WilliamLam.com

VMware Tools 10.2.0 enables Virtual Machine vNIC exclusion and priority re-ordering

by // 8 Comments

VMware Tools 10.2.0 just GA'ed (release notes / download and open-vm-tools release notes / open-vm-tools download) and this release includes a number of new features like an offline bundle for VMware Tools VIB for ESXi and support for deploying VMware Tools using Microsoft System Center Configuration Manager (SCCM) to just name a few. There are also two additional new capabilities that I wanted to share as I think customers can benefit from and take advantage of immediately around how Virtual Machine vNICs are displayed. One of the challenges with having the broadest Guest Operating System (GOS) support in vSphere is dealing with some of the different behaviors of each GOS. One such example are the various ways in how both physical and logical networks interfaces are enumerated by an OS.

Take the example below, I have a PhotonOS VM which has eth0 as the primary interface and it is configured with an IP Address of 192.168.30.101. However, as you can see from the screenshot below I am actually getting back a different address and interface. In addition to this, we also see other logical interfaces showing up in the IP Address list such as Docker interfaces as well as virtual and other pseudo interfaces that may or may not be useful to VI Admins.


Historically, there was not a way to control what would show up in the network interface list which is then propagated from VMware Tools up to both the vSphere API as well as vSphere UI. With this new release of VMware Tools, which can be applied asynchronously to a given vSphere release, customers now have the ability to filter on a per-VM basis on what interfaces actually show up as well as a relative priority for interfaces that customers care more about.

[Read more...]

Enabling shell access for Active Directory users via SSH to vCenter Server Appliance (VCSA)

by // 5 Comments

I had a question the other day on whether it was possible to enable shell access for Active Directory users when logging into the vCenter Server Appliance (VCSA) via SSH? The answer is yes and though this is documented here, it is not very clear whether this is only applicable to SSO-based users only. In any case, the process to enable this is pretty straight forward and simply requires two steps which I have outlined below.

Step 0 - Ensure that your VCSA and/or PSC is joined to Active Directory before proceeding to the next step. If not, take a look at the documentation here for more details.

Step 1 - Login to vSphere Web Client and under Administration->System Configuration->Nodes->Manage->Settings->Access, go ahead and enable boh SSH and bash shell options. The first setting turns on SSH to the VCSA and the second setting allows users (local, SSO and AD) to access the shell on the VCSA.


Step 2 - In the vSphere Web Client and under Administration->Single Sign-On->Users and Groups->Groups, select the SystemConfiguration.BaseShellAdministrators group and add either an AD User and/or Group that you wish to allow to access the shell.


Once you have completed the steps above, you can now SSH to your VCSA/PSC using the AD user (UPN format) that you had authorized earlier. In the example below, I am logging into one of my VCSA using user *protected email* and as you can see, I am placed into the appliance shell by default.


At this point I can access all the appliancesh commands just like I normally would if I had logged as a root or *protected email*.

If we wish to change to bash shell, we simply just type "shell" which will enable shell access, assuming you had performed Step 2.


One thing that I noticed is that the default home directory for the AD user is /var/lib/nobody and apparently that does not exists by default, so users end up in / directory by default after enabling shell access. I am not sure if this is also related, but the username shows up as nobody as you can see from the prompt. This is something I will share with Engineering to see if we can improve upon as I am sure most of you would rather see the user that is actually logged in.

The good news from an auditing and logging standpoint is that for operations that are logged, it does properly show the username even though the prompt is showing up as nobody.

[Read more...]

Automating vRealize stack based on VVD using new vRealize Suite Lifecycle Management

by // 1 Comment

Our Cloud Management Business Unit (CMBU) at VMware just GA'ed the highly anticipated vRealize Suite Lifecycle Management or vRSLCM for short. As the name suggests, this new solution provides customers a simple and consistent mechanism for managing the entire lifecycle management (Day 0 to Day N) for all VMware vRealize Products including but not limited to Install, Upgrade, Configuration Management, Drift Remediation and Health Monitoring. vRSLCM is delivered as a Virtual Appliance which can be used in either a greenfield and/or existing brownfield environment. You can also manage multiple environments that consists of different vRealize products that have been deployed giving customers 100% visibility into all their different vRealize environments using a single interface. For more information, be sure to check out this blog post here.


One specific feature that I think is worth calling out and not because our team was involved with it is the ability to deploy what vRSLCM calls "Solutions". These Solutions not only correspond to the specific vRealize products being deployed but they also align to the three VMware Validated Design 4.1 Use Cases: IT Automating IT, Micro-Segmentation and Intelligent Operations as shown in the screenshot below.


This means for customers who wish to deploy the vRealize stack based on the VMware Validated Designs can now easily do so by simply selecting one of these solutions and providing their environment specific information such as DNS, NTP, etc. and vRSLCM will deploy and configure the vRealize products as prescribed in the VVD. Customers no longer have to manually read through pages and pages of documentation to get the desired outcome. [Read more...]