Enabling VMware View PCoIP with dynamic IP address

Update: I have checked the script to work with VMware View 4.6, VMware View 5.0, VMware View 5.1 and VMware View Horizon 5.2. There was an update needed for the URL used to get the external IP address. Now using http://ifconfig.me/ip as URL. In Horizon View 5.2 there is a new URL, called the Blast External URL, to enable HTML5 for View. This URL can use a FQDN instead of IP so you don’t have to change it.

Don’t we all run those Enterprise products in our own home lab just to play with, get acquainted with, use them to prepare for exams and use them to think of new concepts? In my lab I use VMware View to access my stuff from wherever I am. I don’t need VMware View, a simple RDP would do, but sometimes RDP gets blocked by proxies or firewalls, so I decided to go with VMware View as it can tunnel over HTTPS.

With VMware View 4.5 it was only possible to run PCoIP if there was a direct connection to the connection server or the security server, since a lot of UDP ports have to be open. When connecting to a VMware View 4.5 environment over a HTTPS connection, VMware View would revert to RDP instead of PCoIP.

The new VMware View 4.6 version now offers a secure tunnel that can do PCoIP as well without first requiring a VPN connection. Sounds great to me until I learned that this new feature requires a fixed external IP address. At first I thought it probably can also be a dyndns name. Unfortunately, after checking the manual (*) I learned it really has to be an IP address.

(*) Manual: A small reference book (or PDF), especially one giving instructions.

Since I have an ISP that only offers a fixed IP if I upgrade my VDSL to a more expensive package with features I don’t need, I decided to search for a solution. And by reading the “VMware View Integration Guide” I found the answer: PowerShell for VMware View.

When configuring a View Security Server, the one that can sit in the DMZ, you have to set the external address by which the clients will access the server. This hasn’t changed from VMware View 4.5. But now in VMware View 4.6, the external IP has to be set as well (see screenshot).

PowerShell

From the manual I learned that a simple PowerShell command can change the external IP and port number (default = 4172), which works like this:

Update-ConnectionBroker -broker_id CS-VSG -externalPCoIPURL 10.18.133.34:4172

I noticed during testing that you don’t have to add the :4172 if you want the default portnumber.

All that is needed now is a script that will learn my external IP and set it into the Security server. So I built this powershell script that checks with ‘WhatsMyIP’ to find the external IP address and if this is different from the configured IP it will change the IP. All actions are dumped into a log file. I tried to add comments to explain what I’m doing.

Add-PSSnapin VMware.VimAutomation.Core
Add-PSSnapin VMware.View.Broker

# Name of the Security Server
$SecurityServer = "W2K8-VIEW"

# For logging creating a timestamp
$TimeStamp = Get-Date -format yyyy-MM-dd-H-mm

# Filling $CheckedIP with the external IP address, using whatismyip.com service
$wc = New-Object net.WebClient
$CheckedIP = $wc.downloadstring("http://ifconfig.me/ip")
$CheckedIP = $CheckedIP.Trim()

# Now check the current ExternalPCoIPURL entry
$CurrentSettings = Get-ConnectionBroker
$CurrentIP = $CurrentSettings.externalPCoIPURL

# Check if $CurrentIP starts with the IP address from $CheckedIP
# Used StartsWith because $CurrentIP has port address at the end
$Result = $CurrentIP.StartsWith($CheckedIP)

# Are IP addresses the same?
If ($Result)
{
     # Yes, both IP addresses are the same, do nothing, only write a log entry
     $row = $TimeStamp + "," + $CheckedIP + "," + $CurrentIP + ",nochange"
}
else
{
    # External IP is not equal to IP set in externalPCoIPURL
    # Changing the externalPCoIPURL
    Update-ConnectionBroker -broker_id "W2K8-VIEW" -externalPCoIPURL $CheckedIP

    # Check if it was succesful
    $NewSettings = Get-ConnectionBroker
    $row = $TimeStamp + "," + $CheckedIP + "," + $CurrentIP + "," + $NewSettings.externalPCoIPURL
}
$row | Out-File -FilePath "c:\logging\check-ip.log" -Append

In my homelab I decided to schedule this job every hour. When creating a scheduled task make sure this script is allowed when no user is logged on and use the following parameters:
Program to run: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Add argument: c:\logging\ChangeSecurityServerIP-v01.ps1