WilliamLam.com

My top 5 favorite enhancements to the new vSphere Web Client 5.5

by // 10 Comments

I have been using the vSphere Web Client more and more lately and though transitioning away from the familiar legacy vSphere C# Client is not the easiest thing to do or always possible for every single operation, there are definitely some nice benefits when using the vSphere Web Client. With the upcoming vSphere 5.5 release, there is even more cool new features in the vSphere Web Client!

Here are my top 5 favorite enhancements in the new vSphere Web Client 5.5 in no particular order. For a complete list of new features in the vSphere Web Client, I recommend you take a look at the What's New in vSphere 5.5 whitepaper.

Mac OS X Support for vSphere Web Client

Being a web application, the vSphere Web Client has always worked on a Mac OS X system, however you may have noticed a couple of things did not work such as OVA/OVF upload, remote device management such as mounting an ISO/Floppy and the biggest one of all is virtual machine console access! This has been one of the most requested feature that I can think of and I am personally excited to see this finally come to fruition. In addition to to the native VM console support (HTML5/WebSockets), there is also now a vSphere Client Integration package for Mac OS X that provides both OVA/OVF upload and remote device management support. This alone is enough for me to upgrade my vCenter Server to 5.5 to get these new feature!

Recently Visited & Created Objects

The recently visited objects is a pretty handy feature that came in vSphere 5.1 which allows you to see what objects you have been recently working with. However, this feature may not have been very well known due to its tiny icon. I am glad to see this feature get its own icon and is now located at the top of the vSphere Inventory Navigator between the navigator and pin icon. In addition to this change, it also now includes a list of the recently created vSphere objects which can come in handy when you are doing something new for the first time and would like a quick way to view the sequence of objects created.

vSphere Inventory Navigator History + Back/Forward Navigation

I am pretty sure our vSphere UE engineers have a more elegant name for this awesome feature, but  you can now view the history as you traverse through the vSphere Inventory Navigator and navigate both backwards as well as forward (which is new in vSphere 5.5). To view your current history, you simply just right click on the navigator bar at the top and you will get a drop down list of your history. You can go move forwards or backwards through your history which is a great if you are still getting familiar with the vSphere Web Client and forgot how you got to a particular object.

Deploy vCenter Operations from vSphere Web Client

I thought this was a pretty cool enhancement by allowing you to deploy vCenter Operations Management from within the vSphere Web Client. You will notice a new vC Ops icon on the main dashboard and on the Getting Started page, there is a link at the bottom that will allow you to deploy the vC Ops appliance by first logging into your MyVMware account. I wonder if we will are going to start doing this for other VMware solutions and just making it easier to deploy the latest version without having to first download it onto your local system.

Configure Auto-Refresh & Disable Inventory Navigator Animation

A common piece of feedback that I have heard regarding the vSphere Web Client experience is that it does not automatically refresh the screen. This is a change from the vSphere C# Client where it will automatically refresh the inventory, but of course there is some overhead associated with this refresh as it needs to pull the latest data from the vCenter Server. However, with the latest vSphere Web Client 5.5, you can now enable auto-refresh using an advanced configuration (by default it is disabled). Before you enable this, do note that this can alter the performance of your environment and be aware this will prevent the session from automatically logging out if you have configured an idle session timeout.

UPDATE: (03/11/16) - In vSphere 6.0, the path to webclient.properties has changed to /etc/vmware/vsphere-client/webclient.properties

To enable auto-refresh, you will need to locate the following configuration file /var/lib/vmware/vsphere-client/webclient.properties on the VCSA (there should also be an equivalent on Windows version of vSphere Web Client Server)

By default the auto-refresh is disabled, to enable it, you will need to un-comment the following configuration parameter and set the number of seconds to auto-refresh:

refresh.rate = # of seconds

Another feature that I found interesting that can also be controlled in this configuration file is the sliding animation shown when clicking on the vSphere Inventory Navigator. This I assume is to reduce the amount of resources loading the animation, unless the animation was bothering some folks?

By default this is now disabled in vSphere 5.5 and if you wish to see that animation (default in vSphere 5.1), you can re-enable by un-commenting the following configuration parameter:

navigator.disableAnimation = true or false

There are few other settings that you can control in the webclient.properties, you can take a look at the file for more details.

There are definitely a few more new features in the vSphere Web Client 5.5 that I have not mention, but these were my my top five favorite enhancements. One more thing I would like to also mention is that vSphere Web Client in vSphere 5.5 release definitely feels much snappier than previous releases and this has made for a much better user experience in my opinion. When you get your hands on the new vSphere Web Client, what will be your favorite new feature?

Administrator password expiration in new VCSA 5.5

by // 4 Comments

A new security enhancement that you should be aware of when deploying the new vCenter Server Appliance (VCSA) 5.5 is that there is now a password expiration that is enabled for the administrator account (root) after powering on the VCSA. By default, the password will expire 90 days after and if the password is not changed before the expiration, the account will be locked out of the VAMI interface and the SSH console. From a security point of view, this is a nice feature to have to ensure administrative passwords are automatically rotated, however this can also be an administrative challenge if you are not aware of this new change and you suddenly notice you can no longer login after 90 days.

You can find the password expiration settings under the Admin tab of the VAMI interface. You have the ability to enable or disable the feature as well as change the number of days the password is valid for. If you decide to change the default number of days, you will be required to enter an email address which will be used to email you 7 days prior to expiration which is the default.

In addition to using the VAMI interface to configure these settings, I was also interested to see if these settings can be automated through the command-line and with a bit of digging, these options can be completely controlled through the CLI!

We will be using the chage utility which manages user account expiry. To view the default settings for the root account or any other account, run the following command:

chage -l root

We can see from the screenshot above, the maximum days before expiration is 90 and the number of days to warn before expiration is 7 which matches the VAMI UI.

Lets say we want to change the maximum days before expiration to 120 and instead of warning 7 days before expiration, we want to change it to 12, you can do so by running the following command:

chage -M 120 -W 12 root

If you wish to completely disable account password expiry, you can do so by running the following command:

chage -M -1 -E -1 root

You can also configure the email address through the command-line which is used to warn X days before password expiry. To add or update the email address, you will need to create a file called /etc/vmware-vpx/root.email that contains the email address.

From an operational perspective, you will want to ensure you configure an SMTP server in your vCenter Server after deploying the VCSA and ensure you add an email address so you can be notified before the root account password expires. You should also configure the maximum number of days before the password expire and the number of days to warn to match your internal security policies.

In the event that you lock yourself out, how do you go about recovering from this since you will not be able to login to the VAMI interface nor the SSH console? I have purposely configured one of my VCSA to expire the password in 1 day, so stay tune for a future article on how to recover from this.

Here is How to recover VCSA 5.5 from an expired administrator account article.

New vCenter Server Simulator 2.0 enhancements in VCSA 5.5

by // 47 Comments

Last year I wrote about a very interesting tool called vCenter Server Simulator (VCSIM) which allows a user to quickly simulate a VMware environment that can be comprised of thousands of ESXi hosts and virtual machines. VCSIM can benefit a variety of use cases such as learning about the vSphere API, creating reports for vSphere or vCloud Director to building vSphere Web Client plugins to help visualize large inventories. There was an overwhelming interest in VCSIM from last year and I received some great feedback and feature requests which I fed back to the VMware engineers who developed this internal tool.

With the upcoming version of vSphere 5.5 to be released very soon, I was wondering if there were going to be any new features for VCSIM in VCSA 5.5? I reached out to one of the engineers, Haiping Yang, who works in the Performance Engineering team who is currently taking over some of the development of VCSIM. Some of you might be familiar with some of her work such as the recent visualEsxtop, esxtop and resxtop to just name a few. In talking to Haiping, I found that she has been quite busy adding cool new features to VCSIM and this is on top of her regular day job!

Disclaimer: This is not officially supported by VMware, please use at your own risk.

Here is a quick summary of the new features of VCSIM 2.0:

Distributed Virtual Switch (VDS) Support:

  • Add / Remove ESXi hosts from VDS
  • Create / Delete Distributed Virtual Portgroup
  • Reconfigure Distributed Virtual Portgroup
    • Add / Remove VM from Distributed Portgroup

vCloud Networking & Security (vCNS) Support:

  • Create / Delete vCNS Gateway
  • Create / Delete Isolated/Routed Org Networks
  • Create / Delete vApp Networks
  • Deploy / Undeploy vApp with DHCP service enabled

Persistent Inventory Configuration upon restart:

  • Folder, Cluster, Resource Pool, Host, Datastore, Virtual Machine, Network and VDS

Custom Configuration Support:

  • ESXi version template
  • ESXi configuration template
  • Datastore configuration
  • Virtual Machine datastore

Easy startup commands:

  • vmware-vcsim-start
  • vmware-vcsim-stop [true|false] - Determines whether the inventory is cleared after stopping VCSIM

Note: Before you can use VCSIM, you will need to configure the VCSA as you normally would by going through the VAMI interface or running through the SSH commands noted in this article.

I will not go over every single feature mentioned above, but I did want to take a look at a few noteworthy features such as the new VCSIM start/stop command, datastore configuration and ESXi host configuration templates.

VCSIM Start/Stop Commands:

With the previous version of VCSIM, you had to manually edit the vCenter Server configuration file (vpxd.conf) and append the necessary VCSIM configurations. In this release, we now have an easy to use command-line utility to start and stop VCSIM. The vmware-vcsim-start command supports several startup options.

To view the list of supported options, just run the following command:

vmware-vcsim-start help

Option 1 - You can specify a VCSIM configuration file and you can find several examples located in /etc/vmware-vpx/vcsim/model

Option 2 - You can specify either the keyword "empty" for a blank vSphere inventory or "default" which will automatically use /etc/vmware-vpx/vcsim/model/vcsim-default.cfg inventory configuration

Option 3 - You can just specify the inventory layout on the command-line. An example would be "custom:dc=1,cluster=1,rp=1,host=1,vm=1,vm_on=1,latency=true"

To get a list of all the available VCSIM configurations, take a look at /etc/vmware-vpx/vcsim/model/vcsim.cfg.template

Here is an example of starting VCSIM using the "default" mode:

vmware-vcsim-start default

 

Datastore Configuration:

Custom datastore configuration was something that was much sought after with VCSIM 1.0 and unfortunately, there was only a single global datastore that was automatically "connected" to all simulated ESXi host. The new version of VCSIM now supports custom datastore configurations that can be defined globally, at the cluster level, local storage as well as string prefix which can help you separate out different VCSIM instances.

Here is an example of the configuration that would need to be added to the VCSIM configuration file:

<datastore>
   <global>1</global>
   <cluster>4</cluster>
   <local>5</local>
   <prefix>vghetto</prefix>
</datastore>

Here is what one of the simulated ESXi hosts would show for its datastores:

 

ESXi Configuration Template:

Another useful feature that I personally have asked for is the ability to customize an individual simulated ESXi host. Though this is still currently a work in progress, what you can do with VCSIM 2.0 is to customize the ESXi host version as well as the datastores on a per host basis. If you take a look vcsim.cfg.template, you will find a configuration line that looks like:

vcsim/model/hostConfig

This specifies a directory that would contain custom simulated ESXi host templates and their configurations. A sample host template is provided at /etc/vmware-vpx/vcsim/model/hostConfig.xml.template and currently, you need to specify the default simulated hostname (e.g. DC0_C0_H0.xml).

Here is an example of what that host template can look like:

<hostConfig>
  <datastores>
     <ds id="virtuallyGhetto-datastore-1"/>
     <ds id="virtuallyGhetto-datastore-2"/>
     <ds id="virtuallyGhetto-datastore-3"/>
  </datastores>
</hostConfig>

Now if we go back to our DC0_C0_H0 ESXi host, you will see that the host template will override the global configuration:

For the two examples above, here is what I used in my custom VCSIM configuration file that I called vcsim-virtuallyghetto.cfg if you are interested in what I used:

<simulator>
  <enabled>true</enabled>
  <initInventory>vcsim/model/initInventory-default.cfg</initInventory>
  <hostConfigLocation>vcsim/model/hostConfig</hostConfigLocation>
  <datastore>
     <global>1</global>
     <cluster>4</cluster>
     <local>5</local>
     <prefix>vghetto</prefix>
  </datastore>
</simulator>

I have already asked for the ability to fully customize the simulated ESXi host display name and have already been told that this is something they would consider for a future release. VCSIM 2.0 has also been improved to better operate with vCloud Networking & Security and vCloud Director. I was able to quickly test VCSIM 2.0 with the latest version of vCloud Director 5.5 and everything seems to be working fine. You can follow the existing instructions here for vCloud Director setup with VCSIM.

As you can see VCSIM 2.0 contains many new features and I highly encourage you to give it a spin when vSphere 5.5 is made generally available. There are definitely some additional fit and finish features that Haiping just could not get into this release. Hopefully we will get those updates in a future release of VCSIM and include additional ESXi template versions. If you have any feedback, comments or feature requests feel free to leave a comment and I will make sure it reaches Haiping and the development team. I do not want to spoil the surprise, but I just want to say one of the features coming in VCSIM 3.0 will be quite AWESOME! 😀 (sorry for the tease)