Tag Archives: Fling

ESXi Host Client Officially Released

A few days ago ESXi 6.0 Update 2 was released.  Quietly added in was version 1 of the ESXi Embedded Host Client.  I’ve spoken a few times about the Host Client.  It started out as a VMware Fling by VMware engineers Etienne Le Sueur and George Estebe.  Since then it has gained a hugely positive response from the community that it has finally found its way into ESXi.

If you’ve recently upgraded or installed ESXi 6.0 Update 2 you can access the host client via a browser connecting over standard SSL (https:/myesxi-host/ui/).   You can login with the host’s root account.  If you’ve never seen the Embedded Host Client before you’re in for a huge surprise.  You’ll be amazed at how similar it looks to the vSphere Web Client.  Not only that but it’s extremely snappy and fast built upon HTML5.

I recently upgraded my NUC home lab hosts to Update 2 to check out the production build.  It looks and feels just like the Tech Preview.  It’s going to be a great replacement to the C# Client.  If you’re running a previous Tech Preview release of the fling there’s a few things to note before you upgrade to Update 2.  Initially I did an upgrade of a host with an old Tech Preview 5 fling installed.  Update 2 left that version of the fling in place.  So on my subsequent hosts I removed the Tech Preview fling before upgrading the host.  That resolved the issue and installed the v1 production release.

Below are the steps to remove the Tech Preview fling before upgrading a host.  The -f represents a force removal just in case you have any third party vibs that may conflict with the uninstall as I did.

[[email protected]:~] esxcli software vib remove -f -n esx-ui
Removal Result
Message: Operation finished successfully.
Reboot Required: false
VIBs Installed:
VIBs Removed: VMware_bootbank_esx-ui_0.0.2-0.1.3357452
VIBs Skipped:
[[email protected]:~]

If, like me, you upgraded a host before removing the Tech Preview version of the fling. You can download the official Host Client from the VMware download portal.  List with the ESXi 6.0 U2 Zip and ISO images is the Host Client VIB and Offline Bundle.  Then just run through the steps to remove and install the VIB.

There is a newer build also available up on the flings page --Tech Preview v6.   I chose to upgrade to this build as it’s just my home lab.  The process is simple, I outlined the steps to update the Embedded Host Client to a new build in a previous post.

Latest v1 Production Build


Latest Tech Preview Build



Embedded Host Client Fling Page

VMware Host Client Release Notes

Onyx For the Web Client now supports vSphere 6.0 U1

It’s been a while since I’ve used the Onyx VMware Fling.  The last time I used it was way back in 2013 running the Project Onyx version that sat as a proxy between the C# vSphere Client and vCenter.  It was a great little Fling back then.  I had a good laugh when I looked at one of my old blog posts about Project Onyx and how I felt its lifespan was limited due to the C# client being phased out for the Web Client.  Two years later and the C# vSphere Client is still going strong.  Com’on VMware, do it already 😛

Well, Onyx is now back in an all new way and it now supports the vSphere Web Client.  In fact it was released back in July 2015 but has just undergone another update for vSphere 6.0 U1.  If you’re not sure what Onyx is.  It’s a tool that allows you to record your vSphere Client actions and display them back as PowerCLI API method calls.  I found Onyx useful in years past when the PowerCLI cmdlets weren’t as mature as they are today.  Thought, today there’s still a lot of things you can’t do with the standard PowerCLI cmdlets and recently I’ve been finding I’ve been delving into the API methods more and more.  So it’s great to see support for the Web Client in Onyx now.

There are two versions of Onyx For the Web Client.  The 6.0 release and the 6.0 U1 release.  It’s important that you use the version matching your vSphere.  I learnt the hard way recently how dangerous VMware Flings can be.  I installed the 6.0 release onto vSphere 6.0 U1 and broke my vCenter good and proper.  With the latest release of Onyx only a few weeks back it now once again supports the latest vSphere Web Client.

Installation is quite simple.  In my case I’m installing to the vCenter Server Appliance (VCSA).  You download the Onyx Fling from here.  Then extract its contents to a local folder.

I then console into my VCSA and enable and change my shell to BASH

shell.set --enabled True
chsh -s /bin/bash

I can now use SCP to copy the files from my local computer to the VCSA using WinSCP.  It’s just a matter of dragging the onyx-setup-60u1 folder from my computer the to the /root directory on the VCSA.


Now back on the VCSA I run

cd /root/onyx-setup-60u1
chmod +x ./install.sh

When the install script completes it will restart your vCenter web services.  It will take a few minutes to fully restart so don’t panic if you start receiving errors when trying to browse to the Web Client.  Once the services completely restart make sure you have closed you web browser tab and reopen it to the Web Client.

It’s also ideal to change the shell back to the Appliance Shell

chsh -s /bin/appliancesh


Using Onyx is super simple.  It can be found under the Inventories in the Web Client.  Also pinned to the top right corner you have to two buttons.  A Red Record icon and a PowerCLI button.  Pressing the Red Record button starts recording your web session interactions.


When you’ve completed with you actions we click the same record button which has turned to a Stop button.  Pressing the PowerCLI button now shows us the PowerCLI API calls that took place to perform our actions.  All cleanly laid out with syntax highlighting.  There’s also the ability to save the output as a PowerCLI script.

That’s it really.  There’s not a great deal to this Fling.  If you don’t do much PowerCLI you might not find this Fling overly special.  If on the other hand you are using PowerCLI on a regular basis I’m sure you’ll find it interesting.

Word of warning; Onyx For the Web Client is a VMware Fling and as such does not come with official VMware support.  Onyx is best suited to a Dev and Test environment and is not really recommended for Production environments.

Onyx For The Web Client

Onyx 101

It’s been a week now since I’ve been playing with Onyx.  I stand by my initial impressions that it’s a great little app.  If you’re into automation, and lets face it, who isn’t these days.  You should really give Onyx a looking into.  Now it’s not going to write any scripts for you.  But what it’s going to do is give you the core code of your actions in the vSphere Client.

I’ve had Onyx running in the background behind my vSphere Client for the past week.  What I found interesting, or depressing, was looking at the same code pop up in the background as I did the same repetitious tasks in the vSphere Client.  A lot of my repetitious actions could be condensed into a handful of lines of PowerCLI code.  All that was stopping me was a copy and paste from Onyx into a PowerCLI script.

As I start focusing more on PowerCLI I can myself referring to Onyx to help cut some of the guess work out of what commands I need to be running to achieve my objectives.  As i said, it’s not going to write a script for you, but it’s going to give you a  good head start.

Below are the steps to get started with Onyx.

Once you download the ZIP file uncompress it to a folder.  Locate Onyx.exe in the root of that folder and execute it.  No installation is required.

A small window will open. You can click on the blue cog and change the default settings (which are fine to initially start with) and then click on the orange asterisk in the top left corner.


This will open a connection window.  Type in the vCenter URL.  You can leave off the HTTPS if you wish and Onyx will insert it for you.

To simplify the process of connecting to the Onyx proxy with the vSphere Client click the checkbox to ‘Launch a client after connected‘.

Select VMware VI Client from the dropdown menu.  Then enter in your standard login credentials to vCenter and click Start.


The vSphere Client will start up and make a connection to the Onyx Service on your PC using the credentials you entered on the previous screen.  A warning will pop up stating that your connection is not encrypted and if you want to proceed.  Click Yes to continue.

It’s worth noting that the connection between Onyx and vCenter is still encrypted.  What’s not encrypted is your local proxied connection from the Sphere Client to Onyx.  For Onyx to see you actions from the vSphere Client it needs an unencrypted session.


If all successful up to this point your vSphere Client will connect to vCenter.  You’ll also see that the Onyx window will show a black screen and will say it’s connect to your vCenter on port 443 and running at your PC.


Now all we have to do is select our Output Mode, in this case, PowerCLI.  Then click the green play button on the top left.

As we perform actions in the vSphere Client they will be translated to code.  Below is the PowerCLI output from creating a new Resource Pool.


Below is the equivalent code but for VMware Orchestrator in JavaScript.


And that’s it.  You can copy and past code out by right click on the code.  You can also use the save button to save all the output to a file.

Reference Links

Project Onyx Fling

Project Onyx

In keeping with my recent VMware Flings interest, Onyx, has been another one of those Flings that’s caught my eye.  The name probably accounts for 50% of my interesting—Onyx—just sounds so cool.  It sounds like it stands for something important.  The geek I am I actually looked it up.  It’s Greek, meaning claw or fingernail.  eh, ok so not that cool now.

Onyx is an application that can generate output code based on your actions in the vSphere C# client.  It can generate four different types of output --Raw Soap Messages, C#, PowerShell, and vCO JavaScript.  It achieves this by setting itself up as a proxy between you and the vCenter Server.  So Onyx initiates a secure connection to the vCenter server and then you initiate a connection using the C# vSphere Client to Onyx.  From that point on everything becomes transparent to you.  You can continue to use the vSphere Client to manage vCenter as normal.  But now you have the ability to create scriptable code from your actions.

Onyx is designed to work only with the C# Client.  It does not work with the Web Client.  With the push to  the Web Client and no more C# clients in development.  This may mean that Onyx now has a finite lifespan to it.

In any case I plan on playing around with Onyx over the coming days.  To goal is to see if I can extract meaningful PowerCli and vCO output code to use.  As I spend more time with these products on a day to day basis I can see Onyx helping, or at least guiding me into the right direction, when stuck creating workflows and scripts.

Onyx can be found on the VMware Fling page.  There is also a VMTN community which has been created for Project Onyx.  Both of which can be found in the links below.


Reference Links

Project Onyx Fling
Project Onyx Community

ESXi Google Authenticator Fling -Install & Configure

I remember downloading the Google Authenticator app from the Google Play store the day it came out.  Since that time I never once even ran the app.  I just couldn’t be bothered setting it up with any websites, that was until now.

When I heard about a VMware Fling to bring Google Authenticator two-factor authentication to ESXi last week I wanted to try it out as fast as I could.  So today I played around with it and it works great!  So I noted down what I did and uploaded it all below.  There’s really only one requirement and that’s ESXi 5.0 or above.  True the instructions are on the Flings site but I thought I’d put them into my own words.

The first thing I did before I even started was make sure my host was using a good NTP time source and the time was correct.

Download the ESXi Google Authenticator zip file and extract the VIB file from it. (link below)

Upload the VIB to the ESX host.  I just used the vSphere Web Client and clicked on Storage under Inventories on the Home page.


I then located a Datastore that my host had access to. I created a folder called vib.  I then clicked the Upload a file to the Datastore icon.  Selected the VIB and clicked Open.  (I also tried using the zip file without extracting the VIB but couldn’t get it to work so give that a miss)


Next I installed the VIB on the host using the ESXCLI.  Normally I would use the Management Assistant for this but because I’m playing around with authentication I was on the console of the host.  Replace the path of where you uploaded the VIB.

esxcli software vib install -v /vmfs/volumes/datastore2/vib/esx_google-authenticator_1.0.0-0.vib -f

If successful you should receive output similar to below.


Next you need to execute the command ‘google-authenticator’


A short wizard will run with a series of questions on how you would like to setup the authenticator.  Each environment may influence how it is set-up.  Record down the secret key and also the URL for when the Mobile App is set-up later on.

The Two Factor authentication works with SSH and Shell access.  The config process currently is all manual.

First you have to edit /etc/ssh/sshd_config.  I used vi from the ESXCLI.  Went into Insert mode made the below change and write & quit.

ChallengeResponseAuthentication yes

Next you have to edit /etc/pam.d/sshd for ssh and/or /etc/pam.d/login for console with the first line.

auth required pam_google_authenticator.so

Initially I tried to use vi but couldn’t save so I used sed as shown in the Fling instructions.

sed -i -e ‘3iauth required pam_google_authenticator.so’ /etc/pam.d/sshd
sed -i -e ‘3iauth required pam_google_authenticator.so’ /etc/pam.d/login

For the change to take effect immediately run ‘/etc/init.d/SSH restart’

The change is not persistent after a reboot so for this to happen the above two lines will need to be added to /etc/rc.local.d/local.sh

Finally you have to set up the Google Authenticator app.  I used the Android version which I originally downloaded the day after it was released and never used.  The Google Authenticator link below has links to iOS and Blackberry apps as well.  There’s two ways to add the ESXi host to the app.  You can manually add in the ESXi using the Secret Key provided above.  Or the easier approach I found was to use the URL that generated above and put that into a web browser.  That will load a QR code on the screen.  Using a QR reader on the phone scan it and it will automagically load Google Authenticator and add in the ESXi host.


Google Authenticator
ESXi Google Authenticator Fling
Android App

ESXi Google Authenticator Fling

I love that even as large as VMware is they can still have a little fun with their product and development names.  VMware Octopus was one of my favourites.  I think we were all disappointed when they changed the name to fall into the Horizon Suite.  Flings are another great name I love.

A few days back I saw a tweet from the Fling team of a new Fling.  The name caught my eye immediately –ESXi Google Authenticator.    It sounds like a pretty cool idea.  Two factor authentication to ESXi.  I haven’t tried it out yet but I’ll be looking to over the coming days.

The source link to the Fling is below.  Designed by a couple VMware engineers in the R&D team.  There doesn’t appear to be much to the installation and configuration process.  You will need a fast connection, though, to download the 26kb zip file 🙂

It’s supported on ESXi 5.0 and 5.1.  Single admin support on ESXi 5.0 and multiple admin support on ESXi 5.1.  You have 30-second TOTP codes and support for emergency scratch codes, which I presume are for emergencies 😉

Source Link

ESXi Google Authenticator Fling