«

»

Jun 26 2012

Remote use of VMware.View.Broker PowerCLI

VMware View has some known limitations when talking about automation and remote management. Besides the Graphical User Interface, local PowerCLI is the only supported management method. I say local PowerCLI because none of the VMware View PowerCLI cmdlets allow remote management; nor there is a module or DLL that you can register in a host other than a View Connection Server.

Due to these limitations administrators need to either login to the connection server to execute cmdlets and scripts, or establish a remote PowerShell session using Enter-PSSession after winrm is properly configured. That may be OK if you have a single server to manage, but not OK for managing multiple servers and pods.

The best way to remotely manage multiple View servers is to automate the configuration process for each server. I use Invoke-VMScript to execute local winrm commands that prepare the hosts to talk to each other before a remote PowerShell session can be established.

Before you continue you will need to make sure that Windows UAC (User Account Control) is disabled in all hosts. This can be done via registry changes, group policy deployments, manually, or via few executable available on the net. Here is a good staring point.

In the script below the first Invoke-VMScript register the target Connection Server with the management VM. The second and third Invoke-VMScript enable winrm and add the required trusts to allow the Connection Server to accept remote sessions from the management VM.

The fourth Invoke-VMScript is optional and it’s changing the execution policy to bypass on the Connection Server. I recommend you setting the remote execution to RemoteSigned, requiring scripts to be signed.

The final Invoke-VMScript registers PowershellServiceCmdlets.dll and allowing you to load the VMware.View.Broker Snap-In when the remote PowerShell session is established.

[css lang=”plain” autolinks=”false” classname=”myclass” collapse=”false” firstline=”1″ padlinenumbers=”false” gutter=”true” smarttabs=”true” tabsize=”10″ toolbar=”true”]
FunctionPSRemoteSession-Configure {
[cmdletBinding()]
Param(
[parameter(Mandatory=$true)]
[string]$sourcevm,
[parameter(Mandatory=$true)]
[string]$targetvm,
[parameter(Mandatory=$true)]
$sourcevmcredential,
[parameter(Mandatory=$true)]
$targetvmcredential
)

$sourcevm= (Get-VM-Name$sourcevm)
$targetvm= (Get-VM-Name$targetvm)
$sourcevmIP= (Get-VMGuest-VM$sourcevm).IPAddress[0]
$targetvmIP= (Get-VMGuest-VM$targetvm).IPAddress[0]

Write-Host"winrm s winrm/config/client [$sourcevm]"
$script=Convert-StringToScriptBlock("winrm s winrm/config/client @{TrustedHosts=""$targetvmIP""}")
Invoke-VMScript-ScriptText$script-VM$sourcevm-GuestCredential$sourcevmcredential-ScriptType:Bat

Write-Host"winrm quickconfig [$targetvm]"
$script=Convert-StringToScriptBlock("winrm quickconfig -q")
Invoke-VMScript-VM$targetvm-ScriptText$script-GuestCredential$targetvmcredential-ScriptType:Bat

Write-Host"winrm s winrm/config/client [$targetvm]"
$script=Convert-StringToScriptBlock("winrm s winrm/config/client @{TrustedHosts=""$sourcevmIP""}")
Invoke-VMScript-VM$targetvm-ScriptText$script-GuestCredential$targetvmcredential-ScriptType:Bat

Write-Host"Set-ExecutionPolicy -ExecutionPolicy:Bypass [$targetvm]"
$script=Convert-StringToScriptBlock("Set-ExecutionPolicy -ExecutionPolicy:Bypass")
Invoke-VMScript-VM$targetvm-ScriptText$script-GuestCredential$targetvmcredential-ScriptType:Powershell

white-host"VMware View add-snapin.ps1 [$targetvm]"
$script=Convert-StringToScriptBlock("set-aliasinstallUtil$env:windir\Microsoft.NET\Framework64\v2.0.50727\installUtil
`$null= (installUtil (((get-itemproperty’HKLM:\Software\VMware, Inc.\VMware VDM’).ServerInstallPath) +""\bin\PowershellServiceCmdlets.dll""))
add-PSSnapin""VMware.View.Broker""")
Invoke-VMScript-VM$targetvm-ScriptText$script-GuestCredential$targetvmcredential-ScriptType:Powershell
Return""
}
[/css]

Now that management and connection server VMs are configured it’s time to establish a remote session using New-PSSession. This is straight forward, but you must make sure that the VMware.View.Broker Snap-In is loaded before you can issue VMware View PowerCLI cmdlets. The below function exemplifies how to establish the remote session.

[css lang=”plain” autolinks=”false” classname=”myclass” collapse=”false” firstline=”1″ padlinenumbers=”false” gutter=”true” smarttabs=”true” tabsize=”10″ toolbar=”true”]
FunctionPSRemoteSession-Create {
[cmdletBinding()]
Param(
[parameter(Mandatory=$true)]
[string]$targetvm,
[parameter(Mandatory=$true)]
$credential
)

$targetvmIP= (Get-VMGuest-VM$targetvm).IPAddress[0]
$session=New-PSSession-ComputerName$targetvmIP-Credential$credential
$script= {add-pssnapinVMware.View.Broker}
Invoke-Command-Session$session-ScriptBlock$script
Return$session
}
[/css]

Of course, before executing any code you must establish the connection to a vCenter Server or ESX host.

[css lang=”plain” autolinks=”false” classname=”myclass” collapse=”false” firstline=”1″ padlinenumbers=”false” gutter=”true” smarttabs=”true” tabsize=”10″ toolbar=”true”]
FunctionConnect-VIServer {
[cmdletBinding()]
Param(
[parameter(Mandatory=$true)]
[string]$server,
[parameter(Mandatory=$true)]
$credential
)
Connect-VIServer-Server$vcserver-Protocolhttps-Credential$credential
Return""
}
[/css]

Note that I am using Get-Credential in my code, but you may decide to use –username and –password for the original Connect-VIServer cmdlet.

[css lang=”plain” autolinks=”false” classname=”myclass” collapse=”false” firstline=”1″ padlinenumbers=”false” gutter=”true” smarttabs=”true” tabsize=”10″ toolbar=”true”]
Connect-VIServer-server"x.x.x.x"-credential (Get-Credential)
PSRemoteSession-Configure-sourcevm"source"-targetvm"target"-sourcevmcredential (Get-Credential) -targetvmcredential (Get-Credential)
PSRemoteSession-Create-targetvm"target"-credential (Get-Credential)
[/css]

By now you should have all your Connection Servers registered to accept connections from the management VM and a $session have been established with VMware.View.Broker Snap-In loaded. To execute a remote PowerCLI command create a scriptblock and run with Invoke-Command.

[css lang=”plain” autolinks=”false” classname=”myclass” collapse=”false” firstline=”1″ padlinenumbers=”false” gutter=”true” smarttabs=”true” tabsize=”10″ toolbar=”true”]
$script=[scriptblock]::Create("Add-PoolEntitlement -pool_id $pool_id -sid $usersid")
Invoke-Command-Session$session-ScriptBlock$script
[/css]

or

[css lang=”plain” autolinks=”false” classname=”myclass” collapse=”false” firstline=”1″ padlinenumbers=”false” gutter=”true” smarttabs=”true” tabsize=”10″ toolbar=”true”]
$script=[scriptblock]::Create("Add-ViewVC -ServerName $vCenterIP -Name $vCenterIP -displayName $vCenterIP -username $username -password $password -UseComposer `$false")
Invoke-Command-Session$session-ScriptBlock$script
[/css]

The example I am using here is focused on configuring host for use with VMware View but applies to any host being configured for PowerShell remote execution.

This article was first published by Andre Leibovici (@andreleibovici) at myvirtualcloud.net.

2 comments

2 pings

  1. Andre Leibovici

    One thing that I forgot to mention is that you can aggregate the command set into a single Invoke-VMScript command.

    $script = Convert-StringToScriptBlock(“winrm quickconfig -q
    winrm set winrm/config/client @{TrustedHosts=””$viewserver””}
    winrm set winrm/config/service/auth @{Basic=””true””}
    winrm set winrm/config/service @{AllowUnencrypted=””true””}
    “)
    Invoke-VMScript-ScriptText$script-VM$sourcevm-GuestCredential$sourcevmcredential-ScriptType:Bat

    $script = Convert-StringToScriptBlock(“Set-ExecutionPolicy -ExecutionPolicy:Bypass
    set-alias installUtil $env:windir\Microsoft.NET\Framework64\v2.0.50727\installUtil
    `$null = (installUtil (((get-itemproperty ‘HKLM:\Software\VMware, Inc.\VMware VDM’).ServerInstallPath) + “”\bin\PowershellServiceCmdlets.dll””))
    add-PSSnapin “”VMware.View.Broker””
    “)
    Invoke-VMScript-ScriptText$script-VM$sourcevm-GuestCredential$sourcevmcredential-ScriptType:Powershell

    Andre

  2. chalans

    Thank you for this tips.

    Do you know if there is a timeout in a psSession ?

  1. myvirtualcloud.net » Setting VMware View Desktop State Remotely

    […] to use VMware.View.Broker PSSnap-In to configure WinRM sessions and execute remote View PowerCLI (here). It is possible to remotely execute PowerCLI cmdlets using New-PSSession as I demonstrated in my […]

  2. Setting VMware View Desktop State Remotely « Cliff Davies Cliff Davies

    […] to use VMware.View.Broker PSSnap-In to configure WinRM sessions and execute remote View PowerCLI (here). It is possible to remotely execute PowerCLI cmdlets using New-PSSession as I demonstrated in my […]

Leave a Reply