We have an internal tool in Slack where you can see how long you’ve been employed relative to other VMware employees i.e. X-employee account created on yyyy-mm-dd and has been here longer than XY% of employees. After looking at that, I wondered just how quickly we’ve grown over the years. So I grabbed employee counts reported in our 10-K filings at ir.vmware.com and graphed them. We just keep growing!
We had a customer question regarding KB1020934. The customer wants to assign specific people the ability to change the portgroup of a VM, and only the portgroup. The KB article says that you must assign permissions at the Datacenter level. In my 6.7 U3 lab, I will show that you can do granular permissions at both the VM and portgroup level.
First I add a test user
Then I create a group called Network Team and add testuser to the group
Now I create a role called VM Network Admins and grant it the specific privileges as outlined in the KB article.
This screen shows that I’ve granted the permission in the following locations
Note that the screenshot also shows standard portgroup VLAN203, I removed this permission from that portgroup but forgot to update the screenshot.
I log in as testuser. I cannot see anything in Hosts and Clusters because the user has no permissions there.
I can see the folder paths leading to folder Network Team, and I can see VMs under that folder. I cannot see any other folders or VMs.
I can’t see any storage
I can only see portgroups that I’ve been granted permissions to.
Now I try to change the VLAN for my network adapter. Note that if I don’t have permissions to whatever portgroup the VM is currently on, the dropdown box is blank.
I browse for portgroups to switch to and I’m presented with only a list of the portgroups I have permissions for (I have other portgroups in my lab)
I put the VM on VLAN 200 and it drops off the network.
Then I put it back on 203 and it works.
I wanted to put up a quick post on my Ubiquiti environment at home.
At the edge I have a UniFi Security Gateway 4P. I have 2 24 port POE-250W switches, one serving the homelab and one serving Production WiFi.
I had a difficult time getting ethernet run into the basement, so I ran only a single CAT-6 cable. This feeds a UniFi 8-port POE-60W switch. The switch powers one AP-AC-Pro for basement WiFi, then I have the kids game consoles and Roku boxes directly connected to the 8-port. I used the U-PRO-MP kit to hang the AP-AC-Pro in the basement. We have a drop ceiling and I didn’t want to cut holes in the tiles. The Pro mounting kit has two connectors that work great for mounting it to the metal support rails for the drop ceiling.
On the main floor I have an AP-AC-Pro serving my home office. I have 2 mesh units on the main floor – one is an AP-AC-Mesh in the Sunroom, on the complete opposite side of the house and nearly impossible to get a cable run over there. It’s connected wirelessly to another access point and works just fine – it’s obviously not as fast as the other access points, but it does the job. I have another mesh unit, an AC-MESH-PRO, in the living room. It’s directly wired and is just serving as an access point at the moment. I intend to add another mesh unit outdoors eventually to extend some solid WiFI signal out there, but I don’t have it working at the moment.
Upstairs I have 3 AP-AC-Pro units, each with their own CAT-6 home run to the switch. One serves the master bedroom, one is in the main hallway serving the other bedrooms, and the last one is in the loft. For ethernet runs I had a local company install 3.5″ round electric boxes in the ceiling, then I had them run electric conduit from my office on the first floor all the way up to the attic. Then it was just a matter of fishing 3 CAT-6 runs. I used the Pro mounting kit to easily attach the AP-AC-Pros to the electric boxes.
I was trying to get a Roku working with my xfinity service. The app is in beta.
The list of supported devices is in this article: https://www.xfinity.com/support/articles/activate-xfinity-tv-app-on-roku
It listed the Roku Ultra 4660 as a supported device. However, Roku no longer makes the 4660, it’s been replaced with the 4661. I was hesitant to try something off the supported list, even though the 4661 is basically the same hardware as the 4660 and they throw in a pair of headphones. The Ultra 4661 works just fine.
I ran into another issue – I’m in the middle of a move and I had 2 xfinity accounts linked to a single username, one at my old property and one at my new property. I only kept internet service, not TV service at the old property. The xfinity authorization link at xfinity.com/authorize isn’t smart enough to understand multiple accounts, unless both accounts have TV service. I had to have xfinity customer service unlink the accounts, then the Roku worked.
In highly secured environments, customers generally don’t want any type of ‘phone home’ behavior. In the vCenter HTML5 client, we have a ‘Send Feedback to the Client Team’ button. Some customers want that functionality to be disabled. Here’s how to do it:
root@vcenter [ /etc/vmware/vsphere-ui ]# vi webclient.properties
#DisableFeedbackTool Properties
feedbackTool.enabled=false
The reboot the service:
service-control --stop vsphere-ui
service-control --start vsphere-uiI had the opportunity to attend Amazon re:Invent 2017, and as part of attending a bootcamp I received a discount code for a free DeepLens! It arrived today.
The box
32GB micro SD card and power supply. Amazon made a single power brick with interchangeable prongs.
The front of the DeepLens
Rear view of the DeepLens
After unpacking, the package insert directed me to https://aws.amazon.com/DeepLens
I did not have any of the IAM roles so I clicked Create Roles
The setup created this role for me
I connected to the DeepLens’ wireless network
Connected the DeepLens to my WiFi
I clicked the install and reboot button; it disappeared with no progress indicator.
I watched for the device to come back up, and connected again to the device’s wireless. The install and reboot button appeared again, so I clicked it again. It finished this time
Now I needed to upload the certificate .zipfile that I downloaded earlier in the setup.
The streaming certificate is required to view video from the camera
I set a device password and enabled SSH.
Summary:
For my first project, I thought I’d add what looked to be one of the simplest ones, object detection.
After creating the project, I need to deploy it to the camera.
After a few minutes, the project was ready for use. 
That’s all for now – next post will be my first attempt to run the project.
Check out the blog post complete with new dashboards to import.
I sat and passed the AWS Certified Solutions Architect – Associate exam today. I couldn’t have done it without the excellent training provided by A Cloud Guru. I did also take formalized classroom training but based on the quality of A Cloud Guru and my first attempt pass results, I’m going to stick with them for future AWS exams.
In Part I, I showed how to deploy the Lifecycle Manager appliance.
For my first product deployment, I decided on a quick win with Log Insight.
When you log in to vRealize Suite Lifecycle Manager the first time, it takes you through a tour of the UI.
First I generated a certificate
Then I clicked to create a new environment
If you have a My VMware account with acccess to vRealize Suite, you can poined LCM directly to My VMware as a download source, you won’t have to manually download bits.
Changing passwords forced a logoff and login.
Enter your My VMware credentials here to allow for direct download
Click on the items you want to download
Add a new datacenter for LCM to manage
Now adding a new vCenter to the datacenter
Starting the wizard to deploy Log Insight
I’m only installing Log Insight at this time, so check the box.
Now you get a short Log Insight wizard.
I’m only doing a standalone LI host but note you could do a load balanced config as well as add worker nodes.
The job after it’s submitted.
The deployment failed because it wants to put 16 vCPU on my LI VM, but my little lab only has 4 cores per host. The vCenter error said “No host is compatible with the virtual machine.” All I had to do was edit the deployed VM, change it to two cores (I also decreased the RAM), power it on and the LCM deployment continued without issue.
I now have a running Log Insight instance, I connected it to vCenter and I’m done!
vRealize Suite Lifecycle Manager is designed to let you manage deployment and upgrades of vRealize Suite. In Part I of this series, I will show you the installation process in my lab.
Here is the OVF that I downloaded from My VMware
Deploy the OVF
Standard OVF deployment options here, setting the hostname and IP address information.
The console while the appliance configures itself
Main welcome screen – default credentials are admin@localhost / vmware
You will get asked to change the appliance password
All set, this is an easy, standard OVF deployment.
In Part II, I use vLCM to deploy Log Insight.