vRealize Orchestrator, connecting to vCenter

I have been working with vRealize Orchestrator for almost a year now, and I think that it's a hidden jewel in VMware stack. But I have to admit, it's not easiest tool to start playing with, so I'm planning to write about some things that I have done with it, starting with very basic stuff, and maybe at some point some more complicated (and more useful) stuff.

One of the first things to do, is to add your vCenter server to your Orchestrator. In Orchestrator, go to a workflow: "Library / vCenter / Configuration / Add a vCenter Server instance".  Right click workflow and select "Start workflow..."

I have vCenter appliance in address vcsa01.vlab.dom, so I add that to first field. Then I change last option (Ignore certificate warnings) to Yes and click next



On next page, we set-up account to be used when connecting to vCenter. I'm using my vCenter servers SSO-domain, so account is vlabsso.dom\administrator, you could also use AD service account dedicated for this. I also chose to use this account always when using orchestrator, so answer to first question is 'No'



After submitting this worklow, if everything goes well, we have added our vCenter to Orchestrator. You can add multiple vCenters to one Orchestrator.

To see that vCenter was added succesfully, go to inventory tab, and see that you can browse your vCenter environment.



Now we have succesfully added vCenter to our Orchestrator.

Next post: first workflows

Sysinternals 20yo party at Helsinki / Finland

This is mostly my personal notebook for today, but maybe you might be interested as well...

Sysinternals share: \\live.sysinternals.com\Tools\

Like almost always with video meetings, we start the day with debugging Skype meeting. We got good live experience, on how not to start a video conference: in a hurry.

After about 10 minutes, we finally are hearing Mark Russinovich giving welcome speech, but it ended too early, since we lost audio again...



After that hassle, we luckily have rest of the speakers on site. Next up, Aaron Margosis, giving opening speech.

Some examples of Sysinternals influence on Windows ecosystem


Tricks & tricks:
use '-ct | clip' -> it will format output to tab delimited and copies it to clipboard -> paste to excel
-nobanner switch is coming on future versions





PsExec -sid -> run as local system and don't wait for command to finish

du -> quite familiar from *nix, has nice features

streams -d * -> unblock files 'downloaded'


Now some security with Paula Januszkiewicz, maybe most interesting session, only small parts written here..



Logs all process activity to dedicated event log branch



Parsing logfiles



Extract hashes with takdefence pyhton tool (http://www.tekdefense.com/tekcollect/)


Check those hashes against https://www.virustotal.com/ database with API (tool: http://www.woanware.co.uk/forensics/virustotalchecker.html)




Configuring:









And lot's of cool demos of using sysmon !






https://github.com/gentilkiwi/mimikatz

After the lunch, Tim Mangan about Process Monitor and problem debugging on AppV

"Apps suck" - I love this guy already.

So, it's a lot ot App-V related stuff, so not in very high on my interest list, but still interesting to listen. Not much notes though.





Process monitor, use filter (ex. filter safe items etc), use highlight (ex. highlight result 'Success' and look for something that is not highlighted), save to PML with all data...


Short brake, then, Brian Catlin and Process Explorer.











Virtual vs. Physical address space





Daniel Pearson - LiveKd, ProcDump & NotMyFault



Whee, no powerpoints, only live demos

Procdump, "ProcDump is a command-line utility whose primary purpose is monitoring an application for CPU spikes and generating crash dumps during a spike that an administrator or developer can use to determine the cause of the spike."

Example, procdump notepad -> does .dmp of notepad process
To delay and do multiple dumps, procdump -s 5 -n 3
-c 25 -> take dump when CPU value is 25%, if you add -s 5, it has to be for 5 seconds of that CPU usage, can be used to monitor CPU spike and dump situation of that spike.
get examples, -? -e
procdump -e 1 -f "" -> filter for exceptions (monitor them all, does not dump)

You can use WinDBG to debug dump files.

LiveKD

https://technet.microsoft.com/en-us/sysinternals/livekd.aspx

You can "attach" to live windows

NotMyFault (my all time favorite tool)

Shortly, you can crash (cause BSOD), in multiple ways with this tool.



"How it's done in Enterprise environment" - Petri Paavola

- There is usually only one, or at best couple of guys who can really do troubleshooting.
- Overloads that dude

In client environment, you can use procmon remotely with PsExec -> get trace of error to experts.



Network tracing, use netsh since it's built-in.

netsh trace start ....

In client environment -> use PsExec to run it remotely.

Then use netmon / message analyzer to analyze that trace.

You can also use ProcMon to monitor network traffic.

WPA, Windows Performance Analyzer -> analyze slow boot times.


Mikko Järvinen - Troubleshooting extravaganza

Stories about client troubleshooting.. no notes, but nice stories :)



Nice day, most sessions were really deep dives, it's easy to understand that those guys are MVP's