Let’s vROC with vRO! (SKKB1014)

“… And on the eight day God created vRO. And vRO was without integration, and alone on the Earth. And God said, Let there be integration with the Ecosystem: and there was the vRO Plug-in. And God saw the Plug-in, and it was good.” … or at least so the story goes.

Although this might not be what exactly happened, we can all agree that the automation capabilities that VMware vRealize Orchestrator (vRO) provides are overwhelming. These are even more enriched throughout the VMware vRealize Orchestrator Plug-ins and the integration and automation of Ecosystem partners that these provide.

In this post we will take a deeper look into the endless sea or possibilities that can be accomplished with the VMWare vRealize Orchestrator Plug-in for Microsoft Windows PowerShell.

The PowerShell plug-in allows interaction between vCenter Orchestrator and Windows PowerShell. You use the plug-in to call PowerShell scripts and cmdlets from Orchestrator actions and workflows, and to work with the result. Although this sounds somewhat easy, there have been some challenges and concerns with using the plugin, like: Microsoft Windows CredSSP authentication and credential delegation. Wouldn’t it be also nice to be able to run PowerShell scripts without the need to understand in details how PowerShell works? It would, right?

Well then let’s ROCK with vROC!

vROC (or vROCmdlet) stands for VMware vRealize (vR) Orchestrator (O) workflows that wrap around Windows PowerShell cmdlet (C) commands. This is how i’m going to call these workflows. This is not an VMware official terminology 

The ultimate goal of Project vROC is to present to the vRO administrators complete set of workflows that wrap around all Microsoft PowerShell cmdlets. Microsoft PowerShell cmdlets are increasing with each next product version. Currently there are hundreds and even thousands of cmdlets that you can leverage to administer Microsoft products.

Imagine the possibility to automate, without doing any PowerShell scripting, common tasks like:

  • Create and manage users and computer accounts, network settings and properties (like DNS, DHCP, IPAM, …) in Microsoft Windows Server or Microsoft Windows Client operating systems.
  • Create and manage Microsoft Exchange Server mailboxes and email account settings.

Integrate this into your existing VMware vRealize Automation (vRA) deployment process and you will be overwhelmed by the customization possibilities this adds to vRA.

An example use case where vROC’s can be used with vRA deployment might look like this. When new virtual machine (VM) is being deployed from vRA:

  • Use vROC’s to add DNS entry for the VM.
  • Use vROC’s to create or add users to Windows Active directory security groups.
  • Use vROC’s to change the network settings like IP Address or DNS Address of the VM.
  • Use vROC’s to install or configure an existing Windows Server roles or role features on the VM
  • Use vROC’s create user mailboxes in Microsoft Exchange Server

If you already wanna rock with vROC, wait until you hear this.

vROC’s also give you an option to change credentials during command execution so that you can execute one PowerShell command with higher privileged user account and another with lower privileged user account. Currently all PowerShell commands are being run under the account which has been used to add the PowerShell Host. This has always been a concern among Security Administrators and I think will win them on our side with this feature. 

All vROC’s are built around the mechanism and concept introduced with the Add CredSSP to a Powreshell script vROC workflow.

As of the writing of this article there are already around 140 vROC workflows available for download.

To read more about the around the mechanism and concept introduced with the Add CredSSP to a Powreshell script vROC workflow, visit:
Introducing the Add CredSSP to a PowerShell script (vROCmdlet) workflow

If you are interested in learning more and download the latest version of the vROC workflow package library, visit:
com.SpasKaloferov vCO (vRO) workflow library package

 

 “And God blessed the eight day, and sanctified it: because that in it he had rested from all his work which God created and made. …” … or at least so the story ends.

DISCLAIMER; This is a personal blog. Any views or opinions represented in this blog are personal and belong solely to the blog owner and do not represent those of people, institutions or organizations that the owner may or may not be associated with in professional or personal capacity, unless explicitly stated. Any views or opinions are not intended to malign any religion, ethnic group, club, organization, company, or individual.
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information.
Photos
Unless stated, all photos are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. If used with watermark, no need to credit to the blog owner. For any edit to photos, including cropping, please contact me first.
Recipes
Unless stated, all recipes are the work of the blog owner and are licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License. Please credit all recipes to the blog owner and link back to the original blog post.
Downloadable Files
Any downloadable file, including but not limited to pdfs, docs, jpegs, pngs, is provided at the user’s own risk. The owner will not be liable for any losses, injuries, or damages resulting from a corrupted or damaged file.
Comments
Comments are welcome. However, the blog owner reserves the right to edit or delete any comments submitted to this blog without notice due to
– Comments deemed to be spam or questionable spam
– Comments including profanity
– Comments containing language or concepts that could be deemed offensive
– Comments containing hate speech, credible threats, or direct attacks on an individual or group
The blog owner is not responsible for the content in comments.
This policy is subject to change at anytime.

Leave a Reply

Your email address will not be published. Required fields are marked *