virtuallyGhetto

Quick Tip – Requirements for using Guest Operation APIs (Invoke-VMScript & Copy-VMGuestFile) in VMC

by Leave a Comment

Since this question came up again today, I figure it was worth sharing in case others also had trouble using the vSphere Guest Operations API in VMware Cloud on AWS (VMC), which includes PowerCLI's Invoke-VMScript and Copy-VMGuestFile cmdlet. There are a couple of requirements that you must satisfy both in the GuestOS as well as between your on-prem vSphere environment and VMC.

  1. VMware Tools installed and running, it may seem obvious, but I have had customers trying to use various scripts without realizing this was a requirement. You should also ensure that you are running the latest version of VMware Tools, especially as there bugfixes that may impact Guest Operations APIs.
  2. VPN or Direct Connect (DX) configured between your on-prem vSphere environment and VMC, this is required as you will need access to ESXi hosts which is only available through a VPN or DX
  3. Create a VMC firewall rule to allow access from your on-prem network to VMC's ESXi hosts on port 443 which is used for Guest Operations access including transferring files to and from the GuestOS


The VMC firewall rule is usually the thing that most folks forget about and this simply because for most on-prem environment, access to ESXi over 443 is just sort of a default.

Once you have configured the VMC firewall to allow 443 to ESXi hosts, you will be able to use the Guest Operations API including Invoke-VMScript and Copy-VMGuestFile to a VM running in VMC

Creating a vSphere Content Library directly on Amazon S3

by Leave a Comment

A few years back I had blogged about creating your own 3rd Party vSphere Content Library enabling customers to take advantage of different types of storage backing than just vSphere Datastores. The primary requirement was that the content endpoint was accessible over HTTP(s), which meant that a number of solutions could be used from a simple web server like Nginx to an advanced distributed object store like Amazon S3 for example. 

The workflow to create a 3rd Party vSphere Content Library on S3 is fairly straight forward, here is high level summary:

  1. Organize the content on a local system (desktop)
  2. Run a python script to index and generate the Content Library metadata
  3. Upload the Content Library to S3


A disadvantage of the above solution is that each time you need to update or remove content, the entire process would have to be repeated again, including re-uploading the changes. Not only was this time consuming from an operational standpoint but now you also needed to also keep a full copy of all the content locally which can be several hundred gigabytes, if not more.

This topic was recently brought back up again by Gilles Chekroun, an SE in our Networking and Security Business Unit who reached out to see if there was a solution to help his customer who was running into this challenge. Over the last couple of weeks, I had been working with both Gilles and Eric Cao (Content Library Engineer) on how we could enhance the existing Python script which indexes and generates the Content Library metadata to also support running directly on Amazon S3 bucket.

[Read more...] about Creating a vSphere Content Library directly on Amazon S3

Automation with the VMware Cloud Services Platform (CSP)

by Leave a Comment

I was recently doing some work where I needed to access the APIs for the VMware Cloud Services Platform (CSP). As the name suggests, CSP is where customers can manage access, billing and consumption of the various VMware SaaS offerings including VMware Cloud on AWS (VMC) and VMware Hybrid Cloud Extension to just name a couple.

CSP also provides a RESTful API (Swagger documentation here) which enables customers and partners to automate all aspects of the CSP UI. Although my use of the CSP API is quite small, I figure it  would useful to share the overall workflow in case others were interested in consuming the full CSP API.

[Read more...] about Automation with the VMware Cloud Services Platform (CSP)

VMworld US 2018 sessions on VMware Cloud on AWS

by Leave a Comment

VMworld US 2018 is just around the corner and hopefully most of you have started. I was just browsing the session catalog this morning see what sessions were available for VMware Cloud on AWS and I have always found the VMworld search results less than ideal as I prefer to be able to see all results on a single page without having to continue to load. I decided to write some automation to extract all VMware Cloud on AWS sessions and make them available on a single page.

In total, there are 93 sessions (spread across Sunday - Thursday) and there is literally something for everyone including intro type sessions, partner/3rd party solutions, different solution verticals, technical deep dives, customer panels and even some upcoming slick Tech Previews that we are working on! If you still have some open slots on your schedule, have a look at the list below and sign up.

I have also created a short URL, in case you want to share this list with others: http://vmwa.re/vmcvmworld2018

Sunday

Dear IT, You Gotta Modernize Your Data Center. Let vSphere Help. [VIN1622QU] (1:00 p.m. - 1:30 p.m.) (13:00 - 13:30)
Understanding the TCO Benefits of VMware Cloud on AWS [HYP2817QU] (1:00 p.m. - 1:30 p.m.) (13:00 - 13:30)
How to Deliver the VMware Cloud Story and Vision [PAR7002BU] (2:00 p.m. - 2:50 p.m.) (14:00 - 14:50)
New Architectures for Big Data/Machine Learning on VMware Cloud on AWS [VAP1593QU] (2:00 p.m. - 2:30 p.m.) (14:00 - 14:30)
New Tools and Information for Partners Selling VMware Cloud on AWS [PAR7004BU] (3:00 p.m. - 3:50 p.m.) (15:00 - 15:50)
Software-Defined, Hybrid, and Distributed: Welcome to the VMware Cloud [HYP3024QU] (3:00 p.m. - 3:30 p.m.) (15:00 - 15:30)
SAP in the Clouds [VAP2294QU] (4:00 p.m. - 4:30 p.m.) (16:00 - 16:30)
Site Recovery Manager and Multiple Sites: The What, How, and Why [HCI2827QU] (4:00 p.m. - 4:30 p.m.) (16:00 - 16:30)

[Read more...] about VMworld US 2018 sessions on VMware Cloud on AWS

Automatically retrieve CVE CVSS score for all ESXi security bulletins 

by 9 Comments

I always enjoying learning new things, especially when it is outside of my immediate domain expertise and if I can thrown in some Automation to help solve a solution, it is a win for everyone. I bring this up because, yesterday I had noticed an interesting question from one of our field folks where their customer is looking to implement a process for applying ESXi security patches to help determine compliance timeline (e.g. when a specific security update will be applied to infrastructure).

To do this, the customer would like to use the Common Vulnerability Scoring System (CVSS) score which ranges from 0-10, 0 being low and 10 being high. The CVSS score is part of the Common Vulnerabilities and Exposures (CVE) which is also referenced for every ESXi security patch (bulletin) that is published by VMware. The question that came up was how easily it would be to determine the CVSS score for a given ESXi security patch. First, I will outline the "manual" process and once that is understood, I will demonstrate an automated solution which customers can take advantage of to easily retrieve this information for all ESXi security patches.

[Read more...] about Automatically retrieve CVE CVSS score for all ESXi security bulletins 

Resource Pools, Folders & VMC now supported with Cross vCenter vMotion Utility Fling

by Leave a Comment

Many of you are already familiar with the Cross vCenter vMotion Utility, which was released as a Fling last year. In fact, a number of you have even shared your VM migration numbers, many of which are quite impressive (e.g. 5-10K VMs). Not only are the number of production VMs significant, but I also learned the duration of customer migration projects, such as datacenter evacuation, was able to complete significantly faster with the help of this tool.

Although v2.1 was just recently released, Vishal, the lead developer is constantly looking for ways to improve the tool. Most recently, we had a few customers ask for supporting additional placement targets such as vSphere VM Folders and Resource Pools. Customers often use VM Folders for organization purposes but also as a way to manage permissions and of course resource management with the use of Resource Pools (not for organization purposes ;)). These two stand alone feature are quite useful on their own, but they are also a building block to allow us to support migrating workloads to and from VMware Cloud on AWS (VMC) which we have received requests for as well. VMC has a restrictive permission model and customer workloads must be placed in a specific VM Folder and Resource Pool, both of which was not initially supported with the Cross vCenter vMotion Utility.

With the latest v2.2. release, customers will now have the ability to optionally specify a target Resource Pool and/or VM Folder by enabling an Advanced settings option at the upper right hand corner of the tool as shown in the screenshot below.


Below is a screenshot of vMotion'ing 3 running PhotonOS VMs from onPrem environment to my VMC's SDDC. The Fling supports both hot and cold relocate, however for vMotion to work you will need to ensure that your source vCenter Server (including ESXi hosts) are running vSphere 6.7 and the VM is configured with the new Per-VM EVC (requires vHW 14) which can be configured in the vSphere H5 Client.

Give the latest Fling a try and let us know what you think, if you have any feedback or request, feel free to leave a comment on the Fling page.