DoubleCloud.org

The winners of the VMware Script-O-Mania contest was announced today by Pablo Roesch at VMware Developer Blog. Congratulations to Alan, William and Arnim who won the first three awards!

I just took some time to read these scripts even though PowerShell and Perl are not for me. Here I give you a brief introduction of the scripts, what vSphere APIs they used directly or indirectly, and why they topped the contest. Because vSphere API is based on Web Services, you can port the scripts to other languages like Java, .Net, whatever you feel comfortable with. If you want to port any of them using vSphere Java API, I am more than happy to include your contribution.

Note that the following comments are strictly my own opinions.

1. Who Created that VM ? – by Alan Renouf using PowerCLI

A script to add information back into the vSphere client, this script which is designed to run once a day (or more) as a scheduled task, will add a custom attribute to each VM with the creator and date created of that VM. A script to add information back into the vSphere client, this script which is designed to run once a day (or more) as a scheduled task, will add a custom attribute to each VM with the creator and date created of that VM.

Steve’s Comments:

Nice integration with the vSphere Client, making you almost doubt why it wasn’t there in the first place. Additional one liner scripts provide nice answers to the questions like who created the most VMs, how many VMs were created each month.  Read more... (671 words, estimated 2:41 mins reading time)

This article introduces you the basic model and terminologies in vSphere security management, for example, privileges, permissions, roles, and how they are related to each other to secure vSphere. It helps you to better manage the vSphere and program the vSphere API. Much of the content is based on my book VMware VI and vSphere SDK by Prentice Hall.

In vSphere, the security model consists of three types of components: privileges, roles, and permissions.

Privileges

A privilege is the basic individual right required to perform an operation. It is statically defined and never changes in a single version of a product. Given the many operations in VI, there are many privileges (for example, the privilege to “power on a virtual machine”). These privileges are represented as strings separated by dots, such as VirtualMachine.Interact.PowerOn.

The operations and privileges are not one-to-one mapping. Many operations do share common privileges like System.View. Therefore, there are many fewer privileges defined than methods. In some exceptional cases, a method requires different privileges depending on the target it operates on and the nature of the operation. The CloneVM_Task() method, for example, requires VirtualMachine.Provisioning.Clone for cloning from one virtual machine to another, VirtualMachine.Provisioning.DeployTemplate for cloning from a template to a virtual machine, and so on.

Roles

The role groups privileges from a user’s perspective. A role is normally named and defined for a group of people who have common responsibilities in the system (for example, administrators). Each role can include zero to multiple privileges. The extreme cases are the predefined “Admin” roles, which by default, includes all the privileges and the NoAccess role, which includes no privileges.  Read more... (758 words, 1 image, estimated 3:02 mins reading time)