VMware to Acquire Bitnami

VMware announces intent to acquire Bitnami, a leader in application packaging for multi-cloud environments. Find out how #Bitnami will help #VMware accelerate our #multi-cloud and #Kubernetes offerings and efforts!

VMware to Acquire Bitnami

Organizations today are on a multi-cloud journey, and VMware is committed to investing in solutions that address the core needs of our customers. In that spirit, VMware is announcing its intent to acquire Bitnami, a leader in application packaging solutions providing the largest catalog of click-to-deploy applications and development stacks for major cloud and Kubernetes The post VMware to Acquire Bitnami appeared first on VMware Cloud Community.


VMware Social Media Advocacy

Exchange: ActiveSync for Admins

While having an admin account for your primary mailbox isn’t a great idea for a lot of good reasons, it is sometimes helpful to have for testing.

If you happened to get your admin account by copying the default admin account in AD or maybe you copied another admin you may notice that you mailbox doesn’t work on your phone. I’ve seen people freak out during maintenance windows “testing” with their admin account and finding that mobile access isn’t working. There are two things that you can do to fix this.

  1. Stop coming up with the test during the maintenance window. I have had good experience putting them in the change request so that everyone is on the same page for how success is measured. This also means that if the change doesn’t work it was because X failed not because YOU failed. Perception can go for a lot and change windows can have a lot of moving parts.
  2. The issue with the mailbox/account is probably that inheritance is not enabled on the account. This is not enabled by default for the admin account. Follow the steps below to enable it.

Enable inheritance on a user account

  1. Open Active Directory Users and Computer
  2. Enable Advanced Features in the View menu
    • SNAG-0000.png
  3. Open the properties of the affected admin account
    • Select the Security tab and click the advanced button
    • SNAG-0001.png
  4. Now we get to see the magic button!!! Click enable
    • SNAG-0002.png
  5. You may get a warning if there are going to be a lot of additional ACLs applied. Not to worry its only our admin account 🙂 you didn’t tie it to anything else did you?
    • SNAG-0003.png
  6. Click apply or OK to save everything and close out
  7. For this I forced an AD sync to make sure that my change went out to all the servers, is was successful
    • SNAG-0004.png
  8. Success!!!
    • It took a few minutes for my phone to update but it works now
    • img_0381

 

Switch vDS PGs to LAG uplink

Recently I needed to configure LACP on a distributed switch that was already setup. With about 20 PortGroups (VLANs) already configured, the idea of clicking through each one to update the uplinks to the LAG from the standard uplinks sounded really boring.

I found this post by Ben Liebowitz on automating the creation of new port groups and stole the peices that I needed to just update the PortGroup active uplinks. So here it is.

Get-VDSwitch vDS-SwitchName |Get-VDPortgroup |Get-VDUplinkTeamingPolicy |Set-VDUplinkTeamingPolicy -UnusedUplinkPort "Uplink 1","Uplink 2","Uplink 3","Uplink 4" -ActiveUplinkPort lag1

Afterwards, I realised that it also updated the the active uplinks on the uplink port group. This change is not visible in the GUI and I’m not sure what the impact of this is but I figured that reverting it back was the best plan. So here is the command for that, if you were going to roll this out multiple times it would probably be a good idea to filter the above command based on the name of the uplink portgroup to avoid this change.

Get-VDSwitch vDS-SwitchName |Get-VDPortgroup vDS-SwitchName-DVUplinks |Get-VDUplinkTeamingPolicy |Set-VDUplinkTeamingPolicy -UnusedUplinkPort "Uplink 1","Uplink 2","Uplink 3","Uplin
k 4",lag1

Clear HA alarm on all VMs

Recently I ran into an issue where HA triggered on a cluster but failed. This generated an alert on several hundred VMs. Hating to click each one to reset the alarm that wasn’t clearing I found the following solution.

  1. PowerCLI to vCenter
  2. Run the following command to disable the alarm
  3. Get-AlarmDefinition "vSphere HA virtual machine failover failed" |Set-AlarmDefinition -Enabled:$false
  4. The alarm should clear almost instantly for all VMs
  5. Re-enable the alarm
  6. Get-AlarmDefinition "vSphere HA virtual machine failover failed" |Set-AlarmDefinition -Enabled:$true

Bi-Directional Packet Capture on ESXi

I recently ran into an issue where we needed to capture some packets from the vmk interface on a Nutanix/vSphere host. I found this great utility for that, pktcap-uw, however it only captures traffic in one direction by default. Thankfully I found someone with the info on how to run both incoming and outgoing captures at the same time.

  1. SSH to the host
  2. Update the cmd below to reflect your vmk port or whatever you are trying to capture
  3. Run this cmd
  4. pktcap-uw --vmk vmk0 --dir 0 -o /tmp/vmk0_in.pcap & pktcap-uw --vmk vmk0 --dir 1 -o /tmp/vmk0_out.pcap &
  5. Shut down the capture after your done with this cmd
  6. kill $(lsof |grep pktcap-uw |awk '{print $1}'| sort -u)
  7. Use WinSCP to connect to the host
  8. Copy vmk0_in.pcap & vmk0_out.pcap files from /tmp/*
  9. Save them somewhere useful
  10. Open in wireshark
  11. Click File > Merge > pick the 2nd file
  12. And you should be presented with a capture with both incoming and outgoing packets.

Using the pktcap-uw tool in ESXi 5.5 and later (2051814)

@beandrew – his reply is what got this working for me

Securing VMs

So you enabled the vSphere Compliance module in vRealize Operations Manager and now your VMs are all reporting the following alert.

“Virtual Machine is violating Risk Profile 1 in VMware vSphere Security Configuration Guide”

Viewing the details shows symptoms similar to the following:

0017

I’m not going to cover the details on what each setting does but for the most part these are safe to run, however if your are concerned about what it might do you should test it for yourself.

Note: This will not remove the floppy drive since the VM needs to be powered down and I didn’t need to disable that for many of the VMs when I built this.

#Selecting the target VMs
$vms = Get-VM
#Looping through each VM and setting the value, to rollback change TRUE to FALSE and re-run the script
foreach ($vm in $vms) {
New-AdvancedSetting -Entity $vm -Name isolation.bios.bbs.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.device.connectable.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.device.edit.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.ghi.host.shellAction.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.autoInstall.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.diskShrink.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.diskWiper.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.dispTopoRequest.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.getCreds.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.ghi.autologon.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.ghi.launchmenu.change -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.ghi.protocolhandler.info.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.ghi.trayicon.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.guestDnDVersionSet.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.hgfsServerSet.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.memSchedFakeSampleStats.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.trashFolderState.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.unity.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.unity.push.update.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.unity.taskbar.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.unity.windowContents.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.unityActive.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.unityInterlockOperation.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.vixMessage.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.tools.vmxDnDVersionGet.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name isolation.monitor.control.disable -Value TRUE -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name tools.setInfo.sizeLimit -Value "1048576" -Confirm:$false -Force:$true
New-AdvancedSetting -Entity $vm -Name vmci0.unrestricted -Value FALSE -Confirm:$false -Force:$true
Get-CDDrive -VM $vm |Set-CDDrive -StartConnected:$false -NoMedia -Connected:$false -Confirm:$false
}