Tag Archives: VMC

VMware AWS Header

How to delete vCenter Roles in VMC

The Issue

Whilst testing in VMC a PowerCLI script to create some vCenter roles, I noticed in the UI, then I deleted them, they remained, even though I was using the CloudAdmin@vmc.local account.

I also tried to delete them using PowerCLI and received the error message;

Remove-VIRole : 07/11/2020 09:00:42 Remove-VIRole Permission to perform this operation was denied. Required privilege 'VApp.PullFromUrls' on managed object with id 'Folder-group-d1'.
At line:1 char:1
+ Remove-VIRole OpenShift-Install
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Remove-VIRole], NoPermission
+ FullyQualifiedErrorId : Client20_InventoryServiceImpl_RemoveRole_VIError,VMware.VimAutomation.ViCore.Cmdlets.Commands.PermissionManagement.RemoveVIRole

You should not create roles with permissions higher than that of the CloudAdmin Account. You can find further information of these permissions here.

If you do this, the only fix is to log a support call with VMware to resolve.

The Fix

VMware have a KB for this issue and how to delete the vCenter roles.

To resolve you use the vCenter Managed Objects Browser (MOB).

Note: When using the MOB to make changes, users will not be prompted for confirmation before making any changes, including removing roles. A custom role can not have privileges higher than the CloudGlobalAdmin role.

First to view all your existing roles in your browser go to;

  • ¬†https://{VMC_VC_FQDN}/mob/?moid=AuthorizationManager&doPath=roleList

This will list all roles, and note the roleId for the role you want to remove.

To remove a role: Continue reading How to delete vCenter Roles in VMC

Horizon on VMC – Considerations and setting up a lab environment

A few months back, I setup a Horizon Environment running in our VMC environment used for lab purposes. Since then, I’ve been asked by several people to go through the setup. So, I’ve also decided to create a blog post on the matter.

This blog post will cover the considerations for running VMware Horizon on VMC, and the technical setup itself of the lab environment I created.

Update 4th May: I recorded a session for the London VMUG on this subject, which you can watch here.

Topics covered;

  • Horizon 7 on VMware Cloud on AWS is not DaaS
  • Horizon 7 on VMware Cloud on AWS Deployment Guide and Supportability
  • Feature Support
  • Horizon on VMC architecture
  • Platform Considerations
    • Identity Management
    • File Shares
    • Image management
  • Network Service
    • VMC Network Segments
    • Load Balancing
    • DHCP
  • Firewall Rules
    • Logging
  • Horizon Connection Broker Configuration
  • Some finl considerations
  • Further Resources
Horizon 7 on VMware Cloud on AWS is not DaaS

I will not cover the details of VMware Cloud on AWS (VMC) in this post, but you can read about it here.

Horizon 7 (or later), running on top of VMC, is not a Desktop-as-a-Service offering. For this, we have our Horizon Cloud offering, which currently supports Azure and IBM Cloud.

Horizon on VMC, acts the same as the on-prem offering, i.e. the same considerations and configurations as you would take, if you deployed Horizon in your own private datacentre.

You can stretch existing Horizon environments to also make use of the compute and storage in VMC, and setup Cloud Pod Architecture between the locations as well. Alternatively, you can run a full Horizon environment solely within VMC itself. By running within VMC, you also ensure your desktops are near in proximity to native AWS services, such as file services, global load balancing services to name some examples.

Continue reading Horizon on VMC – Considerations and setting up a lab environment