VMware Horizon Community
othmanabukarma1
Contributor
Contributor
‎05-13-2022 01:56 PM

Tag for VDI Desktop Pool

Dear All,

I have a question about using TAG for VDI Pool on Horizon 8, my manager needs to apply Firewall rules based on VM Tags, the Firewall is Fortinet and I have created manually Tag and assigned it to VDI Machine then we were able to apply Firewall in that tagged VM, but for VDI Desktop Pool (we have instant clone Desktop Pool) is there any way to automate the tag so the Specific Tag will be assigned on the Specific Desktop Pool we have like 15 Desktop VDI Pool, I appreciate any help here, the thing here for every Desktop Pool there is a different FW Rules that will apply.

 

 

 
 

 

Labels (1)
Labels
0 Kudos
8 Replies
fabio1975
Commander
Commander
‎05-16-2022 11:55 PM

Ciao 
You could try using a script to use during the instant clone creation process.
I found this link where it is talked about and it seems to me that it is right for you:

 

Horizon VDI creation + vSphere Tags | Joey "vm" Ware (wordpress.com)

 

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

0 Kudos
anilspp
Enthusiast
Enthusiast
‎05-17-2022 01:47 AM

Thanks for sharing.

0 Kudos
othmanabukarma1
Contributor
Contributor
‎05-18-2022 07:41 AM

Thank you  fabio1975 very much for sharing the link I will try it and confirm the result soon

0 Kudos
OthmanAbukarma2
Contributor
Contributor
‎05-21-2022 01:02 PM

This way looks good but there is an issue with it, in the script the username and the password are clear text, we can't hide it and it will be on all VDI Machines? is there any way to hide the password

0 Kudos
fabio1975
Commander
Commander
‎05-22-2022 01:04 AM

Ciao 


You can try to create a file on the Gold Image with the encrypted password, to create it you need to use the following commands:

(get-credential).password | ConvertFrom-SecureString | set-content "C:\Attimo_Fabio\password.txt"

and in the script you can call it like this:

$password = Get-Content "C:\Attimo_Fabio\password.txt" | ConvertTo-SecureString
$credential = New-Object System.Management.Automation.PsCredential("<user>",$password)
Connect-ViServer <vcenter fqdn> -Credential $credential

and at the end of the script you can put a remove file command, like this:
del C:\Attimo_Fabio\password.txt

try and let me know if it works

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

0 Kudos
othmanabukarma1
Contributor
Contributor
‎05-22-2022 10:39 AM

Thank you very much, I will try it and confirm @fabio1975 

0 Kudos
mobinq
Contributor
Contributor
‎04-27-2023 02:35 AM

@othmanabukarma1  Please confirm if the solution provided by @fabio1975  worked for you. I'm working on applying tagging on the instant clones using the script provided in https://joeyvmware.wordpress.com/category/personal/ and the above commands to avoid plain text passwords. 

For me, it's working on the parent image when I manually run the post-sync.bat file but the tags are not being applied when I publish new image to the instant clone pool.

Any suggestion?

Thanks

Mobin

0 Kudos
mobinq
Contributor
Contributor
‎04-27-2023 09:44 AM

Ok, figured it out. ClonePrep uses SYSTEM account to launch the post sync script and if you are using any other account to encrypt the password then the script won't run, so I had to encrypt the password by launching the PowerShell as SYSTEM account.

Note: you need to have PSTools available on the parent machine to run this command.

psexec.exe -i -s powershell.exe

https://learn.microsoft.com/en-gb/sysinternals/downloads/pstools

Took a new snapshot and published the new image on an instant clone pool and could see the tags being applied successfully. 

Thanks

Mobin

0 Kudos