vRealize Operations Manager – Monitor Management Packs for Availability and Notification

25 Apr

If you are using multiple vRealize Operations Manager (vROPS) – Management Packs like Horizon, VSAN, NSX and vCenter and want to monitor their availability of the adapter/POD in terms of whether they are “Collecting Data” and get notified via email when the collection of data stops due to unknown reasons. Then go ahead and read further.

If you don’t setup the monitoring one doesn’t get notified until someone logins to the vROPS Manager and see the adapter status physically.

Adapter Status:
vROPS VMware Horizon Management Pack

Collection State/Status:
vROPS - Hoirzon Adapter

To achieve the above its a 3 steps process. You will have to create the following:

  • Custom Symptom Definition
  • Custom Alert Definition
  • Custom Notification

Symptom Definitions

We will create four custom Symptom Definition (SD) for Horizon Adapter, Horizon POD as it collects data, vCenter instances and VSAN Adapter. Following are the SD combined:

Custom Symptom Definitions
  • Horizon Adapter Instance
    • Open the vROPS Manager and navigate to Alerts – Symptom Definitions
    • Click on the +
    • Under the Base Object Type Select – View Adapter Instance
    • Under Metrics Select vRealize Operations Generated – Availability
    • Enter a Symptom Definition Name – SD_Horizon_Adapter_Avail
    • is – Critical
    • metric – is less than
    • Numeric Value – 1
    • Under Advance
      • Wait Cycle – 3
      • Cancel Cycle – 3
      • Recommended – The wait/cancel cycle of 3 means that in case of any failure user will be notified after 15 minutes (3 cycles x default 5 minutes data collection interval)
Symptom - View Adapter Instance
  • vCenter Adapter – vCenter

    • Open the vROPS Manager and navigate to Alerts – Symptom Definitions
    • Click on the +
    • Under the Base Object Type Select – vCenter Server
    • Under Metrics Select vRealize Operations Generated – Availability
    • Enter a Symptom Definition Name – SD_vCenter_Adapter_Avail
    • is – Critical
    • metric – is less than
    • Numeric Value – 1
    • Under Advance
      • Wait Cycle – 3
        • Cancel Cycle – 3
          • Recommended – The wait/cancel cycle of 3 means that in case of any failure user will be notified after 15 minutes (3 cycles x default 5 minutes data collection interval)

      Symptom - vCenter Adapter Instance
      • View POD

        • Open the vROPS Manager and navigate to Alerts – Symptom Definitions
        • Click on the +
        • Under the Base Object Type Select – View POD
        • Under Metrics Select vRealize Operations Generated – Availability
        • Enter a Symptom Definition Name – SD_View_POD_Avail
        • is – Critical
        • metric – is less than
        • Numeric Value – 1
        • Under Advance
          • Wait Cycle – 3
            • Cancel Cycle – 3
              • Recommended – The wait/cancel cycle of 3 means that in case of any failure user will be notified after 15 minutes (3 cycles x default 5 minutes data collection interval)

          Symptom - View POD

          • VSAN Adapter Instance
            • Open the vROPS Manager and navigate to Alerts – Symptom Definitions
            • Click on the +
            • Under the Base Object Type Select – VSAN Adapter Instance
            • Under Metrics Select vRealize Operations Generated – Availability
            • Enter a Symptom Definition Name – SD_VSAN_Adapter_Avail
            • is – Critical
            • metric – is less than
            • Numeric Value – 1
            • Under Advance
              • Wait Cycle – 3
                • Cancel Cycle – 3
                  • Recommended – The wait/cancel cycle of 3 means that in case of any failure user will be notified after 15 minutes (3 cycles x default 5 minutes data collection interval)

              Symptom - VSAN Adapter Instance

              Alert Definitions

              We will create four custom Alert Definition (AD) for Horizon Adapter, Horizon POD as it collects data, vCenter instances and VSAN Adapter. Following are the AD combined:

              Custom Alert Definitions
              • Horizon Adapter Instance
                • Open the vROPS Manager and navigate to Alerts – Alert Definitions
                • Click on the +
                • Enter a Name – AD_Horizon_Adapter
                • Under the Base Object Type Select – View Adapter Instance
                • Under the Alert Impact
                  • Impact – Health
                  • Criticality – Symptom Based
                  • Alert Type and Subtype – Virtualization/Hypervisor: Availability
                  • Wait Cycle – 1
                  • Cancel Cycle – 1
                • Under Add Symptom Definitions
                  • Defined on – Self
                  • Symptom Definition Type – Metric /Property
                  • In the search box enter the previously created Symptom Definition – SD_Horizon_Adapter_Avail
                • Under Add Recommendations – Search and Select “Check if the resources are available. If it isn’t restart it. If it is available check the network connectivity between the remote checks and the resource
              Alert - Horizon Adapter


              • vCenter Adapter Instance
                • Open the vROPS Manager and navigate to Alerts – Alert Definitions
                • Click on the +
                • Enter a Name – AD_vCenter_Adapter
                • Under the Base Object Type Select –  vCenter Server
                • Under the Alert Impact
                  • Impact – Health
                  • Criticality – Symptom Based
                  • Alert Type and Subtype – Virtualization/Hypervisor: Availability
                  • Wait Cycle – 1
                  • Cancel Cycle – 1
                • Under Add Symptom Definitions
                  • Defined on – Self
                  • Symptom Definition Type – Metric /Property
                  • In the search box enter the previously created Symptom Definition – SD_vCenter_Adapter_Avail
                • Under Add Recommendations – Search and Select “Check if the resources are available. If it isn’t restart it. If it is available check the network connectivity between the remote checks and the resource
              Alert - vCenter Adapter
              • View POD
                • Open the vROPS Manager and navigate to Alerts – Alert Definitions
                • Click on the +
                • Enter a Name – AD_View_PODS
                • Under the Base Object Type Select –  View Pod
                • Under the Alert Impact
                  • Impact – Health
                  • Criticality – Symptom Based
                  • Alert Type and Subtype – Virtualization/Hypervisor: Availability
                  • Wait Cycle – 1
                  • Cancel Cycle – 1
                • Under Add Symptom Definitions
                  • Defined on – Self
                  • Symptom Definition Type – Metric /Property
                  • In the search box enter the previously created Symptom Definition – SD_View_PODS_Avail
                • Under Add Recommendations – Search and Select “Check if the resources are available. If it isn’t restart it. If it is available check the network connectivity between the remote checks and the resource
              Alert - View POD
              • VSAN Adapter Instance
                • Open the vROPS Manager and navigate to Alerts – Alert Definitions
                • Click on the +
                • Enter a Name – AD_VSAN_Adapter
                • Under the Base Object Type Select –  vSAN Adapter Instance
                • Under the Alert Impact
                  • Impact – Health
                  • Criticality – Symptom Based
                  • Alert Type and Subtype – Virtualization/Hypervisor: Availability
                  • Wait Cycle – 1
                  • Cancel Cycle – 1
                • Under Add Symptom Definitions
                  • Defined on – Self
                  • Symptom Definition Type – Metric /Property
                  • In the search box enter the previously created Symptom Definition – SD_VSAN_Adapter_Avail
                • Under Add Recommendations – Search and Select “Check if the resources are available. If it isn’t restart it. If it is available check the network connectivity between the remote checks and the resource
              Alert - VSAN Adpater

              Notifications

              We will create four Notification Rules for Horizon Adapter, Horizon POD as it collects data, vCenter instances and VSAN Adapter. Following are the Rules for Email Alerts combined:

              Custom Notification Rules
              • Rule – Horizon Adapter Instance is down
                • Open the vROPS Manager and navigate to Alerts – Notification Settings
                • Click on the +
                • Enter a Name – _Horizon_Adapter is down
                • Under Method Select – Standard Email Plugin
                • Instance – SMTP (previous configured)
                • Enter Recipients – Email Address
                • Notification Trigger – Alert Definition
                • Add the previously created _AD_Horizon_Adapter
              Notification - Horizon Adapter

              • Rule – vCenter Adapter Instance is down
                • Open the vROPS Manager and navigate to Alerts – Notification Settings
                • Click on the +
                • Enter a Name – _vCenter_Adapter is down
                • Under Method Select – Standard Email Plugin
                • Instance – SMTP (previous configured)
                • Enter Recipients – Email Address
                • Notification Trigger – Alert Definition
                • Add the previously created _AD_vCenter_Adapter

              Notification - vCenter Adapter

              • Rule – View POD is down
                • Open the vROPS Manager and navigate to Alerts – Notification Settings
                • Click on the +
                • Enter a Name – _View_POD is down
                • Under Method Select – Standard Email Plugin
                • Instance – SMTP (previous configured)
                • Enter Recipients – Email Address
                • Notification Trigger – Alert Definition
                • Add the previously created _AD_View_POD

              Notification - View POD

              • Rule – VSAN Adapter is down
                • Open the vROPS Manager and navigate to Alerts – Notification Settings
                • Click on the +
                • Enter a Name – _VSAN_Adapter is down
                • Under Method Select – Standard Email Plugin
                • Instance – SMTP (previous configured)
                • Enter Recipients – Email Address
                • Notification Trigger – Alert Definition
                • Add the previously created _AD_VSAN_Adapter

              Notification - VSAN Adapter

              I hope you will find this post useful and will help you improvise on monitoring/alerting of your vROPS Management Packs. A big thanks to Gagik Manukyan in demonstrating the ability to configure this in our internal setup.

              Thanks,
              Aresh Sarkari

              VMware Horizon TrueSSO – Configuration for High Availability and Redundancy

              13 Apr

              In this post I will demonstrate the configuration that are required to deploy the VMware Enrollment Servers for High availability and redundancy. This includes two Certificate Authority CA’s and Enrollment Servers

              TrueSSO Availability and Redundancy


              My colleague Tarique Chowdhury has an excellent post on the TrueSSO Lab Setup. However in that deployment it talks about a single Enrollment Server and Certificate Authority Server.

              This post is not a replacement of the Setting Up TrueSSO guide on VMware Pubs. However the below mentioned two sections complement during the configurations for everything else follow the setup guide/blogs:

              Certificate deployment – Enrollment Agent (Computer).

              Deploying the Enrollment Agent (Computer) certificate onto this server, we are authorizing this ES to act as an Enrollment Agent and generate Certificates on behalf of users.

              Both the Certificate Authority Server Enrollment Agent (Computer) certificate needs to be added. They are added one-by-one. The Personal –> Certificate store should look like below on the ES:

              Enrollment Agent (Computer)

              Configure TrueSSO on the Horizon Connection Servers:

              Step1: Adding both the Enrollment Server (ES) – Adding the ES to the environment, we are able to query the ES about the domain and relevant True SSO info.

              vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --environment --add –enrollmentServer tsso1.askaresh.com,tsso2.askaresh.com

              Adding ES

              Step2 – List both the newly deployed Enrollment Server – We will get info about various components of the environment which will be useful for configuring True SSO.

              vdmutil --authAs username –authDomain askaresh --authPassword password --truesso --environment --list --enrollmentServer tsso1.askaresh.com  --domain askaresh.com

              vdmutil --authAs username –authDomain askaresh --authPassword password --truesso --environment --list --enrollmentServer tsso2.askaresh.com  --domain askaresh.com

              Listing ES

              Step3 – Adding the Connector for TrueSSO – A True SSO Connector is a configuration set where we specify details like ES(s), CA(s) and a Certificate Template to use for a certain Domain. When a Horizon CS gets a request to launch a desktop for an AD user, it will look up True SSO Connector for the domain the user belongs to and will use the components as specified to obtain a Certificate on behalf of the user.

              vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --create --connector --domain askaresh.com --template TrueSSO --primaryEnrollmentServer tsso1.askaresh.com –secondaryEnrollmentServer tsso2.askaresh.com --certificateServer MSSUBCA01-CA,MSSUBCA02-CA --mode enabled
              TrueSSO Connector

              Step4 – List the SAML Authenticator available in Horizon environment – A SAML Authenticator contains the trust and metadata exchange between Horizon View and vIDM. To use True SSO, we need to identify the correct SAML Authenticator and enable True SSO.

              vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --list --authenticator
              Listing SAML

              Step5 – Enable TrueSSO for the SAML Authenticator

              vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --authenticator --edit --name VIDM-PROD --truessoMode ENABLED
              Enable TrueSSO

              Step6 – Check the status on the Horizon Administrator Dashboard
              TrueSSO Dashboard

              I hope you find these steps useful during the TrueSSO Availability and Redundancy configurations.

              Thanks,
              Aresh

              NSX Load Balancing for VMware Unified Access Gateway – Part1

              5 Mar

              This blog post will be a two part series showing you step by step on how to load balance VMware Unified Access Gateway (UAG) using the VMware NSX. There are quite a few options such as F5, KEMP etc. available to do the load balancing of the UAG appliance but in this post we shall deep dive into NSX Load balancing. The objective in a production deployment is to load balance multiple UAG appliances deployed in the DMZ.

              UAG Load BalancingLoad Balancing of multiple VMware UAG Appliances

              There are plenty of guidance available on how to create the NSX Edge to do the load balancing. I am not going to cover those steps in this blog. Instead I will fast forward to the Load Balancing configurations required to do Unified Access Gateway.

              Pre-Installation Checklist

              This list should include everything that needs to be available BEFORE we start to install the UAG Load Balancer.

              • A pair of UAG Appliances should be deployed
              • The admin page of both the UAG appliances should be accessible
              • Create a X-Large NSX Edge and make sure its deployed using HA (Active/Passive)
              • Enable Syslog on the NSX Edge
              • Reserve the VIP IP address used by NSX

              Step-by-Step guide (Part1 – We shall cover Global Configuration, Application Profiles and Service Monitoring)

              1. Configure the Load Balancing – Global Configuration

              • Log into the Edge GW you need to configure and go to the Manage tab then the Load Balancer tab.
              • Click on Global Configuration
                • Check the Enable Load Balancer checkbox
                • Check the Enable Acceleration checkbox
                • Check the Logging checkbox
                • Change the Log Level dropdown to Warning
                • Leave the rest as the default
                • Click Ok
                  Global Configuration

              2. Configure the Load Balancer – Application Profiles

              • Overall we will be creating three Profiles – HTTPS, TCP and UDP as follows:
                Application Profiles
              • Click on the green plus sign to add the HTTPS profile
                • Set the Name to XX_External-SSL_Offload
                • Set the Type to HTTPS
                • Set Enable SSL Passthrough
                • Persistent to Source IP
                • Expires in (seconds): 28800 (Preferably match it from Horizon Administrator – Global Configuration Settings)
                • Everything else should be blank, grayed out, or None
                • Click Ok
                  SSL_Offload
              • Click on the green plus sign to add the TCP profile
                • Set the Name to XX_External-TCP
                • Set the Type to TCP
                • Persistent to Source IP
                • Everything else should be blank, grayed out, or None
                • Click Ok
                  TCP_Profile
              • Click on the green plus sign to add the UDP profile
                • Set the Name to External-UDP
                • Set the Type to UDP
                • Persistent to Source IP
                • Everything else should be blank, grayed out, or None
                • Click Ok
                  UDP_Profile

              3. Configure the Load Balancer – Service Monitoring

              • Overall we will be creating three Service Monitors – HTTPS, TCP and UDP as follows:
                Service_Monitoring
              • Click on the green plus sign to add the Access Point TCP Monitor.  This one monitor will be used for all APs.
                • Set the Name to default_tcp_monitor
                • Set the Interval to 5
                • Set the Timeout to 15
                • Set the Max Retries to 3
                • Set the Type to TCP
                • Click Ok
                  TCP_Monitor
                • Click on the green plus sign to add the Access Point HTTP Monitor.  This one monitor will be used for all APs.
                  • Set the Name to default_http_monitor
                  • Set the Interval to 5
                  • Set the Timeout to 15
                  • Set the Max Retries to 3
                  • Set the Type to HTTP
                  • Set the Method to GET
                  • Click Ok
                    HTTP_Monitor
                  • Click on the green plus sign to add the Access Point HTTPS Monitor.  This one monitor will be used for all APs.
                    • Set the Name to default_https_moinitor
                    • Set the Interval to 5
                    • Set the Timeout to 15
                    • Set the Max Retries to 3
                    • Set the Type to HTTPS
                    • In the Expected field, type:  HTTP/1.1 200 (note there is a space between the 1.1 and 200)
                    • Set the Method to GET
                    • In the URL field, type /favicon.ico
                    • Click Ok
                      HTTPS_Monitor

              Remaining configuration around the “Pools” and “Virtual Servers” to be continued in the NSX Load Balancing for VMware Unified Access Gateway – Part2

              I hope you find these steps useful and don’t have to invent the wheel when it comes to NSX LB for VMware UAG.

              Thanks,
              Aresh

              NSX Load Balancing for VMware Unified Access Gateway – Part2

              5 Mar

              In this post we shall go over the remaining configuration on “Pools” and “Virtual Servers” of the NSX Load Balancing for VMware Unified Access Gateway.

              4. Configure the Load Balancing – Pools

              • Overall we will be creating four Pools as follows:
                Pools
              • Click on the green plus sign to add a new pool
                • In the Name field, type: XXX-UAG-POOL-8443
                • Leave the Description blank
                • For Algorithm, pick IP-HASH
                • Leave Algorithm Parameters blank
                • For Monitors, pick default_tcp_monitor
                  Pools_8443
              • Click on the green plus sign to add a new pool
                • In the Name field, type: XXX-UAG-POOL-4172TCP
                • Leave the Description blank
                • For Algorithm, pick IP-HASH
                • Leave Algorithm Parameters blank
                • For Monitors, pick default_tcp_monitor
                  Pools_4172_TCP
              • Click on the green plus sign to add a new pool
                • In the Name field, type: XXX-UAG-POOL-4172UDP
                • Leave the Description blank
                • For Algorithm, pick IP-HASH
                • Leave Algorithm Parameters blank
                • For Monitors, pick default_tcp_monitor
                  Pools_4172_UDP
              • Click on the green plus sign to add a new pool
                • In the Name field, type: XXX-UAG-POOL-443
                • Leave the Description blank
                • For Algorithm, pick IP-HASH
                • Leave Algorithm Parameters blank
                • For Monitors, pick default_https_monitor
                  Pools_443

              5. Configure the Load Balancer – Virtual Servers

              • Overall we will be creating six virtual servers as follows:
                Virtual_Server
              • Click on the green plus sign to add a new Virtual Server
                • Click on Enable Virtual Server
                • Click on Enable Acceleration
                • Set the Application Profile to XX-External-UDP
                • In the Name field, type: XXX-UAG-8443UDP
                • Leave the Description blank
                • For IP Address, select IP address by click on the link
                • For Protocol select UDP
                • In Port/Port Range type 8443
                • Set Default Pool select XXX-UAG-Pool-8443
                • Everything else should be default
                  UDP_Virtual_Server
              • Click on the green plus sign to add a new Virtual Server
                • Click on Enable Virtual Server
                • Click on Enable Acceleration
                • Set the Application Profile to XX-External-UDP
                • In the Name field, type: XXX-UAG-4172UDP
                • Leave the Description blank
                • For IP Address, select IP address by click on the link
                • For Protocol select UDP
                • In Port/Port Range type 4172
                • Set Default Pool select XXX-UAG-Pool-4172UDP
                • Everything else should be default
                  UDP_Virtual_Server
              • Click on the green plus sign to add a new Virtual Server
                • Click on Enable Virtual Server
                • Click on Enable Acceleration
                • Set the Application Profile to XX-External-TCP
                • In the Name field, type: XXX-UAG-8443TCP
                • Leave the Description blank
                • For IP Address, select IP address by click on the link
                • For Protocol select TCP
                • In Port/Port Range type 8443
                • Set Default Pool select XXX-UAG-Pool-8443
                • Everything else should be default
                  TCP_Virtual_Server
              • Click on the green plus sign to add a new Virtual Server
                • Click on Enable Virtual Server
                • Click on Enable Acceleration
                • Set the Application Profile to XX_external_ssl_offload
                • In the Name field, type: XXX-UAG-443HTTPS
                • Leave the Description blank
                • For IP Address, select IP address by click on the link
                • For Protocol select TCP
                • In Port/Port Range type 443
                • Set Default Pool select XXX-UAG-Pool-443
                • Everything else should be default
                  HTTPS_Virtual_Server
              • Click on the green plus sign to add a new Virtual Server
                • Click on Enable Virtual Server
                • Click on Enable Acceleration
                • Set the Application Profile to XX_external_tcp
                • In the Name field, type: XXX-UAG-4172TCP
                • Leave the Description blank
                • For IP Address, select IP address by click on the link
                • For Protocol select TCP
                • In Port/Port Range type 4172
                • Set Default Pool select XXX-UAG-Pool-4172TCP
                • Everything else should be default
                  TCP_Virtual_Server

              Previous configuration around the “Global Configuration”, “Application Profiles” and “Service Monitoring” the NSX Load Balancing for VMware Unified Access Gateway – Part1

              We haven’t configured any “Application Rules”. I hope you find these steps useful and don’t have to invent the wheel when it comes to NSX LB for VMware UAG.

              Thanks,
              Aresh

              The Secret Sauce Behind VMware’s Internal Horizon Desktop Deployments – VMworld 2017

              22 Feb

              This year at VMworld, myself and my colleague Simon Long had the opportunity to talk about a project we’ve been working on for the past few years. We’ve been re-redesigning and deploying VMware’s internal Horizon Desktop environments.

              Session Summary

              “How does VMware architect its own global VMware Horizon desktop environment?” “Has it encountered the same obstacles we are facing?” Over the past two years, VMware has been re-architecting and deploying its virtual desktop infrastructure with VMware Horizon, VMware App Volumes, and VMware User Environment Manager running on top of the full VMware software-defined data center stack (VMware vSphere, VMware vSAN, VMware NSX) and integrating with VMware vRealize Operations Manager and VMware vRealize Log Insight. In this session, the lead architects will reveal all.

              Our session (ADV1255BU – The Secret Sauce Behind VMware’s Internal VMware Horizon Desktop) includes the following sections:

              • Where we we? – Why did we need to kick off this project (from the beginning)
              • What do we need? – Revisiting the business and technical requirements (from 3:05)
              • How do we do this better? – How do we design this new infrastructure making sure we don’t hit the same issues again (from 5:13)
              • Where we are today? – A look at what we architected and deployed  (from 9:12)
              • What did we learn? – What challenges did we face along the way (from 30:45)
              • Where do we go from here? – How can we improve upon what we have built (from 41:51)

              I hope you enjoy it and find it useful. Please contact myself or Simon if you have any questions around our session.

              Thanks,
              Aresh

              VMware CIO Innovation Award – OneDesk

              7 Feb

              I thought I would share some pretty exciting news with you guys, I’ve recently received an award internally within VMware for a cool project that myself and my colleague Simon Long have been working on for the past 6-8 months. The project in question is called OneDesk. I’ll explain more about OneDesk shortly.

              CIO Innovation Award

              The award we won is called the VMware CIO Innovation award. Here is the description of the Innovation category:

              “The team which best accomplished the goal of creating and developing new products and/or services.”


              Aresh Sarkari – VMware CIO 2017 Innovation AwardCIOAward-Aresh

              I wasn’t very lucky to receive the award in-person as the award arrived in India a couple of days late and by then Bask Iyer had to leave back for PA, CA.

              OneDesk

              The project myself and Simon Long have been working on is called OneDesk. For those of you who attended our VMworld session: The Secret Sauce Behind VMware’s Internal Horizon Desktop Deployments you’d have heard us talking about it during our session. For those of you who were unfortunate enough to miss it, I’ll explain all about it now.

              What is OneDesk?

              OneDesk is many things to many people. Here are some of its main functions:

              EUC Dogfooding environment
              OneDesk is an End User Computing (EUC) environment created from un-used production hardware where we deploy pre-release versions of our EUC software (Horizon, App Volumes and User Environment Manager). This allows us to test our products before we make them publicly available to our customers and providing feedback to the product teams of any issues that we encounter throughout or testing.

              Pre-Production Horizon Environment
              OneDesk also acts a Pre-Production environment for VMware’s internal Production Horizon desktop environments in the US, EMEA and India. The availability of our production Horizon deployments is extremely important to the business and often updating software can lead to service outages. By deploying the newly released EUC software into OneDesk as early as possible, we can use our experiences to make decisions on when we will upgrade the production environments.

              Next-Generation EUC Environment
              OneDesk also acts a ‘Next-Generation’ environment for our production Horizon desktop environments in the US, EMEA and India. The availability of our production Horizon deployments is extremely important to the business and often introducing new products or configuration changes can lead to service outages. We will be deploying all new products and configurations into OneDesk first, allowing us to iron out any creases and monitor stability before we consider deploying these changes into the production environments.

              VMware on VMware
              Last but not least, this is a VMware on VMware initiative. Where there is a business need, we look to utilize as many of VMware’s products as possible. By utilizing our own products early in the development cycle we are able to identify bugs and offer feedback to our product teams to help improve our customer’s experience once the products are released.

              How is OneDesk different from the VMware production Horizon desktop environments?

              The table below gives you an idea of how the services differ:OneDeskVSProduction

              The table below gives you an idea of how the product version differs between OneDesk and Production: (Version may have changed since publication)
              Products-OneDeskVSProduction

              Here is a list of features that we’ve used OneDesk to test before we deploy the features into our production environments:

              • Instant Clones
              • Blast Extreme
              • Unified Access Gateway
              • Enrollment Server / True SSO
              • Skype For Business Plugin
              • Horizon Smart Policies (UEM)
              • NSX Edge Load-Balancer
              • NSX Distributed Firewall (Micro-Segmentation)
              • Sparse Swap Files
              • Client Cache

              Product Improvement

              Not only does deploying early releases of software allow us to test some really cool new features that we’ve been able to implement into Production, this also allows us to capture many bugs before we release the products to our customers. Hopefully, this means that you, our customers, have a must most stable product that you can rely on.

              I’ve really enjoyed designing and deploying OneDesk and watching its value to VMware grow as we utilize it more and more. I’m looking forward to seeing where we can take OneDesk in the future. Watch this space.

              Thanks,
              Aresh Sarkari

              Automating Desktop Pool creation using PowerCLI – VMware Horizon 7.x

              17 Jan

              The Desktop Pool Creation using PowerCLI and JSON file is by far the most powerful and advance way of creating desktop pools in Horizon 7.x in a automated way.

              Before you begin with the script and JSON file make sure you have read this blog post “Automating VMware Horizon 7 with VMware PowerCLI 6.5” by Graeme Gordon it explains step by step how to prepare machine and execute the PowerCLI.

              The following is the script (Save as desktoppool.ps1) you will need to execute this script for invoking the desktop pool creation using the advanced functions of the module – New-HVPool -spec ‘path to InstantClone.json file’

              PowerCLI Script for Desktop Pool:

              ################################################################################
              # Create a Linked Clone Desktop Pool in Horizon using PowerCLI and Defining parameters in JSON
              ################################################################################

              #region variables
              ################################################################################
              #                                    Variables                                 #
              ################################################################################
              $cs = ‘cs1-1.domain.com’ #Horizon Connection Server (CS)
              $csUser= ‘aresh’ #User account to connect to CS make sure you have necessary permissions
              $csPassword = ‘abc1234’ #Password for user to connect to Connection Server
              $csDomain = ‘domain’ #Domain for user to connect to Connection Server
              #endregion variables

              #region initialize
              ################################################################################
              #                                    Initialize                                #
              ################################################################################
              # — Initialize All PowerCLI Modules —
              #Importing the Hv.Helper Module for Horizon
              Get-Module -ListAvailable ‘VMware.Hv.Helper’ | Import-Module

              # Connect to Horizon Connection Server API Service
              $hvServer1 = Connect-HVServer -Server $cs -User $csUser -Password $csPassword -Domain $csDomain

              # — Display Available Methods for interacting with the API Service API Service —
              $Services1= $hvServer1.ExtensionData

              #endregion initialize

              #region logic
              ################################################################################
              #                                Main-Logic                                    #
              ################################################################################

              # — Create the pool —
              New-HVPool -spec ‘C:\temp\DesktopPool\LinkedClone.json’

              # — Disconnnect from Horizon API Service —
              Disconnect-HVServer -Server $cs -Confirm
              #endregion logic

              Now let’s take a look at the JSON file for Linked Clone Desktops as all the advanced parameters for the desktop pool creation are defined here. The effort of entering the parameters needs to be performed once usually 70% of parameters are standard across all the pools. During the new pool creation only 5-7 parameters needs to change and rest can remain as-is

              Note – I have entered parameters based on my requirements feel free to modify the values. (Copy/paste the below into a JSON editor to make sure the editing is in correct format. Save the file as LinkedClone.json):

              Linked Clone JSON – (All parameters should be configured through JSON)

              {
                   “Base”: {
                       “Name”: “Aresh-Test”,
                       “DisplayName”: “Aresh linkedclone pool”,
                       “AccessGroup”: “Root”,
                       “Description”: “Created linked clone pool from PowerCLI”
                   },
                   “DesktopSettings”: {
                       “enabled”: true,
                       “deleting”: false,
                       “connectionServerRestrictions”: null,
                       “logoffSettings”: {
                           “powerPolicy”: “TAKE_NO_POWER_ACTION”,
                           “automaticLogoffPolicy”: “AFTER”,
                           “automaticLogoffMinutes”: 4320,
                           “allowUsersToResetMachines”: true,
                           “allowMultipleSessionsPerUser”: false,
                           “deleteOrRefreshMachineAfterLogoff”: “REFRESH”,
                           “refreshOsDiskAfterLogoff”: “NEVER”,
                           “refreshPeriodDaysForReplicaOsDisk”: 5,
                           “refreshThresholdPercentageForReplicaOsDisk”: 10
                       },
                       “displayProtocolSettings”: {
                           “supportedDisplayProtocols”: [“RDP”,
                           “PCOIP”,
                           “BLAST”],
                           “defaultDisplayProtocol”: “BLAST”,
                           “allowUsersToChooseProtocol”: true,
                           “pcoipDisplaySettings”: {
                               “renderer3D”: “DISABLED”,
                               “enableGRIDvGPUs”: false,
                               “vRamSizeMB”: 96,
                               “maxNumberOfMonitors”: 2,
                               “maxResolutionOfAnyOneMonitor”: “WQXGA”
                           },
                           “enableHTMLAccess”: true
                       },
                       “flashSettings”: {
                           “quality”: “NO_CONTROL”,
                           “throttling”: “DISABLED”
                       },
                       “mirageConfigurationOverrides”: {
                           “overrideGlobalSetting”: false,
                           “enabled”: false,
                           “url”: null
                       }
                   },
                   “Type”: “AUTOMATED”,
                   “AutomatedDesktopSpec”: {
                       “ProvisioningType”: “VIEW_COMPOSER”,
                       “VirtualCenter”: “10.x.x.x”,
                       “UserAssignment”: {
                           “UserAssignment”: “FLOATING”,
                           “AutomaticAssignment”: true
                       },
                       “VmNamingSpec”: {
                           “NamingMethod”: “PATTERN”,
                           “PatternNamingSettings”: {
                               “NamingPattern”: “HZ-W10-{n:fixed=3}”,
                               “MaxNumberOfMachines”: 1,
                               “NumberOfSpareMachines”: 1,
                               “ProvisioningTime”: “UP_FRONT”,
                               “MinNumberOfMachines”: null
                           },
                           “SpecificNamingSpec”: null
                       },
                       “VirtualCenterProvisioningSettings”: {
                           “EnableProvisioning”: true,
                           “StopProvisioningOnError”: true,
                           “MinReadyVMsOnVComposerMaintenance”: 0,
                           “VirtualCenterProvisioningData”: {
                               “Template”: null,
                               “ParentVm”: “W101607-STD1”,
                               “Snapshot”: “v1”,
                               “Datacenter”: “vRack-Datacenter”,
                               “VmFolder”: “GM_MasterImages”,
                               “HostOrCluster”: “vcore1c2-0-cluster”,
                               “ResourcePool”: “vcore1c2-0-cluster”
                           },
                           “VirtualCenterStorageSettings”: {
                               “Datastores”: [{
                                   “Datastore”: “vsanDatastore”,
                                   “StorageOvercommit”: “UNBOUNDED”
                               }],
                               “UseVSan”: true,
                               “ViewComposerStorageSettings”: {
                                   “UseSeparateDatastoresReplicaAndOSDisks”: false,
                                   “ReplicaDiskDatastore”: null,
                                   “UseNativeSnapshots”: false,
                                   “SpaceReclamationSettings”: {
                                       “ReclaimVmDiskSpace”: false,
                                       “ReclamationThresholdGB”: null,
                                       “BlackoutTimes”: null
                                   },
                                   “PersistentDiskSettings”: {
                                       “RedirectWindowsProfile”: false,
                                       “UseSeparateDatastoresPersistentAndOSDisks”: null,
                                       “PersistentDiskDatastores”: null,
                                       “DiskSizeMB”: null,
                                       “DiskDriveLetter”: null
                                   },
                                   “NonPersistentDiskSettings”: {
                                       “RedirectDisposableFiles”: false,
                                       “DiskSizeMB”: null,
                                       “DiskDriveLetter”: null
                                   }
                               },
                               “ViewStorageAcceleratorSettings”: {
                                   “useViewStorageAccelerator”: true,
                                   “viewComposerDiskTypes”: “OS_DISKS”,
                                   “regenerateViewStorageAcceleratorDays”: 7,
                                   “BlackoutTimes”: null
                               }
                           },
                           “VirtualCenterNetworkingSettings”: {
                               “Nics”: [{
                                   “Nic”: “nicName”,
                                   “NetworkLabelAssignmentSpecs”: [{
                                       “Enabled”: false,
                                       “networkLabel”: null,
                                       “maxLabelType”: null,
                                       “maxLabel”: null
                                   }]
                               }]
                           }
                       },
                       “VirtualCenterManagedCommonSettings”: {
                           “TransparentPageSharingScope”: “VM”
                       },
                       “CustomizationSettings”: {
                           “CustomizationType”: “QUICK_PREP”,
                           “DomainAdministrator”: “viewcomposer-svc”,
                           “AdContainer”: “OU=HZ-AWF,OU=BLR,OU=Computers”,
                           “ReusePreExistingAccounts”: false,
                           “NoCustomizationSettings”: null,
                           “SysprepCustomizationSettings”: {
                               “customizationSpec”: null
                           },
                           “QuickprepCustomizationSettings”: {
                               “PowerOffScriptName”: null,
                               “PowerOffScriptParameters”: null,
                               “PostSynchronizationScriptName”: null,
                               “PostSynchronizationScriptParameters”: null
                           },
                           “CloneprepCustomizationSettings”: null
                       }
                   },
                   “ManualDesktopSpec”: null,
                   “RdsDesktopSpec”: null,
                   “GlobalEntitlementData”: null,
                   “NetBiosName”: “domain”
              }

              The parameters are self explanatory they are the exact same shown in the Horizon Administrator UI during Desktop Pool Creation. If you need any additional information on the parameters refer to the VMware View API explorer for more details.

              I hope you will find this script and method useful in Automating the Desktop Pool Creation in Horizon. If you have further questions leave a comment or DM on twitter.

              Thanks,
              Aresh Sarkari

              Export VMware App Volumes – Writable Volumes from VSAN Datastore

              28 Nov

              If you have a VMware VSAN environment and you wanted to export a App Volumes – Writable Volumes from the vsanDatastore to another datastore, storage or for VMware GSS/R&D for further analysis go ahead and read further!

              Background – The traditional way of exporting the Writable Volumes from the source vsanDatastore was to attach the *.vmdk to a dummy VM as a “Existing Hard Disk” and export the dummy VM using the “Export OVF Template” option from the vCenter. Repeat all the steps on target datastore where-in it needs to be imported. However, if you want an alternate and easy method than the dummy VM then follow the below steps.

              Step by Step Instructions:

              — SSH to any ESXi Host Resource Cluster where the WV is stored and browser to the cloudvolumes/writable directory location:

              # cd /vmfs/volumes/vsanDatastore/cloudvolumes/writable (This is the location where all end-user writable volumes are stored)

              Now search for the end-user (E.g twood) for which you want to export the Writable Volumes.

              # ls -lh | grep twood
              User to export WV

              Now lets open the *.vmdk file using “cat” command to retrieve the Object ID information. Make a note of the ObjectID

              # cat DOMAIN!5C!twood.vmdk

              Cat to find ObjectID

               In my scenario the Object ID was properly pre-created I didn’t have to use the objtool to find out the Object opened. However, in some cases you might have to run the following command

              # /usr/lib/vmware/osfs/bin/objtool open -u (Where Object ID is displayed using the ‘cat’ command

              This screenshot below is an example of situations where in the Object ID is not properly pre-created. It will provide you with an output Object Opened at path:
              Objecttool Output

              Now using WINSCP login to the same ESXi Host and go to the path:
              Object ID – /vmfs/device/vsan/d17efe58-5610-4dd2-0d9e-ecf4bbea2830 (my scenario)
              Or/else Object opened at path in the screenshot above.

              Download the file “d17efe58-5610-4dd2-0d9e-ecf4bbea2830” which is Writable Volumes (*.vmdk) file and move the files to local or remote location that you are using the WINSCP tool.

              — Rename the Object ID to a friendly name shown in the cloudvolumes/writable Directory Folder. I renamed it (DOMAIN!5C!twood.vmdk)

              You don’t need the *.vmdk.metedata file

              The Writable Volumes is now exported out of the VSAN environment you can attach the *.vmdk to a non App Volumes Agent machine to look at the contents inside the Writable Volumes. If you are going to send the vmdk to VMware GSS/R&D make sure to zip it before uploading

              I hope you will find these steps useful and help you export a Writable Volume from your vsanDatastore. I haven’t been able to try AppStacks with this method its on my to-do list.

              Thanks,
              Aresh Sarkari

              McAfee Exclusion for VMware App Volumes 2.x – 100% CPU Issues

              27 Nov

              In your Virtual Desktop Infrastructure with the following configurations:

              If you start noticing 100 % – CPU Usage for prolonged period of time and the Horizon Session getting disconnected from time to time after launch then you might need to include the following exclusion within your Writable Volumes (UIA+Profile) snapvol.cfg file:

              #McAfeeExclusion
              exclude_process_path=\Program Files\Common Files\McAfee\SystemCore

              My colleague Daniel Bakshi has written an extensive blogpost on how to modify the snapvol.cfg for individual or group of end-users please reference it to make the necessary changes – Using the VMware App Volumes snapvol.cfg File to Customize Writable Volumes

              I hope you will find these exclusion useful and will help you resolve a similar issue a lot quicker. A big thanks to Art Rothstein in helping to troubleshoot and resolve the issue.

              Thanks,
              Aresh Sarkari

              Create a Memory Dump from a Suspended Virtual Machine – VMware vSAN

              10 Nov

              If you have a VMware VSAN environment and you wanted to capture a memory dump of the Virtual Machine for debugging or want to provide memory.dmp to VMware GSS or R&D for further analysis go ahead and read further!

              Use Case – In our scenario had a few VDI Desktops running Windows 10 1607 + Horizon 7.3.1 + App Volumes Writable Volumes 2.13.1 + UEM 9.2.1 that were getting into unresponsive state. As a last resort we wanted to capture the memory dump to find out more what is causing the VM to get unresponsive.

              Step by Step Instructions:

              Using the vCenter console select the Virtual Machine VM – Power – Suspend

              This will create the *.vmss and *.vmem file for Debugging. (Note the *.vmem file is applicable for ESXi 6.0 onwards)
              VM Directory

               Make a note of the ESXi host Name/IP for the VM is in Suspend state

              — SSH to the ESXi Host and browser to the VM Directory location:

              # cd /vmfs/volumes/vsanDatastore/od-av-troub-1 (Where “od-av-troub-1” is the VM name)


              — Now lets open the *.vmem file using “cat” command to retrieve the Object ID information. Make a note of the ObjectID

              # cat od-av-trou-1-7622414e.vmem

              Object ID

               In my scenario the Object ID was properly pre-created I didn’t have to use the objtool to find out the Object opened. However, in some cases you might have to run the following command

              Now using WINSCP login to the same ESXi Host and go the path:
              Object ID – /vmfs/device/vsan/2c86055a-573b-d20a-5cdf-ecf4bbea1e48 (my scenario)
              Or/else Object opened at path and download the file “2c86055a-573b-d20a-5cdf-ecf4bbea1e48” which is your ”*.vmem file and move the files to local or remote location that you are using the WINSCP tool.

              Rename the Object ID to a friendly name shown in the VM Directory Folder. I renamed it (od-av-trou-1-7622414e.vmem)

              For the *.vmss (od-av-trou-1-7622414e.vms) you can directly WINSCP to the ESXi Host and go to the location in the table and move the files to your local or remote location

              Once you have both the files *.vmem and *.vmss you can use a VMware Vmss2core Fling and convert it to a dump. Please make sure you meet the requirements and use the appropriate switches to your environment

              # vmss2core -W8 od-av-trou-1-7622414e.vmss od-av-trou-1-7622414e.vmem 

              — The above command will generate a memory.dmp file which can used in WINDBG for further analysis. If you are sending the dump file to someone make sure use *.zip and compress it before sending.

              I hope you will find these steps useful and save a lot of time during daunting unresponsive VM issues. A big thanks to Frank EscarosBuechsel to helping with the entire procedure.

              Thanks,
              Aresh Sarkari

              ← Older Entries
              Newer Entries →