Skip navigation

I´ve published several very useful vRealize Orchestrator workflow packages on my website. They are good for extending vRealize Automation or to use with vCenter WebClient.

 

CoolMail

  This package enables vRO to send HTML formatted emails via SMTP.

Highlights

  • Use preformatted HTML or plaintext email Templates
  • Replace {tags} in the Mail template with vRO values
  • Repeats HTML structures and fills them either with values from arrays or from properties.
  • Use a configuration to centrally store your mail settings

Description

The coolMail subsystem works by substituting a tag with an vRO value. A coolMail tag can be freely defined and must have { } winged brackets around it. For example {vm.name} or {userName}.

The User just prepares a HTML template (e.g. using html-online.com) and inserts tags where later values from vRO should be displayed. This enables one for example to create very nice looking HTML email that can be used with vRealize Automation (vRA).

 

MORE INFO

 

CoolRun

  This package enables vRO to run scripts of various types inside a VM using VMware tools.

Highlights

  • Easy to use script ruinning engine
  • Replace {tags} in the script template with values from vRO
  • Can use Windows, Linux, (virtual) ESXi and Photon OS 
  • Runs Linux Bash, Linux PHP, Linux Python, Linux Perl, Windows DOS, Windows PowerShell, Windows Diskpart
  • Can be easily addapted to run other OSs or Script types
  • Stores Configuration centraly and differentiates between Linux and Windows login credentials

Description

CoolRun enables you to run scripts inside a VM without caring to much about copy, run, check etc. Using {tags} in the script you can replace these tags with any value from vRO. The workflow has the correct script exection setting for Linux Bash, Linux PHP, Linux Python, Linux Perl, Windows DOS, Windows PowerShell, Windows Diskpart build in. This for example allows a user to create a workflow that would add a new Disk to a Windows VM and then runs Windows Diskpart to create a partition, formatting it and assign a lab to it.

CoolRun is also built in such a way that it can be easily adapted to other script languages as well as OSs.  

 

MORE INFO

 

logAllProps

This workflow allows you to completely read out a property in all its details. The output will be displayed into the logs of the workflow. This workflow is extremly useful for vRealize Automation (vRA)

Highlights

  • Recursive logging of properties within properties
  • displaying the variable type
  • showing the content of arrays

Description

This workflow will log the content of a property into the logs (System.log). The property can consists of multiple properties in properties as well as arrays. The workflow will also log all system context variables (mostly used with vRA). The input variable debugFlag can be null. If set to false the workflow is not executed. This can be used to make sure that the logging will only work in a debug situtation.

 

MORE INFO

Daniel Langenhan Enthusiast

my little Lab

Posted by Daniel Langenhan Dec 13, 2016

Hi all,

lately I had several people ask about my Lab. Well its small and extremely transportable. It packs down into a standard cabin sized carry-on suitcase.

 

ComponentUsed
CassyShuttle SZ170R8, Barebone (max 64GB, Size:  216 x 198 x 332 mm)
CPUIntel Core i7-6700K 4000 1151 TRAY (4Ghz)
Memory2x Crucial SO-DIMM 32GB DDR4-2133 Kit (D432GB 2133-15 K2 CRU)
Hard Disks

Samsung MZ-75E1T0B 1 TB, Solid State Drive

Western Digital WD4002FFWX 4 TB

Additional Network (optional)Intel® PRO/1000 PT Dual Port Server Adapter
Network Switch (optional)Netgear GS108T-200GES (8ports, VLAN)
Bridge (optional)ASUS RT-N12
OSESXi 6.0
Cost(April 2016, Germany) ~ 1.600 EUR

 

The Lab is pretty fast (due to the 4GHz) and I'm running on it: vCenter Appliance, a AD,DHCP,DNS,DB,Email Windows 2008R2 as well as NSX, VRA (7.2), vROPS (6.4)

Hi all,

I just finished finished working though the REST of VEeam in order to create a VeeamZip using VRO. Here is what I learned.

 

Veeam (version 9) has quite a nice REST and its not that bad documented when you start getting the hang of it. You find the full veeam REST docu here: https://helpcenter.veeam.com/backup/rest/em_web_api_reference.html

There is a nice tutorial that gets you started: https://helpcenter.veeam.com/backup/rest/getting_started_with_em_web_api.html

Veeam is XML based, so you ned to know how to work with XML in VRA (see Publications)

Adding the VEEAM REST host:

  1. Login to vRO Client
  2. Start the workflow: Library | HTTP-REST | Add a REST host
  3. The URL is either http://[veeamserver]:9399 or https://[veeamserver]:9398
  4. Use Basic security and the credentials of an user that has the Veeam Backup Administrator role

 

Logon & Logoff

  • The logon process is by POSTing to the session Manager. The return contains a session ID that we need for logoff or for further actions.
var PostResponse = veeamHost.createRequest("POST", "/api/sessionMngr/?v=v1_1", null).execute();
xmldoc=XMLManager.fromString(PostResponse.contentAsString);
var sessionID = ((xmldoc.getElementsByTagName("SessionId")).item(0)).textContent;



  • logoff is simply done by DELETEing the session
var PostResponse = veeamHost.createRequest("DELETE", "/api/logonSessions/"+sessionID, null).execute();



 

Creating the veeamzip

We need the following REST call to creat a veeam Zip : https://helpcenter.veeam.com/backup/rest/post_backupservers_id_zip.html

Boiling down to the following XML we have to post:

POST http://localhost:9399/api/backupServers/f365fbd8-fbd2-43ad-9f7a-c87cd390a0d9?action=veeamzip

<?xml version="1.0" encoding="utf-8"?>

<VeeamZipStartupSpec xmlns="http://www.veeam.com/ent/v1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

  <VmRef>urn:VMware:Vm:a9850703-e3fd-43d8-8f30-6d7fba40b6dd.vm-38856</VmRef>

  <RepositoryUid>urn:veeam:Repository:b609c947-dd30-4295-8b57-cc880329dbd6</RepositoryUid>

  <CompressionLevel>5</CompressionLevel>

  <DisableGuestQuiescence>false</DisableGuestQuiescence>

  <BackupRetention>Never</BackupRetention>

</VeeamZipStartupSpec>

 

Lets discuss the three IDs we need from veeam before we can get started (highlighted above):

The backupServer ID is the veeam server that is used to create the request. You can get it using:

var PostResponse = veeamHost.createRequest("GET", "/api/backupServers", null).execute();
System.log(PostResponse.contentAsString);



 

The VmRef is made out of the ID for the attached vCenter and the VM.id (the vCenter moRef). Its called a hierarchy in Veeam. You get the existing hierarchy by:

var PostResponse = veeamHost.createRequest("GET", "/api/hierarchyRoots", null).execute();
System.log(PostResponse.contentAsString);



 

The repository ID represents the storage where you will store the VeeamZip. You can get that by using:

var PostResponse = veeamHost.createRequest("GET", "/api/repositories", null).execute();
System.log(PostResponse.contentAsString);



 

To create the Veeamzip I used the following code:

xml='<?xml version="1.0" encoding="utf-8"?><VeeamZipStartupSpec xmlns="http://www.veeam.com/ent/v1.0" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><VmRef>urn:VMware:Vm:'+hiracy+'.'+vcvm.id+'</VmRef><RepositoryUid>urn:veeam:Repository:'+repository+'</RepositoryUid><CompressionLevel>3</CompressionLevel><DisableGuestQuiescence>false</DisableGuestQuiescence><BackupRetention>Never</BackupRetention></VeeamZipStartupSpec>';
var request  = veeamHost.createRequest("POST", "/api/backupServers/"+veeamServer+"?action=veeamzip", xml);
request.contentType = "application\/xml";
request.setHeader("Accept", "application/xml");
var response = request.execute();



 

In order to check if the task has finished I used:

xmldoc=XMLManager.fromString(response.contentAsString);
var veeamTask = ((xmldoc.getElementsByTagName("TaskId")).item(0)).textContent;

do{
    System.sleep(500);
    var PostResponse = veeamHost.createRequest("GET", "/api/tasks/"+veeamTask, null).execute();
    xmldoc=XMLManager.fromString(PostResponse.contentAsString);
    var state = ((xmldoc.getElementsByTagName("State")).item(0)).textContent;
} while (state !="Finished")



 

Check up on the state of the backup

The task only shows up for some 5-10 seconds and then it shows finished, however the backup job isnt finished yet. To check up on the Backup job use this

var PostResponse = veeamHost.createRequest("GET", "/api/backupSessions", null).execute();
xmldoc=XMLManager.fromString(PostResponse.contentAsString);
refs=xmldoc.getDocumentElement().getChildNodes();
for (i=0;i<refs.length;i++){
    ref=refs.item(i);
    refAtt=ref.getAttributes();
    jobName=(refAtt.getNamedItem("Name")).nodeValue
    if (jobName.indexOf(vm.name)>=0){
        jobUID=(refAtt.getNamedItem("UID")).nodeValue;
        jobID=(jobUID.split(":"))[3];
        var jobGET = veeamHost.createRequest("GET", "/api/backupSessions/"+jobID+"?format=Entity", null).execute();
        xmlBack=XMLManager.fromString(jobGET.contentAsString);
        state=((xmlBack.getElementsByTagName("Result")).item(0)).textContent;
        break;
    }
}

 

Example Package

Attached is my code as a package...have fun!

The Package contains 3 workflows and a configuration. Use AddVeeamHost to add the veeam as REST client, it also outputs all the XML to get the IDs. The getVeeamStuff gets all the IDs you need. Go and add the IDs and the link to the veeam host to the configuration and then use createVeeamZip to create a veeamZip of a VM


The new Horizon accesspoint can be configured via REST and for that we even have a swagger UI as well as a config documentation.

REST Docu

https://[FQDN]:9443/rest/swagger.yaml

REST UI

https:// [FQDN]:9443/swagger-ui/index.html

The swagger will be located on your Backend Or Management NIC of the Accesspoint.

 

Accessing the Swagger UI

  1. Open a browser and browse to https:// [FQDN]:9443/swagger-ui/index.html
  2. Authenticate with admin and the password you specified at deployment.
  3. You see the picture below

2016-08-08_13-59-25.png

Change the SSL Certificate

  1. Click on ServerCertificate
  2. Then Click on PUT /v1/config/certs/ssl
  3. Click on the side (Model Schema). This will transfer the values into the body
  4. Copy the Values into a notepad
  5. Replace the String(s) with the Private Key and with the Certificate chain.
  6. Copy/Paste the notepad content back into the body
  7. Click on Try it out.
    2016-08-08_14-02-46.png
  8. Check the result.

 

 

Changing the Connection settings

These settings make sure that the Accesspoint can connect to the Conenction Server (or its load balancer) as well as make sure that the tunnels are terminated at the correct point.

  1. Click on EdgeServiceSettings
  2. Click on GET /v1/config/edgeservice
  3. Click on Try it Out!
  4. Copy the Response Body into a notepad
    2016-08-08_14-23-44.png
  5. Edit the settings as required. Also you ONLY need the part shown below, not the JSON array {[…]} around it.

{

"identifier": "VIEW",

"enabled": true,

"proxyDestinationUrl": "https://connection1.mylab.local:443",

"proxyDestinationUrlThumbprints": "sha1=42 41 ba da 3b 58 4b 59 01 b1 66 38 01 59 26 28 78 5d 3a 0a",

"pcoipEnabled": true,

"pcoipExternalUrl": "192.168.2.200:4172",

"blastEnabled": true,

"blastExternalUrl": "access1.mylab.local:8443",

"tunnelEnabled": true,

      "tunnelExternalUrl": "access1.mylab.local:443",

"proxyPattern": "/",

"matchWindowsUserName": false,

"gatewayLocation": "External",

"windowsSSOEnabled": false

    }

  1. Copy the settings
  2. Click on PUT /v1/config/edgeservice/view
  3. Past the settings into body
  4. Click on Try it out!
    2016-08-08_14-31-02.png
  5. The response should be 200. Anything else (400 and more) indicates an error.

2016-08-08_14-32-48.png

 

Problems

There can be problems if your certs are not up to scratch. In that case you may need to clear your cache. Clearing the cache in Crome is done by pressing [CTRL] + [Shift] + [DEL].

 

Im currently working on a VRO Package for this...well...it might be a bit in the making...Im very bussy.

Creating a Certificate for vRO is a good idea...and it is even easier if you are using the VMCA (VMware Certificate Authority) that is part of the PSC (Platform Controller Service).

The cool thing is that if you have used your own enterprise CA to make the VMCA a Subordinate Certificate Authority (kb.vmware.com/kb/2111219) then your CA trusts your VMCA and VMCA trusts vRO.

If you dont have a CA you can export the VMCA root cert and import it into your trusted root certificates on your computer, which automatically results that the certs for vCenter and all ESXi server URLS are trusted. (see VMware Certificate Authority overview and using VMCA Root Certificates in a browser)

 

1. Open a SSH connection to your PSC (or to vCenter if your PSC is installed with the vCenter)

2. Create a Config file /tmp/vro.conf with a content simular to this:

Country = DE

Name= vro

Organization = vLeet GmbH

OrgUnit = Consulting

State = Bayern

Locality = Munich

IPAddress = 192.168.220.12

Email = daniel.langenhan@vleet.de

Hostname = vro.mylab.local

3. Run the following commands to generate a cert using vmca

cd /usr/lib/vmware-vmca/bin/

./certool ‑‑genkey ‑‑privkey=/tmp/vro.prikey ‑‑pubkey=/tmp/vro.pubkey

./certool ‑‑gencert ‑‑privkey=/tmp/vro.prikey ‑‑cert=/tmp/vro.cert ‑‑config /tmp/vro.conf

4. Download the vmca root certificate

wget https://127.0.0.1/certs/download --no-check-certificate -O /tmp/vmca.zip

5. Build the .pem file

cd /tmp

unzip  vmca.zip

awk 1 vro.prkey vro.cert certs/6bc2e122.0 >vro.pem

6. Use SCP to download the .pem file to your local computer

7. Open the Orchestrator Control Center, Click on Certificates and select Orchestrator Server SSL Certificate

8. Click on Import and select the .pem file to import.

9. Click again on import and then reboot the Appliance.

 

This is just ONE of the new updates in the upcoming vRealize Orchestrator Cookbook 2nd Edition. Check my website ( Langenhan.info ) for more information

Since vRO7 the Log4j Syslog Appender has been deprecated and will be removed. That’s not really a cause for panic as we can use the Log Insight Agent to forward your log files to the Syslog Server.

There are a few catches on the way.

First we need to configure the forwarding:

  1. Login to the Orchestrator Control Center
  2. Go to Logging Integration
  3. Tick the box next to Enable logging to a remote log server to configure Syslog
  4. Select Use Log Insight Agent
  5. Enter your FQDN or IP of your Syslog server as well as port 514.
  6. Select the Syslog Protocol.
  7. Click on Save


The Log Insight Linux Agent sends the logs via TCP (not UDP) so you may need to adjust your Syslog server


After you have configured the Log Insight settings in the Control Center you still need to configure the Log Insight Linux Agent and tell him what logs to pass on. To do this follow these steps:

  1. Connect to Orchestrator via SSH
  2. Edit the file /var/lib/loginsight-agent/liagent.ini
  3. Add the following entries at the end:

 

[filelog|scripting]

directory=/var/log/vco/app-server

include= scripting.log; scripting.log.*

[filelog|server]

directory=/var/log/vco/app-server

include=server.log;server.log.*

 

  1. Restart the log insight agent with the command 
    service liagentd restart
  2. Check the logfiles for errors
    /var/log/loginsight-agent/liagent_[date].log

This should now forward all the Server and Scripting logfiles to your syslog server. All Orchestrator logfiles can be found at kb.vmware.com/kb/1010956.

 

The configuration of the Log insight Linux Agent is documented in the VMware vRealize Log Insight Agent Administration Guide

1 Create DashboardOnly Role

For the Customers we are creating a role that has can only see dashboards that are shared with the Customer group.

These instructions are compiled using vROPS 6.1

1.1 Create the Role

Let’s create the role.

  1. Login as Admin
  2. Go to Administration and the on Access control
  3. Click on Roles
  4. Create a new Role (green plus) and give it the name DashboardOnly
  5. Click ok and then select the newly created role
  6. Click on the pencil that is next to permissions to edit the roles permission

  1. Select only the following rights:
  • Administration
    • Login interactively
  • Content
    • Views Management
      • § Read
      • § Render
  • Environment
    • View Dashboard homepage

                The Views Management Items are ONLY required if your Dashboards contain Views.

2 Group, Users and Objects

After we created the role we need to create a group assign users to it (if it is a local group) and then assign this group to the DeashboardOnly role as well as make sure the users can only see the objects he or she should see.

You can either import an AD group or create a local group. The local group is created in VROPS only and has the advantage that I can pick and choose what users I want it there without having to create extra AD group for it, however it also means that you have to administer users and groups in AD as well as in vROPS.

2.1 Import AD group

To import a AD group follow these steps:

  1. Click on Import Group
  2. Select a search string and click on Search
  3. Select the group you like to import
  4. Click on Next and continue with the section Assign Role and Objects


 

2.2 Create local Group

To create a local group follow these steps:

  1. Click on Add
  2. Give the group a name
  3. Click on Next

 

  1. Now you can select the members that your local group should contain. These could be local user accounts or imported accounts.
  2. Now continue with the section Assign Role and Objects

 

2.3 Assign Role and Objects

Independent weather if you imported or create a group we continue to assign now objects to this group.

  1. Use the pulldown menu to select the DashboardOnly group
  2. And then tick the box Assign this role to the group
  3. Now either select a custom Group that contains all the objects for the Dashboards or chose the Objects using the Infrastructure library.
  4. Select the Object or Group you want to use
  5. Ticking the Propagation box will select all descendants of this object.
  6. Click on Finish

 

3 Remove default Dashboards

Now that we created the needed Groups and assigned them the role and the Objects we can now assign them the dashboards. We are also need to take away the default ones.

3.1 Remove Share

First of all we need to remove the standard shared dashboards.

  1. Go to Content | Dashboards
  2. From the Gear Icon pulldown menu select Share Dashboards

 

  1. Select all Dashboards and then select Stop Sharing
  2. Select all the dashboards again and this time drag them onto your Administrator group

3.2 Assign the Customer Dashboards

We now need to assign the Dashboards the Users should see to the new Group.

  1. Go to Content | Dashboards
  2. From the Gear Icon pulldown menu select Share Dashboards
  3. Select all the dashboards you want the customer to use and drag them onto the new group
  4. The new group should now be showing the dashboards

 

 

3.3 Remove the 3 default dashboards

The 3 dashboards (Recommendations, Diagnose and Self Health) cannot be unshared that easy. To remove them we need to delete a file on the vROPS nodes. Please note that this works only for users that have NOT been logged on before. This solution works only for new user that have not been logged in yet.

  1. Login to the vROPS node as root
  2. Delete (or better move) the following file. (Rename doesn’t seam to work)
    /usr/lib/vmware-vcops/tomcat-web-app/webapps/ui/dashboards/ootb/All.json

UPDATE vROPS 6.3

The path has changed its now:

/usr/lib/vmware-vcops/tomcat-web-app/webapps/ui/dashboards/ootb/All/All.json


HI all,

So in my lab im using the vSphere appliance 6 and I just redeployed vRO and had trouble connecting vRO to SSO. I got the error Server returned 'request expired' less than 0 seconds after request was issued, but it shouldn't have expired for at least 600 seconds.

Turns out this has to do with the timeSync between vRO and SSO (vCenter appliance or VCSA). In My case the culpit was the vCenter Appliance. Here how to investigate and fix it:

(I set both to the Host time...not really good but a fast fix)


vRO

Check the time

  • Login to the Linux (root) and use the command date to see the current time on the VM

Set the TimeZone

  • Open the vRO console and use Set Timezone
Alternative:
  • Open a browser on: https://[vro FQDN or IP]:5480
  • Login with root and go to System | Time Zone and set the timezone
  • Go to Admin | Time Settings and set ntp (or Host time)

 

VCSA

Check the time

  • Open the konsole. Use F2 to login and activate the BASH Shell
  • Press Alt-F1 to get to the bash Shell and login
  • use time.get to get the current time

Set the TimeZone

  • Open the konsole. Use F2 to login and activate the BASH Shell
  • Press Alt-F1 to get to the bash Shell and login
  • use the command timesync.set --mode [host | ntp] to set the mode.
  • If you are using NTP:
    • use the command ntp.get to see what server you get your time from
    • use the command ntp.server.set --servers [list of hostnames or IPs] to set a new NTP server

The script underneath will read out the SRM protection group and SRM Recovery Plan as well as other SRM information for each VM. You can then either export this as a csv or use them as tags in vCenter. The advantage is that you not only see those information directly in the VM summery but you also now can search for a SRM group and find all associated VMs.

 

#load VMware PowerCLi module
if ((Get-PSSnapin | where {$_.Name -ilike "VMware.VimAutomation.Core"}).Name -ine "VMware.VimAutomation.Core"){
    Write-Host "Loading VMware PowerCli"
    Add-PSSnapin VMware.VimAutomation.Core -ErrorAction SilentlyContinue
}

#define varibales
$ProtectedVM=@()
$RecoveryObj=@()

#basic connections
Write-Host "connecting vCenter"
#$VINCred=Get-Credential #interactive logon, renove comments from connect lines
$vcConnect=Connect-VIServer "myVC.mylab.local" #-Credential $VINCred
Write-Host "connecting SRM"
$srmConnect=Connect-SrmServer #-Credential $VINCred

try {
    $SRMApi = $srmConnect.ExtensionData
    #get all revovery plan and store
    Write-Host "Build Recovery Object List" -NoNewline
    foreach ($plan in $SRMApi.Recovery.ListPlans()){
        $tempObj= New-Object PSObject -Property @{"moref"=($plan.moref.Value);"Name"=($plan.GetInfo().Name)}
        $RecoveryObj += $tempObj
        Write-Host "." -NoNewline
    }
    Write-Host "`n"
    
    #get all protected VM (moref, potgroup and RecovPlan) and write to object
    Write-Host "Getting VM infos"
    foreach ($protGroup in $SRMApi.Protection.ListProtectionGroups()){
            #get ProtGroup name
            $protGroupName=$protGroup.GetInfo().Name
            Write-Host "`nWorking on Protection Group: "+$protGroupName -NoNewline
            #get PortGroup RecoveryPlan(s)
            $recoveryplan=$protGroup.ListRecoveryPlans()
            #A ProtectionGroup can belong to more then one RecoveryPlan
            $TempPlanName=""
            foreach($TempPlan in $recoveryplan){
                #find Recovery and get the name
                foreach ($test in $RecoveryObj) {
                    if ($TempPlan.moref.value -eq $test.moref){
                        $TempPlanName+=$test.Name
                    }
                }    
            }
            $recoveryPlanName=$TempPlanName -join ','
            #get all proetced VMs
            foreach ($protVM in $protGroup.ListProtectedVMs()){
                $tempObj= New-Object PSObject -Property @{"VMmoref"=($protVM.Vm.MoRef);"ProtGroup"=$protGroupName;"RecoPlan"=$recoveryPlanName;"State"=($protVM.State);"NeedConfig"=($protVM.NeedsConfiguration);"Faults"=($protVM.Faults)}
                $ProtectedVM+=$tempObj
                Write-Host "." -NoNewline
            }
    }#end of get VMs
    Write-Host "`n"

    #check if Tag Categories Exist, if not create
    if ((Get-TagCategory  -Name 'SRMPrortectionGroup' -ErrorAction:SilentlyContinue) -eq $null){
            Write-Host "Creating Tag Category SRMPortectionGroup"
            New-TagCategory "SRMPrortectionGroup" -Cardinality "Single" -EntityType VirtualMachine -Confirm:$false
    }
    if ((Get-TagCategory  -Name 'SRMRecoveryPlan' -ErrorAction:SilentlyContinue) -eq $null){
            Write-Host "Creating Tag Category SRMRecoveryPlan"
            New-TagCategory "SRMRecoveryPlan" -Cardinality "Single" -EntityType VirtualMachine -Confirm:$false
    }
    #loading TagCategories
    $TC_SRMGroup=Get-TagCategory  -Name 'SRMPrortectionGroup'
    $TC_SRMPlan=Get-TagCategory  -Name 'SRMRecoveryPlan'
    
    #Tagging Protected VMs
    Write-Host "Assigning tags" -NoNewline
    foreach ($vmObj in $ProtectedVM) {
        #get VMObject from Moref
        $VM=Get-VIObjectByVIView -MORef ($vmObj.VMmoref)
        #Check if Protection group tag exists
        if ((Get-Tag -Name ($vmObj.ProtGroup) -Category $TC_SRMGroup -ErrorAction:SilentlyContinue) -eq $null){
            Write-Host ("Creating Tag {0}" -f ($vmObj.ProtGroup))
            New-Tag -Name ($vmObj.ProtGroup) -Category $TC_SRMGroup -Confirm:$false
        }
        #assign Protection group tag
        $vm|New-TagAssignment -Tag (Get-Tag -Name ($vmObj.ProtGroup))  -Confirm:$false
        
        #Check if Protection group tag exists
        if ((Get-Tag -Name ($vmObj.RecoPlan) -Category $TC_SRMPlan -ErrorAction:SilentlyContinue) -eq $null){
            Write-Host ("Creating Tag {0}" -f ($vmObj.ProtGroup))
            New-Tag -Name ($vmObj.RecoPlan) -Category $TC_SRMPlan -Confirm:$false
        }
        #assign Recovery plan tag
        $vm|New-TagAssignment -Tag (Get-Tag -Name ($vmObj.RecoPlan)) -Confirm:$false
    }#end of Tagging


# Write-Host "Exporting VM info"    
# $ProtectedVM|select-Object VMmoref,ProtGroup,RecoPlan,State,NeedConfig | Sort-Object -Property VMmoref|Export-Csv -Path d:\tmp\Protvms.csv

} #end of try
Catch {
    Write-Host $_.Exception.Message -ForegroundColor Red
}
Finally{
    Write-Host "Disconnecting vCenter"
    Disconnect-SrmServer $srmConnect -Confirm:$false -Force:$true
    Write-Host "Disconnecting SRM"
    Disconnect-VIServer $vcConnect -Confirm:$false -Force:$true
}

************** vROPS 6.3 UPDATE **************

The following blog has been updated to reflect changes in version 6.2 to 6.3 as well as repair some other issues.

 

Intro

As you may have found the existing official documentation on vROPS Remote collectors is pretty thin. As I was involved in a project to get this all going in a Enterprise setting I thought I would share some documentation with you.

 

First of all here is the official doco: http://pubs.vmware.com/vrealizeoperationsmanager-6/index.jsp#com.vmware.vcom.core.doc/GUID-83164C8C-45FA-41C2-B4E0-F0BE86CF4B34.html

 

And here is a good post about some questions you may have: http://virtsanity.com/2015/05/vrealize-operations-manager-6-remote-collector-information/

 

If you have not worked with vROPS 6 yet there is a good book I would recommend: https://www.packtpub.com/virtualization-and-cloud/mastering-vcenter-operations-manager

Architecture background

The deployment we are looking at is a vROPS 6.0.2 with vRIN 5.8.4 (vRealize Infrastructure Navigator formally vCenter Infrastructure Navigator, VIN) and with SRM integration of vRIN.

The idea is to have a central vROPS cluster and then use remote collectors to get data from other vCenters that are disbursed throughout the word.

However you can also use this for pure vROPS remote collectors

The main site consists of an vROPS Master, a replica and a Data node. vROPS is connected to the local vCenter (Protected site) as well as to the VRIN that is paired with the same vCenter. vRIN is configured to collect information form the VMs as well as from SRM.

Each remote site has a remote collector that is paired with the remote vCenter (Protected Site) as well as the vRIN instance. vRIN is configured to collect information form the VMs as well as from SRM.

 

 

vCOPS/vRIN and SRM

Using vROPS and SRM together is something that needs to be discussed. Some people have the idea that they like to monitor the VMs that fail over from the protected vCenter to the recovery vCenter and that it all then magically works. This is not the case.

Each VM (or actually every object) in vCenter has its unique moref (managed object reference) and even if a VM has the same name in the Protected vCenter as in the Recovery vCenter it’s a different object. When SRM protects a VM it will create a placeholder VM on the recovery site. This placeholder VM is basically only the VMX file and has no VMDKs attached to it. SRM will furnish the VMs with VMDKs at the time of recovery.

So if you are connection a vROPS instance to the Proetced and the Recovery site, VROPS will see two different VMs (each with the same name). One will be active monitored and the other one is powered off. However you just wasted a vROPS VM licence for an essentially dead VM. The placeholder VM on the protected site shouldn’t be on, if it is...you are in a DR scenario.

 

So what would be the benefit of an vROPS in DR?

The only thing would be the ability to use all the data that is collected from the point on that the placeholder VM is started. You could use the troubleshooting options as well as some of the views etc. But all forecasts will be unusable. Please remember that vROPs needs at least 3 weeks of data collection to make accurate future predictions.

 

In my personal opinion vROPS in DR is just a waste of licensing and space. I can not see any real benefits. Please feel free to correct me.

 

VRIN - SRM integration

For VRIN to be integrated in SRM the user must have permission on the PAIRED SRM instance. Meaning the users needs to have permissions on vCenter as well as on the SRM instance that this vCenter is paired with. As for the role…that’s a bit tricky there isn’t really any great doco about it I successfully used for vCenter the read rights plus Virtual machine | Interaction | Console interaction | Guest operating system management by VIX API. For SRM I haven’t really tested it that much and used the Admin role…properly there is a better solution.

 

Open Ports

The following figures show all the Network ports that need to be in place for vROPS & vRIN in regards to the above scenario.

 

 

ports1.pngports2.png

Deployment

The are heaps of posts about how to deploy and configure vROPS and vRIN so I will not cover this.

We will focus on deploying and configuring the remote collectors.

 

 

Deploy VROPS Remote collector

  • Deploy the vROPS OVA using vSphere Web Client (The Fat client can be used, but you shouldn’t)
  • Fill out the deployment tool as usual
  • Choose the Remote Collector (Standard or Large) for deployment
  • Choose TimeZone where the remote collector is placed
  • Deploy and power on the VM
  • Wait for VM to be ready (the VM Console shows the IP etc)
  • Open Web Browser and connect to IP or FQDN of the Remote collector
  • Click on Expand Existing Installation
  • Enter the nodes name (maybe create a Naming Standard!)
  • Select Remote Collector
  • Enter the FQDN of master node and click on Validate
  • Accept The Certificate
  • Enter the vROPS Admin password
  • Wait until the config is done…THIS may take some time (10 minutes plus).
  • Click on “finish adding Nodes” the Remote collector should now show Online and poweredOn
    You can do that step also thought the /admin interface on the Master node.
  • Logout
  • Login to the vROPS UI
  • Check the Cluster Management page of your VROPS installation. Your Remote controller should now show up.

Adding Remote collector to vROPS Cluster Collector Groups

A collector group is a group of collectors. The idea is to have multiple remote collectors in one site and then use them to spread the load of the collection. You don’t have to create a collector group to use a remote collector.

Go to Administration and then to Collection Groups. Here you can create a new Collection group and assign remote collectors to it.

Add remote sources to Solutions

  • Login to the vROPS UI
  • Go to Solutions and mark VMware vSphere then click on the Gears Icon (configure)
  • Mark vCenter Adapter and then select the green + to add a new instance (or edit an existing instance. If you do so STOP the collector first and then start it later again)
  • Give it a Display name and description. Make sure that you have a good Naming Standard as its important that you can identify which instance is connected to what using which remote collector.
  • Enter the FDQN of the of the vCenter as: https://[vCenter FQDN]/sdk
  • We need to select how we connect to this instance. Expand Advanced settings and select the remote collector or Collector group that you want to use to connect to this instance of vCenter.
  • You may want to create new Credential for this connection
  • Click on Test.  if that works click on save Settings
  • Accept the SSL certs
  • Repeat the above for the vRealize Infrastructure Navigator Solution (also using the remote collector in the advanced settings)

Troubleshooting

To see if everything is working do the following:

  • WAIT 5 to 10 minutes. vROPS collects data (by default) every 5 minutes. So after adding an adapter instance you have to wait for at least one cycle (better two).
  • Go to the Cluster Management Page in Administration and click on your master node.
  • Below you now the amount of objects and metrics vROPs is collecting for the a given Adapter instance. If nothing is shown the collection isn’t working. See below.
  • Click on the remote collector and see how many objects and metrics are collected. If none are showing it either has connection problems or it is not used.
  • If you don’t see any objects and metrics check the following:
    • Are you able to connect to the vCenter? Check the Adapter instance and click on Test?
    • Is port 443 and 6061 open between the remote collector and the vROPS cluster?
    • Check the collector logs on the remote collector and see if there are any Warnings or errors