Friday, August 25, 2017

Notes on Upgrading vRealize Business for Cloud to 7.3 with vIDM

If you installed vRBC like some of my customers did by using the vIDM appliance for SSO. You will run into a minor permissions issue after you upgrading to 7.3. This issue is mentioned in the release notes.
http://pubs.vmware.com/Release_Notes/en/vRBforCloud/73/vRBforCloud-73-release-notes.html

In this post I'll walk you through the upgrade process. Going from 7.2 to 7.3

vRBC 7.1 and higher allows you to use two authentication sources. vRA or vIDM. Here is a screenshot showing my home lab vRBC VAMI interface configured with vIDM for SSO.



When you install vIDM and configured it with vRBC 7.2 or lower it will automatically create two new security groups in vIDM. These two security group are what allow access to the vRBC application. If you have vIDM configured to use your Active directory you can add AD users or groups to these vIDM groups to grant access to the application.

  • VCBM_ALL
  • VCBM_VIEW


When it comes  to upgrading the vRBC appliance to the latest 7.3 or higher versions it is super easy.

  1. Go to the vRBC management interface  https://<yourVRBCfqdn>:5480
  2. Click on the Update tab.
  3. Click on Check updates
  4. Click on Install updates
  5. Watch magic happen....








After the update process completes and you login to the vRBC web application, you will be greeting with a warning that fades away. This warning is actually important. Because if you are an Admin you now only have read only access.


You are not associated with any of the vRealize Business for Cloud roles.
Contact the system administrator to add your username in a vREalize Business group for the appropriate access.

What happens during the upgrade is vRBC 7.3 and higher is now looking for three new security groups in vIDM. These new groups are as follows.


  • vRBC_Administrator
  • vRBC_Controller
  • vRBC_ViewOnly
In order for these new groups to appear in your vIDM you need to unregister your vRBC appliance from vIDM and then re-register it.

  1. Go to the vRBC management interface  https://<yourVRBCfqdn>:5480
  2. On the registration tab click on vIDM
  3. Then enter the credentials for your vIDM server and click on Unregister
  4. Once it completes successfully, Click on Register.
Once you are done with this process you can now go back to  vIDM and you will see the three new security groups.

You can now migrate any local vIDM users or AD Users/Groups you had previously configured with the old groups into the new security groups and grant access to vRBC again. You can also safely delete the old security groups. Once complete the warning will go away, and if you are an admin on vRBC you will now have write access in vRBC.

Hope this helps someone with this error.


Heath








Thursday, February 23, 2017

Amazon AWS IoT Dash Button - Automated vSphere Lab deployment - Powered By virtuallyghetto.com




A few weeks ago I was browsing Amazon's website and came across the AWS IoT programmable button. Being the gadget geek that I am I had to order one, even though I didn't know what I was going to do with it.



Then one evening while catching up on my Twitter feed I found several people talking about my co-workers (William Lam's) latest post. William was showing off his awesome Powershell ninja skills with making an automated Powershell VMware lab deployment. (if you haven't seen it yet go check it out)
I thought to myself, I bet I could program the AWS IoT button to execute Williams Powershell script. Doing so I can deploy a VMware lab with the push of a button. Overkill? Yes, but still geeky fun.

Well in the process, I learned a ton about AWS IoT.



Getting your new AWS Button on your local WIFI

The button quick start guide tells you to download the AWS IoT app for your smart phone. After downloading the app you hold the button down for 6+ seconds, this places the button into a mode where it creates its own WIFI Access point. Then you connect your smartphone to this AP and run the App. The app then lets you select the WIFI you would like the button to connect to and set the password for the WIFI.




AWS Account Setup

If you don't already have an AWS account, now is a good time to set one up and check it out. They have a free tier for geeks to play with and learn.
In order to connect everything I would need to register my IoT button with my AWS account and assign it a task.


Learning about Lambda Functions

The first quick start demo that AWS teaches you is to setup your button to send you an email when you press it. Lambda functions are scripts that are executed on AWS servers to complete a task. They can be programed in .Json, python, Java, and C# . I stepped through the pre-made script and configured a Lambda script to email me. Testing the code on the AWS site worked and I received an email.





Configure the button press to execute the Lambda Function


This part didn't go so well for me, I figured out how to connect the button to the function but it wouldn't ever work. Ends up that the AWS documentation was missing a crucial step. I noticed my button when pressed would light up flash white, then red. I did some searching and found that the button needed to have a certificate and private key uploaded to it. So back to step one but this time I didn't use the App to configure it, I then pointed my browser at the default Gateway of the AWS Button Wifi AP and a simple webpage shown here allows you to configure the WiFi and the Certificates. This is not on the app that I could find.

After this the button now functions and emails me every time I press it. The cool part is that it will even tell you how the button was pressed. Single, Double or Long press.

Looking at everything I learned from Lambda functions, I did not see a way to have any of these functions do anything on my home lab. They are mostly designed to execute something on AWS. I thought about using something with email and IFTT but it sounded messy.



Insert AWS Powershell

Through lots of searching I found AWS has a large powershell library to control everything in AWS. After installing the AWS powershell plugin's I dug into their commandlets.
I found I could list my IoT button and add and configure new Lambda functions. They have over 500 commandlets to work with.
I learned that the email Lambda function is actually using their SNS system. The Amazon site says, Use SNS as a message bus to send messages, alarms, and notifications from your AWS services such as Amazon RDS, CloudWatch, and S3 to other AWS services such as SQS and Lambda.
After more research I found the Amazon SQS.


Amazon SQS  (Simple Queue Service)

This was what I needed, The Amazon site says
Amazon Simple Queue Service (SQS) is a fully-managed message queuing service for reliably communicating among distributed software components and microservices - at any scale.
I figured out that I could do a lot of tasks with the IoT button, SQS was one of them.

After figured out how to set it up the queue, I could press the button. It would place the button press data in the message queue. I could then query the message queue from Powershell. So I wrote a simple powershell script that would check the message queue every 5 seconds. If if found the message, it would then execute the lab deployment script.

Here is the AWS Powershell code.


#Loop for 10 Minutes checking every 5 for a new button press.
$timeout = new-timespan -minutes 10
$sw = [diagnostics.stopwatch]::StartNew()
$Button = $Null
while ($sw.elapsed -lt $timeout) {
$Button = Receive-SQSMessage -QueueUrl <your-SQS-URL-GoesHere>
if ($Button -ne $Null){
Write-host "Button pressed"
Write-Host $Button
                  #Execute the Lab deployment Script
./vsphere-6.5-vghetto-standard-lab-deployment.ps1
Return
}
start-sleep -seconds 5
}

I posted a video of this all working on Twitter, and can be found here.
https://twitter.com/heathbarj/status/834884304777936898


If you have any crazy ideas on what I should program this button to do next, drop me a note. I'd love to hear it.

Also, Nice work William on the sweet powershell script. You made this post possible.

Heath



Safety First!

Today started out crazy, My wife is a runner and goes on a run almost every morning. I decided to join her for part of it and take a morni...