Enterprise Admins.org

Tools Upgrade Policy

Posted on November 18, 2011 by Mitch Baker

I was looking for a way to enable “Check and upgrade Tools during power cycling” for more than one VM at a time, but without enabling for all VM’s in the cluster.
In this case our naming convention allowed for the quick and simple use of wildcards to make selections.

From our test lab, I wanted to target only VM’s with “cel” in the name.

First, verify the targeted VM’s are all set to manual.

#check policy status
Get-VM *cel* | sort name | Select Name,@{N="UpgradePolicy";E={$_.Extensiondata.Config.Tools.toolsUpgradePolicy}}

Name                                    UpgradePolicy
----                                    -------------
NAVCEL01                             	manual
WEBCEL01                             	manual
WEBCEL02                             	manual
DEVCEL01                             	manual
DEVCEL02                             	manual
DEVCEL03                             	manual

Next, update the policy (effectively checking the box)

[cc lang=”powershell”]
#change the UpgradePolicy to upgradeAtPowerCycle
$vmConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
$vmConfigSpec.Tools = New-Object VMware.Vim.ToolsConfigInfo
$vmConfigSpec.Tools.ToolsUpgradePolicy = “UpgradeAtPowerCycle”

Get-VM *cel* | %{
$_.Extensiondata.ReconfigVM($vmConfigSpec)
}
[/cc]

Now to verify the targeted VM’s are all set to upgradeAtPowerCycle

#check policy status
Get-VM *cel* | sort name | Select Name,@{N="UpgradePolicy";E={$_.Extensiondata.Config.Tools.toolsUpgradePolicy}}


Name                                    UpgradePolicy
----                                    -------------
NAVCEL01                             	upgradeAtPowerCycle
WEBCEL01                             	upgradeAtPowerCycle
WEBCEL02                             	upgradeAtPowerCycle
DEVCEL01                             	upgradeAtPowerCycle
DEVCEL02                             	upgradeAtPowerCycle
DEVCEL03                             	upgradeAtPowerCycle

In the link below, you’ll find code to update all VM’s in a cluster.

Sources/Credits: Community member LucD at communities.vmware.com/message/1601811

Posted in Scripting, Virtualization | Leave a comment

VMware View inside vCloud Director

Posted on November 17, 2011 by brian.wuchner

I recently wrote about a PowerCLI lab I helped out with at the Greater Cincinnati VMUG (GCVMUG) whole day event (you can read more here). We had originally planned to have each lab station remote desktop into a vCenter server to run each exercise. In the previous article I mentioned a slight twist in our lab delivery — the zero clients provided only supported VMware View. I’ve previously been a part of a VMware View pilot, so I knew we had a couple design choices on how to accomplish this task:

Scenario #1: Automated Pool
Needing 25 temporary and identical desktops for a training lab is a perfect use case for VMware View automated non-persistent pools using linked clones. The non-persistence of the desktops would allow the machines to be refreshed each time someone completed the lab — keeping the desktops clean. Using linked clones would reduce disk space requirements and speed up provisioning operations (since we wouldn’t need to clone the full virtual machine).

Scenario #2: Manual Pool
As the name suggests, manual pools require the provisioning operations to be completed manually. Since I needed 25 desktops, this scenario would require that I manually create (or clone) each desktop.

A manual pool may seem like an odd suggestion, since it is a lot more work than an automated pool. However, this is the route we selected. The key factor was resource availability — the environment we had available was the vCloud environment at Bluelock’s Data Center. In order to create an automated pool a target host or cluster would have been required. Since vCloud Director provided the computing resources, we would have needed to create ESXi virtual machines (nested ESXi) to run the virtual desktops. To improve performance we decided to manually deploy the virtual desktops.

From my testing, it appears that you cannot install the View Agent prior to cloning. When I tried, the cloned VMs would not register in the View Manager interface. I had attempted to use the “Guest OS Customization > Customization Script” feature in the vCloud deployment to install the agent. This did not work either, as the View Agent attempted to reboot the virtual desktop before customization finished. I’m sure I was doing something wrong — the agent should be possible to install in the base image. However, I didn’t have a lot of time, so I went with a simple approach that I knew worked. I ended up creating a batch file on the desktop of my template. After the customization was complete, I manually logged in and ran the batch file. Here are the contents of that file:

C:\Downloads\VMware-viewagent-4.6.0-366101.exe /v"/qn VDM_VC_MANAGED_AGENT=0 VDM_SERVER=viewcon01.viewlab.local VDM_SERVER_NAME=viewcon01.viewlab.local VDM_SERVER_USERNAME=VIEWLAB\vdmadmin VDM_SERVER_PASSWORD=vdmadmin"

Since the desktops were manually deployed, we decided to to place the lab content into a shared folder. We used the domain controller’s NETLOGON share since all clients would have native access. I will post another post in the future about a change that was required during the lab.

Posted in Virtualization | 1 Comment

Create Active Directory users with PowerShell

Posted on November 6, 2011 by brian.wuchner

Last week I had the opportunity to present a PowerCLI self paced lab along with Jake Robinson and Ryan Birk. We presented this same lab a few months ago, but this event at the Greater Cincinnati VMware Users Group (GCVMUG) event added a slight twist. Our previous lab provided consisted of a vApp containing a vCenter and two ESXi hosts per student. Each student would then login to their vCenter using RDP. The twist in the GCVMUG event was due to the zero clients provided supported — they supported VMware View PCoIP connections only and didn’t provide an RDP option.

To work around this twist, we built a VMware View 4.6 environment inside of a vCloud Director environment at Bluelock. We went with View 4.6 because the zero clients were specifically certified with that version — the client would have likely worked with View 5.0, but we wanted to guarantee the lab would work, so we stuck with certified versions. This was an interesting twist and I learned a lot from it. Over the next few blog posts I plan to share some of the lessons learned.

The first additional requirement of this new twist was building Active Directory. VMware View leverages Active Directory authentication and authorization, so it was required to get this lab off the ground. I built a Windows 2008 R2 server and promoted it to a domain controller for the VIEWLAB.LOCAL domain. I then manually created an organizational unit for the View Lab users. I wanted to create unique user accounts for each lab station. Since we were going to have twenty stations I didn’t want to do this manually. The following code was used to create Active Directory users in the viewlab.local domain:

[cc lang=”powershell”]
$baseOU=”OU=View Lab,DC=viewlab,DC=local”

for ($i = 0; $i -le 25; $i++) {
$user = “Student”+$(“{0:D2}” -f $i)

Write-Host “Creating User for $user”
$usersOU = [ADSI] “LDAP://$baseOU”
$newUser = $usersOU.Create(“user”,”CN=$user”)
$newUser.put(“sAMAccountName”,$user)
$newUser.put(“givenName”,$user)
$newUser.put(“sn”,$user)
$newUser.put(“userPrincipalName”,”$user@viewlab.local)
$newUser.SetInfo()

$newUser.psbase.invoke(“SetPassword”,$user)
$newUser.psbase.CommitChanges()
}
[/cc]

Each account is created in a disabled state. I could have scripted changed the userAccountControl attribute to enable the account, but I simply used the Active Directory Users and Computers interface to multi-select the users in this organizational unit and then bulk enabled them.

I have a couple other ideas for posts on this project…I hope to have them posted in the next few weeks.

Posted in Scripting, Virtualization | 1 Comment

PowerCLI vCheck 5.47 – Additional RAM checks

Posted on October 26, 2011 by brian.wuchner

Todays update includes two new sections to the general reporting section of the report. These sections are not configuration issues/problems, just additional information about your environment.

# Version 5.47- bwuch: Added memory per cluster check provided by Ed
# Version 5.46- bwuch: Added vRAM check using @LucD function

5.46 – Added @LucD’s function Get-vRAMInfo from http://www.lucd.info/2011/07/13/query-vram/. This function checks vRAM allocations against vSphere 5 licensing allocations. This check includes version all hosts — even those not running version 5.0. It is important to note the new licensing does not take effect until/unless you upgrade. This check is included for planning purposes.
5.47 – Added code provided by a reader named Ed in the comments for the vCheck 5.40 post. It shows the amount of allocated RAM per MB of physical RAM in a cluster. His comments are available here.

You can download the updated version here: vcheck5.47.ps1

Posted in Scripting, Virtualization | 8 Comments

View 5.0 preseal-cleanup script

Posted on October 20, 2011 by brian.wuchner

When composing a View Composer desktop there are a handful of tasks that need completed. I created a script to help me keep this quick and consistent:

[cc lang=”dos”]
REM Cleanup temp/log files
del /s %temp%\*.* /q
del “C:\Documents and Settings\All Users\Application Data\VMware\VDM\*.*” /q

REM Blank out the bginfo.bmp image while leaving permissions in tact
echo > C:\WINDOWS\bginfo.bmp

REM Delete the McAfee GUID…a new one will be issued at boot up
reg delete “HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent” /v AgentGUID /f

REM Release the IP address
ipconfig /release

REM Shutdown the workstation
shutdown -s -t 5
[/cc]

Please leave a comment if there are any other ideas or additions you can think of!