Attending VMworld Europe?

barcelona1

I’m fortunate enough to be able to attend VMworld Europe again this year, so thought I would suggest a few tips based on my previous experience on how to get the most out of the conference.

Some years ago now the first large scale IT conference I attended was Microsoft Teched in Barcelona. Prior to attending I had no real idea what to expect, but fortunately stumbled across these two posts (1 and 2) from Jonathan Noble which were a great help. As it turned out we had a shared interest in PowerShell and he was kind enough to meet up the day before the conference , give me a few more insights and introduce me to some folks since I didn’t know many people in the wider IT community back then.

So hopefully this post might help you in a similar way if you are attending for the first time or maybe even if you are a conference veteran. Since I am funding this trip myself a lot of the advice is around working to a budget.

1) Registration

First up, register as early as possible you may get an early bird discount. Also watch out for discounts if you have the VCP certification and maybe consider the VMUG Advantage package which will give you an additional discount amongst its other benefits..

2) Get there before Monday

The conference is officially advertised as being from Tuesday 14th – Thursday 16th October with a partner day on Monday 13th. So if you work for a partner there are events for you on the Monday, but if not have a look at the Agenda and see what else you might be able to do that day. My personal tip is to make that day the time you spend in the Hands-On-Labs area. Typically it is a lot quieter than the rest of the week so less queuing and also you most likely won’t be thinking I should be in a session / discussion group / the community hang-space now. So get there on the Saturday or Sunday, take a look around Barcelona and there are usually community events starting from Sunday evening to go to.

3) Flights

Book early – that is all. The cost goes up and availability decreases quite significantly from about now, so hurry up :-)

4) Accommodation

In previous year’s I’ve stayed in various hotels with mixed results. Last year’s experience wasn’t a great one after booking a hotel with a short metro commute to the conference centre I got bumped to one of their sister hotels with a long metro commute because of an issue with ‘a serious water leak in the hotel’ – in other words because I had booked the hotel independently rather than through the VMworld registration (since it was cheaper) I got bumped because it was now overbooked.

Thanks to a tip off from Simon Gallagher this time  I am going to try renting an apartment instead via AirBnB. Since I will hardly spend any time at the hotel apart from sleeping, there is not much point paying for the additional facilities they may offer. Last year I paid ~£320 for 4 nights at the hotel and got substandard service anyway. A quick scan over what’s on offer at AirBnB suggests I can get something suitable for ~£200 for the 4 nights. So we’ll see how that pans out this time.

5) Food

On a similar note there’s no point paying for breakfast at a hotel since you can get breakfast at the conference as part of your pass. Last year on Partner Day there was no food provided if you were not a partner, so if you’re taking advantage of that day in the labs like I suggested above you might want to bear that in mind. Most evening events will have some kind of finger food on offer, if you prefer to eat properly then you may want to sample some of the many restaurants Barcelona has to offer.

6) General

One of the best things about the conference is the chance to network with peers who have similar interests to yourself. As I mentioned at the start of this post I made a good friend at the first IT conference I went to and also met a bunch of people who it would prove very useful to know in the years since. In addition to the official conference events, get along to some of the community arranged events since you will inevitably meet some great people there. Also head over to the community hang space, a great place to meet and chat with many of the people who produce great blog content that you probably read on a daily basis.

Hope to see you there :-)

 

FBL-ESP-LIGA-BARCELONA-REAL MADRID

 

Automating vCAC Tenant Creation with vCO: Part 7 Creating a vCAC Catalog Item

In this series we will see how to automate the creation of a tenant in vCAC using vCO. There are multiple tasks to provision a tenant in vCAC, so even though it is an automation product itself, there’s no reason why you shouldn’t look at automating parts of it too.

In part 7 we look at publishing our Create-Tenant vCO workflow back into vCAC as a catalog item to make for easy consumption of it. (At some point I will get round to automating this part too)

We’ll be publishing this catalog item to the default tenant (vsphere.local if you look at the list of tenants), so it’s worthwhile making sure that you have other user accounts which can access it other than the default [email protected]

So we need to create an Identity Store for the default tenant and add some Administrator groups:

vCACCatalogItem01

 

vCACCatalogItem02

Ensure that the Administrator group has the Service Architect role which will grant the use of Advanced Services. We then need to logout of the webpage and back in to enable the Advanced Services tab to appear.

vCACCatalogItem03

 

At this point if you are using a vCO server external to vCAC (as I am in my lab) you will want to ensure that you have enabled AD authentication to it and provided an admins group.

vCACCatalogItem03b

This makes it straightforward to now configure vCAC to use an external vCO server using an AD account.

vCACCatalogItem03c

We also need to make sure the Default Tenant has a Business Group so that we will be able to publish Catalog Items.

vCACCatalogItem09a

 

Navigate to Advanced Services and Service Blueprints, then add a new one:

vCACCatalogItem04

 

We can now see the vCO directory structure presented to us to drill down through and find the workflow to publish, Create-vCACTenant.

vCACCatalogItem05

Navigate through the wizard to complete the addition. Firstly, accept the default name.

vCACCatalogItem06

On the Blueprint Form tab we have some options to amend the presentation of the form. Mostly this is picked up from the vCO workflow presentation, but it can be configured further here.

vCACCatalogItem07

Accept the default on Provisioned Resource and finish the Wizard.

vCACCatalogItem08

Make sure to Publish the Blueprint.

vCACCatalogItem09

We need to create a Service for Catalog Item consumption.

vCACCatalogItem09b

Now configure a Catalog Item for Create-vCACTenant and add it to the above Service.

vCACCatalogItem09c

 

Add an Entitlement so that users are able to access the Catalog Item.

vCACCatalogItem10

Add the Create-vCACTenant Catalog Item to the Entitlement.

vCACCatalogItem11

 

Login to vCAC as one of the users with the Entitlement and we will see the Create-vCACTenant  item in our Catalog.

vCACCatalogItem12

Let’s run the item to make sure it works.

vCACCatalogItem13

vCACCatalogItem14

vCACCatalogItem15

We can look in our Requests to observe the status.

vCACCatalogItem16

We can also observe that TenantC has been created in vCAC :-)

vCACCatalogItem17

 

Automating vCAC Tenant Creation with vCO: Part 1 AD SSL
Automating vCAC Tenant Creation with vCO: Part 2 AD Users, Groups and OUs
Automating vCAC Tenant Creation with vCO: Part 3 Install the vCAC plugin for vCO
Automating vCAC Tenant Creation with vCO: Part 4 Creating a Tenant
Automating vCAC Tenant Creation with vCO: Part 5 Creating an Identity Store
Automating vCAC Tenant Creation with vCO: Part 6 Adding Administrators
Automating vCAC Tenant Creation with vCO: Part 7 Creating a vCAC Catalog Item

Automating vCAC Tenant Creation with vCO: Part 6 Adding Administrators

In this series we will see how to automate the creation of a tenant in vCAC using vCO. There are multiple tasks to provision a tenant in vCAC, so even though it is an automation product itself, there’s no reason why you shouldn’t look at automating parts of it too.

In part 6 we look at adding Administrators to a Tenant in vCAC.

1) Add the ‘Add administrators’ workflow

Drag the Add administrators workflow from the vCloud Automation Center section of the workflow library

vCOvCACPlugin18

vCOvCACPlugin48

Add the inputs. (This is why we created Array based outputs for the administrator groups earlier in the series – we could add multiple groups here)

vCOvCACPlugin49

There are no outputs to add for this workflow.

Now run the workflow to test all functionality.

vCOvCACPlugin43

vCOvCACPlugin50

 

vCOvCACPlugin51

You can download exports of these workflows below:

Create-ADRequirements.workflow

Create-vCACTenant.workflow

 

 

Automating vCAC Tenant Creation with vCO: Part 1 AD SSL
Automating vCAC Tenant Creation with vCO: Part 2 AD Users, Groups and OUs
Automating vCAC Tenant Creation with vCO: Part 3 Install the vCAC plugin for vCO
Automating vCAC Tenant Creation with vCO: Part 4 Creating a Tenant
Automating vCAC Tenant Creation with vCO: Part 5 Creating an Identity Store
Automating vCAC Tenant Creation with vCO: Part 6 Adding Administrators
Automating vCAC Tenant Creation with vCO: Part 7 Creating a vCAC Catalog Item

Automating vCAC Tenant Creation with vCO: Part 5 Creating an Identity Store

In this series we will see how to automate the creation of a tenant in vCAC using vCO. There are multiple tasks to provision a tenant in vCAC, so even though it is an automation product itself, there’s no reason why you shouldn’t look at automating parts of it too.

In part 5 we look at adding an Identity Store to a Tenant in vCAC.

1) Generate the variables for adding an Identity Store

Add a scriptable task so we can generate the parameters we need for an Identity Store

vCOvCACPlugin28b

Add the AD domain as an Attribute of the workflow

vCOvCACPlugin30

Add an additional property to that Configuration Element for the netbiosDomain

vCOvCACPlugin31

and add it as an attribute of the workflow

vCOvCACPlugin32

Create a new Configuration Element for the Identity Store and add Type and URL properties.

vCOvCACPlugin33

vCOvCACPlugin34

 

Then add them as workflow attributes:

vCOvCACPlugin35vCOvCACPlugin36

Add inputs

vCOvCACPlugin37

Add outputs

vCOvCACPlugin38

And the following scripting


identityStoreName = tenantName + "-AD";
identityStoreUserDN = vcoServiceUser.distinguishedName;
identityStoreGroupsSearchDN = tenantGroupsOU.distinguishedName;
identityStoreUsersSearchDN = tenantUsersOU.distinguishedName;

tenantAdministratorsName = tenantAdminsGroup.getAttribute('Name');
infrastructureAdministratorsName = infrastructureAdminsGroup.getAttribute('Name');

tenantAdministratorsUpnName = tenantAdministratorsName + "@" + identityStoreDomain;
infrastructureAdministratorsUpnName = infrastructureAdministratorsName + "@" + identityStoreDomain;

tenantAdministrators = [tenantAdministratorsUpnName];
infrastructureAdministrators = [infrastructureAdministratorsUpnName];

vCOvCACPlugin39

 

 

2) Add the ‘Add an identity store to a tenant’ workflow

Drag the Add an identity store to a tenant’ workflow from the vCloud Automation Center section of the workflow library

vCOvCACPlugin18

Add the In parameters

vCOvCACPlugin41

And the Out parametervCOvCACPlugin42

3) Now run the workflow to test it works

vCOvCACPlugin43

vCOvCACPlugin44

 

vCOvCACPlugin45

vCOvCACPlugin47

In part 6 we will complete the  Administrators configuration

 

Automating vCAC Tenant Creation with vCO: Part 1 AD SSL
Automating vCAC Tenant Creation with vCO: Part 2 AD Users, Groups and OUs
Automating vCAC Tenant Creation with vCO: Part 3 Install the vCAC plugin for vCO
Automating vCAC Tenant Creation with vCO: Part 4 Creating a Tenant
Automating vCAC Tenant Creation with vCO: Part 5 Creating an Identity Store
Automating vCAC Tenant Creation with vCO: Part 6 Adding Administrators
Automating vCAC Tenant Creation with vCO: Part 7 Creating a vCAC Catalog Item

Automating vCAC Tenant Creation with vCO: Part 4 Creating a Tenant

In this series we will see how to automate the creation of a tenant in vCAC using vCO. There are multiple tasks to provision a tenant in vCAC, so even though it is an automation product itself, there’s no reason why you shouldn’t look at automating parts of it too.

In part 4 we look at the first part of creating a Tenant in vCAC.

1) Create the parent workflow

After creating a workflow for the AD requirements in parts 1 and 2, the rest of the work is done via built-in workflows of the vCAC plugin. So we will create a parent workflow to organise the rest into.

vCOvCACPlugin14

First of all drop in the AD workflow and add an input parameter

vCOvCACPlugin15

vCOvCACPlugin16

 

2) Add the ‘Create a tenant’ workflow

Drag the Create a tenant workflow from the vCloud Automation Center section of the workflow library

vCOvCACPlugin18

vCOvCACPlugin19

Set the In parameters

vCOvCACPlugin20

We can set the Value here since we are only working with one vCAC server

vCOvCACPlugin21

vCOvCACPlugin22vCOvCACPlugin23

Output the Tenant object from this workflow, since we will need it in parts 5 and 6.

vCOvCACPlugin24

 

3) Test the workflow

As a test, we can run what we have so far which will create the AD requirements and an empty tenant in vCAC.

vCOvCACPlugin25

Looking good so far

vCOvCACPlugin26a

vCOvCACPlugin26

vCOvCACPlugin27

vCOvCACPlugin28

In parts 5 and 6 we will complete the Identity Stores and Administrators configuration

 

Automating vCAC Tenant Creation with vCO: Part 1 AD SSL
Automating vCAC Tenant Creation with vCO: Part 2 AD Users, Groups and OUs
Automating vCAC Tenant Creation with vCO: Part 3 Install the vCAC plugin for vCO
Automating vCAC Tenant Creation with vCO: Part 4 Creating a Tenant
Automating vCAC Tenant Creation with vCO: Part 5 Creating an Identity Store
Automating vCAC Tenant Creation with vCO: Part 6 Adding Administrators
Automating vCAC Tenant Creation with vCO: Part 7 Creating a vCAC Catalog Item

Automating vCAC Tenant Creation with vCO: Part 3 Install the vCAC plugin for vCO

In this series we will see how to automate the creation of a tenant in vCAC using vCO. There are multiple tasks to provision a tenant in vCAC, so even though it is an automation product itself, there’s no reason why you shouldn’t look at automating parts of it too. In part 3 we look at installing the vCAC plugin for vCO

1) Download the vCAC plugin   o11nplugin-vcac-6.0.1.vmoapp vCOADPlugin40

2) Install the plugin I’m installing this on a Windows based vCO box. Ensure that the vCO Configuration service is started since it is usually on manual startup. vCOADPlugin41

Navigate to the Configuration webpage, in my case https://localhost:8283/

vCOvCACPlugin01

and then Plugins

vCOvCACPlugin02

Enter credentials of a member of the vCO admins group. (If you haven’t set this up you might want to add an AD connection on the Authentication page)

vCOvCACPlugin03

and select the downloaded plugin, then Upload and install

vCOvCACPlugin04

Accept the License Agreement

vCOvCACPlugin05

Hopefully you get a nice green success

vCOvCACPlugin06

If so, you’ll get a note further down that you need to restart the vCO Server service

vCOvCACPlugin07


Get-Service VMwareOrchestrator | Restart-Service

After the restart, all is now OK

vCOvCACPlugin08

The built-in vCAC workflows are now available in the vCO client

vCOvCACPlugin09

3) Configure the plugin Navigate to Configuration and run the Add a vCAC host workflow

vCOvCACPlugin10

Fill out the details of the default vCAC tenant

vCOvCACPlugin11 vCOvCACPlugin12

…and now we have a vCAC server to work with

vCOvCACPlugin13

 

Automating vCAC Tenant Creation with vCO: Part 1 AD SSL
Automating vCAC Tenant Creation with vCO: Part 2 AD Users, Groups and OUs
Automating vCAC Tenant Creation with vCO: Part 3 Install the vCAC plugin for vCO
Automating vCAC Tenant Creation with vCO: Part 4 Creating a Tenant
Automating vCAC Tenant Creation with vCO: Part 5 Creating an Identity Store
Automating vCAC Tenant Creation with vCO: Part 6 Adding Administrators
Automating vCAC Tenant Creation with vCO: Part 7 Creating a vCAC Catalog Item

Automating vCAC Tenant Creation with vCO: Part 2 AD Users, Groups and OUs

In this series we will see how to automate the creation of a tenant in vCAC using vCO. There are multiple tasks to provision a tenant in vCAC, so even though it is an automation product itself, there’s no reason why you shouldn’t look at automating parts of it too.

In part 2 we will create the AD Users, Groups and OUs to support the vCAC tenant. In this example we will create:

OUs

TenantName and sub-OUs, Users and Groups

Users

A vcoservice account and tenant admin

Groups

A tenant admin group and infrastructure admin group

1) We’re using vCO 5.5.1 and the AD plugin ships by default. We need to configure it to work with a Domain Controller, so run the Configure Active Directory Server workflow.

vCOADPlugin01

vCOADPlugin02

 

vCOADPlugin03

vCOADPlugin04

Now in the vCO Inventory view we can traverse the AD structure

vCOADPlugin05

2) Use a vCO Configuration Element to store the default Tenants OU.

Since we will place each tenant OU into the default Tenants OU each time, we can store this object in a vCO Configuration Element and assign it as an attribute in the workflow.

vCOADPlugin05b

vCOADPlugin05c

vCOADPlugin05d

vCOADPlugin05e

vCOADPlugin05f

3) Create a workflow for the AD requirements. Later on we will plug this into the Create Tenant workflow which will handle all of the different parts. Add an input tenantName ….

vCOADPlugin06

vCOADPlugin07

 

Here we work on the presentation of the input and ensure that the user is guided into supplying us with the correct information.

vCOADPlugin08

vCOADPlugin08b

and an attribute tenantOU (the configuration element created above)

vCOADPlugin09

vCOADPlugin10

vCOADPlugin11

4) Create an OU

Add the Create an organizational unit workflow to the schema

vCOADPlugin12

Set the In parameters, firstly ouName

vCOADPlugin13

and also ouContainer

vCOADPlugin14

Create an Out parameter, which will be the Tenant OU that this workflow creates

vCOADPlugin15

I find the Visual Binding tab really useful as a quick visual checker that everything is set as I am expecting

vCOADPlugin16

We need to create two sub-OUs from the tenant OU. Since the Create OU workflow only creates one, I will show you an alternative for creating multiples rather than adding the workflow many times. Create a scriptable task and call it Create Sub OUs

vCOADPlugin17

As inputs we need the tenantName and tenantNameOU .

vCOADPlugin18

For outputs we need to create the two OUs as attributes of type AD:OrganizationalUnit since we will need to use these OUs later.

 

vCOADPlugin20

Again, mapped out view helps me to visualise I am on the right track….

The scripting code to create the OUs is relatively straightforward. We can call any action by using the path to it and then supplying the necessary parameters. In this case we use the createOrganizationalUnit and getOrganizationUnitFromOrganizationUnit  actions from the ActiveDirectory plugin.


// Create the Users and Groups OUs using the createOrganizationalUnit action
System.getModule("com.vmware.library.microsoft.activeDirectory").createOrganizationalUnit("Users",tenantNameOU);
System.getModule("com.vmware.library.microsoft.activeDirectory").createOrganizationalUnit("Groups",tenantNameOU);

// Retrieve the OU objects for Output
var usersOU = System.getModule("com.vmware.library.microsoft.activeDirectory").getOrganizationUnitFromOrganizationUnit(tenantNameOU,"Users");
var groupsOU = System.getModule("com.vmware.library.microsoft.activeDirectory").getOrganizationUnitFromOrganizationUnit(tenantNameOU,"Groups");

vCOADPlugin22

 

5) Create Users and Groups

Now we need to create some user accounts and groups, so add a scriptable task

vCOADPlugin23

As inputs we need tenantName, tenantOU, usersOU and groupsOU.

vCOADPlugin24

We need to output one of the users, its password and two of the groups for use later on:

vCOADPlugin25a

 

 

We need them to be out-parameters, not attributes, so that we can use them outside of the workflow later. If you create the Source parameter by clicking in the correct place above and choosing parameter rather than attribute then the workflow Out parameters will be created for you.

 

vCOADPlugin26

We also need to make use of a Configuration Element  for the ActiveDirectory domain. This provides a handy way to supply static values to the workflow without hard-coding them into a script element somewhere.

Navigate to Configuration Elements and create a new one

vCOADPlugin27

vCOADPlugin28

vCOADPlugin29

We can use this Configuration Element in our workflow by adding it as an attribute. Use the chooser button to select it.

vCOADPlugin30

vCOADPlugin31

Add the dnsDomain string to the Users and Groups scriptable task

vCOADPlugin32

vCOADPlugin32a

To create the user accounts we need to supply a password. I generate a random one with a helper action createRandomPassword. Store this somewhere that you can easily reference.

vCOADPlugin34a

We want to output two users and two groups from the workflow and also the vcosvcPassword.

Here’s the code to create the users and groups, and add the users to the groups

 

 

// Create vcoService and Tenant Admin users
var vcosvcPassword = System.getModule("com.jonathan.action.general").generateRandomPassword(12)
System.getModule("com.vmware.library.microsoft.activeDirectory").createUserWithPassword(tenantName + "_vCOSvc",vcosvcPassword,vcosvcPassword,dnsDomain,tenantName + "_vCOSvc",usersOU);
var tenantadminPassword = System.getModule("com.jonathan.action.general").generateRandomPassword(12)
System.getModule("com.vmware.library.microsoft.activeDirectory").createUserWithPassword(tenantName + "_TenantAdmin",tenantadminPassword,tenantadminPassword,dnsDomain,tenantName + "_TenantAdmin",usersOU);

System.log("vcosvc password is: " + vcosvcPassword);
System.log("tenantadmin password is: " + tenantadminPassword);

// Retrieve the vcoService and Tenant Admin users
var vcoServiceUser = System.getModule("com.vmware.library.microsoft.activeDirectory").getUserFromContainer(usersOU,tenantName + "_vCOSvc");
var tenantAdminUser = System.getModule("com.vmware.library.microsoft.activeDirectory").getUserFromContainer(usersOU,tenantName + "_TenantAdmin");

System.log("Tenant admin is: " + tenantAdminUser.distinguishedName);

// Create the Tenant Admin and Infra Admin groups
System.getModule("com.vmware.library.microsoft.activeDirectory").createUserGroup(tenantName + "_TenantAdmins",groupsOU);
System.getModule("com.vmware.library.microsoft.activeDirectory").createUserGroup(tenantName + "_InfraAdmins",groupsOU);

// Retrieve the Tenant Admin and Infra Admin groups and fix the SamAccountName
tenantAdminsGroup = System.getModule("com.vmware.library.microsoft.activeDirectory").getUsergroupFromContainer(groupsOU,tenantName + "_TenantAdmins");
tenantAdminsGroup.setAttribute('SamAccountName',tenantName + "_TenantAdmins");

infrastructureAdminsGroup = System.getModule("com.vmware.library.microsoft.activeDirectory").getUsergroupFromContainer(groupsOU,tenantName + "_InfraAdmins");
infrastructureAdminsGroup.setAttribute('SamAccountName',tenantName + "_InfraAdmins");
//Add tenant admin to admin groups
var tenantAdminUserArray = [tenantAdminUser];
tenantAdminsGroup.addElements(tenantAdminUserArray);
infrastructureAdminsGroup.addElements(tenantAdminUserArray);

vCOADPlugin35

Finally we need to get the usersOU and groupsOU out of the workflow, having already used them in the workflow. Add an additional scriptable task to do this.

vCOADPlugin42 vCOADPlugin43

vCOADPlugin44

vCOADPlugin46

 

 

 

That’s our completed AD workflow.

It’s worth testing the workflow at this point to ensure that everything works so far.

vCOADPlugin37

vCOADPlugin38

And here’s the result

vCOADPlugin39

 

 

 

Automating vCAC Tenant Creation with vCO: Part 1 AD SSL
Automating vCAC Tenant Creation with vCO: Part 2 AD Users, Groups and OUs
Automating vCAC Tenant Creation with vCO: Part 3 Install the vCAC plugin for vCO
Automating vCAC Tenant Creation with vCO: Part 4 Creating a Tenant
Automating vCAC Tenant Creation with vCO: Part 5 Creating an Identity Store
Automating vCAC Tenant Creation with vCO: Part 6 Adding Administrators
Automating vCAC Tenant Creation with vCO: Part 7 Creating a vCAC Catalog Item

Automating vCAC Tenant Creation with vCO: Part 1 AD SSL

In this series we will see how to automate the creation of a tenant in vCAC using vCO. There are multiple tasks to provision a tenant in vCAC, so even though it is an automation product itself, there’s no reason why you shouldn’t look at automating parts of it too.

In parts 1 and 2 we will look at the AD requirements for a tenant. Since most organisations will likely use AD for authentication we will create the minimum users and groups required for a vCAC tenant in a structure that lends itself to further expansion.

In part 1 we will setup AD to accept requests via SSL. The AD plugin for vCO requires an SSL connection to a Domain Controller for any request that requires a password. For example creating a user or computer account, but not a group or an OU. Since we need to create some user accounts we will need to configure AD for SSL. (More on ways around this in a future post)

There are a number of different ways to go about this, so look into it properly for your own environment. There are various options with internal and external certificates, so find the best for your situation. Since this is in my lab and I only have one DC, I’m going to install AD Certificate Services on the DC and use an internal cert for the DC.

1) Ensure you have installed the AD Certificate Services role.

ADSSL00

2) Setup automatic certificates for computers in the Default Domain Controllers Group Policy

ADSSL01

ADSSL02

ADSSL03

ADSSL04

3) Check that your DC has been issued a certificate. Note: to speed this part up you may need a gpupdate /force and possibly also a reboot.

ADSSL05

4) You should also test that it is listening on port 636 for secure LDAP requests. You can use the built-in ldp.exe tool.

ADSSL06

ADSSL07

Now that we have that up and running, we can move onto Part 2 AD Users, Groups and OUs

 

Automating vCAC Tenant Creation with vCO: Part 1 AD SSL
Automating vCAC Tenant Creation with vCO: Part 2 AD Users, Groups and OUs
Automating vCAC Tenant Creation with vCO: Part 3 Install the vCAC plugin for vCO
Automating vCAC Tenant Creation with vCO: Part 4 Creating a Tenant
Automating vCAC Tenant Creation with vCO: Part 5 Creating an Identity Store
Automating vCAC Tenant Creation with vCO: Part 6 Adding Administrators
Automating vCAC Tenant Creation with vCO: Part 7 Creating a vCAC Catalog Item

vShield 5.5 API Programming Guide – Corrections

vShieldAPI

It’s pretty disappointing to need to do this, but recently while working with vCNS / vShield 5.5 and automating it via the REST API I have been making extensive use of the vShield 5.5 API Programming Guide.  On the whole its a decent document with lots of useful examples, without which I would have been struggling.

However, there are numerous mistakes in it, particularly around the URLs required for various API calls. The document doesn’t seem to have been QA’d particularly well before being released and as far as I can see many of these same mistakes are present in the 5.1 document.

Since other people seem to be wasting time finding the same type of issues, I’m documenting those I find as I go on in the hope that at least it should make it easier for people to find what’s wrong, rather than waiting for a communities post response or trial and error like I have been doing.

Those I have discovered so far are below. The documented URL is listed first, the correct one is below it.

Area Title URLs -Documented, Followed By Corrected  Page
IPSet
List IPsets Created on a Scope  GET https://<vsm-ip>/api/2.0/services/ipset/<scope-moref>  31 
GET https://<vsm-ip>/api/2.0/services/ipset/scope/<scope-moref> 
Services 
Add Service to a Scope  POST https://<vsm-ip>/api/2.0/services/application/scope/<moref>  41 
POST https://<vsm-ip>/api/2.0/services/application/<moref> 
Get Details of a Service  GET https://<vsm-ip>/api/2.0/services/applicationgroup/<applicationgroup-id>  43 
GET https://<vsm-ip>/api/2.0/services/application/<application-id> 
Modify Service Details  PUT https://<vsm-ip>/api/2.0/services/applicationgroup/<applicationgroup-id>  43 
PUT https://<vsm-ip>/api/2.0/services/application/<application-id> 
Delete Service from Scope  DELETE https://<vsm-ip>/api/2.0/services/applicationgroup/<applicationgroup-id>?force=<true|false>  44 
DELETE https://<vsm-ip>/api/2.0/services/application/<applicationid>?force=<true|false> 
Virtual Servers 
Append virtual server  POST https://<vsm-ip>/api/3.0/edges/<edgeId>/loadbalancer/config/virtualserver  136 
POST https://<vsm-ip>/api/3.0/edges/<edgeId>/loadbalancer/config/virtualservers 

If you have any of your own, please leave them in the comments and I’ll add them to the above.

vCO Create Random Password Action

Need to create a random password in vCO, maybe to be able to create a user account in Active Directory or elsewhere? I created an action for this task which can be reused in any workflow. The code for this is below.

There’s one input passwordLength to determine how long you want the password to be.

generateRandomPassword01

The action can be used in a workflow like so:

generateRandomPassword02

 

Alternatively, you can download the action to import into your own vCO install from my vCOModules repository on GitHub, where I’m beginning to store modules of generic actions I use. Only a few items there at the minute, but plenty to follow……


if (passwordLength == null || passwordLength == "" || passwordLength < 5) {

	throw "Parameter PasswordLength needs to be at least 5";
}

var pickNumber = passwordLength - 4

function shuffle(string) {
    var parts = string.split('');
    for (var i = parts.length; i > 0;) {
        var random = parseInt(Math.random() * i);
        var temp = parts[--i];
        parts[i] = parts[random];
        parts[random] = temp;
    }
    return parts.join('');
}

var lowercase = 'abcdefghijklmnopqrstuvwxyz';
var uppercase = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
var numbers = '0123456789';
var special = '!?£$@';
var all = lowercase + uppercase + numbers + special;

var c1 = lowercase.charAt(Math.floor(Math.random() * lowercase.length));
var c2 = uppercase.charAt(Math.floor(Math.random() * uppercase.length));
var c3 = numbers.charAt(Math.floor(Math.random() * numbers.length));
var c4 = special.charAt(Math.floor(Math.random() * special.length));
var c5 = '';

for( var i=0; i < pickNumber; i++ ){
	c5 += all.charAt(Math.floor(Math.random() * all.length));
}

var c6 = c1 + c2 + c3 + c4 + c5;
password = shuffle(c6);

return password;