Capture Code – vSphere Web Client

One of the conveniences of administering VMware solutions is being able to use code to create scripts to perform repetitive tasks or automate processes

One of the vSphere Web Client features that can help those new to the PowerCli is the Capture Code, it basically allows you to list and save the Powercli commands of the actions you are doing with the vSphere Web Client.

To activate it just access the vSphere Web Client, from the Menu select Developer Center

Select Code Capture and enable it by placing the “Enable Code Capture” flag on the right (which turns green)

At this point, a space will appear in our frame where the commands will be listed with some operations, such as Clear and start another, Copy and Download

Where the Download option generates you the ps1 file with the Powercli commands of the recorded operations

To start and stop a recording session you can use the buttons:

Or the red button that appears at the top of the WebClient once “Enable Code Capture” is enabled

Bye

Capture Code – vSphere Web Client

Ingest your VMware VCSA Appliance logs into Azure Sentinel

In an old post, I described how to send ESXi logs to Azure Log Analytics to ingest at Azure Sentinel, now I describe Step to Step how to send vCenter logs.

The first step is to do step by step this configuration:

After this we need to:
  • Change to the settings of VCSA Appliance to send the logs to Syslog Gateway Server
  • Configure the Log Analytics Agent, installed on Syslog Gateway Server to process the Facility Local0
  • Change la function VMwareESXi (It was created for ESXi Log check my old post) or create a query custom to parse the log on Azure Log Analytics

Change to the settings of VCSA Appliance to send the logs to Syslog Gateway Server

For configuring the VCSA you can use this VMware KB

Forward vCenter Server Log Files to Remote Syslog Server (vmware.com)

Protocol and port depend on your infrastructure configuration (you need to enable communication from VCSA to Syslog Gateway Server on the select TCP/UDP port)

and enable send events (it is enabled by default, but a check is a good idea)

Configure Streaming of Events to a Remote Syslog Server (vmware.com)

Now you can connect to the Syslog Gateway Server and check if the Syslog server received the logs from the VCSA Appliance

Use SSH to connect at the Syslog Gateway Server and use this command

cat /var/log/syslog | grep <fqdn vCenter> | more

in my situation

cat /var/log/syslog | grep vcenter | more

Configure the Log Analytics Agent, installed on Syslog Gateway Server to process the Facility Local0

Connect to Azure Portal and on Azure Log Analytics Service enable the correct facility (local0)

After 10/15 minutes the new configuration will be applied on Syslog Gateway Server (you can check the file /etc/rsyslog.d/95-omsagent.conf on Syslog Gateway)

Change the VMwareESXi function (It was created for ESXi Log check my old post) or create a query custom to parse the log on Azure Log Analytics

Finally, you can query the data on Azure Log Analytics

Syslog | where HostName contains “<FQDN vCenter>”

or optionally you can edit the function create for Ingest ESXi log (check my old POST) and insert the vCenter FQDN Name in the same position where there is the ESXi FQDN Name.

Currently, on Azure Sentinel there are no specific Workbooks for VMware, all queries are to be created

Ingest your VMware VCSA Appliance logs into Azure Sentinel

Check HW VMware Compatibility Matrix

I need to check the Compatibility Matrix for the network IO device of ESXi HOST

Connect to ESXi with SSH and start this command

vmkchdev -l | grep vmnic

and the value are:

If you want check storage IO device change vmnic to vmhba

Determining Network/Storage firmware and driver version in ESXi (1027206) (vmware.com)

Check HW VMware Compatibility Matrix

VMware Horizon 2106

VMware a few days ago released a new Horizon Version.
The new build 2106 (8.3) brings with it some very interesting features from some relating to the security of intellectual property to those related to the Teams collaboration tool, here is a list of those that I consider the most interesting:

  • Implementation of GPO for blocking the ability to take screenshots of VDI sessions from Windows and MAC Clients
  • Possibility in the instant clone to use the Microsoft Sysprep (this function slows down the deployment of an IC by performing a series of reboots)
  • Functionality for applications of run indefinitely
  • Possibility to use TrueSSO SAML authentication for non-Trust domains
  • Horizon Agent has support for Windows Server 2022 (Currently in Preview)
  • The Horizon Client for Linux has the optimization for Teams (as in some versions the functionality for the Windows client was present)
  • Cloud Burst support to extend your on-prem workload to the Cloud in case of a high load.

More details in this video

VMware Horizon 8 (2106) What’s New – YouTube

VMware Horizon 2106

Horizon Web Client Customization

In the past, I’ve talked about how to customize the Horizon Web Client login page. Normally when you log in you are asked whether to continue with the Web Client or download the Windows client, if required we can omit this page.

To do this you need to change the following value:

enable.download=true

setting it as false

this parameter is found in the file portal-links-html-access.properties in the connection server folder C:\ProgramData\VMware\VDM\portal, if you have a connection server cluster you have to do the switch on all servers

Horizon Web Client Customization

Hardening VMware vSphere 7

Non sono certo io a dover spiegare che parlare di security è ormai entrato nel day by day dei consulenti dei manager IT. Anche VMware da alcuni anni sta rilasciando  guide di come rafforzare l’hardening degli ambienti vSphere. Ormai è da diffidare di chi considera l’installazione  di ESXi e vCenter come dei semplici avanti avanti avanti ….

Riporto qui sotto il link alla guida di VMware per l’hardening degli ambienti vSphere 7 comprensivo anche dei dettagli dei parametri da configurare e  dei comandi per modificarli.
Hardening VMware vSphere 7

Horizon Personalizzazioni WEB

È possibile eseguire delle personalizzazioni relative alla pagina HTML di accesso ai Connection Broker:

 

 

Nel dettaglio:

 

·         Background  

C:Program FilesVmwareVMware ViewServerbrokerwebappsportalwebclienticons-5622958bg_image.jpg

·         Icona Horizon 

C:Program FilesVmwareVMware ViewServerbrokerwebappsportalwebclienticons-5622958logo.png

·         Testo  VMware

C:Program FilesVmwareViewServerbrokerwebappsportalWEB-INFclassescomvmwarevdiinstalleri18nbundle_en.properties

  

Horizon Personalizzazioni WEB