WebCommander Walnut Installation Walk-through

In a previous blog post from a far away history, I wrote about the WebCommander Fling (https://www.pascalswereld.nl/2013/10/30/webcommander/). Man that one is from 2013, I have been putting blog posts out there for a while now, hope you did find something useful on the blog…..
Anyhow back to this one. The WebCommander developer reached out in that previous post comment with a request to write-up a guide for WebCommander Walnut. I am writing it up as a walk-through to get it started and showing some output. If you would like some additions to the post, add some of the information your would like to see added to the post, or post questions / remarks and I will try to look if I can make some additions. But first….a little reminder about that commander out on the web…

What is WebCommander

WebCommander is a collection of web services around PowerShell and PowerCLI scripts. The interface can be used to provide users with scripts without them learning or knowing the PowerCLI commands. Or to give users access only to specific prepared tasks without giving them access to the web client (they still need to have permissions in the environment to do their operations). A great way in delegating specific tasks!

WebCommander was initially released and maintained as a VMware Fling. WebCommander was received very well by the community and saw the Fling being released as, and in turn moved to, an open source project on GitHub in 2014 (as announced on http://www.virtu-al.net/2014/09/03/webcommander-goes-open-source/).

The WebCommander project page can be found at: https://github.com/vmware/webcommander. This WebCommander version mainly uses XML with browser side transforming (XSLT). And when you hear version you know there might be another one, and yes there is WebCommander Walnut in a different branch.

WebCommander Walnut is to be used when :

  • you prefer JSON over XML,
  • combining commands in workflows for more or complex automation,
  • run local or cloud scripts (WebCommander Hybrid),
  • having a history,
  • 64-bit PowerShell,
  • more new features,
  • and a new User Interface

WebCommander

Take a look at WebCommander Walnut for yourself, go to GitHub: https://github.com/9whirls/webcommander_walnut

Installation Guide

Prepare the system:

Create a VM

Use Windows 2012R2 or Windows 2008R2 as the OS.

When using Windows2008R2 there are the following specifics:

  • Install .Net Framework 4.5.2. Needed for the installation of PowerShell v5 on 2008R2
  • Install PowerShell version 5

When using a fresh installation of Windows2012R2 install PowerShell Version 5.

For installation of the PowerShell version 5 install the Windows Management Framework 5.0 that can be downloaded as an update, or directly from https://www.microsoft.com/en-us/download/details.aspx?id=50395&ranMID=24542&ranEAID=TnL5HPStwNw&ranSiteID=TnL5HPStwNw-UGYM_0Jpr8QpSOcSBwTXfQ&tduid=(97816b302a22d507fcc1386696df4801)(256380)(2459594)(TnL5HPStwNw-UGYM_0Jpr8QpSOcSBwTXfQ)().

For Webcommander and PowerShell: Set-ExecutionPolicy Unrestricted -Force.

IIS Web-Server (including SubFeatures and Management Tools). Either use the Add Roles and Features GUI to install the Web Server role or use PowerShell:

Install-WindowsFeature Web-Server -IncludeManagementTools -IncludeAllSubFeature

PHP from https://php.iis.net. Click  ‘Install PHP now’ from the web site to download the latest version. Execute the downloaded exe to start the Web Platform Installer. Continue the installer with all the default options (you can change by clicking the options link) and accept to do the installation. The installer will download and install the prerequisites.

PHP IIS Installation

And click Finish when done.

Install MongoDB for commands history.

In short the procedure for MongoDB is:

  • Install Visual C++ Redistributable, you can get the 64-bit here: https://go.microsoft.com/fwlink/?LinkId=746572.
  • Download community version at: https://www.mongodb.com/download-center#community.

MongoDB download CEIt should offer you the correct release and OS.

  • Install via the downloaded msi. Select complete or customize if you want. Complete will install in the default locations.
  • Add the installation location as a system path environment. The default installation location is C:\Program Files\MongoDB\Server\3.4\bin.
  • Use your powershell window used to install IIS or open a command prompt
  • MongoDB requires a data directory to store all data. MongoDB’s default data directory path is \data\db. Create this folder using the following a command line
md \data\db
  • Or use another location to suit your needs.
  • MongoDB also requires a location to store logs. Create the log folder using command line
md \data\log
  • Create a config file location with
md \data\conf
  • And add a text file mongodb.cfg there (watch the view – file extensions there!)
  • Add the following to the cfg file and save:
           systemLog:
                  destination: file
                  path: c:\data\log\mongod.log
           storage:
                  dbPath: c:\data\db

mongodb

  • Install MongoDB as a Windows service by running mongod.exe with –install parameter (as administrator!).
mongod.exe --config "C:\data\conf\mongodb.cfg" --install

If you get api-ms-win-crt-runtime-l1-1-0.dll is missing from your computer like this

System Error - Mongod

your Windows updates either screwed up or you have to install Visual C++ Redistributable. (Re)installing Visual C++ will mostly do the trick.

  • And now we will have a MongoDB service (use –serviceName and –serviceDisplayName to change to another name if you wish).
  • Start the MongoDB service with net start MongoDB.
  • Create database and collection in MongoDB for WebCommander by running the commands below:
    • exe
    • use webcmd
    • createCollection(“history”)
    • Mongo should respond with “ok”:1
  • Install the MongoDB powershell module:
    • In PowerShellv5
Install-Module Mdbc
    • Accept the installation of required components.

Install latest version of VMware PowerCLI (version 6.5.1 at time of writing):

  • Good thing is that version 6.5.1 does not require a msi installer anymore. You can install from the PowerShell Gallery via PowerShellGet (and the correct version of PowerShell, but we covered that one already):
Install-Module VMware.PowerCLI
    • Use –Scope CurrentUser to use only for this user and no admin permissions required

Install WebCommander:

Download the files from GitHub, for example for the zip file: https://github.com/9whirls/webcommander_walnut/archive/master.zip

Extract the zip and copy to c:\WebCommander. Or use your own location.

The Zip is composed of the following files and directories as subdirs of the master directory:
www/ – These are the files that need to be setup as the web service in IIS. _def is the file that is used to add the locations to the local scripts as defined in sources.json.
powershell/ …the local commands powershells
README.md – Readme file of the project
sources.json – Locations of local and remote scripts when wanting to use the remote script capability.
Note: that is, currently composed of… You never know what the future brings

Note: For scripts depending on your security policy Windows will normally block the files because they were downloaded from an external location, so you will have to unblock these files. Select the file – properties – and press the unblock in the security part at the bottom.

Open IIS Manager to configure the WebCommander site:

  • Remove the default site
  • Add a new site (in this case I used the administrator to connect as to know which user is running, don’t just copy but do what is appropriate for your environment)

Add Webcommandersite

  • select the WebCommander site and open the authentication feature
  • Enable Windows Authentication, and disable Anonymous.

Site Authentication

  • If we now open a browser we will see the initial page

Initial Localhost

When clicking on select a command we can only select the remote commands. use the source.json to define the local locations. For me it was fixed when removing http://localhost/ from the local configuration to read: “local” : “_def.json”,

This one could also help as the _def.json was also a bit empty. Go to c:\WebCommander\powershell\ and execute .\genDefJson.ps1 to recreate the definition json. We should use genDefJson when updating any ps1 scripts.

And voila local also shows up

WebCommander Local also

 

Test drive WebCommander

There are scripts for vSphere actions and Horizon view actions distributed with the Git.

I have seen the following error message pop-up: AuthorizationManager check failed. The following is witnessed, and changed:

  • For some reason the execution policy is back to restricted, Set-ExecutionPolicy RemoteSigned or Unrestricted.
  • with the ExecutionPolicy set to RemoteSigned or Unrestricted, this error may occur if the script or some of the other included scripts is still blocked. From the explorer right-click the file, select Properties and click Unblock. Go through all the files!

Let see if we can get some vSphere information:

  • Add Command vSphere (local)
  • Add the required parameters, go to method to select what you want to do. I just want to see, so listDatastore is my option.
  • And press the play
  • Go to the output if there is a Pass
  • And ….

Pass vSphere (local)

If we want to get rid of the PowerCLI Customer Experience Improvement Program (CEIP) warning in the output. Run the following in Powershell:

Set-PowerCLIConfiguration -ParticipateInCEIP $false

(optionally with -Scope User / AllUsers)

And that’s it for now

– Enjoy WebCommanding throughout the universe!

Sources: labs.vmware.com, virtu-al.net, github.com/9whirls/webcommander_walnut

Product Evaluation: Inuvika Open Virtual Desktop (OVD)

Occasionally I get a request, or some urge bubbles in me, to look at vendor X with its product Y. And there is nothing wrong with that as I like to keep a broader view on things and not just betting on one horse.

And so a request from Inuvika did find me asking to look at their evolution of the open virtual desktop (OVD) solution. Okay using virtual desktop and application delivery triggers will get my attention for sure. Kudos for that. On top of that the name Inuvika gets my curiosity running in again a somewhat higher gear. No problem, I will take a peek and see if I can brew up a blog article at the same time. At the same time was almost a year ago…..But still wanting to take that peek. You will probably figure out that letting  you read about OVD is a little bit overdue. Sorry for the delay….

A little notice up front: this blog post is my view only and not paid for, pre-published or otherwise influenced by the vendor. Their opinion might differ. Or not.

Wait what… Inuvika you say?

Yes Inuvika (ĭ-noo′vĭk-ă). If you open up your browser you could learn that the company name is based on a Canadian town Inuvik where it can be very cold. And that for 30 days in the year the sun doesn’t rise above the Horizon (*wink* *wink*). In such a place you will need a strong community and a collaborative approach to be able to be living in harse an environment. Their product strategy is the same. Offering an open source solution and collaborative with the community out there (however the separate community version and site is dead).
Inuvika mothership is based in Toronto, so hopefully that doesn’t lose a bit of the magic just introduced ;). But where ever they are based, it does not change the approach of Inuvika.

Main thing, the guys and gals from Inuvika is where you can get the Open Virtual Desktop from. Go to https://inuvika.com/downloads to download your version. Or take a peak around the site.

Open Virtual Desktop sounds interesting enough, show me

Glad you asked. Let’s find out. We have the option to use a trail version for evaluation purposes, enterprise license or the cloud version. I like it when we can find out a little about the bits and bytes ourselves. So I will be downloading OVD. But first up some architecture to know what screw and bolts we need, or can opt out from.

Architecture

The following diagram has been taken from the architecture and system requirements document and show the components and the network flow for the system.

OVD-Architecture Overview

The OVD Roles:

  • The OVD Session Manager is first required component. The OSM will be installed prior to the other components. As the master of puppets it’s the session broker, administration console and centralized management of the other OVD components.
  • The OVD Application Server is one of the Slaveservers that will communicate with OSM. The OAS is the component that serves the application and desktops pools to the users. Accessed from either the web portal or the OVD Enterprise client. OAS is available in a Linux or Windows flavor. OAS can be pooled together and load balanced from the OSM. However you will need Enterprise for that as Foundation is limited to one application server (seriously just one?).
  • The OVD Web Access. OWA is responsible for managing and brokering Web sessions.Now where did we see that abbreviation before… Either using Java (going away in a next release) or HTML5, SSL tunneled if required. If using OVD clients only this is component is not needed. OWA will also offer an API (Javascript) to integrate OVD with other web-based applications.
  • The OVD File Server. The OFS component offers a centralized network file system to the users of the OAS’ses keeping access to the same data not depending on the OAS the user is on. Data can be user profiles, application data or other company data. The data is only accessible from the OAS sessions and is not published in another way like a contentlocker or dropbox.
  • ESG (hey wait no O something something). The Enterprise Secure Gateway is used as a unified access layer for external, but optionally also internal connections. ESG tunnels all the OVD connections between the client and itself, over a HTTPS session. So from any location, users that have access to HTTPS (443), will also be able to start a OVD session. If not using ESG tunnels OVD client will need to have HTTPS and RDP open to the OAS. Require the Enterprise license.
  • Further 2.3.0 brings a tech preview to OWAC. Web Application Connector to offer SSO integration as an identity appliance.

All components run on a Linux distribution supporting the flavors RHEL, CentOs or Ubuntu LTS. The only component where Windows will be used is when OAS is offering Windows desktops or Windows-based applications on RDS services. Supported RDS OS versions are Windows 2K8R2, W2012 and W2012R2. Isn’t it time for Windows 2016 by now?

In the OVD architecture we see sorts of familiar components that we see in similar virtual desktop solutions, only with a bit of a different naming. In a first overview the OVD architecture seems like what we are used to, no barriers here to cross.

In a production environment the Inuvika OVD installation will use several servers all doing their specific role. Some roles you will always see in a OVD deployment. Others are optional or can be configured to run together with other roles. And with external dependencies entering the mix with load balancers in front of OWA for example. Small shops will have some roles combined while having a smaller amount of OAS times n.

It all depends on the environment size and requirements you have for availability, scalability, resilience, security and so on.

Into the Bat-lab

Come on Robin to the Bat Cave! I mean the test lab. Time to see that OVD in action and take it for a spin. Lab action that is, however Inuvika also offers access to a hosted demo platform if you don’t have a lab or test environment lying around. From the download page https://inuvika.com/downloads you can download the Demo Appliance or register for the OVD Full installation. I will use the demo appliance for this blog post. As I would probably also would be installing multiple roles on the same virtual machine. The Demo Appliance is a virtual machine with the following OVD roles installed:

  • OVD Session Manager (OSM)
  • OVD Web Access (OWA),
  • OVD Application Server for Linux (OAS)
  • OVD File Server (OFS).

I will be using my Ravello Cloud vTestlab to host the OVD. So first I have to upload the OVA into the Ravello library. Once available in Ravello I can create a lab environment. I can just import the OVD, but I also want to see some client and AD integration if possible. I added my vTestlab domain controller and Windows 10 Clients in to the mix.

Invuvika Demo Lab

Let’s see if I can use them both, or I am wasting CPU cycles in Ravello. Good thing April is half through and I still have 720 CPU hours remaining this month, so not much of a problem in my book.

When starting the OVD demo appliance it will start with the Inuvika Configuration Tools. Choose your keyboard settings (US). And presto the appliance starts up with the IP I configured while deploying the application.

OVD - Demo Console after start

Here you can also capture the login details for the appliance: inuvika/inuvika. The default user for the administration console is admin/admin. Open up a browser and point to the FQDN or IP for web access. HTTP://<your appliance>/. Here we are greeted by a page where we can start a user sessions, open the administration console, documentation, the installer bits for the Windows AS and the clients.

The user sessions offered in the demo appliance are based on the internal users and internal Ubuntu Desktop and applications. The client can be set to desktop mode, which is a virtual desktop with the applications published to the user. Or can be portal mode, where the user is presented with a portal (so it’s not just a clever name) with all its application entitlements. The client starts with Java to allow for redirecting drives. Using HTML5 will not allow a drive to be redirected. The Demo appliance is populated with demo users where the password is the same as the user name. Just add cholland with password cholland in the client screen and you will be presented with a user session.

OVD Web login.png

And see the portal with the users entitlement and the file browser for data exchange between sessions.

OVD Demo - Client Portal

Start up a Firefox browser session and open my blog. Yup all works.

OVD - Client Firefox Blog

For using the Enterprise Client the demo appliance needs to be switched to Enterprise. And you need a license for that! Via the admin console you need to set the system in maintenance mode. Via the appliance console after logging in you get the menu where you can choose option 3 Install OVD Enterprise. After this you can set the system back to production, are greeted by a subscription error and via Configuration – Subscription Keys you can upload the license File. When a valid license is installed you can now run the Enterprise client for your evaluation. The client options are the somewhat similar as with the web client. Besides adding the site name in the client instead of a browser URL.

OVD Ent Client Login

We also have the administration console. While this has a bit more options and I am not trying to rewrite the documentation, I will show some of the parts. Basic try out the options yourself to see what the differences are.

We are greeted with an index page with an environment overview and user/applications publications. These will be the main actions when using the product. Of course we also have some menu options for reporting and configuration.

OVD - Admin Index

Let see if we can get some AD users in and entitle them to the demo. Seems like a lot of organization have their identity source already in place, and Microsoft is something used there. Configuration option seems like a logical part to start. And here we have the domain integration settings. Currently it is set to the internal database. Let get some information in the Microsoft option to see if we get the AD part in.

OVD - Configuration

I am using the internal users to keep it simple and leave in the support for Linux. This is a demo, not production.

When the information is done and added push the test button to see if the LDAP connect and bind works. Save when all green. Problems here? Go to status – logs to see wtf is happening. Main issues can be DNS, time offset or the standard account not having to correct information or UPN in the domain. The OVD Linux bind command is trying [email protected] hardcoded.

And viola Administrator from the vTestlab domain has a session connected:

OVD - Administrator Session

My opinion about OVD

It works out of the box with any HTML5 Browser. Or you can of course use the Enterprise client, but this will required an Enterprise license and RDP or i-RDP to the client desktops (or ESG to be SSL tunneled).

[Edit] I most correct my previous version that Inuvika is using RDP as an enterprise display protocol.  That is not entirely true. OVD uses RemoteFX with the Enterprise Desktop Client and Windows Application Servers. RemoteFX is a set of technologies on top of RDP that enhances the visual experience significantly in comparison with the older RDP (the non-RemoteFX). Indeed better for the user experience, how much better we will leave up to the users. For Linux Application Servers there is not yet RemoteFX support, this is forthcoming.
[Close Edit]

For HTML browser user connections, or using the Enterprise client in combination with the ESG, OVD utilizes HTTPS (tcp/443) and thus is roadwarior friendly. With roadwarrior friendly I mean a service that is firewall friendly and makes hotel, Starbucks cafe or airport WiFi a place to use the environment without blockages, changing ports, VPN tunnels or not be able to use the service remotely from that location.

For IT Operations the administration console is in a single console. No scattering consoles or admin tools all over the place. And no dependencies, like the disliked flash plugin for some other solution out there ;). Further the expected components are there in a logical location.

Cross publishing apps between distributions is a very nice feature. Windows in Linux or Linux with Windows apps, great. Or add web applications to the mix. Furthermore Inuvika is not bound by a stack choice or hypervisor. VMware vSphere yes, Nutanix (Nutanix Ready AHV) yes, KVM, etc yes.

The use cases, applications and desktops still have to be assessed and designed accordingly. And these will be the most important bits for the users. This is what wins or breaks an EUC environment. I won’t see a lot of users now on Windows-based desktops and applications, going to Linux desktop and apps without more or less resistance and opposition. That Windows will be in there for now. But this is the same for the other vendors, not much difference here.

I personally don’t know what the user experience is when doing your day-to-day working throughout the business cycle. I haven’t come across Inuvika OVD in the wild.

One of the strong points of going open source is that the product will be improved by the contributions of the community (if there still is a community version….). That will mitigate some of the above. But also will require the OVD community to have a footprint of some sort for the required input and change. If the community is too small it will not be able to help Inuvika and the OVD user base.

I think cost wise it will be interesting for some shops out there looking to replace their EUC solutions and in the mean time look for ways to cut costs. These shops probably already have some issues and bad experience with their current solution along the way. I do not think organizations happy with VMware Horizon or Citrix will be lining up to replace their EUC with Inuvika. Yet ..that is.
This is a fast world, and it is interesting to see that there are vendors thinking outside of the paved roads. It makes their but also other solutions a better place for the users. It’s the community and open source that is really interesting here. So just give it a go and see for yourself. Don’t forget to share your experience with the community.

– Happy using your OVD from Inuvika!

Sources: inuvika.com.