Apr 06 2017

VMware vRealize Business for Cloud – Hide cost values in vRA interface

When you install vRealize Business cost values are being displayed in the vRealize Automation interface so users can see the actual cost of the VM they are requesting

 

In some circumstances however you do not want users to see the cost values.

There is a method to hide these cost values by editing the file enable-features.properties in the vRA appliance.

!! Please note that feature toggles to modify product behaviour are not supported by VMware and will possibly break future upgrades. It will also not be carried forward in an upgrade situation !!

  • Edit file /etc/vcac/enable-feature.properties
  • Set the value for costingUI to false (be default it is set to true): costingUI=false
  • Restart the vac-server service: service vac-server restart

 

 

 

 

 

 

 

 

 

 

 

The result of this is that the cost details are hidden:

 

 

 

 

 

 

 

 

 

 

Permanent link to this article: https://ituda.com/vmware-vrealize-business-for-cloud-hide-cost-values-in-vra-interface/

Mar 12 2017

SSL Certificates – How to request and create SSL Certificates with OpenSSL

Install OpenSSL (Windows)

Follow the following instructions to install and setup OpenSSL on a Windows computer.

  1. Ensure that the Microsoft Visual C++ 2008 Redistributable Package (x86) is installed on the system on which you want to generate the requests. To download the package, see the Microsoft Download Center.
  2. Download the Shining Light Productions installer for Win32 OpenSSL v1.1.0e or later at http://www.slproweb.com/products/Win32OpenSSL.html. This is a software developed from the OpenSSL Project.
  3. Launch the installer (run as administrator) and proceed through the installation
    1. Destination location: C:\OpenSSL-Win32
    2. Start Manu Folder: OpenSSL
    3. Copy OpenSSL DLLs to: The openSSL binaries (/bin) directory

Create a CSR and private key

Follow the below instructions to create a CSR which will be send to the CA Authority to request a certificate.

  1. Open a command prompt (as admin)
  2. md c:\certs\ituda
  3. C:\OpenSSL-Win32\bin\openssl req -new -newkey rsa:2048 -nodes -config c:\OpenSSL-Win32\bin\cnf\openssl.cnf -out C:\certs\ituda\CSR.csr -keyout C:\certs\ituda\privatekey.key
  4. Answer as below:
    1. Country Name: BE
    2. State or Province Name: Brussels
    3. Locality Name: Brussels
    4. Organization Name: ITuDA BVBA
    5. Organizational Unit Name: IT Services
    6. Common Name: *.ituda.com
    7. Email Address: lieven.dhoore@ituda.com
    8. A challenge password: ********
    9. An optional company name: ITuDA

Request the Certificate

Follow the following instructions to request a certificate from GoDaddy.

  1. Login to the GoDaddy portal http://www.godaddy.com/#
  2. Enter the credentials go to Product / SSL & Security
  3. Request a new wildcard certificate
  4. When prompted for the CSR, copy paste the contents of the “C:\certs\ituda\CSR.csr” and follow the instructions
  5. Download the certificate to “C:\certs\ituda\crtkey.crt”
  6. Download the godaddy root and intermediate certificate bundle to “C:\certs\ituda\godaddy_bundle.crt”

Convert Private Key to RSA Key

Follow the following instructions to convert the private key to an RSA private key

  1. C:\OpenSSL-Win32\bin\openssl rsa -in C:\certs\ituda\wildcard\privatekey.key -out C:\certs\ituda\rsakey.key

Create a PFX

Follow the following instructions to create a PFX certificate.

  1. C:\OpenSSL-Win32\bin\openssl pkcs12 export -out “C:\certs\ituda\pfxkey.pfx” -inkey “C:\certs\ituda\rsakey.key” -in “C:\certs\ituda\crtkey.crt” -certfile “C:\certs\ituda\godaddy_bundle.crt”

Convert PFX to PEM

Follow the following instructions to convert the PFX to a PEM certificate.

  1. C:\OpenSSL-Win32\bin\openssl pkcs12 -in  “C:\certs\ituda\pfkkey.pfx” -out  “C:\certs\ituda\pemkey.pem” –nodes

Permanent link to this article: https://ituda.com/ssl-certificates-how-to-request-and-create-ssl-certificates-with-openssl/

Mar 06 2017

VMware Horizon View – Kiosk mode

General

Kiosk mode is a method of delivering a VMware Horizon View desktop to a zero client, a thin client or a PC without the need for an end-user to authenticate to the connection server. Instead of associating a VDI with a userID, kiosk mode associates a VDI with a MAC address or a clientID of an endpoint device.This allows an organisation to provide access to a VDI to users that do not have a user ID, which is typically the case in public places.

As there is no user authentication, there is obviously also no need to preserve user data or to deliver persistent desktops.

In some circumstances however, it might be required that all kiosk users log in to the VMware Horizon View desktop with the same, predetermined username and password. This scenario can be desirable when use of the kiosk or an application is restricted to a known set of users, such as company employees or registered students, but is not available to the general public. In this case, people who know the password can use the kiosk, but these users are not identified by personal credentials.

 

How to setup

The setup of kiosk mode in VMware Horizon View is rather simple, but does require the use of the command line tool vdmadmin.

Step 1: create a new organisational unit (OU) specific for kiosk users

This OU will contain all kiosk mode VDIs and all accounts that will have access to a kiosk mode VDI. Specific GPOs can be associated with this OU to lock down the VDI session.

Example: OU=kiosk,OU=vdi,DC=mydomain,DC=local

Step 2: create a new Active Directory Security group 

This security group will contain all accounts that will have access to a kiosk mode VDI

Example: gg-euc-kiosk

Step 3: create a new floating Desktop pool in VMware Horizon View

Add all the VDIs to the OU created in Step 1

Make sure to delete or refresh the VDI immediately at logoff

Entitle the group you created in step 2 to this desktop pool

Step 4: Set default values for the organisational unit (OU), password expiration, and group membership of clients in kiosk mode.

This is done by executing the vdmadmin command line utility. The vdmadmin utility is located at C:\Program Files\VMware\VMware View\Server\tools\bin of each VMware Horizon View Connection server and should be executed from a command line (as administrator) directly from a VMware Horizon View Connection server.

Example: vdmadmin -Q -clientauth -setdefaults -ou “OU=kiosk,OU=vdi,DC=mydomain,DC=local” -noexpirepassword -group gg-euc-kiosk

Step 5: Add accounts for clients in Kiosk mode

The VMware Horizon View Connection Server creates Active Directory user account and passwords for each client based on the client’s MAC address or client ID, which it uses to authenticate the client when connecting it to the View desktop.

The clientid parameter must be in the form <MAC-address>, cm-<MAC-address> or custom-<name> where <MAC-address> is of the form aa:cc:ff:aa-33-99

Example-1: vdmadmin -Q -clientauth -add -domain MYDOMAIN -clientid custom-kiosk01 -password “Secret_Password” -ou “OU=kiosk,OU=vdi,DC=mydomain,DC=local” -group gg-euc-kiosk -description “VDI Kiosk User 01” -noexpirepassword

Example-2:  vdmadmin -Q -clientauth -add -domain MYDOMAIN -clientid cm-00:50:56:82:81:ec -genpassword -ou “OU=kiosk,OU=vdi,DC=mydomain,DC=local” -group gg-euc-kiosk -description “Horizon View Kiosk account for client with MAC address 00:50:56:82:81:ec” -noexpirepassword

Step 6: Enable authentication of clients in kiosk mode for each View Connection Server instance

Example: vdmadmin -Q -enable -s MYCONNECTIONSERVER

Step 7: Setup clients to connect to the kiosk mode VDIs

Example when connecting via a specific username:

“C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe” -unattended -serverURL view.mydomain.local -userName custom-kiosk01 -password Secret_Password

Example when connecting via a specific endpoint who’s MAC address has been added as an account (Step 5):

“C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe” -unattended -serverURL view.mydomain.local

References

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/whitepaper/vmware-view-kioskmode-white-paper-en.pdf

Permanent link to this article: https://ituda.com/vmware-horizon-view-kiosk-mode/

Nov 16 2016

VMware vRealize Business for Cloud – Upgrade to version 7.2

Today VMware vRealize Business for Cloud version 7.2 was released. Documentation can be found here.

The new notable features are:

  • Enhanced support with AWS via
    • AWS Cloudwatch API integration
    • Visibility into all AWS regions and services
    • Ability to recognise new services
  • Additional Product Enhancements
    • Out-of-the-box support for network pricing
    • Support for additional currencies (Currently 130 currencies are supported)
    • Support pricing for Fault Tolerance (FT) enabled Virtual Machines
  • Enhanced Reporting
    • Time-based granular reporting
    • Reconciliation via VM usage report
    • Reconciliation report for VM uptime usage
    • Daily Price Report
    • Cloud Business Analysis Report (VMware Optimisation Assessment Report)
  • Support for vSphere 6.5
  • Disaster Recovery with Site Recovery Manager

The upgrade to VMware vRealize Business for Cloud 7.2 is very easy

  • Log in to the web console at https://vRealize_Business_for_Cloud_IP_address:5480
  • Unregister vRealize Business for Cloud with vRealize Automation
  • Go to “Update” tab and click on “Check updates” 
  • Click on “Install updates”
  • Wait for the update to happen (in my case it took +/- 10 minutes)
  • If necessary change the hardware configuration of the virtual appliance to 8 GB RAM and 4 vCPUs.
  • Reboot the VMware vRealize Business for Cloud appliance
  • Log in to the web console at https://vRealize_Business_for_Cloud_IP_address:5480
  • Reregister vRealize Business for Cloud with vRealize Automation

vrb_02

vrb_03

vrb_04

vrb_05

 

 

 

 

 

 

 

 

vrb_06

vrb_07vrb_08vrb_09

Permanent link to this article: https://ituda.com/vmware-vrealize-business-for-cloud-upgrade-to-version-7-2/

Sep 09 2016

VMware Horizon Mirage 5.8.1. released

Yesterday, VMware released VMware Horizon Mirage 5.8.1. VMware Horizon Mirage 5.8.1 is a maintenance release, aimed to increase scalability for large deployments and deliver bug fixes and enhancements for Image Management scenarios.

New Features:

  • Improved scalability for Image Management scenarios: Mirage now supports up to 50,000 endpoints when using Image Management only policy. This enables large enterprises to use a single instance of Mirage for Windows 10 migration or other Image Management scenarios.
  • Endpoint Provisioning for Windows XP: Mirage now supports Endpoint Provisioning and Bare Metal Provisioning for Windows XP based endpoints, including POSReady2009 OS.

General Enhancements:

  • CVD compliance score can now be set to reflect changes in user installed applications, providing better visibility of unmanaged software running on endpoints.
  • Export system settings tool now supports exporting to a UNC path.

Mirage web Console Enhancements:

  • CVD compliance score column has been added to the CVD inventory grid.

Significant fixes:

  • Mirage Management Servers cannot connect to MongoDB replica after having more than 7 active Mirage Servers & Management Servers (1679551).
  • MongoDB sometimes return an incorrect rows in the table, potentially failing Mirage operations (1636921).

Minor fixes:

  • Fixed timeouts in System settings Import\Export tool when running on large environments. In addition Mirage now blocks temporary volume used during export.
  • $WINDOWS.~BT folder should not be backed up by default (1711546)
  • PowerCLI for Mirage should be dually signed, per Microsoft new guidelines (1682535)
  • Spanish translation not loaded for ‘Please wait’ text in OS Migration (168251)
  • MongoDB version has been upgraded to v3.2.8
  • OpenSSL version has been upgraded to 1.0.2h
  • JRE version has been upgraded to 1.80_102-fcsb3
  • Apache Tomcat version has been upgraded to 8.0.36

References:

Permanent link to this article: https://ituda.com/vmware-horizon-mirage-5-8-1-released/

Aug 02 2016

Airwatch Express – Easy Mobile Device Management at 2,5 USD per month

Today, VMware introduced Airwatch Express, a new version alongside the current available Mobile Device Management Suites.

The Airwatch Express edition will be a lower priced solution with obviously less functionality then the existing Airwatch Suites.

Current Airwatch Offerings

Airwatch_01

AIrwatch_02

Why a new version?

Mobile Device Management as we know it today is

  • too hard to setup
  • resources-intensive to maintain
  • too expensive

What is Airwatch express?

  • Cloud based ==> easy setup
  • Easy MDM ==> turnkey simple with basic questions
  • Affordable ==> 2,50 $ per device per month

Airwatch Express Pricing?

Airwatch_03

 

 

 

 

 

 

 

Features

  • Devices
    • iOS
    • Android
    • Windows
    • MAC
  • Zero touch configuration
    • Asset Inventory
    • Manage and deploy apps
    • Configure WiFi
    • Configure Email
  • Integration
    • integration with existing Directory Services like Active Directory
  • Foolproof Security
    • Device Encryption
    • Data loss prevention
    • Remote lock and wipe
  • Easy to use cloud
    • Easy setup
    • System integration
    • On-demand Support

 

References:

Airwatch Blog

Airwatch Express Features

Airwatch Express Pricing

 

Permanent link to this article: https://ituda.com/airwatch-express-easy-mobile-device-management-at-25-usd-per-month/

Jul 06 2016

VMware Horizon View – Multi VLAN Network

General

When implementing VMware Horizon View Pools with a large number of desktops (large = exceeding the limit of a single /23 or /24 bit subnet), there are basically 3 options to properly arrange network connectivity for the virtual desktops within a VMware Horizon View environment:

  1. Option 1: Create a single large subnet in which all of the virtual desktops can be added.
  2. Option 2: Create multiple smaller subnets. Preferable, each subnet is a /23 or /24 bit subnet.
  3. Option 3: Create a single large subnet in which all of the virtual desktops can be added and limit the broadcast domain by making use of private VLANs.

Advantages and disadvantages

The advantages/disadvantages of each option is described below

Method
Advantages
Disadvantages
Single large subnet
  • Only a single VMware Port group is needed on the VMware Distributed Virtual Switch
  • Creation/updating VMware Horizon View pools can be done through the VMware Horizon View GUI
  • Large broadcast domain
Multiple smaller subnets – Multi VLAN
  • No large broadcast domain
  • Multiple port groups needed on the VMware Distributed Virtual Switch
  • Creation/updating VMware Horizon View pools requires the use of command line interfaces
Single large subnet + private VLANs
  • Only a single VMware Port group is needed on the VMware Distributed Virtual Switch
  • Creation/updating VMware Horizon View pools can be done through the VMware Horizon View GUI
  • No large broadcast domain
  • Additional security because VDIs can not communicate with each other
  • Additional configuration of Private vlans

This Article

In this article, option 2 will be explained, with /23 subnets.

Multi-VLAN Networks

In a /23 subnet their are 512 IP addresses, but only 510 are usable. Therefore the number of required VDI VLANs per datacenter is maximum equal to: (Total number of desktops) / 510.

For example if you want to run 1250 desktops per datacenter you will need 1250/512 = 2,45 ==> 3 VLANs per datacenter

Example
Datacenter
VLAN ID
Subnet
Maximum amount of VDIs
DC01 100 192.168.100.x/23 510
DC01 101 192.168.101.x/23 510
DC01 102 192.168.102.x/23 510

Read the rest of this entry »

Permanent link to this article: https://ituda.com/vmware-horizon-view-multi-vlan-network/

Jun 03 2016

VMware Horizon View – Network Considerations

Teradici’s PCoIP display protocol provides real-time delivery with high fidelity desktop experience for VMware Horizon View virtual desktops. To ensure a responsive desktop, the PCoIP protocol must be deployed across a properly architected virtual desktop network infrastructure that meets bandwidth, QoS, latency, jitter, and packet loss requirements.

Virtual Desktop Bandwidth Calculator

Teradici has released a Virtual Desktop Bandwidth Calculator. The calculator exemplify Network Requirements and allow administrators to specify Network Bandwidth, PCoIP Session Variables, latency, jittering and much more. Teradici uses a spreadsheet to calculate and in that spreadsheet a table is integrated with user scenario’s and settings. The calculator can be downloaded from Teradici’s TechSupport web site at https://techsupport.teradici.com/ics/support/DLRedirect.asp?fileNum=1055&deptID=15164. Alternatively the calculator can be downloaded here

PCoIP Protocol Virtual Desktop Network Design Checklist

Terradici has also released a PCoIP Protocol Network design checklist which includes sections related to network requirements, network capacity planning, PCoIP session variables, … The document can be downloaded from Terradici’s Techsupport web site at https://techsupport.teradici.com/ics/support/DLRedirect.asp?fileNum=381&deptID=15164Alternatively the checklist can be downloaded here

Permanent link to this article: https://ituda.com/vmware-horizon-view-network-considerations/

May 20 2016

VMware AppVolumes – VMware’s Strategy for version 2.x and 3.x

Appvolumes

About 3 months ago VMware released AppVolumes 3.0. The 3.0 version is the first AppVolumes release which comes as a virtual appliance with it’s own embedded database and combines app volumes features with UEM features.

I like the fact that VMware is moving towards appliance based models and the combination of AppVolumes features with UEM features is also a logical and smart move.

 

 

All good news so far, but when I started testing with AppVolumes 3.0, I was actually really disappointed:

  • The AppVolumes documentation is missing a lot of information
  • It is not possible to migrate appstacks from AppVolumes 2.x to 3.0. So you have to create all your appstacks again from scratch
  • One of the major new features, the combination AppVolumes and UEM features (it is called customisations in AppVolumes 3.0) is in tech preview.
  • VMware announced different editions of AppVolumes. However there is no possibility to set a license file/key, so how does Appvolumes distinguish between its different versions.
  • AppVolumes 3.0 uses Ubuntu version 14.04 as the Linux distribution.
    • Why is the appliance Ubuntu based? I am not against Ubuntu, but all other VMware appliances are SLES-based. When automating environments, it is more difficult as scripts used for SLES are different then scripts used for SLES
    • Ubuntu 14.04 is not a supported version for vRealize Operatons. This causes issues with vReailize Operations Endpoint agent as the agent is not officially supported for Ubuntu 14.04 and is therefore unstable.
  • Assigning a writable volume requires also assigning an appstack. I do not see why this should be necessary.
  • It is not documented, what the possibilities are for multiple AppVolume Servers (for scale-out an/or high availability)
  • It is not documented, what the possibilities are for using an external database
  • In my experience AppVolumes 3.0 was unstable
  • The AppVolumes 3.0 Agent crashed a few times during my tests
  • The AppVolumes 3.0 Agent startup is extremely slow
  • I did not find a way how to delete an old Appstack
  • Attaching an Appstack is extremely slow
  • I experienced longer logon times In version 3.0 then in version 2.10
  • ….

If you read twitter messages from people working with and deploying (not selling) Appvolumes 3.0, you will see that I am not the only one that has problems with AppVolumes version 3.0

So, I decided to ask Harry Labana (VP Products, End User Computing at VMware) when a new version of Appvolumes was foreseen

AV_tweet

 

 

 

 

 

To my surprise within 5 minutes, I received a private message via twitter from Harry Labana where he offered to talk live on the subject. This shows the commitment that VMware has towards their customers and also shows that they actually listen to us.

AV_tweet2

 

 

 

 

 

 

 

So, a conference call was setup with Harry Labana and Yuvraj Mehta (Product Manager AppVolumes at VMware) where they took the time to explain me the strategy of VMware Appvolumes going forward. I was however asked not to share the information, so I am not in a position to share all the details. If you want to know more details, I suggest you take contact with Harry Labana.

ON 16 JUN 2016 owever, AppVolumes 2.11 was officially announced with support for Instant Clones. When you read through the article there is a small section at the bottom that explains a bit more about VMware’s strategy going forward with AppVolumes.

AV_3.0_2.11

My understanding of the above mentioned section is:

  • Version 3.x
    • aimed towards Horizon Air deployments
    • do not use for on-premises deployments
    • AppVolumes 3.x  will continue to be developed
  • Version 2.x
    • aimed towards on-premises deployments
    • AppVolumes 2.x will continue to be developed.
  • Version y.y
    • future to-be developed version, bringing Appvolumes 2.x and 3.x together
    • aimed towards both Horizon Air and on-premises deployments

 

My personal conclusion of all this information and from my previous experiences with the AppVolumes deployments I did:

  • Do not upgrade/start with version 3.x. Stay with version 2.x for on-premises deployments
  • Do not use version 2.x in multi-domain environments ==> wait for an Appvolumes version that will address this
  • Do not use version 2,x in multi AD-site environments ==> wait for an Appvolumes version that will address this
  • Do not try to package Office 2016 in version 2.x ==> wait for an Appvolumes version that will address this
  • Do not use writable volumes in combination with Windows 10 ==> wait for an Appvolumes version that will address this
  • Do not use AppVolumes when there is a very stringent requirement on fast logon times ==> wait for an Appvolumes version that will address logon time issues
  • Set the expectations right at the customers you work with. Be patient, the product has a lot of potential.

VMware will get there with AppVolumes, we just have to be a little bit more patient. Rome wasn’t built in a day either.

Permanent link to this article: https://ituda.com/vmware-appvolumes-vmwares-strategy-for-version-2-x-and-3-x/

Mar 18 2016

VMware vRealize Business – Watch Out When Upgrading from 7.0.0 to 7.0.1

At Nubera, we are in the process of designing and implementing a solution at a Service Provider with vRealize Automation and vRealize Business Standard. The versions we are using are vRealize Automation version 7.0.0 and vRealize Business Standard version 7.0.0.

After all the vRealize Automation work was done (design, installation, configuration, blueprint creations, workflow development), we started with the vRealize Business setup. One of the first steps to do after deploying the vRealize Business appliance is to register it with vRealize Automation. After registering vRealize Business with vRealize Automation we experienced however an error when we tried to provision a new blueprint. The provisioning failed with the error “Request failed while fetching item metadata: Error communication with Pricing Service“.

Three days ago however vRealize Business Standard 7.0.1 was released (now rebranded to vRealize Business for Cloud) and we noticed in the release notes that one of the known issues was exactly the error we experienced. There was however a very easy workaround described:

  • Unregister vRealize Business for Cloud with vRealize Automation.
  • Generate the self-generated certificate for vRealize Business for Cloud.
  • Re-register vRealize Business for Cloud with vRealize Automation.
  • Wait for 10 minutes for all services start.
  • Start provisioning vRealize Automation.

So we tried the workaround on our vRealize Business Standard 7.0.0 setup, but unfortunately, the error was not resolved.

Read the rest of this entry »

Permanent link to this article: https://ituda.com/vmware-vrealize-business-watch-out-when-upgrading-from-7-0-0-to-7-0-1/

Older posts «

Fetch more items

%d bloggers like this: