WilliamLam.com

Quick Tip: New Hyper-V guestOS identifier in vSphere 5.5

by // 16 Comments

For those of you who are so inclined to run Hyper-V as a nested VM on ESXi 5.5 (not sure why anyone would want to do such a thing), you should be aware that there is a new guestOS identifier that you can configure your VM to for the most optimal configuration. The main reasons you would want to use this configuration is that by default Windows Enlightenment is enabled and this will prevent Hyper-V from running as it will detect it is running inside of a VM. This configuration will disable Windows Enlightenment to allow you to run Hyper-V.

I noticed a new guestOS identifier called "windowsHyperVGuest" while browsing through the vSphere 5.5 API Reference guide, but when I checked the vSphere Web Client, I did not see this guestOS type as an available option. Perhaps this was not a supported guestOS, after all Nested Virtualization is not officially supported by VMware. In any case, you can still configure your VM by leveraging the vSphere API.

Here is a quick vSphere SDK for Perl script called changeGuestOSID.pl which allows you to reconfigure a VM with a valid guestOS identifier from the vSphere API Reference guide. You can of course easily do this using PowerCLI as well as any other language that can speak to the vSphere API.

Once updated, you should now see it reflected in both the vSphere Web/C# Client:

Note: I did not do extensive testing other than basic installation of latest Hyper-V Server and I do not believe you need any additional settings. If you wish to run nested 64-bit VMs, then you will need to enable VHV.

Additional steps required to completely disable VSAN on ESXi host

by // 11 Comments

Something that I had noticed while working with VSAN in my lab is that when you disable VSAN on your vSphere Cluster, the disks that were used for VSAN in each of the ESXi hosts were no longer available for use afterwards. If you want to use one of the disks for creating a regular VMFS volume or even use it for for vSphere Flash Read Cache, the disks would not show up as an available device. The reason this is occurring is that the disks still contains a VSAN partition and this is not automatically removed when disabling VSAN.

You can view the partition details by using the partedUtil and specifying the "getptbl" option and the device.

Now I could use partedUtil to clear the partition, but there is actually a nice ESXCLI command that can be used to remove the disks used in a VSAN disk group and this will automatically clear the VSAN partition. The ESXCLI command is:

esxcli vsan storage remove -s [SSD-DEVICE-ID]

When I tried to run the command, I was surprised to get the following error message:

Unable to remove device: Can not destroy disk group for SSD naa.6000c29c581358c23dcd2ca6284eec79 : storage auto claim mode is enabled

It turns out when you use "Automatic" claiming mode when enabling VSAN on your vSphere Cluster, that configuration is left enabled on the ESXi host even when disabling VSAN. This then prevents you from destroying the disk group. So there is an extra step required if you choose automatic mode and you will need to run the following ESXCLI command to disable it:

esxcli vsan storage automode set --enabled false

If you are not sure, you can always perform a "get" operation to check whether automatic claim mode is enabled. Once that has been disabled, you will now be able to destroy the diskgroup by running the original command above:

The remove operation only requires the SSD device front-ending the VSAN disk group and you can identify the SSD by running "esxcli vsan storage list". I did find it odd that disabling VSAN in your vSphere Cluster did not completely disable the automatic mode on the ESXi host and I have already filed a bug request to get that fix.

How to generate a pre-authenticated HTML5 VM console link in vSphere 5.5 that works on all OSes!

by // 79 Comments

One of the coolest feature that I have been personally looking forward to is the ability to access a virtual machine's remote console on a Mac OS X system which is now available as part of the vSphere 5.5 release. When you launch the VM's remote console using the vSphere Web Client on a Mac OS X system, instead of using the regular VMRC, it launches an HTML5 based console for your VM.

One thing that you might have noticed when performing this same action on a Windows desktop using the vSphere Web Client is that VMRC is used instead of the HTML5 console (notice the generated URLs are different). My understanding is that the VMRC is currently more performant than the HTML5 console and hence it is preferred when possible. I have been using the HTML5 based console for quite sometime now and I have not had any issues with it. I really hope to see us use the HTML5 console as the default console in the future!

Having said all this, there is a way for all users can benefit from this new HTML5 based VM console which is to automatically generate the URL which can then be loaded into any HTML5 supported web browser on either a Mac OS X, Windows or even Linux system. I used a similar method in generating the VM Remote Console for the vSphere Web Client which is VMRC specific.

UPDATE (07/26/17): I have just published a PowerCLI script called GenerateVMConsoleURL.ps1 which runs against a vSphere 6.5 environment and supports generating the HTML5 VM Console, Standalone VMRC and WebMKS URLs. As noted by several folks in the comments below, the pre-auth mechanism no longer works post-6.0, so you will need to have logged already for the console to automatically load OR you will be prompted to login before being re-directed. For those that wish to generate VM Console URLs for older vSphere versions, you can modify the script to handle those other scenarios.

The really cool part about this solution is that you can provide a one time pre-authenticated HTML5 based VM console URL that can then be given to your end users to access their VM. This of course can be automatically generated through a custom portal without needing to provide direct access to the vSphere Web Client.

Here is an example of what the HTML5 VM console URL looks like in vSphere 5.5:

http://reflex.primp-industries.com:7331/console/?vmId=vm-23&vmName=VCSA&host=reflex.primp-industries.com&sessionTicket=cst-VCT-5254c455-4340-2185-e149-01ce44b146e1--tp-4A-88-17-7C-F5-D0-79-E6-9D-A1-E3-83-97-52-97-EA-E5-D3-D8-07&thumbprint=4A:88:17:7C:F5:D0:79:E6:9D:A1:E3:83:97:52:97:EA:E5:D3:D8:07

In vSphere 5.5 Update 2, the HTML5 VM Console now defaults to a secure connection and the two components of the URL that needs to be modified is from HTTP to HTTPS and from port 7331 to port 7343. The script has been updated to support a new command-line option called isvSphere55u2 which by default is set to false but can be set to true to generate an updated URL if you are running vSphere 5.5 Update 2

There are basically seven important components to the URL:

  • Hostname of the vCenter Server - reflex.primp-industries.com
  • The HTML5 console port, default is 7331 but can automatically change depending on available ports on the system (for vSphere 5.5 Update 2 the port has changed to 7343 for a secure connection)
  • The MoRef ID of the virtual machine - vm-23
  • The virtual machine name - VCSA
  • The vCenter Server advanced setting "VirtualCenter.FQDN" - reflex.primp-industries.com
  • The session ticket generated from vCenter Server - cst-VCT-5254c455-4340-2185-e149-01ce44b146e1--tp-4A-88-17-7C-F5-D0-79-E6-9D-A1-E3-83-97-52-97-EA-E5-D3-D8-07
  • The vCenter Server SHA1 SSL Thumbprint - 4A:88:17:7C:F5:D0:79:E6:9D:A1:E3:83:97:52:97:EA:E5:D3:D8:07

Disclaimer: The HTML5 VM console URL format/behavior is not guaranteed and may change in the future. The only officially supported method of accessing the console is by launching it through the vSphere Web Client.

Here is a vSphere SDK for Perl script called generateHTML5VMConsole.pl that given a VM name as input, will automatically generate a one-time pre-authetnicated HTML5 VM console URL that can be loaded into any supported web browser.

Note: To ensure the URL is valid, you will need to make sure your application is setup to run like a daemon or agent. To simulate this in my sample script, I just sleep for 60 seconds before disconnecting the session. I also used the openssl utility to extract the SHA1 thumbprint, so you will need a system that has that installed along with the vSphere SDK for Perl if you wish to use the script. The quickest way is to leverage vMA.

To load the HTML5 VM console, take the URL that is generated and point it to a browser:

Since this is an HTML5 based VM console, I can even load this into my iPad!

Hopefully this article will give you new ideas on how you can leverage and integrate the new HTML5 VM Console within your environment and hopefully this will be the defacto console in the future!

Here is an example of what the URL looks like for vSphere 5.1 & 5.5:

https://reflex.primp-industries.com:9443/vsphere-clien/vmrc/vmrc.jsp?vm=urn:vmomi:VirtualMachine:vm-1506:EE26E7F6-591B-4256-BD7A-402E5AC9E0A8

There are basicallythree important components to the URL:

  • Hostname of the vCenter Server - reflex.primp-industries.com
  • The vCenter instanceUUID which used to uniquely identify a vCenter Server - EE26E7F6-591B-4256-BD7A-402E5AC9E0A8
  • The MoRef ID of the virtual machine - vm-1506