Update: I have checked the script to work with VMware View 4.6, VMware View 5.0, VMware View 5.1 and VMware View Horizon 5.2. There was an update needed for the URL used to get the external IP address. Now using http://ifconfig.me/ip as URL. In Horizon View 5.2 there is a new URL, called the Blast External URL, to enable HTML5 for View. This URL can use a FQDN instead of IP so you don’t have to change it.
Don’t we all run those Enterprise products in our own home lab just to play with, get acquainted with, use them to prepare for exams and use them to think of new concepts? In my lab I use VMware View to access my stuff from wherever I am. I don’t need VMware View, a simple RDP would do, but sometimes RDP gets blocked by proxies or firewalls, so I decided to go with VMware View as it can tunnel over HTTPS.
With VMware View 4.5 it was only possible to run PCoIP if there was a direct connection to the connection server or the security server, since a lot of UDP ports have to be open. When connecting to a VMware View 4.5 environment over a HTTPS connection, VMware View would revert to RDP instead of PCoIP.
The new VMware View 4.6 version now offers a secure tunnel that can do PCoIP as well without first requiring a VPN connection. Sounds great to me until I learned that this new feature requires a fixed external IP address. At first I thought it probably can also be a dyndns name. Unfortunately, after checking the manual (*) I learned it really has to be an IP address.
(*) Manual: A small reference book (or PDF), especially one giving instructions.
Since I have an ISP that only offers a fixed IP if I upgrade my VDSL to a more expensive package with features I don’t need, I decided to search for a solution. And by reading the “VMware View Integration Guide” I found the answer: PowerShell for VMware View.
When configuring a View Security Server, the one that can sit in the DMZ, you have to set the external address by which the clients will access the server. This hasn’t changed from VMware View 4.5. But now in VMware View 4.6, the external IP has to be set as well (see screenshot).
PowerShell
From the manual I learned that a simple PowerShell command can change the external IP and port number (default = 4172), which works like this:
Update-ConnectionBroker -broker_id CS-VSG -externalPCoIPURL 10.18.133.34:4172
I noticed during testing that you don’t have to add the :4172 if you want the default portnumber.
All that is needed now is a script that will learn my external IP and set it into the Security server. So I built this powershell script that checks with ‘WhatsMyIP’ to find the external IP address and if this is different from the configured IP it will change the IP. All actions are dumped into a log file. I tried to add comments to explain what I’m doing.
Add-PSSnapin VMware.VimAutomation.Core Add-PSSnapin VMware.View.Broker # Name of the Security Server $SecurityServer = "W2K8-VIEW" # For logging creating a timestamp $TimeStamp = Get-Date -format yyyy-MM-dd-H-mm # Filling $CheckedIP with the external IP address, using whatismyip.com service $wc = New-Object net.WebClient $CheckedIP = $wc.downloadstring("http://ifconfig.me/ip") $CheckedIP = $CheckedIP.Trim() # Now check the current ExternalPCoIPURL entry $CurrentSettings = Get-ConnectionBroker $CurrentIP = $CurrentSettings.externalPCoIPURL # Check if $CurrentIP starts with the IP address from $CheckedIP # Used StartsWith because $CurrentIP has port address at the end $Result = $CurrentIP.StartsWith($CheckedIP) # Are IP addresses the same? If ($Result) { # Yes, both IP addresses are the same, do nothing, only write a log entry $row = $TimeStamp + "," + $CheckedIP + "," + $CurrentIP + ",nochange" } else { # External IP is not equal to IP set in externalPCoIPURL # Changing the externalPCoIPURL Update-ConnectionBroker -broker_id "W2K8-VIEW" -externalPCoIPURL $CheckedIP # Check if it was succesful $NewSettings = Get-ConnectionBroker $row = $TimeStamp + "," + $CheckedIP + "," + $CurrentIP + "," + $NewSettings.externalPCoIPURL } $row | Out-File -FilePath "c:\logging\check-ip.log" -Append
In my homelab I decided to schedule this job every hour. When creating a scheduled task make sure this script is allowed when no user is logged on and use the following parameters:
Program to run: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add argument: c:\logging\ChangeSecurityServerIP-v01.ps1
Very nice and resourceful Gabe! Someone will use this!
Very clever Gabe.
Cheers,
Jeremy.
I will use this. :)
Nice, didn’t know whatismyip.com offered an automation service. But, RDP can also be tunneled over HTTPS using Remote Desktop Gateway: http://www.microsoft.com/downloads/en/confirmation.aspx?FamilyID=6d146124-e850-4cec-9efa-33a5225e155d
Nice solution, love the use of PowerShell too !
Does it definitely have to be the IP address as the name of the text box “PCoIP External URL” would seam to suggest it could be the external URL in which case I currently use DynDNS.org to solve this solution, but i think you need an internet router which supports Dynamic DNS for that to work.
I will have to upgrade to 4.6 to check this out.
I asked Mark Benson from VMware about the fixed IP address, his response:
“PCoIP clients require an IP address for the destination as they don’t do name resolution. You should use a fixed IP address.”
Interesting, thanks for the clarification !
Hey, that’s an awesome script to find the current IP address of the security server in the DMZ. You know, however, you could link that Powershell script to an icon that launches VMWare View Client and will find the current IP address each time the app is launched. This could then allow smaller companies (or testers like us) to have the IP address chance at any time and not worry that our connection will be denied.
NICE!!! Thanks Gabe, this will come in handy.
Extremely informative, great article and thanks for sharing.
This script doesn’t work well if you have mutliple connection brokers. In my case I have two connection brokers, so I had to modify the script and add the following lines:
ForEach ($ConnectionBroker in $CurrentSettings){
if ($ConnectionBroker.broker_id -eq $SecurityServer) {
$CurrentIP = $ConnectionBroker.externalPCoIPURL
}
}
This is in place of the $CurrentIP = CurrentSettings.externalPCoIPURL line
If im behind a firewall wall and cant connect via 4172 can this port be changed to something else?
Offering high quality imitation handbags; wallets, 99% similar with the originals, including new Gucci handbag, prada handbag, coach handbag, chanel handbag, burberry handbag, MIU MIU handbag, marc Jacobs handbags,Hermes handbag,Giorgio Armani handbag. Take coupons to get prices off now.
Offering high quality imitation handbags; wallets, 99% similar with the originals, including new Gucci handbag, prada handbag, coach handbag, chanel handbag, burberry handbag, MIU MIU handbag, marc Jacobs handbags,Hermes handbag,Giorgio Armani handbag. Take coupons to get prices off now.
We offer best in-on ear headphones including monster beats by dre,monster headphones,lady gaga heartbeats headphones,beats studio,solo HD,beats tours, diddybeats,up to 70% OFF.Sound really matters.
We offer original running shoes 30% – 70% OFF price retail 7*24hours.Shop the latest styles of the best running shoes,nike brs,nike dunk,nike air max,adidas original,converse all stars,puma ferrari,puma BMW,adidas super star,adidas star wars,and many other kinds of custom Sneakers.
Hi Gabe,
Useful script, saves paying for static IP address on home lab.
One issue you may find with your script, it fails if there is more than one connection server. The fix is simple, the line that retrieves the current IP address needs to choose which connection server from the array to use, in my case the first one so:
$CurrentIP = $CurrentSettings[0].externalPCoIPURL
I don’t know enough PowerShell to know whether this will break the single Connection server scenario.
Hi Alastair,
See my elegant work around above which enables you to specify the name of your security server in the scenario where there are multiples of them.
tried it once herewith,
import-module “C:WindowsSystem32WindowsPowerShellv1.0ModulesVmware Viewadd-snapin.ps1″
$CurrentSettings=Get-ConnectionBroker -broker_id SS2
$CurrentIP=$CurrentSettings.externalPCoIPURL
$hostname=”menefta.dyndns.org”
$ChecKIP=[System.Net.Dns]::GetHostAddresses($hostname)
$CheckIP=”{0}” -f $ChecKIP
$Result=$CurrentIP.StartsWith($CheckIP)
$Result-eq”false”
Update-ConnectionBroker -broker_id “SS2” -externalPCoIPURL $CheckIP
ciao zio
Hi Gabrie –
The above script is awesome and I had it up and running in 4.6
I recently upgraded to 5.1 and it appears that some of the commands may have changed?
I just wondered if you had upgraded and had any issues with the script?
Many thanks,
Dave
Hi,
Haven’t upgraded my environment yet, so I can’t really say right now.
Gabrie
I just update the blogpost. Turns out the issue was not in 5.1 or 5.2 but the URL used to get the IP no longer worked. New URL is http://ifconfig.me/ip
i have worked to troubleshoot the script since it wasn’t working in my environment but i got it working by changing one line. here is the whole script after modification.
Add-PSSnapin VMware.View.Broker
# Name of the Security Server
$SecurityServer = “vdi-ss-01”
# For logging creating a timestamp
$TimeStamp = Get-Date -format yyyy-MM-dd-H-mm
# Filling $CheckedIP with the external IP address, using whatismyip.com service
$wc = New-Object net.WebClient
$CheckedIP = $wc.downloadstring(“http://ifconfig.me/ip”)
$CheckedIP = $CheckedIP.Trim()
# Now check the current ExternalPCoIPURL entry
$CurrentSettings = Get-ConnectionBroker
$CurrentIP = $CurrentSettings[0].externalPCoIPURL
# Check if $CurrentIP starts with the IP address from $CheckedIP
# Used StartsWith because $CurrentIP has port address at the end
$Result = $CurrentIP.StartsWith($CheckedIP)
# Are IP addresses the same?
If ($Result)
{
# Yes, both IP addresses are the same, do nothing, only write a log entry
$row = $TimeStamp + “,” + $CheckedIP + “,” + $CurrentIP + “,nochange”
}
else
{
# External IP is not equal to IP set in externalPCoIPURL
# Changing the externalPCoIPURL
Update-ConnectionBroker -broker_id “vdi-ss-01” -externalPCoIPURL $CheckedIP
# Check if it was succesful
$NewSettings = Get-ConnectionBroker
$row = $TimeStamp + “,” + $CheckedIP + “,” + $CurrentIP + “,” + $NewSettings.externalPCoIPURL
}
$row | Out-File -FilePath “c:loggingcheck-ip.log” -Append
Can you tell me which line you changed?
$CurrentIP = $CurrentSettings[0].externalPCoIPURL
Thanks!