Thursday, November 15, 2012

vCAC - vCloud Automation Center UI customization

At the VMworld 2012 the vCloud Suite bundle was announced. Within this new suite package a new automation tool has arrived: vCloud Automation Center aka vCAC. Many of you know that this was the former dnynamicOps aqcuisition.

With vCloud Automation Center you can do some really cool things and I will show more of it in the upcoming posts. Based on the "old" dynamicOps 4.5 bits I tried to figure out how to customize the vCAC self-service portal which looks like this:

As you can see, it´a really smart frontend with some nice slider, buttons and of course functions. Based on the IIS config you can find the folder which contains the self-service portal files:

Under "App_Themes" you can now create a new one. Now you can edit the web.config file and add your themes there. In the web.config file is a description what to do :)

With this step you can now choose what designs you will offer:

I also checked the used objects (javascript console) to find out which .css file is used. As you can see, the design URL "/DCACSelfService/Content/Styles/all.css" defines all the layout stuff.

So the App_Theme only manages the calendar. I changed my profile in "custom" and used the downloaded jQuery theme for the calendar which isn´t colored:

As you can see, it´a bit tricky but you don´t need a master degree to design your own layout. So have fun with all the colors :)

UPDATE: One thing to keep in mind! Like all of my posts this one is no official supported solution :)

Thursday, October 4, 2012

vCO - VcOptionValue which value type?

Got some tricky task this week: Change the advanced parameter "NFS.MaxVolumes" of a ESX host to 256. First thought was: my post for VcOptionValue on the virtual machine. So I searched for the scripting class and wrote some like this:

var configMgr = myHost.configManager;

for(i in configMgr.advancedOption.queryOptions("NFS.MaxVolumes")){

var oValues = new Array();
oValues[0] = new VcOptionValue() ;
oValues[0].key = "NFS.MaxVolumes";
oValues[0].value = 256;

try {
}catch (e){

           System.log("Could not setAdvanced Settings. Error: " + e);

which should be run. But after firing this in vCO there comes an error message like: "wrong parameter" and "internal error". I looked into the vCO logs, the vSphere client and the vpxd.log but all messages didn´t show the exact problem.

After some investigation i found out that the type definition of the value is necessary! So there are some like int, float or long. In my case "long" was the answer. So the code has to look like this:

var configMgr = myHost.configManager;

for(i in configMgr.advancedOption.queryOptions("NFS.MaxVolumes")){

var oValues = new Array();
oValues[0] = new VcOptionValue() ;
oValues[0].key = "NFS.MaxVolumes";
oValues[0].value_LongValue = 256;

try {
}catch (e){

           System.log("Could not setAdvanced Settings. Error: " + e);

So, after the next test everything was fine :)

Friday, September 21, 2012

WaveMaker - handling SSL certificates

In the past some people ask for the SSL certificate handling of WaveMaker. This is mostly caused by WebService integration. With my new vCO 5.1 appliance I had the problem again. After generating a new certificate for the vCenter Orchestrator here I connected the WaveMaker and had to learn a hard lesson: no more HTTP API connection with SOAP! Checking the cause in the browser I could see that there is always a HTTPS redirection :)

So I had to import the certificate of the vCenter Orchestrator like this:

sudo keytool -import -alias vco51.vcloud.lab -file /Users/cjohannsen/Desktop/vco51.vcloud.lab -storepass changeit -keystore /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home/lib/security/cacerts 

As you can see the WaveMaker uses the JDK certificate store. So I had to export the vCO certificate (i used Firefox) and import it in the certificate store. The store password is originally "changeit". After a WaveMaker restart I tried to connect the https path:


and everything was fine.

With this its really easy to access the SOAP API. Next post will show how to connect the REST API with WaveMaker :)

Thursday, September 20, 2012

vCloud Director - get chain length and consolidate a vCloud:VM

As you may know it isn´t possible to consolidate a VM as an organization administrator. In most environments the customer gets an Org (Cola for example) and can deploy vApps etc. but isn´t able to consolidate a vCloud:VM (i use the vCO syntax for explicit wording).

If you want to provide this function in a customer portal, with WaveMaker for example, you need to check the chain length and when the user decides the consolidate method has to be called.

I build a workflow:

The workflow has three steps: determination of the chain length, user decision to consolidate or not and the consolidate call itself. The first part (getChain script) looks like this:


System.log("VM name: ";

var doc = new XML(myVm.toXml());
default xml namespace = doc.namespace();
var n8 = new Namespace("");

System.log("ChainLength: "+doc.VCloudExtension.*::VmVimInfo.*::VirtualDisksMaxChainLength);

var chainLength = doc.VCloudExtension.*::VmVimInfo.*::VirtualDisksMaxChainLength;

if(myVm.vmStatus.value != 8){
throw("VM is not powered off!");

As you can see I update the state of "myVM" (vCloud:VM) and setting the variable "chainLength" (number). The chain length is used as external input for the user interaction, so it´s possible to decide based on the count.

After the submission the myVm.consolidate() method is called and the workflows waits for it.

With my host.login() workflow you can combine the Org based login with the consolidation of vCloud:VM´s :)

vCO 5.1 appliance - how-to fix the localhost.localdom certificate

Yesterday I updated my local lab to the brand new vCloud Suite 5.1. The most interesting thing for me was the vCenter Orchestrator appliance and it´s REST API. So after the deployment the appliance came up (I had to disconnect/connect the cd-rom while the certificate was generated) and the typical configuration interface was available.

After some normal tests I had some smaller problems:

1. the logs windows doesn´t show the logs
2. the browser tells me that the ceritifcate isn´t okay

My colleague Christophe Decannini points me in the right direction with the logs problem: the time between appliance and client was different. After changing the time and timezone everything was fine.

The second problem wasn´t this easy to solve. First I created a new certificate with the standard configuration service method:

After that I checked the certificate in my browser and was surprised that the certificate name was localhost.localdom.

A short console test also shows that the common name wasn´t right.

After a few more tests Burke Azbill mentioned his blog article and what should I say... even the linux appliance has the problem (article). So i started the following steps:

1. check for the certificate store

2. delete the old "dunes" ceritficate

3. generate new certificate

4. restart the vCenter Orchestrator appliance

After the restart I checked for the certificate again and everything was okay. Now I can test the new REST API :)

Tuesday, July 24, 2012

PowerCLI - IP reservation with PowerShell

Sometimes I receive questions which aren´t exactly my skill. In this case I was asked for a "IP management" from a .csv/.txt file to receive an IP address and reserve it. The IP address should be used for a vCloud Director vApp deployment. As a google junkie i searched for a ready-to-use solution but there wasn´t any.

So i decide to build a small script and a text file to play around with. The text file (ip_names.txt) only has three informations, comma separated:

ip address; dns name; state

and looks like this:;cjohannsen001;reserved;cjohannsen002;free;cjohannsen003;reserved;cjohannsen004;free;cjohannsen005;free;cjohannsen006;reserved

The goal was to select an ip address and if the address is chosen it should be reserved by changing the state keyword.

After a few attempts I figure out the following script:

$file = "ip_names.txt"
$Lines = Get-Content -path $file -readcount 0

For($i=0; $i -lt $Lines.Count; $i+=1){

$ip = $Lines[$i].ToString().Split(';')[0].Trim() 
$dns = $Lines[$i].ToString().Split(';')[1].Trim() 
$state = $Lines[$i].ToString().Split(';')[2].Trim() 
    if ($state –eq 'free') {
echo $ip "... is free"
$bool = Read-Host "Use IP?"
if($bool -eq "yes"){
$Lines[$i] = $Lines[$i].Replace("free", "reserved")
$Lines | Set-Content -Path $file
echo "IP address:"
echo "IP wasn´t chosen."

With this small script you will be able to "select" an IP address ;)

Monday, July 9, 2012

chain length consolidation in vCloud Director - multi-tenancy part 2

Based on the last article I think about a solution to enable vCloud Director organization administrators to consolidate their virtual machines (keep in mind this is only available in the SYSTEM organization) without being the SYSTEM administrator.

So if your customers are administrators in their org they aren´t able to consolidate their VMs and this could cause performance issues.

With the "host.login()" method in the vCloud Director plug-in of vCenter Orchestrator you will be able to authorize organization administrators and identify their organizational vApps and VMs. Because the vCenter Orchestrator is connected as a SYSTEM administrator to the vCloud Director you can call methods like "consolidate" directly.

The most valuable step is to identify the chain length of the VM which isn´t viewable as organization admin. So if you know have identified your VMs you can create an scriptable task like this:


System.log("VM name: ";

var doc = new XML(myVm.toXml());
default xml namespace = doc.namespace();
var n8 = new Namespace("");

System.log("ChainLength: "+doc.VCloudExtension.*::VmVimInfo.*::VirtualDisksMaxChainLength);

var chainLength = doc.VCloudExtension.*::VmVimInfo.*::VirtualDisksMaxChainLength;

if(myVm.vmStatus.value != 8){
throw("VM is not powered off!");

Please keep in mind that the vm.updateInternalState() method is useful cause the state is sometimes not the same as displayed in vCO. This is also useful for the host.login() method in my last article.

The first step identifies the chain length and the second one checks the state of the VM. In my workflow used a "user interaction" with the chain length as external input to ask if the VM should be consolidate. From a external portal you have to use the "answerWorkflow" method.

When the user decides to consolidate (with seeing the chain length in the decision field) the next scriptable task only has a consolidate call:

var task = myVm.consolidate();

The whole workflow looks like this:

You can control the operation in you vCloud Director, there you will see a "consolidating VM" even if you aren´t a SYSTEM administrator :)

Tuesday, July 3, 2012

vCD is multi-tenant, vCO is single-tenant, what now?

This week I had a discussion with one of our VSSP customers about the integration of vCloud Director in vCenter Orchestrator. As you might know there ist a plug-in for the vCD available which allows you to configure the vCD connection and make it available in vCO.

Now there is one thing to know about: If you configure the plug-in you will use the SYSTEM organization to have all other organizations available. If you connect to the vCO with the SOAP interface (with WaveMaker for example) the users will have full access to the vCD and not only to their organization.

Because of the user and role management in vCloud Director you will be limited in some functions. As example: There is no way to "consolidate" a VM even if you can see the chain length in their properties. This is limited to the provider administrator role.

So what´s the solution?

You can insert all organizations as new vCD connections in the vCD plug-in and as a vCO admin you are able to consolidate... but this isn´t really slick. The other was is to "authenticate" users with their organization and limit their access to their vApps/VMs.

After some attempts i designed a workflow like this:


  • org (string)
  • user (string)
  • pass (string)

  • url (string)
which were easy to fill from a web portal. With these parameters you are able to use the VclHost.login() method like this:

VclHostManager.setRuntimeCredentials(user, pass); 
var host = VclHostManager.createHost(); 
host.url = url; 
host.organization = org; 
host.sessionMode = VclHostSessionMode.PER_USER_SESSION; 
host.enabled = true; 

Now you are "logged" in with the user and the matching org. A way to verify this is to check for the organizations:

var Organizations = host.getOrganizations(); 
for (i in Organizations){
    System.log("Organization: "+Organizations[i].name);

As you can see you will only receive the organizations of the logged in user :)

In my test environment it looks like this:

Now you will be able to get the vApps and Vms of the organization and do some magic with them. I will post some further steps (chain length, WaveMaker portal) later... cause I´m a consultant... in a hotel... with some beer... and only a notebook :)

Friday, May 4, 2012

ruby - SOAP access with savon

The last three days I played around with ruby and learned a lot of things (a big thanks to Marius). When practicing some basic functionalities ( I decide to check if I can connect to the SOAP interface of the vCenter Orchestrator. Yes, SOAP, it´s old school :)

First you need to install a new gem called savon to enable ruby as a SOAP client. After that the require 'savon' loads the gem.

Now here is an example to get some vCenter Orchestrator workflows:

require 'savon'

Savon.configure do |config|
  config.log = false         

client = do
 wsdl.document = ""
user = "YourUser"
pass = "YourPass"

def findWorkflow(wfName, client,user,pass)
 response = client.request :get_workflows_with_name do
  soap.body = { workflowName: wfName, username: user, password: pass }
 return response

def getAllWfs(client,user,pass)
 response = client.request :get_all_workflows do
  soap.body = { username: user, password: pass}
 return response

def getAllWfInfos(allWfs)
 allWfs[:get_all_workflows_response][:get_all_workflows_return].each do |wf|
  wf.each { |x| x.each { |y| p y } }

myWfs = getAllWfs(client)
wfInfos = getAllWfInfos(myWfs)

This code produces the following output:

So maybe this helps you to play around with ruby and some SOAP operations. Hopefully I will find some time to consume the REST API of the vCloud Director and show you some examples :)

Friday, March 9, 2012

vCO - how to find the vlanID of a dvPortGroup

Today I received an interesting question: "How to find out the VLAN ID of a distributed virtual port group?". At the first moment I think: "No problem, cause the vSphere client can also show the information.".

After several hours and searches in the vSphere API and Onyx I realized that there isn´t any direct method for that :(

So I test the illogical things and enhanced the defaultPortConfig attribute about the vlan attribute... and what should I say: There was an atribute!

After testing if the attribute is part of the VcVmwareDistributedVirtualSwitchVlanIdSpec I was able to check the vlan :)

for(i in dvSwitch.portgroup){
if(dvSwitch.portgroup[i].config.defaultPortConfig.vlan instanceof VcVmwareDistributedVirtualSwitchVlanIdSpec){

This looks like the following screen in the end:

So I hope this helps! By the way, I never had so many failed runs in a row :)

Monday, February 27, 2012

vCO - want fast success? use python!

As you may know I´m always interested in finding new methods to make vCO available in the most common programming languages. Last week some guys developed their web service client in python using the outstanding PyvCO module:

I see their fast and impressive results which took them just a few days and decided to take a look into python using "native" SOAP clients. After reading thru some available modules I decide to use suds: because it seems to have a simple design.

After installing the module on my MacBook with pip install suds the first test is really simple:

import suds
client = suds.client.Client('')
print client

This is the output:

As you can see all methods and types are shown with a simple print :)

Based on this and some indents you can produce some real nice functions like this:
import suds

vCOurl = ''
#username = raw_input('Username: ')
#password = raw_input('Password: ')
username = 'USERNAME'
password = 'PASSWORD'

client = suds.client.Client(vCOurl)
#print client

def getAllWfs():
 allWfs = client.service.getAllWorkflows(username, password)
 return allWfs

def findWfs(name):
 Wfs = client.service.getWorkflowsWithName(name, username, password)
 return Wfs

#allWfs = getAllWfs()
allWfs = findWfs(raw_input('Workflow name: '))

for wf in allWfs:
   wfInParas = wf.inParameters
   for iParas in wfInParas[0]:
        print 'inParameter: '
        print (, iParas.type)
   wfOutParas = wf.outParameters
   for oParas in wfOutParas[0]:
        print 'outParameter: '
        print (, oParas.type)

With this you can search for a workflow and get the IN/OUT parameters. As you can see the success comes really fast!

So feel free to post your implementations!

Friday, February 24, 2012

vCO - How to automate Altiris Deployments

This week I was in Vienna to implement a VM deployment automation based on Altiris. First thing I always ask is: "Why do you use Altiris as deployment mechanism if you have VMware templates?" and in this case the physical deployment was the answer. So Altiris Deployment is used for physical and virtual servers.

What I like when implementing these things is that the customer has the freedom to choose where to deploy. So there are no borders to deploy a VM or vApp in the vCloud Director for example. It´s just a decision field away :)

First thing you need is to have the Altiris SDK installed on your Altiris Deployment Server. You can find the actual version here:

After the installation you will have another IIS website available: /Altiris.ASDK.DS/ which serves the webservice "API". Now we have two options: the SOAP plug-in and native HTTP POST/GET commands. I prefer the HTTP command way cause the SOAP API isn´t available as one WSDL definition.

So the most simple way is to call the Altiris URL for the exact task. In my case I search for the UUID because the system is displayed as VMware-xxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxx, rename the system into the VMname IN-parameter and schedule the exact job for the system. You can find the JobIDs via web-browser on the Altiris.ASDK.DS path.

 The command for searching a system (HTTP GET) could look like this:

var url = "http://"+AltirisServer+"/Altiris.ASDK.DS/ComputerManagementService.asmx/GetComputerID?computerSearchPhrase=";
url += Servername
url += "&computerSearchType=2";
var MyURL = new URL(url);
var Result = MyURL.result;

So, now have fun to automate your Altiris Deployment :)
Maybe this also could be used to automate the vApp deployment including Altiris for the vCloud Director...