Month: April 2022

Script to see Datastore Permission

fabio1975, , , , , Leave a comment

Last day in the VMware Community I saw a request for:

“I have AD group like mydomain\mygroup.

This group have access for many datastores.

How i can use powercli to get full list of datastores which the group can manage?”

I made this PowerCLI script:

$cred = Get-Credential
Connect-ViServer <vcenter-FQDN>; -Credential $cred
$datastores = Get-Datastore | Select Name
$groupAD = "domain\group"
$report = @()
foreach ($datastore in $datastores) {
  $report +=  Get-VIPermission
| Where-Object {($_.Entity.Name -Like $datastore.Name) -and ($_.Principal -eq $groupAD)} |Select Principal,Role,@{n='Datastore';E={$datastore.Name}},@{n='Entity';E={$_.Entity.Name}},@{N='Entity Type';E={$_.EntityId.Split('-')[0]}},@{N='vCenter';E={$_.Uid.Split('@:')[1]}}
}
$report | Export-Csv <path\csvfile> -NoTypeInformation

Script to see Datastore Permission

Horizon and Skyline Collector

fabio1975, , , , Leave a comment

This is a little guide for connecting the VMware Horizon infrastructure to Skyline service.

The requirement is:

Prerequisites The following permissions are required for the account used to add the Horizon Connection Server to the Skyline Collector. These permission are sufficient tor both collecting product usage data, and transferring support bundles with Log Assist. Administrator (read-only) Role Collect Operation Logs

The Administrator (read-only) does not have the Collect Operation Logs Privilege and for this, I need to create a dedicated Role.

Add Role * Name CollectLogs Description C) C) C) C) Privilege Manage Access Groups Collect Operation Logs Manage Global Configuration and Policies Manage Farms and Desktop and Applications Pools x Description Add and remove access groups. Collect Operation Logs. View and change global policies and view configuration settings except for administrator roles and permissions. Add, modify, and delete farms Add, modify, delete, and entitle desktop and application pools. Add and remove Cancel OK

We created a service user svcskyline in our Active Directory and now assign it the correct role

Add Administrator Or Permission Add O Select administrators or groups C) Select a role C) Remove Name adx.loc\svcSkyline Domains adx_loc Email

Add Administrator Or Permission Select administrators or groups 0 Select a role O Select the access groups Role Administrators Administrators (Read only) Agent Registration Administrators Global Configuration and Policy Administrators Global Configuration and Policy Administrators (Rea d only) Help Desk Administrators Applies to an access group Yes Yes

Add Administrator Or Permission Select administrators or groups Select a role O Select the access groups C) Access Group Root(/)

Repeat for CollectLogs Role

Global Administrators View Administrators and Groups Role Privileges Role Permissions Access Groups Add user or Group Name • adx.loc\svcSkyline Remove User or Group Add Permission Role Remove Permission Administrators (Read only) CollectLogs Access Group Root(/) Root(/)

Now add to Skyline Collector the Horizon View

Login to Skyline Collector

https://<fqdnskylinecollector>/

(if you lost the password https://kb.vmware.com/s/article/52652)

vmware OVERVIEW COLLECTOR Skyline"' Collector System Status Configuration Collector Overview @ Your Collector is Running

Go to Configuration and select Product Horizon View

PRODUCTS vCenter Server NSX-V NSX-T Horizon View vRealize Operations VMware Cloud Foundation vRealize Suite Lifecycle Manager vRealize Automation

Select +ADD HORIZON VIEW

Horizon View Currenty configured Horizon View products: Host Status Actions Currently there are no Horizon View products configured Use the "'ADD HORIZON VIEW" button below to configure one. + ADD HORIZON VIEW

Add Horizon View FODN/IP Address Account username Account Password ADD VCS 1 vcskyline

Horizon View Currenty configured Horizon View products: Host VCS13 + ADD Status Endpoints Working Actions HORIZON VIEW

Now on Skyline Advisor Pro console (https://console.cloud.vmware.com/) we have 2 Horizon Connection Server

Inventory Summary Last Analysis: Mar 11, 2022 10:13 AM CET 02 10 343 02 0 VMware Cloud Foundation vCenter Hosts Virtual Machines vRealize Operations Manager Horizon Connection Servers NSX-T Object NSX-V Object vRealize Automation

We’ll attend 24 hours to see the information

Product Horizon Connection Servers v Cen ters Status O Unknown O Virtual Machines Initial product "Status" value may take up to 24 hours to display correctly If this state persists for more than that and your Collector is not in state "Inactive", please open a support request.

And after 24 hours we have the first Active Findings

P.S. For the finding ID Horizon-Log4jremotecodeexe-VMSA#202128 I applied the Workaround and Skyline Advisor is unable to check this workaround.

Fonte

Horizon View (vmware.com)

Horizon and Skyline Collector