PSC Load Balancing with NSX

In this blog post, I want to describe the manual steps on how to deploy and configure an NSX load balancer for the Platform Service Controllers (PSC). Hey wait, weren’t you doing PowerNSX automation stuff before? Yes and I still mean to do so. But with automation comes checking if the procedure actually works before attempting to automate that procedure. Garbage in is a lot of garbage out with automation….

Implementing NSX for desktop, whether for micro-segmentation or Load Balancing, takes time and effort to design and implement, that’s why I started the HorizonJumpstart to help with a starting point and hopefully some guidance. This post is about the Load Balancing part and the start-up of some additions to NSXHorizonJumpstart to include NSX Edge Gateway Load Balancers.

Continue reading PSC Load Balancing with NSX

Migrating Horizon Databases

We have several components in a Horizon environment that utilize databases, and there are also quite a few situations when those use external databases. With external databases, it is often that organizations are using Microsoft SQL Server databases. And with external databases, like any others btw, requirements might change or lifecycle management of MSSQL or underlying Windows requires the databases to be migrated. And with that…. what better way to write this all down in a post.

Before starting your migration be sure to do an Interoperability check with your to be solution. Horizon, or other VMware products for that fact, versions don’t always have the newest support from other vendors. This takes some testing and certifications and might take a while. But after all is checked, and also with other components that might consume these, we will start the migration.

Continue reading Migrating Horizon Databases

Blog Search Queries answers: EUC Unified Access Gateway default password

I have seen some search terms on this site lately involving the same query as described in the title of the article: the EUC Unified Access Gateway (UAG) default password. I would like to answer those queries in this post. And to be short, direct and for some blunt, there isn’t any default. You will have to set the password of root and the password of admin in the deployment of the UAG appliance, or is changed via VAMI or the Admin console. I have done this myself a couple of times, with all sorts of VMware appliances, but the main thing for UAG, AP and IDM is that redeployment is much easier than trying to fix issues (and is stable, saves hassle and breaking heads). But what you would like if something goes amiss with deployment or changing, probably regarding some required special characters of admin, is to use some of the options to regain access to the system and try to find out what went wrong (we want to know the why don’t we?!?). If you have worked out the why with the option of regaining access, it is still advisable to redeploy with that knowledge. The procedure of resetting the passwords of root and admin are described in the rest of the article. You might just need the admin procedure if your root password is known and working.

Continue reading Blog Search Queries answers: EUC Unified Access Gateway default password

vROPS: Upgrading vROPS for Horizon 6.5 and vROPS 6.6

As announced at https://blogs.vmware.com/euc/2017/09/vrealize-operations-for-horizon-published-apps-6-5.html vROPS for Horizon 6.5 was released on 21 September. Next, to some expected improvements, there are two bonuses to this upgrade:
– one, you can upgrade to vROPS 6.6 which was not supported with vROPS for Horizon 6.4.
– two, you can use NVidia Virtual GPU Management Pack to get some long wished insights of GPUs in the Horizon environments. This one I will described in a later blog post.
– And maybe three, support for the current App Volumes versions and Unified Access Gateways. They were working in vROPS for Horizon 6.4, but not with supported versions.

The starting point to go to vROPS for Horizon 6.5 is either green-fielding to vROPS for Horizon version 6.5, in which you don’t need this blog post; or starting with a current version of vROPS for Horizon 6.4 and want to upgrade. Upgrading to vROPS for Horizon 6.5 is step one, upgrading to vROPS 6.6 is optional but highly recommended. Both will be described in this blog post.

Continue reading vROPS: Upgrading vROPS for Horizon 6.5 and vROPS 6.6

PowerCLI Collection: PowerNSX Horizon Jumpstart script ready to rumble

A few blog posts ago (https://www.pascalswereld.nl/2017/08/24/nsx-for-desktop-jumpstart-microsegmentation-with-horizon-service-installer-fling/) I wrote about using the Horizon Service Installer fling for adding Horizon services to NSX for Desktop. From that blog post, I have been continuing to evolve the services file with services, sections, and rules that will normally appear in an EUC solution with VMware products. I tried to maintain the services yml file to keep on working with the fling. Currently you still can, however I don’t know how long this will be.

Sections - This One

And this is because of another part I am working on, using PowerNSX for adding the services file to the NSX environment, and in turn, replace the need of the fling. You can read about me starting this at the post PowerCLI Collection: PowerNSX Desktop Jumpstart and process YAML (yml) config file. And this blog post is about explaining the first version to reach feature parity to the Horizon Service installer fling. The NSXHorizonJumpstart script now reads and adds to the complete yml file to NSX services, service groups, security groups and adds the Firewall sections with the firewall groups.

Rules Example

You can find both the services file as the current version of the script from the master branch at: https://github.com/Paikke/NSXHorizonJumpstart.

Continue reading PowerCLI Collection: PowerNSX Horizon Jumpstart script ready to rumble

Hello Hackathon VMworld EU!

This post first appeared as an article on the ITQ blog: https://itq.nl/hello-hackathon-vmworld-eu/


For the second year in a row, a hackathon was organized at VMworld Barcelona. The hackathon is mainly to provide the VMware {code} community with a fun and energizing space to “learn, code and connect” and create cool new things the world needs. And so we did 😉

If you’re new to the VMware {code} hackathons and expect only evil hacking, you are not completely wrong but:

  • Hackathons are open to experts and newbies alike.
  • Participants don’t actually need to know how to code to be a productive member of a team
  • Ideas don’t have to be limited to VMware products. But yeah, strangely enough, most ideas hovered around the large VMware product suite…

Continue reading Hello Hackathon VMworld EU!

PowerCLI Collection: PowerNSX Desktop Jumpstart and process YAML (yml) config file

In my last blog post (https://www.pascalswereld.nl/2017/08/24/nsx-for-desktop-jumpstart-microsegmentation-with-horizon-service-installer-fling/) I wrote about using the Horizon Service Installer fling for adding Horizon services to NSX for Desktop. From that blog post I have been evolving the services file with services and rules that will normally appear in an EUC solution with VMware products. Not just sticking with Horizon 7, but also getting App Volumes, UEM, UAG, and infrastructure components in the picture. And I will be continuing to evolve the services.

Another part I am working on is using PowerShell/PowerNSX for adding the services file to the NSX environment, and in turn, replace the need of the fling. And this blog post is about explaining the current structure from reading the yml file and using this information to check and add to NSX. For now, the services yml file will be maintained to keep on working with the fling.

Continue reading PowerCLI Collection: PowerNSX Desktop Jumpstart and process YAML (yml) config file

NSX for Desktop: Jumpstart microsegmentation with Horizon Service Installer fling

 

We fortunately see a lot more NSX with EUC deployments. Used for microsegmentation of the virtual desktop infrastructure, virtual desktop security protection and load balancing of the workspace components (see my previous post here: https://www.pascalswereld.nl/2017/06/09/euc-layers-horizon-connectivity-from-nsx-load-balancers-with-love/).

I want to focus a bit on the microsegmentation and mainly on the NSX service profiles,  groups and standard set of rules for EUC with VMware Horizon. Currently neither NSX for Desktop as Horizon ships with a prepared set to use. Well the Horizon suite does not ship with NSX in any form, what is still a miss in my humble opinion. It can be a little difficult I know.

This blog post will try to focus on the expected to be part of your desktop environment and Horizon components and their NSX rules. Focussing on static Horizon services, static Infrastructure services and dynamic applications based on group membership. And using a fling to get them in your environment. I also have added more services and rules to the fling configuration file, and put up a github project to manage these changes. You can download an updated yml file from there, details a little later on so do read or scroll ahead ;). This is a work in progress as I am also just working on it in my current project.

Continue reading NSX for Desktop: Jumpstart microsegmentation with Horizon Service Installer fling

App Volumes configuration: Active Directory bind user and use the short username captain!

Here we are again! Holiday is unfortunately over. Lots seen and done, lovely travel companion and a great time. But yes back again to this crazy little thing called work. Some nice projects to be working on. This week started with the deployment of a Workspace ONE environment.As there are several phases in a EUC project, and I was doing assess and design a lot more often than deploy jobs, I wanted to get back with some hands-on experience outside the lab. I think this a) is good for the overall quality of this consultant, b) aligning the assess, design and deployment phased is part of continual improvement of a EUC solution and c) there will always be this techie inside who likes to brea…. erm build… I mean build stuff. Nice putting together some components and with this blog post some of the current deploy experience gotchas need to be recorded. First up App Volumes.

On with some deploy activities

Within the build a Workspace ONE infrastructure one of the tasks is deploying the App Volumes infrastructure. No problem, get a VM, run the installer and do the initial configuration no iceberg straight ahead. Clicky the click tappy the tap. Stopped at a credentials error on the AD Domains page . Erm what happened here

App Volumes Credentials

Continue reading App Volumes configuration: Active Directory bind user and use the short username captain!

EUC Toolbox: Regshotting across the end user universe

For managing applications and user environments it is very useful to know the way the application and the user behaves. And for application provisioning and user environment management it is necessary to know where the application and system stores the settings and personalizations options. We will need some form of application to use for capturing or monitoring the system for changes that the application or it’s settings are doing. For UEM for example we have the Application Profiler to use and create application configuration or predefined settings. But if you like to see where our Windows friend stores its changes, application profiler is not enough. We need other tools for the job. We can use Process monitor (https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx) or SpyStudio (http://www.nektra.com/products/spystudio-api-monitor/) to name a few. Or regshot.

The main difference of regshot to, for example the mentioned Process monitor or SpyStudio, is that this tool does not require admin permissions like Process monitor or installation on the system like SpyStudio. You can just download and run in the user context. This is what is the strong point is of Regshot, low footprint and no changes to the system that could influence your capturing. As long as the changes you want to monitor are within the user context, but wasn’t this the point in the first place….

What does regshot do?

In short regshot takes a first and a second shot of the registry, and shows you the differences between these. Next to this regshot also allows you to scan dirs. For example save the registry and APPDATA after you have changed that minor customization. Isn’t that what you would want to see?

In short take a first shot before your change. Change the system and take a second shot. Press compare and see what has been changed. And use that output in for example UEM configurations.

Options

First up the application is available in 32-bit and 64-bit, and in ANSI and Unicode encoding.

Regshot Files

The difference here is the program architecture and how the character encoding is handled. If for example your language settings include non-latin characters, you may want to use the Unicode version of Regshot. Else it will not matter which one you take as long as the processor architecture is right.

Secondly with the shots you can do your shot, or do and save your shot. When saved you can later use this with the load option.

Capture and shot

Third, want your output in HTML or text. HTML is friendlier on the eyes, however it will take some more time to output. Sometimes the external program connection to HTML is screwed.

Fourth is including a scandir. Default regshot will do registry, but a lot of application do save something in for example the AppData Local, ProgramData or other locations. I would recommend to include the scandirs where possible. To only downside is that you would need to know where an application stores its values, or put in the most likely suspects. Just going for all out C:\users is getting you a lot of background noises from other applications using the same space.

Fifth is setting an output path. Currently it is set to the administrators AppData profile path. If I am scanning dirs in that location it might be a better idea to redirect the output to another location not to mess up the output.

Do keep in mind not to let in a lot of cycles between the first and second shot. The system will continue to run and add up in changes between the shots. Do your required change and shoot again.

Where can I get Regshot?

RegShot is available on its Sourceforge project page at https://sourceforge.net/projects/regshot/. You can download Regshot as a compressed .7z file. You can open this with 7Zip or WinZip. Downpart of the 7z is that if you haven’t brought an additional zip application, native Windows can’t handle this. There goes my no changes to the system with using Regshot…..or just unzip it on another system 😉

Show me

Don’t mind if I do. First we are going to take our first shot. Just let the program count the keys and values, and the dirs and files, until the second shot button appears.

Regshot Shooting

I don’t mind the time it takes, my testlab is a bit on the slow hand. And including the scandir takes an even longer time than just browsing the registry. But I’m there for the results not the speed.

Next up do a change to the system. For this example I changed Chrome browser settings to show the home and always show the bookmark bar. Done with the change? Take the 2nd shot. And wait until the compare button is available. Than press that one. In the output is for example:

Keys Home

Now it is up to you to analyse what is needed..

We see that Chrome wrote to the \Software\Google\Chrome\PreferenceMACs in the USER SID key. However SIDs we cannot capture with for example UEM. We do know that this is the same as HKCU and can be captured from the HKCU\Software\Google\Chrome\PreferenceMACs. Just add the HKCU\Software\Google\Chrome\PreferenceMACs or HKCU\Software\Google\Chrome to be included in the UEM Configuration.

Now it is up to you to analyse what is needed.

– Happy shooting at your users…ermmm user environment I mean!

Sources: sourceforge.net/projects/regshot