vSphere Web Client

Can I assign my Active Directory users a non-CloudAdmin vCenter Server role in VMC?

10/08/2018 by William Lam Leave a Comment

In VMware Cloud on AWS (VMC), when a user is logged into vCenter Server, they are not running as the Administrator role like you might in an on-prem vSphere environment but rather a restrictive vCenter role called CloudAdmin. The reason for this is that VMware is responsible for managing the infrastructure, including the management software and we want to make sure customers do not accidentally make changes that could affect those operations. More importantly, with VMC being a service, customers can now focus their attention on the consumption of resources in VMC and leave the maintenance of the infrastructure for VMware to manage.

Note: For those interested, you can find the complete list of vCenter privileges for the CloudAdmin role here.

The ability to create and consume custom vCenter roles has been an extremely powerful capability of vCenter Server and although this is currently not possible in VMC, it is something that is actively being worked on. With that said, many of the requests that I have seen in regards to this topic has actually been about consuming some of the default vCenter roles. This is especially true for the "Read Only" role which is useful for auditing and monitoring purposes. As a CloudAdmin user, you can assign default vCenter roles that either have equal or lesser privileges than the CloudAdmin role which also includes the default "Read Only" vCenter role.

Enhancements to Hybrid Linked Mode (HLM) in VMC using the new vCenter Cloud Gateway

10/04/2018 by William Lam Leave a Comment

It has been almost a year since VMware introduced the Hybrid Linked Mode (HLM) capability, which provides customers with a consistent operating experience for managing and consuming resources from both their on-premises and VMware Cloud on AWS (VMC) environments. Feedback from customers on HLM has been fantastic, especially when new or prospective VMC customers learn about HLM for the very first time. Customers were pleasantly surprised at how seamless the experience was when consuming VMC resources, using a familiar interface, the vSphere UI.

Here is a quick recap of what HLM provides today:

HLM allows customers to link a single VMC instance to a single on-prem SSO Domain which can contain one or more vCenter Servers (Enhanced Linked Mode) while maintaining separate administrative domains (e.g. on-prem user is Administrator while VMC user is CloudAdmin only)
SSO Domains will be different between on-prem and VMC, however it is a 1:1 relationship
A trust is established where the on-prem vCenter Server trusts the incoming connections from VMC as they share the same Active Directory identity source. Data is sync'ed uni-directionally from on-prem to VMC
Can be configured at any point in the on-prem vCenter Server lifecycle, no restrictions to initial install and can easily be un-linked unlike ELM
Both Embedded & External vCenter Server deployments are supported
HLM supports different versions of vCenter Server between on-prem (6.5d+) and VMC, especially as VMC will almost always run a newer version of vSphere
Users MUST login to VMC vCenter Server for single-pane of glass management (H5 Client supported only), logging into on-prem vCenter Server will NOT show VMC vCenter Server
Roles are NOT replicated due to the restrictive access model in VMC

vYetti – Fun animated vSphere Login UI customization

05/15/2018 by William Lam 6 Comments

For those that have been asking about how to customize the vSphere Client Login UI to include this fun little animated login screen as shown below, you can find the complete instructions on my github repo: https://github.com/lamw/vyetti-vsphere-client-customization

I wanted to take a moment and give thanks and credit to the original author (Darin S) who created the animated login, which he referred to as an "Animated SVG Avatar". I remember seeing this on my Twitter stream a few months back where it was shared on codepen.io, which is a platform for web developers to easily show off their demos. From what I could gather, the original demo had used MorphSVGPlugin.min.js which is a Javascript library that provided the animation. Apparently, the use of this library required a membership which prevented anyone from consuming this outside of codepen.io for demo purposes. While searching online, I accidentally stumbled across another similiar project by Balram Chavan who developed an alternative solution simply using Angular 5. With Balram's solution, I was able to make the necessary minor modifications (thanks to Jeeyun from the Clairty team on helping me with some of my Anuglar questions) to get this fully incorporated into the vSphere Client UI. I am sure there are other improvements that can be made to the customization such as a more "clarity" look/feel as the old the old "blue marge" theme background is pretty dated but I will leave that to someone more creative than me 🙂

Cool browser plugin for Dark Theme vSphere H5 Client

05/12/2018 by William Lam 3 Comments

While catching up on my news feed early this morning, I came across a really slick browser plugin developed by Jens L. that enables a "Dark" theme for the vSphere HTML5 Client (h5client). If you use either Chrome or Firefox, simply visit Bery's Github site here to get a link to the plugin.

Once the plugin has been enabled, simply login to your vSphere H5 Client, this works using vSphere 6.5 or latest 6.7 and you should see the UI automatically render using the Dark theme without any modifications to your vCenter Server. I know the Clarity team is working on an out-of-the-box Dark Theme for the H5 Client, but until then, this is an excellent workaround. I definitely appreciate this as someone who does work either super late at night or super early in the morning and although I use things like Flux to reduce the brightness of the screen, having a proper dark theme also helps. Thanks for the awesome project Bery!

Here is a screenshot of my vSphere 6.5 environment, which I was able to make use of new theme morning 🙂

If you have any feedback or comments, feel free to post an issue on Bery's github project.

Changes to vSphere Client Login UI customizations in vSphere 6.7

05/09/2018 by William Lam 6 Comments

For those that have customized their vSphere Client Login UI using the instructions here and here, it looks like the process can not be applied to the vSphere 6.7 release. From what I can tell, it looks like we have now consolidated the various WAR files into a single file /usr/lib/vmware-sso/vmware-sts/webapps/ROOT.war. The original contents of the websso directory, which pertains to the UI customization, is now located here. This was a fairly minor change, but something to be aware of and for details on how to persist your configuration changes, please see the instructions below.

Disclaimer: This is not officially supported by VMware. If you decide to enable this, please use at your own risk and ensure you backup all original files in case you need revert back to the original configuration.

As part of looking into this, I also had some fun incorporating a cool little animated login page directly into the vSphere UI which I had shared on Twitter yesterday. Stay tuned for more details on #vYetti 🙂

Bulk VM Migration using new Cross vCenter vMotion Utility Fling

12/20/2017 by William Lam 27 Comments

Over the last few years, I have spoken to a number of customers who have greatly benefited from the ability to live migrate Virtual Machines across different vCenter Servers that are NOT part of the same vCenter Single Sign-On (SSO) Domain, which I had first shared back in 2015 here and here. This extended capability of the Cross vCenter vMotion feature enabled customers to solve new use cases that were challenging, especially for scenarios such as Datacenter migration, consolidation or even migrating existing workloads from their current environment into new SDDC deployments such as VMware Cloud Foundation (VCF) as an example.

Although customers could initiate Cross vCenter vMotions using the vSphere API which included PowerCLI (Move-VM cmdlet was enhanced in 6.5, more details here), the overall experience was still not as friendly. This was especially true for customers who may only have a small number of VMs to migrate and prefer a UI-based interface rather than an API/CLI only option. In addition, for large number of VM migrations, there was not an easy way to perform "batch" VM migrations that was easily consumable for folks who may not have a strong background in Automation or the vSphere APIs.

Today, I am pleased to share a new VMware Fling called the Cross vCenter Migration Utility that will help simplify the consumption of initiating VM migration(s) across different vCenter Servers, especially between dispart SSO Domains where a graphical interface was not available. This solution was developed out of our VMware Cloud Foundation (VCF) Engineering group which is part of the Integrated Systems Business Unit at VMware. I had spoken to a number of folks within the group about the extended Cross vCenter vMotion capability and I was super excited when I heard they were planning to release this tool as a Fling and make it available to all customers. I was fortunately to have been involved in the project alongside the Engineering lead Vishal Gupta and we are excited that we can finally talk about this project and see how customers will be using this new tool.

UPDATE (05/07/18) - The Fling has just been updated to 2.0 with the following new features:

Added support to select individual host as the placement target
Added support for migrating VMs with shared datastore
Added clone functionality in addition to relocate
Added resource summary details for placement targets
Added a prompt to verify site thumbprint during SSL verification
Added a link to refresh vm list in the inventory view
Updated REST APIs to add operation type parameter

Cross vCenter Migration Utility Fling

Cross vCenter vMotion Requirements: KB 2106952

Download Fling here

Features

Completely UI-driven workflow for VM migration
Provides REST API for managing migration operations
Works with vCenter not part of the same SSO domain
Supports both live/cold migration of VMs
Batch migration of multiple VMs in parallel
Flexible network mappings b/w source and destination sites