VMware ThinAPP

ThinApp is an application virtualization (Agent-Less) solution.

Application virtualization, therefore, the use of ThinApp, allows us to:

  • Coexist different versions of the same application on the same Operating System
  • Use Windows 7 and Windows XP applications on Windows 10 and Windows 11 systems and thus simplify the migration from outdated operating systems to a modern OS
  • Reduce IT support and related Help Desk costs
  • Increase user mobility
  • Stream applications

In detail, ThinApp captures the installation of one or more applications (including files and registry keys that are modified) in an ecosystem that looks like a single executable file.

The executable file is portable on other systems (of the same version or different) and we can control the level of interaction with the operating system on which we are going to run the application and with other applications in our system.

ThinApp allows various ways of isolation using a sandbox:

  • FULL
  • MERGED
  • WRITE

During the creation of the virtualized package, we can choose only two of the previous options (MERGE and WRITECOPY) the third (FULL) we can activate by modifying an INI file post-capture of the installation

In the following diagrams, we find the three modes

The Sandbox is our box where changes to the ThinApp package that the end user performs during use can (depending on the isolation mode chosen) be saved.

The sandbox is:

  • Customizable the path where it resides
    • Editable in .ini file that generates application capture
    • Can reside in the same directory as the ThinApp EXE
    • Can be on a network share
    • By default is %appdata%\thinstall\application
  • Each user has his own sandbox
  • Resetting application configurations is executable by deleting the sandbox

The distribution of a ThinApp is feasible in several ways:

  • Using a network share and running application streaming
  • Using it from a USB device
  • Copying it to your computer

The use of the network share for the distribution of ThinApp packages allows an easy updating of the packages themselves.

VMware ThinAPP

Using Secondary Image on Instant Clone Desktop Pool (VMware Horizon)

In the management of a pool of Instant Clone (IC) VMs in a VMware Horizon infrastructure, one of the most useful aspects for a system administrator is the ability to make updates by modifying the GoldImage, subsequently generating a new Snapshot of it and applying it to all the VM ICs of the Pool.

Since version 2111, we have the possibility to use a “second image” in the same Pool to allow the deployment of this second image in a “selective” way on only some VMs.

This allows us to test the changes made only on a limited number of users.

Let’s see how it works, in my Home Lab where I have a Pool of type IC with Guest OS Windows 11.

The VMs (in this case there are 2) point to the following snapshot of the GoldImage:

Immagine che contiene tavolo

Descrizione generata automaticamente

Let’s proceed to update the VMware Tools on the Gold image, where the version is currently present

Immagine che contiene testo

Descrizione generata automaticamente

Post update we have the following version

Immagine che contiene testo

Descrizione generata automaticamente

We proceed with turning off the GoldImage and create the snapshot to use.

Once the snapshot is created, we go to the Desktop Pool and proceed to assign the snapshot created as a secondary image.

Immagine che contiene tavolo

Descrizione generata automaticamente

Immagine che contiene testo

Descrizione generata automaticamente

We select the option to publish it as a second image

Immagine che contiene testo

Descrizione generata automaticamente

If we want to select now the VM IC on which to push we put the flag to:

In my case we will select after the VMs ICs

We wait for the secondary image to be ready for deployment

When it is ready we will be able to see the following in the details of the pool

!

At this point in the “Machines (Instant Clone Details)” menu, you will enable the following option:

We select the VM on which we want to apply the image and proceed:

Immagine che contiene testo

Descrizione generata automaticamente

And we wait for this to be applied

Immagine che contiene testo

Descrizione generata automaticamente

Let’s try to connect with two different users to the same pool to see the differences between the two VMs and we will notice that one IC has the updated VMware tools and the other does not

Once all the tests of the changes have been carried out, we have three possibilities:

  • Apply the default image to the VM on which we tested the subimage
  • Authorize the second image as Default
  • Delete the second image because it doesn’t meet your needs

Apply the default image to the VM on which we tested the subimage

Authorize the second image as Default

Delete the second image because it doesn’t meet your needs

Immagine che contiene testo

Descrizione generata automaticamente

Using Secondary Image on Instant Clone Desktop Pool (VMware Horizon)

Script for removing and installing Horizon agent

Requirements:

  • Share containing the installation file of the Horizon agent version and a . bat containing the command to silently install the Horizon agent
  • List of VMs on which to perform the operation
  • A user to access vCenter with administrative rights
  • One user to install horizon agent on VMs

The script includes:

  • Credential request
    • First request the user to access the vCenter (line 6)
    • Second request the user to remove and install the Horizon Agent on the VMs (line 8)
  • Import the VM list (line 12)
  • Connecting to the vCenter (line 13)
  • Part a for each machine contained in the file with the list of VMs (line 14)
  • Check if the Horizon Agent is present (line 25)
  • If present, remove it and reboot (line 29), if not present, switch to the installation fa
  • Installing the Horizon agent (line 54)
    • Share mount
    • Running the .bat contained in the share
  • Waiting for the installation to finish and reboot

There are 3 “procedures” in the script

For  verification if the Horizon Agent is installed (line 18 to 20):

$script = @”

Get-WmiObject Win32_Product -filter “Name=’VMware Horizon Agent'” | Select Caption

” @

For the removal the Horizon  agent (line 22 to 24):

$removeapp= @”

wmic Product Where “Name=’VMware Horizon Agent'” Call Uninstall /NoInteractive

” @

For agent installation (Line 50 to 54):

$installapp = @”

New-PSDrive -Name “S” -Root “\\vimng03\share” -Persist -PSProvider “FileSystem”

S:\agentinstallv8.bat

” @

In this last agent installation procedure, you must modify:

  • S 🡪 letter with which the share will be temporarily mounted on the VM (which we can change but must also be modified in the installation file .Bat
  • \\vimng03\share –> put the share where you want the Horizon agent installation file and the installation file .bat
  • S:\agentinstallv8.bat is the file that will install the agent in silently mode

Where inside it is start:

s:\VMware-Horizon-Agent-x86_64-8.0.0-16530789.exe /s /v”/qn ADDLOCAL=BlastUDP,Core,HelpDesk,RDP,RTAV,TSMMR,USB,VmVideo,VmwVaudio,VmwVdisplay,VmwVidd”

to be parameterized according  VMware’s guide.

in my case the file will look like this

#The script need:
#List the VMs name where remove e reinstall the agent (file c:\vdi.txt or where you want)
#Share where is the horizon agent installation file and the file agentinstallv8.bat that contain the silent command for installation
#When the script start ask the vCenter Credential and the Admin User Credential for install the Horizon Agent on the VM
#Credential for access to vCenter
$credential = Get-Credential
#Credential with administrator role for install horizon agent 
$VMCredential = Get-Credential
#vcenter
$vcenter = "<FQDNvCenter>"
#List of VMs where remove e install new agent version
$VDIs = Get-Content "c:\vdi.txt"
connect-viserver $vcenter -Credential $credential
foreach ($VDI in $VDIs){
$VM = Get-VM -Name $VDI
Write-Host "Start remove agent from $VM"
#Script for verify if the agent is installed
$script = @"
Get-WmiObject Win32_Product -filter "Name='VMware Horizon Agent'" | Select Caption 
"@
#Script for remove
$removeapp= @"
wmic Product Where "Name='VMware Horizon Agent'" Call Uninstall /NoInteractive
"@
$value = Invoke-VMScript -VM $VM -ScriptType Powershell -ScriptText $script -GuestCredential $VMCredential 
#Check if horizon agent are install if present the script remove it and reboot the VM
if ($value.ScriptOutput -like "*Horizon*") {
     Write-Host "Horizon agent is installed"
     Invoke-VMScript -VM $VM -ScriptType Powershell -ScriptText $removeapp -GuestCredential $VMCredential -RunAsync
     While(Test-Connection $VM -Quiet -Count 1){
        Write-Progress -Activity "Rebooting $VM" -Status "Waiting for $VM to shut down."
        Start-Sleep -sec 1
     }
     While(!(Test-Connection $VM -Quiet -Count 1)){
        Write-Progress -Activity "Rebooting $VM" -Status "Waiting for $VM to come back up."
        Start-Sleep -sec 1
     }
     if ($value.ScriptOutput -cnotlike "*Horizon*") {
     Write-Host "Agent removed from $VM and $VM rebooted"
     } 
   }
   else { 
   Write-Host "Horizon agent is not installed on $VM" 
   } 

#####Agent Installation
Write-Host "Start the Horizon Agent installation in $VM"
Sleep 15 
#Installation with share change the fileserver,the share name, the labl and the file 
$installapp = @"
New-PSDrive -Name "S" -Root "\\vimng03\share" -Persist -PSProvider "FileSystem"
S:\agentinstallv8.bat
"@
Invoke-VMScript -VM $VM -ScriptType powershell -ScriptText $installapp -GuestCredential $VMCredential -RunAsync
While(Test-Connection $VM -Quiet -Count 1){
        Write-Progress -Activity "Rebooting $VM" -Status "Waiting for $VM to shut down."
        Start-Sleep -sec 1
    }
While(!(Test-Connection $VM -Quiet -Count 1)){
        Write-Progress -Activity "Rebooting $VM" -Status "Waiting for $VM to come back up."
        Start-Sleep -sec 1
    }
Write-Host "$VM after installation is UP" 
$value = Invoke-VMScript -VM $VM -ScriptType Powershell -ScriptText $script -GuestCredential $VMCredential
if ($value.ScriptOutput -like "*Horizon*") {
    Write-Host "New Horizon agent is installed in $VM"
    }
    else
    {
    Write-Host "New Horizon agent is not installed in $VM" 
    }
}
Disconnect-VIServer $vcenter -Force
Script for removing and installing Horizon agent

Upgrade Unified Access Gateway

VMware Horizon infrastructures often have the Unified Access Gateway (UAG) component to enable a secure connection from outside your corporate network to VDI.

This positioning makes the UAG subject to frequent updates, today we will see how to update it.

Download the ISO file of the version we want to update from the VMware Customer Site:

File 
Information 
Unified Access Gateway 2203 for vSphere, Amazon AWS and Google Cloud (Non-FIPS) 
DOWNLOAD NOW 
File size: 2.63 
File type: Ova 
Read More 
Unified Access Gateway (UAG) 2203 for vSphere (FIPS) 
DOWNLOAD NOW 
File size: 2.14 Ga 
File type: ova 
Read More 
Unified Access Gateway WAG) 2203 for Microsoft Azure 
DOWNLOAD Now 
File size: 2.54 GB 
File type: zip 
Read More 
Unified Access Gateway WAG) 2203 PowerShell Scripts 
DOWNLOAD NOW 
File size: 79.4 KB 
File type: zip 
Read More 
MDS checksums. SHAI checksums and SdA256 checksums

Check compatibility with your Horizon infrastructure:

Product Interoperability Matrix (vmware.com)

Add to My Favorite List 
Hide Interoperability 
Compatible IV Incompatible 
Com*tible Put End of 
a 
Put End of 
Not S upgnrted 
VMwere Horizon 
2111 
2106 
2103 
2012 
T 132 - VMwere Horizon 7 
713 1 - VMwere Horizon 7 
T 13 0 - VMwere Horizon 7 
Hide Legacy Releases O 
Past End ot General Support Past End at Technical Guidance 
VMware Unified Access Gateway 
2203 
and 
21112 
and 
2111.1 
and 
2106.2 
and 
2103.1 
and 
2103 
2012 
and 
2009 
3.10

Download the INI file containing the current UAG configuration

  • Access the Unified Access Gateway interface
    • HTTPS://<fqdnUAG>:9443

Using the credentials of the admin user

or 
VMware 
Unified Access Gateway 
dmin Username 
Admin Password 
Login

Once logged in, download the .ini file

A picture containing chart

Description automatically generated

OCSP Settings 
Support Settings 
Support Settings 
Edge Service Session Statistics 
Log Archive 
Log Level Settings 
Export Unified Access Gateway Settings

Retrieving the information needed to complete the configuration file:

  • Certificate for public access and password
  • Certificate for the admin center and its password
  • SAML component XML if integration with AZURE MFA
  • Information on where to deploy (vCenter, Cluster, virtual network, datastore ) the Virtual Appliance of the new UAG

The data indicated will serve me to fill in the fields of the downloaded ini file

Notepad 
File Edit Format 
[General] 
netlnternet= 
View 
Help 
ipø=192.168.247.54 
diskMode= 
ip1=192,168,246.54 
defaultGateway=192.168.247.1 
target= 
ds= 
routes 
2.168.246.1,192.168.4.0/24 192.168.246.1,172.25.2.0/23 192.168.246.1,172.25.6 
netmaskØ=255.255.255. or 
netManagement etwor 
net3ackendNetwork 
• pØA110cationMode=STATICV4 
name= 
deploymentOption=twonic 
forceNetmaskØ=255.255.255. or 
forceNetmask1=255.255.255. or

I summarize the info required in this table

Sector Field Description
General netInternet PortGroup on which to certify the network card that communicates to the internet world *
General diskmode Thin or Thick
General Source Absolute path where the ISO resides
General Target Path of the vSphere infrastructure where we will deploy the virtual appliance
General Ds Datastore where the VM will be created
General netManagementNetwork Portgroup on which to certify the network adapter for UAG management *
General netBackendNetwork Portgroup on which to certify the network adapter for UAG management *
General Name Virtual Machine Name
General uagName Hostname of the UAG (normally to be left that of the UAG to be replaced)
SSLCert pfxCerts Property Path where the SSL Certificate generated by a public CA in password protected PFX format used to access VDI by Horizon Clients resides
SSLCertAdmin pfxCerts Property Path where the SSL Certificate generated by a CA (normally Microsoft and Private) used to secure and validate access to the UAG Management Interface resides
IDPExternalMetadata1 metadataXmlFile Property XML file of the Identity Provider (In this case Azure AD) to enable Azure MFA for access

*VMware recommends at least two network adapters in two different segments for production environments

  • One for internet traffic (I call it the EXT-DMZ)
  • One for traffic to the internal LAN (I call it the INT-DMZ)

It is possible to create environments with 1 or 3 network adapters, in the first case VMware recommends only one card only for test environments, and in the second to also differentiate the management traffic that otherwise, in the two-card configuration would pass through the card that communicates with the internal LAN.

Notepad 
File Edit Format View Help 
l[Generate1] 
net Internet—DPG - EXT•4Zjjj) 
ipe=192.168.247.55 
diskMode—thick 
source—E : - unified - access - gateway- 22.03. 1955Ø 91_OVFI Ø. Ova 
ip1=192,168,246.55 
default-Gateway=192.168.247.1 
target—vi : / /vcaØ7 
ds=vsanDatastore 
routes1=172.16.e.Ø/16 192.168.246.1,192.168.4.0/24 192.168.246.1,172.25.2.0/23 192.168.246.1,172 
netmaskØ=255.255.255. and 
netManagementUetwork 
net8ackendNetwork=DPG - INT - C*IZ 
ipeA110cationMode=STATICV4 
name-VilJAGØ3-22Ø3 
deploymentOption=twonic 
forceNetmaskØ=255.255.255. and 
forceNetmask1-255.255.255. and 
ip1A110cationMode=STATICV4 
net-maski=255,255,255. and 
authenticationT imeout—3ØØØØe 
fipsEnab1ed—fa1se 
sys L ogType=UDP 
uagName=viuage3 
clockSkewT01erance=6Øe

At this point we can proceed with the deployment of the virtual appliance:

  • The first step is Shutdown the old UAG Virtual Appliance (I suppose do you have at least two UAGs with a Load Balancer in front and at least a DNS round-robin for balancing the traffic to the Connection server)

.\uagdeploy.ps1 -iniFile UAG_Settings_VIUAG04.ini

Administrator: Windows PowerShell 
uag ep oy2203> 
uag ep oy. PSI

Allow CEIP

Insert password for PFX Certificate File

Insert a new (or reuse the old) password for the Root account (for access to UAG OS) and Admin account (for access to UAG WEB admin console)

Waiting to complete the UAG Deploy (You can check the process from the vCenter task)

Now the new UAG virtual appliance is up and running!! Test it and apply the same step for all UAG virtual appliances of your VMware Horizon Infrastructure.

Upgrade Unified Access Gateway

vSAN Skyline Health History

VMware with vSAN 7.0u2 introduced an interesting functionality on Skyline for reviewing the state of vSAN in the past time

The functionality is disabled by default, if I want to see the Health History I need to only check the correct option.

After enable it I can see all history

and I can select the red icon for to see what happened

On Jan 8, 12:08 we encountered a problem on a vSAN cluster HOST

It is possible to select the day to check the vSAN status, just select the correct date and time

vSAN Skyline Health History

Log4j, Horizon Connection Server Workaround

We continue to look at how to mitigate the log4j vulnerability, in this post we look at horizon connection servers in detail.
As indicated by the VMware KB


only the connection servers where the HTML Access Portal is active are vulnerable. But all versions are subject to vulnerability.
I recommend applying the workaround even if the HTML Access Portal is not active.
Again as indicated in the previously cited KB we have two possibilities:

  • Change the following registry key

1. Edit this registry value:
HKLM\Software\VMware, Inc.\VMware VDM\plugins\wsnm\TomcatService\Params\JVMOptions
2. Append a single space character followed by this text: -Dlog4j2.formatMsgNoLookups=true
3. Exit the registry editor and restart the Connection Server service or reboot the machine

  • Run the following script as administrator.
@echo off
setlocal
goto start
__________________________________________________

CVE-2021-44228 - Prevent log4j parameter expansion
Horizon Connection Server 7.x, 8.x
VMware, Inc. 2021
__________________________________________________

:start
set sigpath=HKLM\Software\VMware, Inc.\VMware VDM\plugins\wsnm\TomcatService
for /f "delims=" %%g in ('reg.exe query "%sigpath%" /v Filename') do set sigval=%%g
if "%sigval%"=="" goto notneeded
set killflag=-Dlog4j2.formatMsgNoLookups=true
set svcpath=HKLM\Software\VMware, Inc.\VMware VDM\plugins\wsnm\TomcatService\Params
for /f "tokens=2*" %%v in ('reg.exe query "%svcpath%" /v JVMOptions') do set svcval=%%w
echo %svcval%|find " %killflag%" >nul
if not errorlevel 1 goto notneeded
reg add "%svcpath%" /v JVMOptions /d "%svcval% %killflag%" /f
net stop wsbroker /y && net start wsbroker
echo Completed.
goto :EOF

:notneeded
echo Not required.
goto :EOF

I will proceed with the script.
I create a fix-log4j.bat file in the c: \ temp folder of my connection server and copy the script text to it.


I launch the command from a PowerShell with administrator rights:

I reboot the server

I verify that the workaround is applied by relaunching the bat file.

Obviously, I have to do this on all the Horizon Connection Servers present
in the Horizon infrastructure

Log4j, Horizon Connection Server Workaround

VMware Workstation Player and Port Forwarding

To configure a PortForwarding on Windows 10 to a VM hosted on VMware Player it is necessary to proceed as follows:

  • Configure a static IP address (not essential but recommended) use the DHCP reservation function present in the virtualization application
  • Configure port forwarding.

Configure DHCP Reservation

  • Retrieve the MAC Address assigned to the virtual machine to which you want a static IP
  • Modify (with Notepad running in Administrator mode) the vmnetdhcp.conf file present in C:\ProgramData\VMware by inserting the following lines:

Host <Name of virtual network> {

hardware ethernet <Mac Address in this format xx:xx:xx:xx:xx:xx;

fixed-address <ip address>*;

}

Example:

#Static IP WIN11 –> Comment to identify the VM

VMnet8 host {
Hardware Ethernet 00: 0C: 29: 41: E8: 0C;
fixed address 192.168.233.10;
}

Where in our case the VMnet8 is the one assigned by default to the “NAT” configuration of the VM network card

  • Restart the VMNETDHCP service
    net stop vmnetdhcp
    net start vmnetdhcp

Port Forwarding Configuration

  • Modify (with Notepad running in Administrator mode) the vmnetnat.conf file present in C:\ProgramData\VMware by inserting the following lines:
    <tcpPortSource> = <IPaddress VM>:<tcpPortDestination>

Example:
8889 = 192.168.233.10:3389

In this case, we follow an RDP session to the OS system hosting my VM using: 8889 I will access through RDS to my VM with IP 192.168.233.10

*To check the IP range to always use the vmnetdhcp.conf file and identify the correct network segment; In the case of my example the segment is 8 (VMnet8)

# Virtual ethernet segment 8

# Added at 11/10/21 23:49:40

subnet 192.168.233.0 netmask 255.255.255.0 {

range 192.168.233.128 192.168.233.254;            # default allows up to 125 VM’s

option broadcast-address 192.168.233.255;

option domain-name-servers 192.168.233.2;

option domain-name “localdomain”;

option netbios-name-servers 192.168.233.2;

option routers 192.168.233.2;

default-lease-time 1800;

max-lease-time 7200;

}

VMware Workstation Player and Port Forwarding

LDAP Identity source and vCenter

Whenever we installed a new vCenter the activity always included integration with Active Directory and normally IWA (Integrated Windows Authentication) was used.
Since vSphere 7.0 version this possibility has been deprecated
so it is good to start with the integration of the vCenter with Active Directory via LDAP.
In our case, we will use LDAPS which uses a certificate

For first the step we need to create the certificate:

  • Use SSH to vCenter connection

On shell use this command

openssl s_client -connect <DC FQDN>:636 -showcerts

Copy the certificate output with  —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—–

Past on Notepad and save with .crt extension

Now we will go to configure the Identity Sources on vCenter:

  • Login as Single Sign-On Administrator to vCenter
  • Navigate to Menu > Administration > Single Sign-On Configuration
  • In the Identity Provider tab, open Identity Sources
  • Click ADD
  • Select Active Directory over LDAP or OpenLDAP, depending on your directory type.

Fill out the remaining fields as follows:
Identity Source Name: Label
Base DN for users: The Distinguished Name (DN) of the starting point for directory server searches. Example: “DC=pollaio,DC=lan”.
Base DN for groups: The Distinguished Name (DN) of the starting point for directory server searches.
Domain name: Your domain name. Example: “pollaio.lan”
Domain alias: Your NetBIOS name. Example: “pollaio.lan”
Username: Domain user with at least browse privileges. Example: “pollaio\administrator”.
Connect to:  “ldaps://<DC FQDN>”.

  • Click Browse next to SSL Certificate
  • Select the .cer file created in before step
Now we are ready to login to the vCenter with domain user (remember to assign the correct permission to domain group or user group)

If you want check the correct use of SSL certificate on the authentication to Active Directory with LDAP connection check the websso.log:

LDAP Identity source and vCenter

VMware Skyline Advisor

 

VMware has had a product for a while now called VMware Skyline that provides proactive monitoring, analysis, and support for your VMware environment. It monitors your VMware installation and will notify you when issues arise.

Skyline Advisor will be available to customers and partners with active Production and Premier Support, VMware Success 360 and vRealize Cloud Universal subscriptions at no additional cost.

Create a Cloud Services Organization

Login with My VMware account associate to Production and Premier Support on the site:

https://console.cloud.vmware.com/
  •  After clicking Get Started, a new web browser page, or tab, will open. You will be asked to sign-in

with your VMware account. If you have an existing My VMware account, you can use those same

account details (email address/password) to sign in to Cloud Services.

  •  If you are existing VMware Cloud Services customer, you can choose an existing Cloud Services

Organization for Skyline. If you have never used VMware Cloud Services, click Create New

Organization.

  •  Enter a Organization Name.

Name your Organization something meaningful, that can be easily

referenced by both you, and VMware. For example, name your Organization after you Company, or

Business name. You can also append a line-of-business, division, or team, to the end of your

Company or Business name.

The following are example Organization Names:

The company, LOB, Company LOB, Company-vSphere, Company-Desktop

  • Enter an Address for your Organization.

Click Add Address. You can also choose an existing

address if one was found for your account. If you choose an existing address, skip to substep f.

During the creation of your Cloud Services Organization, your country currency, and Tax ID, may be

displayed. The displaying of this information is a construct of Cloud Services. Skyline is available at

no additional cost, and you will not be required to enter any payment details while adopting Skyline.

  • Select a Country from the drop-down menu.
  •  Enter your street address on Address Line 1, and Address Line 2 (optional).
  • Enter your City.
  • Enter your State/Province.
  • Enter your Zip/Postal Code.
  • Review the Cloud Services Terms of Service. Click the checkbox to agree to the Terms of Service.
  • Click Continue.

Now on service, we have Skyline Advisor, click on this service

Link the Entitlement

Now, after clicking on LINK, we have the correct status LINKED

 
Deploy Skyline Collector and configure the connection to Cloud Services
 
Now we download the Skyline collector
https://vmware.com/go/skyline-collector-download
 
Download VMware Skyline Collector 
Select Version: 
•roduct Downloads 
Product 
VMware Skyline is an innovative proactive support offering that brings high-performing technology and tools to the workbench to 
radically transform customer support 
Automatically and securely collect product usage data with VMware Skyline Collector. Environment-specific analytics based on 
configuration, feature, and performance data are executed against this data. The resulting information may radically improve 
Read More 
Product Resources 
View My Download History 
Product Info 
Documentation 
Community 
Drivers & Tools 
Open Source 
Custom ISOS 
VMware Skyline Collector 28.0 
OEM Addons 
Release Date 
2021-07-15 
GO TO DOWNLOADS
 
To deploying the Skyline Collector Virtual appliance on our vSphere infrastructure we have need:
 
Resource Requirements 
vCPU 
RAM 
Disk Space 
87Ga (1.1 thin- 
provisioned)
 
And these are the Network Requirements
 
External Network Requirements 
Connection From 
Skyline Collector 
Skyline Collector 
Connection To 
vcsa_vmwarecom 
vapp-updates_vmwarecom 
Type 
H TTPS 
H TTPS 
Protocol 
T CP/1p 
T CP/1p 
Protocol 
TCP/Ip 
TCP/Ip 
TCP/Ip 
TCP/Ip 
TCP/Ip 
TCP/Ip 
TCP/Ip 
TCP/Ip 
TCP/Ip 
TCP/Ip 
443 
443 
Internal Network Requirements 
Connection From 
Skyline Collector 
Skyline Collector 
Skyline Collector 
Skyline Collector 
Skyline Collector 
Skyline Collector 
Skyline Collector 
Skyline Collector 
Skyline Collector 
Web Browser 
Connection To 
vCenter Server 
ESXi Hypervisor Hosts 
5.5 psc/sso Provider 
6.0 and above psc/sso 
Provider 
NSX-V Manager 
NSX-T Manager nodes cluster 
virtual P address (VIP) 
Horizon Connection Server 
vRedlize Operations Manager 
SDDC Manager 
Skyline Collector 
Type 
443 
443 
443 
443 
443 
443 
443 
443 
443
 
 
 
 
Account permission for vCenter, we need to create a Domain Account to use to permit access to vCenter from skyline.
 
• vCenter Server Read-Only role 
• GlobalDiagnostics 
• Globalkealth 
• GlobalLicenses 
• GlobalSettings 
• Host profile.View
Let’go we are starting with the OVF Deploy
Deploy OVF Template 
1 Select an OVF template 
2 Select a name and folder 
3 Select a compute resource 
4 Review details 
5 Select storage 
6 Ready to complete 
Select an OVF template 
Select an OVF template trom remote URL or local file system 
Enter a URL to download and install the OVF package trom the Inn 
location accessible trom your computer, such as a local hard drive. 
CD/DVD drive. 
O URL 
@ Local file 
Scegli i file
 
 
 
 
Deploy OVF Template 
1 Select an OVF template 
2 Select a name and folder 
3 Select a compute resource 
4 Review details 
5 Select storage 
6 Ready to complete 
Select a compute resource 
Select the destination compute resource for 
v VDICEDB 
v VDlRPLcluster 
Phesx07.
 
 
 
 
 
 
Deploy OVF Template 
1 Select an OVF template 
2 Select a name and folder 
3 Select a compute resource 
4 Review details 
5 License agreements 
6 Select storage 
7 Select networks 
8 Customize template 
9 Ready to complete 
Template name 
Download size 
Size on disk 
Folder 
Resource 
Storage mapping 
All disks 
Network mapping 
Network I 
IP allocation settings 
IP protocol 
IP allocation 
Properties 
557.6 MB 
87.0 Ga 
austerVSAN 
Policy: Stretched Mirror - No space reservation No Local Protection; Datastore: vsanDatastore; Format: A 
s defined in the VM storage policy 
DPG-IT 
1 pv4 
Static - Manual 
Default Gateway = 
Domain Name = VISKYOI 
Domain Search Path 
Domain Name servers = 172 16 
Network 1 P Address = 172 16 20.33 
Network 1 Netmask = 255 
CANCEL 
BACK 
FINISH
 
 
 
 
You must change your password on first login. 
Old Password 
New Password 
Repeat New Password 
CHANGE 
@ Your password was changed successfully! 
LOGIN AGAIN 
Password Requirements 
• Minimum length: 8 characters 
• One uppercase letter. 
• One special case letter 
• One digit. 
• One lowercase letter.
 
Skyline Collector 
admin 
For Active Directory login username format must be "user@domain" 
LOG IN
 
 
 
After deployed the Connector virtual appliance we need to configure the Skyline Collector for communicating with Cloud Services
 
 
After you have finished Linking Entitlement Accounts to your Cloud Services Organization, click Skyline Collector Setup. 
O COLLECTOR SETUP
 
 
Initial Configuration 
1 Network Configuration 
CELP Terms and Conditions 
Collector Registration 
Continue Configuration 
Collector Name 
6 Auto-upgrade 
Configure vCenter Server 
8 Configure NSX-V (optional) 
Configure NSX-T (optional) 
10 Configure Harizor View (op-.iona , 
Configure *'Realize Operations 
Network Configuration 
Hostname Verification 
By enabling Hostname Verification you add an additional check 
This will ensure the client is connecting to the appropriate server 
"subjectAItName" fields against the host in the URL of the conne 
NOTE: Enabling this option will likely break any traffic intercept 
generating certificates correctly. 
Hostname Verification 
Proxying 
Proxy 
TEST & SAVE 
C) Enabled 
Disabled
 
Test the network configuration
@ Successfully set Network Configuration!
 
Initial Configuration 
1 Network Configuration 
2 CEIP Terms and Conditions 
Collector Registration 
Cortinue Configuration 
Collector Name 
6 Auto-upgrade 
Configure vCenter Server 
8 Configure NSX-V (optional) 
Configure NSX-T (optional) 
10 Configure Harizor View (optional 
Customer Experience Improvement Program (CEIP) 
As part of the Enhanced Customer Experience Improvement Program ("CEIP"), VMware Skyline collects 
certain technical data and product logs about your organization's use of VMware products and services 
on a regular basis. The data collected may include device identifiers and information that identifies your 
users. This data is collected to enable VMware to diagnose and improve its products and services, fix 
product issues, provide proactive technical support and to advise you on how best to deploy and use 
our products 
For additional information regarding the CEIP, please see the Trust & Assurance Center at 
https://wwwvmware.com/solutions/trustvmware/ceip_ 
By configuring your VMware products to participate in the Skyline service, each product will be enabled 
to send product usage data to the Skyline services as part of the Enhanced Customer Experience 
Improvement Program. You may add, remove or modify your product configurations at any time. For 
detailed instructions see our Skyline Collector User Guide 
To disable participation in the Customer Experience Improvement Program, you must Deregister this 
Skyline Collector. For instructions how to Deregister a Skyline Collector, see VMware Knowledge Base 
Article 74677.
 
And now we have to insert the token create on Cloud Service
 
Initial Configuration 
2 
3 
6 
8 
Network Configuration 
CEP Terms and Conditions 
Collector Registration 
Continue Configuration 
Collector Name 
Auto-upgrade 
Configure vCenter Server 
Configure NSX-V (optional) 
Configure NSX-T (optional) 
Collector Registration 
VMware Skyline is now part of VMware Cloud Services. VMware Cloud Services uses the concept of 
"Organizations" to provide controlled access to one or more services. 
You can create an "0rganization" on the VMware Cloud Services Platform by following the steps 
described in the link below: 
You can generate a token on VMware Cloud Services Platform and enter it below in order to associate 
your Skyline Collector to the Organization. 
Collector Registration Token 
Paste Collector Registration Token Here
 
Get Token from Vmware Cloud Services Platform

VMware Cloud Services

I have already configured my organization

Copy and paste the token on Skyline Connect and register it.

Add source Data to Skyline Advisor

After complete the step 5 and 6 (I suggest to enable the auto-upgrade), we can access to skyline collector to configure the connection to vCenter (or multiple vCenter)

Go to https://<mySkylineCollectorFQDN/

Select Add a vCenter  Server

Use the Account AD to whom assign the correct permission on vCenter

We are able to see the vSphere infrastructures if we access on Skyline Advisor Service on Cloud Service Link

https://console.cloud.vmware.com/

Now we will be waiting….. for data populate (72 hours for Findings)

After 72 hours we are able to see all info   (wow I see six Critical alerts :-))

VMware Skyline Frequently Asked Questions (55928)

Skyline Collector User Accounts and Permissions (vmware.com)

VMware Skyline Advisor