update

  • Fixed non vSAN cluster testing issue
  • Fixed pre-validation storage policy issue
  • Added in-place upgrading capability, to do so, you can also upgrade HCIBench to the latest version by running the following command in HCIBench: tdnf install -y git && git clone https://github.com/cwei44/HCIBench.git && sh HCIBench/upgrade.sh
    MD5 Checksum: 1d14426f92b353e90469a8623ade2bc1 HCIBench_2.5.1.ova

Version 2.5.0 Update

  • Added support vSAN HCI Mesh testing, now you can test both local and remote vSAN datastores at the same time
  • Added support local storage including VMFS and vSAN-Direct testing
  • Added vSAN Debug Mode, allow user to collect vm-support bundle and vmkstats automatically when running testing against vSAN
  • Changed guest VMs name convention to {vm_prefix}-{datastore_id}-batch_num-sequence_num
  • Enhanced testing report format
  • Allow user to specify customized IP addresses for guest VMs
  • Allow user to configure CPU and Memory for guest VMs
  • Added best practice and network troubleshooting guide in the user manual
  • Bug fixes
  • MD5 Checksum: 817c2c788364f252e728d4253b3b96da HCIBench_2.5.0.ova

[sta_anchor id=”tssodu” /]

True SSO Diagnostic Utility

The True SSO Diagnostic Utility allows for validation of the various components needed for True SSO.

Horizon View True SSO uses Microsoft Enterprise Certificate Servers to issue certificates that are used when the user logs on to the desktop. The Horizon View Enrollment Server (ES) is responsible for sending a certificate request to certificate servers, and for monitoring the PKI configuration settings in the Active Directory.

Changelog

Version 2.2

  • The tool has been updated to allow performance-testing of the enrollment-server.