Skip navigation

Blog Posts

Total : 4,381

Blog Posts

1 2 Previous Next

VxRailなど、PowerEdge上にESXiをInstallしている場合、トラブルシューティングや初期構築などでiDRACの仮想コンソールに接続することはしばしばあると思います。

先日、ESXiのInstall用途で、iDRACの仮想コンソールにJavaで接続しようとしたら、エラーになって接続できないことがありました。

 

結論からいうと、iDRACのFWをUpdateするか、Javaのセキュリティファイルの設定を書き換えることで解決できました。

その時のトラブルシューティングを記します。

 

 

事象

キャプチャをとればよかったのですが、残念ながら取り損ねてしまいました。

英語でのキャプチャが欲しかったので後で事象を再現させて取ればよい、と楽観していたところ再現しなくなってしまったので取れずじまいです。

 

事象としては、idracの仮想コンソールにJavaで接続しようとした際に、Javaのアプレット(?)が起動した直後に「ビューワが切断された~」みたいなメッセージがでて接続できないという事象でした。

 

トラブルシューティング

Javaのコンソールやトレースを有効化する

Javaのエラーを見れば何かわかる、と思ったのでJavaのコンソールやロギングを有効化しました。

有効化は、コンパネからJavaのコントロールパネルを開き、AdvancedタブからConsoleやLoggingやTracingのチェックを入れればいいだけです。

1.PNG

 

事象を再現してログをみる

コンソールとロギング・トレーシングの設定をしたら、もう一度事象を再現させて、ログを見ればよいです。

実際に記録されていたログは以下です。

2020年2月19日

4:07

 

 

Java Web Start 11.241.2.07

Using JRE version 1.8.0_241-b07 Java HotSpot(TM) Client VM

JRE expiration date: 20/05/17 0:00

console.user.home = C:\Users\Administrator

----------------------------------------------------

c:   clear console window

f:   finalize objects on finalization queue

g:   garbage collect

h:   display this help message

m:   print memory usage

o:   trigger logging

p:   reload proxy configuration

q:   hide console

r:   reload policy configuration

s:   dump system and deployment properties

t:   dump thread list

v:   dump thread stack

0-5: set trace level to <n>

----------------------------------------------------

Missing Application-Name manifest attribute for: https://ip.ex.am.ple:443/software/avctKVM.jar

replace numpad

** Max Size: W = 1920 H = 1040

** Window Pref Size: W = 1040 H = 823

** Max Size: W = 1920 H = 1040

** Window Pref Size: W = 1040 H = 823

JNLPClassLoader: Finding library VMAPI_DLL.dll

JNLPClassLoader: Finding library jawt.dll

JNLPClassLoader: Finding library avctKVMIO.dll

ProtocolAPCP.receieveSessionSetup : v1.2 APCP = true

APCP Version = 259

 

 

 

 

Supported protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]

 

 

 

 

Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]

 

 

 

 

Supported ciphers: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

 

 

 

 

Enabled ciphers: [SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5]

 

 

 

 

Exception in server handshake

javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

at sun.security.ssl.Handshaker.activate(Unknown Source)

at sun.security.ssl.SSLSocketImpl.kickstartHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at com.avocent.d.a.a.a(Unknown Source)

at com.avocent.d.a.a.a(Unknown Source)

at com.avocent.d.a.a.b(Unknown Source)

at com.avocent.d.d.b.a(Unknown Source)

at com.avocent.a.b.w.g(Unknown Source)

at com.avocent.a.b.w.a(Unknown Source)

at com.avocent.app.c.l.m(Unknown Source)

at com.avocent.app.c.l.e(Unknown Source)

at com.avocent.idrac.kvm.a.e(Unknown Source)

at com.avocent.idrac.kvm.Main.a(Unknown Source)

at com.avocent.idrac.kvm.Main.main(Unknown Source)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at com.sun.javaws.Launcher.executeApplication(Unknown Source)

at com.sun.javaws.Launcher.executeMainClass(Unknown Source)

at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)

at com.sun.javaws.Launcher.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

at sun.security.ssl.Handshaker.activate(Unknown Source)

at sun.security.ssl.SSLSocketImpl.kickstartHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at com.avocent.d.a.a.a(Unknown Source)

at com.avocent.d.a.a.a(Unknown Source)

at com.avocent.d.a.a.b(Unknown Source)

at com.avocent.d.d.b.a(Unknown Source)

at com.avocent.a.b.w.g(Unknown Source)

at com.avocent.a.b.w.a(Unknown Source)

at com.avocent.app.c.l.m(Unknown Source)

at com.avocent.app.c.l.e(Unknown Source)

at com.avocent.idrac.kvm.a.e(Unknown Source)

at com.avocent.idrac.kvm.Main.a(Unknown Source)

at com.avocent.idrac.kvm.Main.main(Unknown Source)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at com.sun.javaws.Launcher.executeApplication(Unknown Source)

at com.sun.javaws.Launcher.executeMainClass(Unknown Source)

at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)

at com.sun.javaws.Launcher.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

CoreSessionListener : connection failed

in CoreSessionListner : fireOnSessionStateChanged

KVM session state SESSION_FAILED

Javaのログを見慣れない人でも何となく赤くした部分を最初に見るのではないかと思います。

その部分を見ると何やらProtocalだか、Cipher Suiteだかが適切でないように思えてきますね。

 

Javaのセキュリティ設定を緩めにしてみる

Googleで、「Java Cipher Legacy」とかでググってみたところ、どうやら設定ファイルをいじると古いプロトコルも使えるようです。

以下の場所ファイルを編集して、ProtocolとかCipherをDisableにしている行を片っ端からコメントアウトしてみました。

もちろん編集前にバックアップを取っておくべきことは言うまでもありません

 

C:\Program Files (x86)\Java\<java version>\lib\security\java.security

 

実際には以下の項目をコメントアウトしました。

※コメントアウトした行のみを抜粋

##jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \

##    RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

 

##jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, DSA keySize < 1024

 

##jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \

##    EC keySize < 224, 3DES_EDE_CBC, anon, NULL

 

 

コメントアウトしたのちに、再度接続を試みました。

 

接続成功!!

今度はエラーで切断されることなく接続することができました。

その際のJavaコンソールの出力は以下(ProtocalとCipherの部分のみ抜粋)でした

 

Supported protocols: [SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2]

 

Enabled protocols: [SSLv3, TLSv1, TLSv1.1, TLSv1.2]

 

Supported ciphers: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_256_GCM_SHA384, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256, TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_ECDH_anon_WITH_RC4_128_SHA, SSL_DH_anon_WITH_RC4_128_MD5, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_DH_anon_EXPORT_WITH_RC4_40_MD5, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5]

 

Enabled ciphers: [SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5]

失敗していた時とのログを見比べると、Enabled ProtocalでSSLv3が増え、Supported Cipherの項目も内容が大きく増えていることがわかります。

その結果、Enabled cipherとSupported Cipherで共通するCipherが現れました。

 

想像ですが、JavaのCipherに関する設定を緩くしたことでEnabled とSupportedの内容で一致するものが出てきたことで接続できるようになったものと思われます。

 

iDRACをFWのUpdateをしたら再現しなくなった

ESXiのInstallとFWのUpgrade作業を終えた後に再度事象を再現させようとしたところ、設定ファイルを戻しても再現しませんでした。

おそらく、FWのUpgradeにiDRACのUpdateが含まれており、それによりJavaのアプレットも更新されたことでCipherの問題が出なくなったと想像してます。

 

JavaのVersionにも依存?

きちんと切り分けをしたわけじゃないですが、いくつかの端末では設定ファイルをいじらなくても接続できるものがありました。(iDRAC Update前)

おそらくは、端末にインストールされているJavaのVersionによってはセキュリティ設定のデフォルト値などの関係で影響を受けずに接続できるものと思われます。

(そうじゃないといろいろおかしい)

 

まとめ

新しいJavaと古いiDRAC FWの組み合わせで、仮想コンソールにJavaアプレットで接続できない場合があることがわかりました。

解決方法としては、iDRAC FWをUpdateするか、Javaのセキュリティファイルをいじって古いプロトコルや暗号方式を有効化することで回避できます。

JavaのVersionを古いもの(理想はiDRAC FWのリリース当時のJava)にすることでも解消できそうですが、未検証です。

Ce mois de Janvier voit sortir en GA la version 3.9.1 de VCF

VMware y incorpore :

 

– Application Virtual Networks

– Les API supporte plusieurs pNICs et VDS

– La GUI de Cloud Builder est updatée

– Developer Center

– Petits trucs en plus :

– Supports du SSO Management Domain Convergence pour VxRail.

– Support pour L3 vSAN en stretched et normal pour VxRail

GUID-E18597BE-0F15-4FE7-9059-83B1E582F742-high.png

Application Virtual Networks :

Ou Réseaux Virtuels d’Applications, sont des réseaux qui vont permettent la gestion des migration ou déplacement de réseaux en version « SDN », pour faciliter les PRA et migrations.

L’installation de AVN sera obligatoire pour les nouvelles installation de VCF les update le proposerons en options

AVN-Blog-Figure-2.png

Les API supporte plusieurs pNICs et VDS

3 VDS et 6 cartes physique sont maintenant supportées dans la version 3.9.1

 

La GUI de Cloud Builder est mise à jours

De meilleurs rapports et une GUI repensée et plus fluide pour les Wizard

 

Developer Center

Les API maintenant accessibles directement par le SDDC Manager Dashboard.

After knowing how to upload alpha/beta/prod versions in the Google Play console, the next question is how to relate the priorities in UEM with the tracks in Play console. Given the scarce documentation, I admit I was very confused on how this should work. If in UEM, device is assigned first to Alpha track and in Play console the track is empty, does the device go see if it's also assigned to Beta? Do the priorities in UEM matter? Does the version code in Play console matter?

 

Well, here's the breakdown! (Disclaimer: applies to Workspace ONE UEM 1909 and above)

 

Prerequisite: Work Managed Enrollment Type needs to be set to device-based in Groups and Settings\ Devices & users\ Android\ Android EMM Registration\ Enrollment Settings. This ensures a different GoogleID record is generated per device, and so different app versions from the Managed Play console can be assigned.

 

1. In UEM, let's assign the app in this priority: Alpha (0) > Beta (1) > Prod (1)

2.  For each of the devices the app is assigned to, UEM gets the FIRST track it is assigned to and passes this info to the Play console. For example:

Device A --> Alpha Track

Device B --> Beta Track

Device C --> Production Track

 

3. On the Play console side, when a device is assigned to a track (Alpha/Beta), it is also approved for the Production track. Devices assigned to Production just gets approved for Production. The device will then receive the highest version among the tracks it is approved for.

 

4. Bonus scenarios:

  • When a Production track has a higher version than Alpha/ Beta, the lower version/s gets "superseded".
  • An alpha/ beta app can be released to Production. This results in the app being "promoted".
  • For both scenarios above, rule that the device will receive the highest version among the tracks it is approved for applies.

 

5. Let's try the scenarios with devices A, B, and C. The items in red for the tracks are the changes in Play console. The items in blue at the bottom of the table means there was a resulting change in version installed on the device.

 

Action Done

Released 1.1/1.2

to Alpha/Beta

Released 1.3

to Prod

Released 2.1

to Alpha

Released 2.2

to Beta

Promote 2.2

to Prod

Released 2.3

to Alpha

TrackState 1State 2State 3State 4State 5State 6State 7
Alpha(empty)1.1superseded2.12.1superseded2.3
Beta(empty)1.2supersededsuperseded2.2promotedpromoted
Prod1.01.01.31.31.32.22.2
Device
A1.01.11.32.12.12.22.3
B1.01.21.31.32.22.22.2
C1.01.01.31.31.32.22.2

 

Note:

Pre 1909, whitelisting behavior from UEM to Play console is different such that in item 2, behavior is as follows:

Device A --> Alpha Track --> Alpha, Beta, and Prod tracks approved

Device B --> Beta Track --> Beta and Prod tracks approved

Device C --> Production Track --> ONLY Prod track approved

Same Play console rule applies: The device will receive the highest version among the tracks it is approved for.

 

Below is the sample behavior pre-1909

 

Action Done

Released 1.1/1.2

to Alpha/Beta

Released 1.3

to Prod

Released 2.1

to Alpha

Released 2.2

to Beta

Promote 2.2

to Prod

Released 2.3

to Alpha

TrackState 1State 2State 3State 4State 5State 6State 7
Alpha(empty)1.1superseded2.12.1superseded2.3
Beta(empty)1.2supersededsuperseded2.2promotedpromoted
Prod1.01.01.31.31.32.22.2
Device
A1.01.21.32.12.22.22.3
B1.01.21.31.32.22.22.2
C1.01.01.31.31.32.22.2

 

 

Special thanks to Jason Huang, Kevin Murray, Glen Friedman, and Michael Gow for helping breaking down the components with me. Also Scott Arndt for the note on device-based enrollment type.

 

11 Feb 2020 - First published

16 Feb 2020 - Added note that Work-Managed enrollment type in UEM should be set to device-based

Try to Converge your external PSC to Embedded as mentioned in below steps.

 

1. Please mount vCenter ISO with same version as you have on vCenter/PSC.

 

2. Click on "Home" >>> Menu >>>Click on "Administration"

 

3. Click on "System Configuration"

 

4. Select vCenter "vCenter Server with external Platform Services Controller"

 

5.Click on "CONVERGE TO EMBEDDED"

 

6. It will give below warning:-

 

 

"vCenter Server downtime

Converging this node will restart all the vCenter Server services on it making it inaccessible until the operation is complete"

 

7. Click on proceed

 

8. Enter SSO (Single Sign-On) User Name & Pwd

 

9. Don't change "Skip AD Join"

 

10. Acknowledge it .

 

11. Click on "CONVERGE"

 

12. Monitor it for few min.

 

13. It will give vCenter Server downtime alert (The vCenter Server services will be restarted and might take a few minutes to complete. You will be logged out during this operation. Monitor the progress of the convergence from the CLI or any linked vCenter Server)


Be Patience!!!

 

14. Wait for sometime to come your vCenter back  check via ssh with below cmd (it shouldn't show services in "StartPending")

 

service-control --status --all

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Stopped:

vmcam vmware-imagebuilder vmware-mbcs vmware-netdumper vmware-rbd-watchdog vmware-vcha vsan-dps

Running:

applmgmt lwsmd pschealth vmafdd vmcad vmdird vmdnsd vmonapi vmware-analytics vmware-certificatemanagement vmware-cis-license vmware-cm vmware-content-library vmware-eam vmware-perfcharts vmware-pod vmware-postgres-archiver vmware-rhttpproxy vmware-sca vmware-sps vmware-statsmonitor vmware-sts-idmd vmware-stsd vmware-topologysvc vmware-updatemgr vmware-vapi-endpoint vmware-vmon vmware-vpostgres vmware-vpxd vmware-vpxd-svcs vmware-vsan-health vmware-vsm vsphere-client vsphere-ui

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

15. When all services are come up then login back in your vCenter via  https://vCenterIP or FQDN/

 

16.  Go back to below options:-

 

Administration >>> System Configuration >> and you will see that conversion has been completed.

 

"vCenter Server with embedded Platform Services Controller"
Screenshot from 2020-02-06 23-21-01.png

 

17. Now Select PSC Controller >> DECOMMISSION PSC.


Alert ##### vCenter Server downtime (Decommissioning this node will restart all the vCenter Server services. The vCenter Server will be inaccessible until the operation is complete)

 

 

18. Click on Proceed.

 

19. Click on "View Thumbprint" >> Enter "SSO Credentials" >> Acknowledge it >> Click on "DECOMMISSION"

Screenshot from 2020-02-06 23-18-15.png

 

20. Monitor it for few min.

 

21. On 50% it will give message like this.

 

 

"External Platform Services Controller node shutdown successful"

 

 

Be Patience!!!

 

22. vCenter Services will go down now and you need to wait to come services up

 

via ssh >>>  service-control --status --all

 

23. When all services come up, login in vCenter again via https://vCenterIP or FQDN/

 

24. Validate only vCenter Component will show under.

 

Administration >>> System Configuration >> and you will see vCenter with Embedded only .

 

"vCenter Server with embedded Platform Services Controller"

 

 

 

That's it

**** 留意事項 *****

こちらのブログの内容はDECN(Dell EMC Community Network)に投稿されたブログの再掲です。

DECNが近い将来に廃止となるためこちらに移行させていただいております。

内容についてはオリジナルの執筆当時のものとなりますので最新ではない場合がありますがご容赦ください。

 

 

この記事では、vCenterからvSANクラスターを管理、トラブルシュートする際に用いられるCLIユーティリティ、

RVC(Ruby vSphere Console)の超基本的な使い方について紹介します。

RVCでは、vSANクラスターの状態確認・リソースの使用量や各Object・Componentの参照等、一般的な情報の参照からハイレベルな調査まで様々な作業が可能です。

vSANクラスターに障害が発生した場合の解析や、GUIからは実施できないような細かい設定を伴う作業をvSANクラスターに行う場合にも用いられます。

詳細な利用方法については文末のリファレンスをご参照ください。

 

 

1. ログイン

vCSAにSSHでログイン後、下記のコマンドでログインします。

認証には、vCenter SSOアカウントを使用してください。

    ※vCSAのSSHを無効化している場合は、下記手順にて有効化が必要です。

    VxRail: ESXi、vCenter、PSCのSSH有効化

# rvc

Install the "ffi" gem for better tab completion.

Host to connect to (user@host): administrator@vsphere.local@localhost  < vCenter SSO ユーザー名@localhostを入力

password:                                                                                          < vCenter SSO パスワードを入力

0 /

1 localhost/

>

 

rvcコマンドと同時にユーザー名を指定でもログイン可能です。

# rvc administrator@vsphere.local@localhost          < vCenter SSO ユーザー名@localhostを入力

Install the "ffi" gem for better tab completion.

password:                                                                                   < vCenter SSO パスワードを入力

0 /

1 localhost/

>

 

2. パスの移動、参照

RVCでは、vSANを構成するリソースがファイルシステムのようなツリー構造で表現されています。

RVCコマンドでは各リソースのパス(RVCの公式ドキュメント等ではObjectと呼ばれています)を指定して実行する必要がありますので、どこにどのリソースが配置されているかを漠然と把握しておくとスムーズに作業が行えます。

とはいえ、難しく考える必要はなく一般的なUnixベースOSと同じ要領でls・cd コマンドで参照・移動を行うだけです。

お馴染みの矢印キー↑↓でのコマンド履歴参照や、Tabキーによるオートコンプリートも可能です。

 

各パスは、一般的なUnixベースOSと同じくフルパス指定、相対パス指定の他、./(カレントディレクトリ)、 ..(1つ上位のディレクトリ)などで参照可能です。

 

vSANのトラブルシュートでは、vSANのコンピュートリソースのパスを指定してコマンドを実施する場合が多いです。

一般的には、vSANコンピュートリソースのパスは下記に配置されています。

 

/localhost/データセンター名/computers/vSANコンピュートリソース(vSANクラスター名)

  

 

例として、"vsan.check_limits"コマンドを使用してみます。

vsan.check_limitsは、vSANクラスター内の各ホストのディスク使用率や、ネットワークの制限項目を参照するコマンドで、vSANコンピュートリソースを引数に指定して実行します。

 

※画像は適宜クリックで拡大してください

※↓はgif動画です

1.gif

 

例のようにフルパス指定や相対パス指定でコマンドを実行できます。

 

また、特殊なパス指定の方法として、インデックス指定があります。

RVCでは各ディレクトリにインデックスが付いており、パス名を入力しなくてもインデックスをコマンドの引数にすることが可能です。

 

2.png

 

インデックス指定でコマンドを実行する際には一点クセがあり、一旦lsコマンドでパスに対するインデックスを参照してから引数に指定する必要があります。

 

3.png

 

3. Tips

vSANのコンピュートリソース等、長いパスをいちいち指定、コピペするのが面倒な場合は、markコマンドでパス名に略称を付与することができます。

尚、markコマンドで付与した略称はセッション限定ですので、RVCからログアウトすると設定が消えます。

mark <任意の略称> 対象のパス

  

 

markコマンドで付与した略称をコマンドの引数に指定するには、略称の前に"~"を付けます。

 

4.png

 

以上

 

 

関連記事:

CLIによるvSANリバランス

Deployment - which DLLs do you need?

RVCを活用した情報収集

RVCを活用してアラーム情報を取得する

 

参考文献:

VMware Virtual SAN Diagnostics and Troubleshooting Reference Manual

VMware® Ruby vSphere Console Command Reference for Virtual SAN

Ruby vSphere Consoleの使い方(起動/ログイン/基本操作編) - VMwareな日々

昨年の12月のクリスマス シーズンに、ひたすら vSAN 6.7 の Tips をつぶやく Advent Calendar を試みてみました。

これは「Twitter 140文字+スクリーンショット4枚+Adventar のコメント」という割とシンプルなコンテンツです。

1ヶ月くらいたったので、少し振り返っておこうかと思います。

vSAN のつぶやき。 Advent Calendar 2019 - Adventar

 

なお、一昨年の2018年末にも、

ひたすら色々なパターンでネステッド vSAN をつくって様子を投稿していました。

Nested vSAN Advent Calendar 2018 - Adventar

ネステッド vSAN 6.7 U1 を楽しむ。まとめ

 

毎日投稿するコンテンツなので、2019 年版は省エネ働き方改革をねらったものの、

コンテンツのボリュームは少ないのですが、検証&作文で結局 1日あたり 1~3時間くらいかかり、

2018年版と同じくらいの(結局ブログを投稿するくらいの)リソース消費だった気がします。

 

それでは、いくつか振り返りについて・・・

 

利用した環境について。

利用した vSAN 環境は、昨年と同様、基本的に 1台の物理マシン上のネステッド環境です。

物理マシンは Intel NUC で、スペックは下記です。

  • Intel Core i7-6770HQ CPU @ 2.60GHz
  • 32 GiB Memory
  • Intel SSD 600p Series (512GB)

 

意外とオーバーコミットできるので、このハードウェア スペックでも

「VCSA + 8 ESXi + 監視ホスト」といったサイズの vSAN でもネストで動作します。

いろいろ vSAN クラスタを作成してみたところ、UI や製品動作の確認は、たいていネスト環境で問題なそうな感触です。

 

vSAN 環境構築の方法について。

毎日 vSAN クラスタを作成するには手動だとさすがに大変なので、

PowerCLI スクリプトである程度、自動化していました。

 

利用した PowerCLI スクリプトは下記のようなものです。

これは、PowerCLI の手動実行でネステッド vSAN 構築したときの コマンドラインを羅列したようなスクリプトですが、

そこそこ頻繁に手を入れて徐々に育てています。

GitHub - gowatana/deploy-1box-vsan: Nested vSAN ラボを構築するための工夫。

Home · gowatana/deploy-1box-vsan Wiki · GitHub

 

今回のイベントでは、下記のような設定ファイルをもとに vSAN クラスタを作成していました。

あとで同様の vSAN クラスタを作成して確認をするときも便利です。

GitHub - gowatana/vsan-advent-2019: vSAN のつぶやき。 Advent Calendar 2019 | 設定ファイル集

 

今年は Linux で PowerCLI(しかも Docker コンテナのもの)を使用したのですが、

vSAN 関連モジュールも含めて、意外と  Windows の PowerShell 環境で作成していたスクリプトがそのまま動作しました。

vSAN Setup from Linux · gowatana/deploy-1box-vsan Wiki · GitHub

 

いろいろ PowerCLI の Tips が得られたので、いずれ紹介したいと思っています。

 

つぶやきの感想。

毎日思いつくままつぶやいたので、並べて見直すとあまり関連性がなく、

やはり、ある程度はシナリオを考えてから始めればよかった気がしました。

 

そして、スクリーンショットは、あえて無加工(赤枠などをつけないまま)投稿してみたのですが、

はやり赤枠くらいはつければよかったかなと思いました。

Tweet した Tips を実機スクリーンショットで確認できるように

できるだけ特徴的なスクリーンショットを取得して Twitter に貼ったつもりだったのですが、

なんといても、後日に自分で見直しても意外とポイントがわかりにくかった・・・

 

以上、昨年末の vSAN のつぶやきの振り返りでした。

I tweeted a reply to the Virtually Speaking Homelab request for Homelabs and was shocked at the response I got from the community!  In case you missed it, here is a link to it on Twitter - Max Abelardo on Twitter: "My Homelab is an All-Flash vSAN on 4 x NUC7i5BNH cubes. It’s the most power efficient home la… 

 

One of the people that commented was William Lam who encouraged me to submit my build to his HomeLab Inventory page - https://www.virtuallyghetto.com/homelab .  Since the site needs a blog location, I hope this is a good place to include my build details. 

 

This is a howto guide on how to set up an Intel NUC based vSAN Homelab like mine.  It is somewhat detailed and includes links to sites where some of the info was gleaned to build my own lab.   Basically I got all the info from William Lam’s site.  https://www.virtuallyghetto.com/2017/02/update-on-intel-nuc-7th-gen-kaby-lake-esxi-6-x.html

 

Here are details on what is comprised in my build and some of the reasons I chose those components:

 

Hardware needed & relative costs - Obviously, you will have to multiply some of these costs by 4.

 

$449 - NUC7i5BNH - I like these because I use this for traveling demos to customers at various events.  The lights on this particular NUC look excellent and can be tuned to blink with HDD activity in a variety of colors.  In later NUC models, the lights are not available unless you purchase the highend i7 based CPU.  This NUC model also has a bay for a 2.5” low profile “laptop” SSD for vSAN capacity.  This in combination with the internal m.2 NVMe Drive is perfect for the vSAN cache tier.  You can get these rather inexpensively from Amazon or eBay.  Intel NUC 7 Mainstream Kit (NUC7i5BNH) - Core i5, Tall, Add't Components Needed https://www.amazon.com/dp/B01N2UMKZ5/ref=cm_sw_r_cp_api_i_xbolEbCCFD8XM

 

$119 - 2 x 16GB SODIMMS - These can be obtained from Amazon at Crucial 32GB Kit (16GBx2) DDR4 2666 MT/s (PC4-21300) DR x8 SODIMM 260-Pin Memory - CT2K16G48FD8266 https://www.amazon.com/dp/B071H38422/ref=cm_sw_r_cp_api_i_L.nlEbS4B6AJ5

 

$8 - 16GB USB Flash Memory Drive - Since the m.2 NVMe is for vSAN Cache and the 2.5" SSD is for capacity.  I use this to boot ESXi.  I could have used the SD card to boot ESXi as well, but the access to the SD card is on the side and I just wanted easier access to the USB from the front.

 

$299 - vSAN Capacity Micron 5100 SATA SSD 1.7TB.  Since you can only install 1 SDD in each node make it count with this fast SATA SDD.  It runs at 6 Gbps and has impressive specs.  Micron 1920GB (2TB) 5100 MAX TCG-E SED 5DWPD 3D eTLC SATA III (6Gb/s) 2.5" Internal Server SSD https://www.amazon.com/dp/B081VRTM9K/ref=cm_sw_r_cp_api_i_ydolEb8XTV18J

 

$69 - vSAN cache tier - Samsung EVO 970 256GB.  If you want, you can spend a little more for a larger cache drive but these are super fast, a great value and large enough for most Homelab work.  Samsung 970 EVO Plus SSD 250GB - M.2 NVMe Interface Internal Solid State Drive with V-NAND Technology (MZ-V7S250B/AM) https://www.amazon.com/dp/B07MG119KG/ref=cm_sw_r_cp_api_i_5folEb35AHMZE

 

$251 HDMU KVM Switch. - IO Gear 4 port KVM. I don’t know if NUC BIOS updates have fixed this issue, but a few years ago, if you connected to a NUC w/o an HDMI cable attached all you got was a blank screen even though the machine was running.  It is certainly handy to be able to switch between the devices during initial configuration or during maintenance.  IOGEAR 4-Port 4K UHD DisplayPort KVMP Switch with USB 3.0 Hub, w/Full Set of Cables (TAA Compliant) GCS1904 https://www.amazon.com/dp/B0718XXG9M/ref=cm_sw_r_cp_api_i_TiolEb9NMPGQQ

 

$99 Netgear 16 Port 1GbE switch -  if you add multiple dedicated USB NICs for vSAN VMKernel, vMotion etc you will need more poets.  This will handle all of them and give you a couple to spare.  NETGEAR 16-Port Gigabit Ethernet Unmanaged Switch (GS116NA) - Desktop, and ProSAFE Limited Lifetime Protection https://www.amazon.com/dp/B00023DRLO/ref=cm_sw_r_cp_api_i_hmolEbHRFEFR1

 

As 10 GbE becomes more prevalent and cost effective here is an option. Plugable USB 3.0 to Ethernet Gigabit 10/100/1000 LAN Network Adapter (ASIX AX88179 chipset Compatible with Windows 10, 8.1, 7, XP, Linux, Switch Game Console, Chrome OS) https://www.amazon.com/dp/B00AQM8586/ref=cm_sw_r_cp_api_i_VuolEbCNV6F4M

 

$279 - Mantiz Venus MZ-02 eGPU Enclosure - I chose this because it was fully Thunderbolt 3 supported, has a 2 Slot full-length, full height slot, several USB 3.1 ports on it (5 in total), and a powerful 550W Power Supply (enough to power a 375W GPU).  It also has an easy to open case requiring no screws and is a great looking case.  Another nice feature is that it has a SATA connector and place to mount a 2.5" SSD or HDD to the inside of the case.  I noticed, the Mantiz is no longer available on Amazon, although VisionTek offers them refurbished - VisionTek 900998 Accelerator

 

 

$5,531.99 - Nvidia Quadro RTX 8000 48GB GPU - This is the most amazing GPU I have ever had the pleasure to use.  It helps me run demos of vGPU or Oculus Rift when configured in PCI Pass-Thru mode.  Here is a link to Amazon https://www.amazon.com/PNY-VCQRTX8000-PB-NVIDIA-Quadro-Graphic/dp/B07NH3HKG9

 

 

I cut and crimped my own custom length ethernet cables to reduce the cable mass at the back of the unit.  I do need to work on reducing the cable mass of the KVM and AC/DC power adaptors.

 

Lastly, I encased my entire HomeLab in a plexiglass enclosure built by a friend of mine at CDW Woodworking - Wood Wall Art, Quilt Blocks and Boxes

 

I hope you found this useful and good luck in your effort to build your very own vSAN NUC Homelab!  Stay tuned for my next blog on how I loaded ESX on it and configured eGPU Pass-Thru to my GPU.

Realize Orchestrator  (vRO) is workflow engine that allows you to extend the capabilities of vRA Cloud services. It is used as integration endpoint between vRA Cloud services and other third parties running on-prem or in the cloud. vRO comes bundled with set of commonly used plugin's (vSphere, Active Directory, Power Shell, REST...) to help you automate your existing business processes. For example one common scenario could be on-boarding of new employee. In such case usually there is set of resources that need to be provision and often an approval is required for them. Will concentrate on the approvals part and implement "Custom Approval policy" using vRO and popular issue tracking system "JIRA".

Scenario

User requests a machine. Before machine is provisioned approval need to be granted.

 

Prerequisites:

Steps:

  • User logins in vRA Cloud and requests a machine.
  • JIRA ticket is created  and assigned to authorized party.
    • If  JIRA ticket is APPROVED then proceed with the request
    • if  JIRA ticket is REJECTED machine request is also rejected.

 

Solution overview

Create blocking subscription "Wait for Approval" and attach it to "Compute Allocate" phase. When subscription is triggered it will invoke a vRO workflow "Wait for approval" to create JIRA ticket and assign it for approval. vRO workflow "Wait for approval" will wait for JIRA ticket status to reach "APPROVED" or "REJECTED" state before unblocking the deployment.

 

For the impatient

  • JIRA Create test JIRA project. Make sure to use "Process Management" template and project key is "VRO"
  • VRO Import  com.vmware.jira.approval.package.
  • VRO Add vRO REST Endpoint "Approvals JIRA" using "Library→ HTTP-REST→Add a Rest host" workflow pointing to your JIRA Server.
  • VRO Edit Configuration "com→ vmware→ Jira→ JiraApprovalConfiguration"
    • Set jiraHost to  "Approvals JIRA" REST host
    • Update jiraProjectKey  to match your JIRA project key.
  •   VRA CLOUD  Create Extensibility Subscription "Wait for approval"
    • Event Topic is "Compute Allocate".
    • Runable Item is set to vRO Workflow - "Wait for approval"
    • Blocking is enabled
  •   VRA CLOUD  Set Projects→Your Project→Provisioning->Request Timeout
  • Test it!
    •   VRA CLOUD  Request a machine deployment
    • JIRA Check Jira project for the approval issue and Approve it or Reject it!
    •   VRA CLOUD  Check the status of your deployment.

 

JIRA      Action is performed inside JIRA server

  VRO         Action is performed inside vRO server

  VRA CLOUD       CLOUD Action is performed inside vRA Cloud

 

Approvals Configuration & Demo ...

 

Continue reading for more detailed look at the solution...

 

JIRA Integration

JIRA has nice REST API and vRO already comes bundled with REST plugin so let's use it!First step is to create new JIRA project for the approvals demo.  I choose to use "Process Management" template since it comes out of the box with default JIRA server installation and correspond well with our use case. It has "APPROVED" and "REJECTED" status in default workflow. If you choose to use different template make sure to update "JiraApprovalConfiguration" accordingly.

 

ProcessManagement.png

Once we already have JIRA project to work with next step is to add JIRA server as vRO REST Endpoint. This enables vRO Server communication with JIRA server and we will use it to create new issues and track their status.

Inside vRO Client navigate to "Library→ HTTP-REST→Add a Rest host" workflow and run  it.

Provided Name, URL,  authentication method and credentials valid for your JIRA server. I am using local JIRA server with Basic authentication which makes the task trivial.

After "Add a Rest host" completes successfully you should be able to see new REST endpoint (in my case  I named it "Approvals JIRA")  under HTTP REST plugin inventory.

Add a REST host.pngAdd a REST host - successfull.png

4.1. Approvals package

We will need couple of workflows and actions to complete the integration with JIRA.

In vRO Client navigate to Packages view and import package com.vmware.jira.approval.package.

 

Import Approvals package.png

 

Lets take a closer look at package content.

Actions

  • createJiraIssue    - Performs actual POST request to JIRA server to create new issue.
  • getIssue              - Contacts JIRA server and returns details for specific issue. Used for Issue status tracking.
  • dumpProperties -  Print incoming vRO inputs

Workflows

  • "Wait for approval" - Entry point of our integration. When invoked it will create JIRA issue and start waiting till issue reach REJECTED or APPROVED state.
  • "JIRA - Wait on issue status" - Helper workflow to wait till Jira issue reaches specified state..

Resources

  •      createIssue.json - JSON template for create issue POST request to JIRA server.

Configurations

  • JiraApprovalConfiguration - Environment specific properties for Approvals integration.

 

 

Configuration

Till now we have a project created in JIRA,  required com.vmware.jira.approval.package imported in vRO and a  REST endpoint "Approvals JIRA" created.

To link them together we will need to edit "JiraApprovalConfiguration" configuration element deployed with com.vmware.jira.approval.package.

JiraApprovalsConfiguration.pngJiraApprovalsConfiguration_1.png

 

Configurations→ JiraApprovalConfiguration

  • jiraHost  - REST host for communication with JIRA server
  • jiraProjectKey  - Key of the Pproject in Jira where issues tracking the approvals will be created
  • jiraIssueType   -  Type of the issue tracking the approval. Defaults to "Task".
  • jiraIssueRejectedState -  Jira issue status which corresponds to Rejected state for the request. When Jira issue status changes to this state request will be rejected. Defaults to "Rejected"
  • jiraIssueApprovedState - Configures Jira status which corresponds to Approved  state for the request. When Jira issue status changes to this state request will be rejected. Defaults to "Approved"

If you have used the recommended Jira Project template - "Process Management" and project key "VRO" only required change is to set "jiraHost".

 

vRA Cloud Subscription

Now we need to make vRA Cloud services aware of our "Wait for approvals" workflow.

To do so login vRA Cloud and create a Extensibility Subscription "Wait for approval".

Make sure to set

  • Event Topic is "Compute Allocate".
  • Runnable item is set to vRO Workflow - "Wait for approval"
  • Blocking is enabled

CreateSubscription.png

Last configuration change needed is to set "Request Timeout" for your Project in vRA Cloud.

 

 

Request Timeout

If this project team is deploying blueprints that need more than 2 hours to provision, you can specify an extended period before the deployment fails.

If both the blueprint and the project include timeout values, the largest value takes precedence.

SetRequestTimeout.png

And finally we are ready to test our solution...

Request new blueprint deployment. Once it  reaches allocation phase check new JIRA issue should be created  and waiting to get approved...

RequestBlueprintDeployment.pngWaitForJiraTicketApproval.png

No need to hurry deployment will stay in allocation phase till JIRA issue is Approved or Rejected...

You can  also check vRO. There should be new run of "Wait for approval" tracking the status of newly created JIRA ...

WaitForJiraTicketApproval.png

Now let's check what happens if we approve it.

Open the issue and update it's states to Approved ("Start Progress"→ "Under Review"→"Approved")

In a while "Wait for Approval" run in vRO should be marked as completed and you should see deployment progressing into "CREATE_IN_PROGRESS"

ApproveJira.png

 

Video capturing the configuration & test steps is also available

 

 

 

Hope it helps!

 

 

 

Ocak 2020

Aralık 2019

Kasım 2019

Ekim 2019

Eylül 2019

Ağustos 2019

Temmuz 2019

Haziran 2019

Mayıs 2019

Nisan 2019

Mart 2019

Şubat 2019

Ocak 2019

Aralık 2018

Kasım 2018

Ekim 2018

Eylül 2018

Ağustos 2018

Temmuz 2018

Haziran 2018

Mayıs 2018

Nisan 2018

Kasım 2017

Ekim 2017

Eylül 2017

Ağustos 2017

Temmuz 2017

Haziran 2017

Mayıs 2017

Nisan 2017

Mart 2017

Şubat 2017

Ocak 2017

Aralık 2016

Kasım 2016

Ekim 2016

Eylül 2016

Ağustos 2016

Temmuz 2016

jatinjsk Enthusiast

Get Naa ID and Name in PowerShellers

Posted by jatinjsk Jan 23, 2020

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}

$output= ""|Select Name, NaaID

foreach($ds in $DSList)

{

 

    $output.Name =$ds.Name

    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname

    $output

    $output|Export-csv DSList.csv -Append -NoTypeInformation

}

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}

$output= ""|Select Name, NaaID

foreach($ds in $DSList)

{

 

    $output.Name =$ds.Name

    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname

    $output

    $output|Export-csv DSList.csv -Append -NoTypeInformation

}

 

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}$output= ""|Select Name, NaaIDforeach($ds in $DSList){
    $output.Name =$ds.Name    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname    $output     $output|Export-csv DSList.csv -Append -NoTypeInformation}

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}

$output= ""|Select Name, NaaID

foreach($ds in $DSList)

{

 

    $output.Name =$ds.Name

    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname

    $output

    $output|Export-csv DSList.csv -Append -NoTypeInformation

}

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}

$output= ""|Select Name, NaaID

foreach($ds in $DSList)

{

 

    $output.Name =$ds.Name

    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname

    $output

    $output|Export-csv DSList.csv -Append -NoTypeInformation

}

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}

$output= ""|Select Name, NaaID

foreach($ds in $DSList)

{

 

    $output.Name =$ds.Name

    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname

    $output

    $output|Export-csv DSList.csv -Append -NoTypeInformation

}

$DSList = Get-Datastore |where {$_.Type -eq 'VMFS'}

$output= ""|Select Name, NaaID

foreach($ds in $DSList)

{

 

    $output.Name =$ds.Name

    $output.NaaID=$ds.extensiondata.info.vmfs.extent.diskname

    $output

    $output|Export-csv DSList.csv -Append -NoTypeInformation

}

APIs can be very useful to automate processes and integrate systems. VMware Workspace ONE Access has a full set of REST APIs that you can leverage.

 

The steps below will show you the basic steps to connect to a Workspace ONE Access server and send an API request:

 

1. Login to your Workspace ONE Access environment as admin. On this example I am using Google Chrome, so the following options may vary if you are using a different browser.

 

Screenshot 2020-01-22 at 13.27.47.png

 

2. On the "Dashboard" page, press F12 to view the Developer Tools. Alternatively, navigate to Menu (tree dots) > More Tools > Developer Tools.

 

Screenshot 2020-01-23 at 10.08.35.png

 

 

3. Select the Application tab and then expand Cookies.

 

Screenshot 2020-01-22 at 15.54.09.png

 

4. Under Cookies, select your IDM URL, highlight the HZN cookie and copy its Value.

 

Screenshot 2020-01-23 at 10.10.27.png

 

5. Open your API client tool. On this example I am using Postman (https://www.getpostman.com/).

 

6. Select your API request method (e.g. GET) and enter the URL for it. Under the Header tab, enter the following:

 

Key: Authorization

Value: HZN <Cookie value copied on step 4>

 

Screenshot 2020-01-22 at 14.00.24.png

 

 

7. Enter any other required fields (depending on your request) and click Send.

 

 

More information, including a list of the API calls that can be used with VMware Workspace ONE Access, can be found at: https://code.vmware.com/apis/57/idm

 

 

 

--

 

The postings on this site are my own and do not represent VMware’s positions, strategies or opinions.

part 3 of 3

Part 1

Part 2

C. Release Alpha/ Beta track app to Production

1. In the Google Play console, while your app is selected, go to Release Management\ App releases. In Alpha, select “Manage”.

4-1.png

2. Select “Release to Production” at the Release section.

4-2.png

3. You will see the new release to production page.

4-3.png

Scroll to the bottom and click “Save”, then “Review”.

4-3-2.png

4. Click “Start Rollout to Production”. This will release the Alpha/Beta apk to the Production track.

4-4.png

5. The Alpha (or Beta) track will now be empty and show it was promoted to Production.

4-5.png

In UEM, all the devices that have the Prod version assigned to it will see that the update is available on the Managed Play store.

In the case where the Alpha(Beta) track is superseded, devices in the Alpha (Beta) track will get the Production version of the app.

UEM currently whitelists the track it sees the device is first assigned to in UEM (following the priority in Assignments of the app in UEM). Refer to this post for a more detailed explanation of expected behavior.

 

Note: It may take time for any new version of the app uploaded in Play console (or via Workspace ONE in iFrame) to get automatically installed on the work profile. Refer to this Google article. To manually install the available update, end-user can go to the Managed Play store and see updates available in My work apps\ Updates section.

References

https://developers.google.com/android/work/play/emm-api/distribute#distribute_apps_for_closed_testing

Manage app updates - Managed Google Play Help

https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/1912/Application_Management-for-Android/GUID-49EE45D2-A44A-4695-B0E5-E45BEFC8FDA9.html

 

Update Notes:

  1. v1: Jan 12, 2020
  2. v2: Updated section C with behavior after Alpha/ Beta promotion to production and app update behavior on device
  3. v3: Feb 13, 2020 - added link to new post explaining how UEM priorities work with Managed Play console tracks and versions
1 2 Previous Next

Actions

Looking for a blog?

Can't find a specific blog? Try using the Blog page to browse and search blogs.