vSphere Web Client

Blocking vSphere HTML5 VM Console and allowing only Standalone VM Remote Console (VMRC)?

02.08.2023 by William Lam // Leave a Comment

This was an interesting request that came up on the VMTN community forums asking whether it was possible to block users from accessing the vSphere HTML5 (H5) VM Console in vCenter Server and only allowing access to a VM console through the use of the Standalone VM Remote Console (VMRC) client? What is the use case for this you might ask, well it looks like VM screen resolution was getting change between the two clients and the administrator simply wanted to restrict access to the H5 VM Console and direct users to use only the VMRC Client.

At first, I could not see how this could be accomplished since all of their users already have the "Console interaction" privilege within vCenter Server which allows them to to interact with both VM Console interfaces. I was then reminded of an article that I wrote back in 2021 where a user wanted to restrict access to the vSphere UI interface while still allowing access to vCenter Server through the vSphere API, which used an access policy to restrict access based on a URI endpoint within the vCenter Server Tomcat application configuration.

This gave me an idea to experiment with and see if we could do the same and simply restrict the /ui/vmconsole endpoint which serves the H5 VM Console while still preserving VMRC access.

[Read more...]

Creating custom ESXi images using vSphere Lifecycle Manager (vLCM) UI and PowerCLI cmdlets for vSphere 8

11.22.2022 by William Lam // 9 Comments

I have started to use vSphere Lifecycle Manager (vLCM) more and more, especially after upgrading to vSphere 8 as it will be the primary lifecycle management solution going forward for both vSphere image and configuration management.

The other reason for using vLCM is that vSphere Update Manager (VUM) baselines have also been deprecated in vSphere 8 and while you can still use it for now, it should not come as a surprise that VUM and its functionality will be removed in the future and all of its workflows including the use of vSphere Image Builder should also be transitioned over to using vLCM.

One of the most common and basic workflow for customers today is creating custom ESXi images (ISO or Offline Bundle) that includes additional ESXi drivers. Since vLCM is probably new to most folks (including myself), I wanted to share how you can create your own custom ESXi images using both the vLCM UI (which can be a bit non-intuitive) as well as the new PowerCLI cmdlets that was jus released today as part of PowerCLI 13.0 release that adds support for both vLCM and vSphere 8!

[Read more...]

Heads Up - No healthy upstream error with VEBA vSphere UI plugin with vSphere 7.0 Update 3

10.20.2021 by William Lam // Leave a Comment

After upgrading my homelab to vSphere 7.0 Update 3, I noticed that my VMware Event Broker Appliance (VEBA) vSphere UI Plugin which is included as part of the VEBA Appliance was no longer functioning properly and would display no healthy upstream error message.

I initially thought this might be environmental, since I had just upgraded from lab from vSphere 7.0 Update 2d to 7.0 Update 3. I had reported the issue to our vSphere UI Engineers who built the VEBA UI plugin and while they were looking into the issue, we had another report from a VEBA user who also was hitting the same issue. Today, I got an update from Engineering and it looks like there was a regression in the Envoy service running in the VCSA which had caused this issue. This issue will be fixed in a future patch update for the VCSA, but in the mean time, VEBA users can apply the workaround outlined below.

Note: This workaround is required for vSphere 7.0 Update 3 or later. The issue has been fixed in vSphere 8.0 but if you are running any version of 7.0 Update 3 or newer, you will still need to apply this workaround.

[Read more...]