Tag Archives: VMware

VMware Photon Platform 1.2 released

Yesterday VMware silently released a new version of its opensource cloud native platform. VMware Photon Platform 1.2 is available for download at github now. You can find the details of the new release in the release notes. Below are the highlights of the new release.

What’s new?

  • Photon Controller now supports ESXi 6.5 Patch 201701001. Support for ESXi 6.0 is dropped.
  • Photon platform now comes with Lightwave 1.2 which supports authenticating using windows sessions credentials. Given you’re using the CLI from a windows box.
  • The platform now supports Kubernetes 1.6 and also supports persistent volumes for Kubernetes
  • NSX-T support is improved
  • Resource tickets have been replaced with quotas which can be increased and decreased. This is a big improvement in my opinion. The previous release wouldn’t let you change resource allocation which was a definite blocker for production use.
  • The API is now versioned. Which means the API url now starts with /v1/

What’s broken?

  • Lightwave 1.2 is incompatible with earlier versions
  • ESXi 6.0 is no longer supported
  • The API is incompatible with previous API versions. But the good new is that it’s now versioned so this was the last time they broke the API (hopefully).

update 20-04-2017: Some updates taken from the github issues

  • HA Lightwave setup is no longer supported. Will be back in 1.2.1
  • version 1.1.1 didn’t create any flavours at installation but 1.2 seems to create duplicate flavours.

CoreOs now fully supported on VMware products

Last week CoreOS released an OS image which included the open-vm-tools. Of course it was possible to run CoreOS on VMware before, but something was missing. With the addition of the open-vm-tools CoreOs is now fully supported on all VMware products. This includes vSphere 6 and vCloud Air.


I happened to be working on my demo for the Dutch VMUG UserCon which involves CoreOS as well. So I decided to give it a go as soon as the image was released. And it turns out it works perfectly. I no longer have to build sleeps in my workflows, I can just wait until the VMware Tools are online and then continue the workflow. This makes deploying CoreOS much more efficient and reliable. Aslo, the gracefull shutdown finally works which prevents the OS from getting corrupted when I have to force a reboto from a workflow.

I ‘ll write in more detail about my automated CoreOS deployment in the coming weeks. If you happen to live in the Netherlands then come and see our demo and presentation this thursday (19-march-2015) at the Dutch VMUG UserCon.

Want to get started with CoreOs yourself? check out this blog post for instructions on how to do this on VMware Fusion. Want to run on vSphere? Here is what I do to download the image on a linux machine and get it to vSphere.

then import the ovf to vSphere using the vSphere (web) client. To start using the image you’ll also need a configdrive ISO file. How to create this is aslo explained in this article.

Selecting Network Through vCAC Property

vCAC is a really powerful automation tool, primarily giving users the opportunity to request their own applications without interaction of the IT Department. In this particular case I was configuring a blueprint to be used by developers.

Using vCAC to clone vCenter templates is really simple; users request a machine to use in the development or in the production environment. While I was testing the deployment of this blueprint the department responsible for Active Directory complained because my test machines, without the correct naming convention, appeared in the production AD.

The reservation used for this blueprint contained two networks, a development and a production network. Normally after deploying a vCenter template you edit the Virtual Machine hardware and select the correct network, before powering on the VM. In this case the requesting user does not have permission to connect to vCenter and to change this setting, and vCAC will just power on the VM. So we need another solution.

The solution is surprisingly not that difficult, you can use a custom property within vCAC. I will describe this in a few steps.

The first step is to find out which networks are available, this can be done by editing the reservation for this particular blueprint.


The next step is creating a new property definition within the property dictionary:


Name: VirtualMachine.Network0.Name
Display Name: Select Network
Control Type: DropDownList
Required: Yes

After you created the definition you can edit the property attributes


Type: ValueList
Name: Network
Value: Add all choices comma separated.

Now when the user will request a blueprint, there is a required choice with the name Network and the choices you added, in this case Development-1 and Production-1.


How to Automate: PowerCLI

After writing my blog posts about the why and the what of automation I decided to write a bit about how to automate. This series of posts won’t go into much technical detail but rather offer some pointers to help you choose the right tool for the job.

When you think of automating tasks in a vSphere environment the first tool you probably think about it PowerCLI. For all less technical readers out there: VMware vSphere PowerCLI is a command line interface tool for automating vSphere tasks.

The Upsides

PowerCLI has the backing of a huge community. There are also plenty of books on the subject. On top of that there are a lot of command lets available from all kind of vendors so it integrates easily with a lot of products.

Thanks to the huge community it is pretty easy to learn PowerCLI or to build your scripts by just recycling code that can be found online and in books.

Another upside is that it is object oriented. This makes passing around information and monipulating the information pretty easy

The Downsides

The object oriented nature of PowerCLI could also be a downside depending on where you’re coming from. If you are used to writing bash scripts then some of the PowerCLI syntax may seem familiar but handling objects can be confusing.

Another disadvantage in my opinion is that you need a windows machine to run powershell. Me being a linux guy I really don’t feel a need to run any windows machine. Especially in lab environments where you can get away with running vCenter VA instead of the windows installation.

The last disadvantage is not specific for powerCLI but applies to scripts in general: Simple tasks are easy to automate but more complex tasks or long processes will result in huge scripts or piles of scripts which are hard to understand and very hard to troubleshoot and modify if needed.

The right tool for the job?

So is powerCLI the right tool for your job? Of course this depends on what the job is. I think it’s the right tool if you’re automating vSphere administration tasks. In that case it can make your life easier and save time. But if you try to automate whole IT Operations processes I highly doubt if this is the right tool you. More on that in a future blog post.

vCAC Blueprint Configuration

Below is the vCAC configuration workflow about configuring a Blueprint. This blogpost is the fifth in the vCAC configuration series.

The action blocks are actually clickable and will show you the matching parts of the VMware documentation in a popup window.

Go back to the configuration steps overview.


A couple of interesting vCAC documentation links about Blueprints:


vCAC Configuration – Reservation

This blogpost is the fourth in the vCAC configuration series.

Before a user can request a machine there need to be available resources, this resources are created with the Fabric groups. Within this fabric you can create a reservation.

A fabric administrator creates a reservation to allocate provisioning resources in the fabric group to a specific business group.

A virtual reservation allocates a share of the memory, CPU and storage resources on a particular compute resource for a business group to use.

A physical reservation is a set of physical machines reserved for a business group to use. Unprovisioned physical machines must be added to a physical reservation before being provisioned or imported, and cannot be removed until they are decommissioned and become unprovisioned.

A cloud reservation provides access to the provisioning services of a cloud service account, for Amazon AWS, or to a virtual datacenter, for vCloud Director, for a business group to use.

A business group can have multiple reservations on the same compute resource or different compute resources, or any number of physical reservations containing any number of physical machines.

A compute resource can also have multiple reservations for multiple business groups. In the case of virtual reservations, you can reserve more resources across several reservations than are physically present on the compute resource. For example, if a storage path has 100GB of storage available, a fabric administrator can create one reservation for 50GB of storage and another reservation using the same path for 60GB of storage. You can provision machines by using either reservation as long as sufficient resources are available on the storage host.

You can reserve physical machines only for a single business group. Because physical machines do not belong to fabric groups, all fabric administrators can manage all physical machines and reserve them for a particular business group.


  • A reservation can only contain one policy.
  • A policy can be used on multiple reservations
  • Only one policy can be added to a blueprint

Go back to the configuration steps overview.

vCAC Business Group Configuration

This blogpost is the third in the vCAC configuration series and will focus on the configuration of the Business Groups.

A business group associates a set of services and resources to a set of users, often corresponding to a line of business, department, or other organizational unit. Business groups are managed on the Infrastructure tab but are used throughout the service catalog. Entitlements in the catalog are based on business groups. To request catalog items, a user must belong to at least one business group. A business group can have access to catalog items specific to that group and to catalog items that are shared between business groups in the same tenant. In IaaS, each business group has one or more reservations that determine on which compute resources the machines that this group requested can be provisioned. A business group must have at least one business group manager, who monitors the resource use for the group and often is an approver for catalog requests. In IaaS, group managers also create and manage machine blueprints for the groups they manage. Business groups can also contain support users, who can request and manage machines on behalf of other group members. Business group managers can also submit requests on behalf of their users. A user can be a member of more than one business group, and can have different roles in different groups.

Within a business group there are three different roles, that should be bound to Active Directory groups.


Below is the third workflow on the vCAC configuration about configuring the Business Groups. The action blocks are actually clickable and will show you the matching parts of the VMware documentation in a popup window.

Go back to the configuration steps overview.

vCAC Tenant Configuration

This blogpost is the second in the vCAC configuration series. With the second workflow on the vCAC configuration about configuring the Tenant, this workflow can be used to configure the default tenant.

The action blocks are actually clickable and will show you the matching parts of the VMware documentation in a popup window.

Go back to the configuration steps overview.

More information about working with Tenants, and how to create and configure them can be found here.

vCAC Configuration Steps

Installing vCloud Automation Center (vCAC) can be a challenging task. After doing several installations we found out that some people, just like us, struggle with the configuration.

A while ago I created some workflows which describe al the necessary steps in this configuration. I thought this would be nice to share with you, as a guideline in the configuration.

Each vCAC configuration step is clickable and will lead you to a separate blog post, with a flowchart and more information about this step.