This website uses cookies to ensure you get the best experience on our website. More info
Got It!
Close

Knowledge Base


Uila Custom Signature Library

How to create Custom Scripts?
Custom Script: Logoff a user from a specific Session
.SYNOPSIS

Logoff a user from a specific Session.

.DESCRIPTION

Uses the CSServer1 to send command to logoff user.

.PARAMETER sessionId
Active sessionId

.OUTPUTS
Uila_OK if sucess, otherwise PS error

.EXAMPLE
PS>.logoff_Session.ps1 -SessionId "Session/OTQwN2E4OWUtN2ZjNy00MTA2LWJhNGItYmQxNGFjMjkxZWFj/ZmEwNjk5MjktNmVlNi00NGQwLTk4MzgtNWUwY2VjNjYyMTNj/TVlEQVRBQ0VOVEVSXGN0YWkoY249cy0xLTUtMjEtMTk2NjcyNzM3OC0yNjk1MDI2NDQ4LTMyMDAyNTg2NjYtMTEyOCxjbj1mb3JlaWduc2VjdXJpdHlwcmluY2lwYWxzLGRjPXZkaSxkYz12bXdhcmUsZGM9aW50KS8zQGNuPTcxZTkxMzcxLWM2YzktNDZjMC04NmYzLTI4YjU2MGJiYTJhNixvdT1zZXJ2ZXJzLGRjPXZkaSxkYz12bXdhcmUsZGM9aW50LmNuPXZkaS1kZXNrdG9wLG91PXNlcnZlciBncm91cHMsZGM9dmRpLGRjPXZtd2FyZSxkYz1pbnQ6UENPSVA6MDpERVNLVE9Q"

#>

param (
[Parameter(Mandatory=$true)] [string]$sessionId
)
$sess = New-Object -TypeName VMware.Hv.SessionId -Property @{ Id = $sessionId }
$Global:HorizonServerServices.Session.Session_Logoff($sess)

Write-Output "Uila_OK"

Custom Script: Suspend a VM
.SYNOPSIS

Suspend a particular VM.

.DESCRIPTION

Uses the VIServer1 to send command to suspend a VM.

.PARAMETER vmName
Name of the VM

.OUTPUTS
Uila_OK if sucess, otherwise PS error

.EXAMPLE
PS>.suspend_VM.ps1 -vmName webserver

#>

param (
[Parameter(Mandatory=$true)] [string]$vmName
)
$vm = $(get-vm $vmName -server $Global:viserver1 -ErrorVariable ProcessError) 2>$null
if (!($ProcessError)) {
$res = $(suspend-vm -VM $vm -server $Global:viserver1 -confirm:$false -ErrorVariable ProcessError) 2>$null
}
if ($ProcessError) {
$res = $ProcessError -replace '[^x20-x7Ax09-x0C]+', ''
Write-Output $res
exit 1
}
else
{
Write-Output "Uila_OK"
}

Custom Script: Restart a VM
.SYNOPSIS

Restart a particular VM.

.DESCRIPTION

Uses the VIServer1 to send command to restart the VM.

.PARAMETER vmName
Name of the VM

.OUTPUTS
Uila_OK if sucess, otherwise PS error

.EXAMPLE
PS>.restart_VM.ps1 -vmName webserver

#>

param (
[Parameter(Mandatory=$true)] [string]$vmName
)

$vm = $(get-vm $vmName -server $Global:viserver1 -ErrorVariable ProcessError) 2>$null
if (!($ProcessError)) {
$res = $(Restart-VM -VM $vm -server $Global:viserver1 -confirm:$false -ErrorVariable ProcessError) 2>$null
}
if ($ProcessError) {
$res = $ProcessError -replace '[^x20-x7Ax09-x0C]+', ''
Write-Output $res
exit 1
}
else
{
Write-Output "Uila_OK"
}
Custom Script: Start up a particular VM that was previously powered off or put into maintenance mode
.SYNOPSIS

Start up a particular VM that was previously powered off or put into maintenance mode.

.DESCRIPTION

Uses the VIServer1 to send command to power on and start a VM.

.PARAMETER vmName
Name of the VM

.OUTPUTS
Uila_OK if sucess, otherwise PS error

.EXAMPLE
PS>.start_VM.ps1 -vmName webserver

#>

param (
[Parameter(Mandatory=$true)] [string]$vmName
)

$vm = $(get-vm $vmName -server $Global:viserver1 -ErrorVariable ProcessError) 2>$null
if (!($ProcessError)) {
$res = $(Start-vm -VM $vm -confirm:$false -server $Global:viserver1 -ErrorVariable ProcessError) 2>$null
}
if ($ProcessError) {
$res = $ProcessError -replace '[^x20-x7Ax09-x0C]+', ''
Write-Output $res
exit 1
}
else
{
Write-Output "Uila_OK"
}

Custom Script: Power off a VM
.SYNOPSIS

Power off a particular VM.

.DESCRIPTION

Uses the VIServer1 to send command to power off a VM.

.PARAMETER vmName
Name of the VM

.OUTPUTS
Uila_OK if sucess, otherwise PS error

.EXAMPLE
PS>.poweroff_VM.ps1 -vmName webserver

#>

param (
[Parameter(Mandatory=$true)] [string]$vmName
)

$vm = $(get-vm $vmName -server $Global:viserver1 -ErrorVariable ProcessError) 2>$null
if (!($ProcessError)) {
$res = $(Stop-vm -VM $vm -confirm:$false -server $Global:viserver1 -ErrorVariable ProcessError) 2>$null
}
if ($ProcessError) {
$res = $ProcessError -replace '[^x20-x7Ax09-x0C]+', ''
Write-Output $res
exit 1
}
else
{
Write-Output "Uila_OK"
}

Custom Script: Kill a process identified for a particular session
.SYNOPSIS

Kill a process identified for a particular Session.

.DESCRIPTION

Uses the CSServer1 to send command to kill process command to the vdi desktop.

.PARAMETER sessionId
Session id

.PARAMETER processName
Name of the process

.PARAMETER processId
Porcess id

.PARAMETER createTime
creation time set for that process

.OUTPUTS
Uila_OK if sucess, otherwise PS error

.EXAMPLE
PS>.kill_Process.ps1 -SessionId "Session/OTQwN2E4OWUtN2ZjNy00MTA2LWJhNGItYmQxNGFjMjkxZWFj/ZmEwNjk5MjktNmVlNi00NGQwLTk4MzgtNWUwY2VjNjYyMTNj/TVlEQVRBQ0VOVEVSXGN0YWkoY249cy0xLTUtMjEtMTk2NjcyNzM3OC0yNjk1MDI2NDQ4LTMyMDAyNTg2NjYtMTEyOCxjbj1mb3JlaWduc2VjdXJpdHlwcmluY2lwYWxzLGRjPXZkaSxkYz12bXdhcmUsZGM9aW50KS8zQGNuPTcxZTkxMzcxLWM2YzktNDZjMC04NmYzLTI4YjU2MGJiYTJhNixvdT1zZXJ2ZXJzLGRjPXZkaSxkYz12bXdhcmUsZGM9aW50LmNuPXZkaS1kZXNrdG9wLG91PXNlcnZlciBncm91cHMsZGM9dmRpLGRjPXZtd2FyZSxkYz1pbnQ6UENPSVA6MDpERVNLVE9Q"
-processName "Notepad.exe" -processId 12232 -createTime 166543322
#>

param (
[Parameter(Mandatory=$true)] [string]$sessionId,
[Parameter(Mandatory=$true)] [String]$processName,
[Parameter(Mandatory=$true)] [ValidateRange("Positive")] [int]$processId,
[Parameter(Mandatory=$true)] [ValidateRange("Positive")] [int]$createTime
)
$sess = New-Object -TypeName VMware.Hv.SessionId -Property @{ Id = $sessionId }
$remoteBase = New-Object -TypeName VMware.Hv.RemoteProcessBase -Property @{ processId = $processId; name = $processName; CreateTime = $createTime }

$Global:HorizonServerServices.RemoteProcess.RemoteProcess_EndProcess($sess, $remoteBase)

Write-Output "Uila_OK"
Custom Script: Remove a Snapshot image info for a VM
.SYNOPSIS

Removed a Snapshot image info for a VM.
Uses Global variable $Global:viserver1.

.DESCRIPTION

Searches for the Snapshot from a previous query and then removes it

.PARAMETER vmName
Name of the VM

.PARAMETER snapShot
JSON description of the snapshot

.OUTPUTS
Uila_OK if sucess, otherwise PS error

.EXAMPLE
PS>.removeVM_Snapshot.ps1 -vmName webserver -snapShot "{
"Description": "For testing PS getting snapshots, can be deleted",
"SizeGB": 43.04,
"Name": "VM Snapshot 8%252f23%252f2021, 10:45:45 AM",
"Created": "2021-08-23T17:46:28.992129Z"
}"
#>

param (
[Parameter(Mandatory=$true)] [string]$vmName,
[Parameter(Mandatory=$true)] [string]$snapshot
)
$snapshotObject = $snapshot | ConvertFrom-Json

$vm = $(get-vmhost $vmName -server $Global:viserver1 -ErrorVariable ProcessError) 2>$null
if (!($ProcessError)) {
$snap = $(Get-Snapshot -server $Global:viserver1 |
Where-Object {($_.Created -eq $snapshotObject.created) -and ($_.Name -eq $snapshotObject.Name)}) 2>$null
if ($snap) {
$res = $(Remove-Snapshot -Confirm:$false -server $Global:viserver1 -ErrorVariable ProcessError) 2>$null
}
}
if ($ProcessError) {
$res = $ProcessError -replace '[^x20-x7Ax09-x0C]+', ''
Write-Output $res
exit 1
}
else
{
Write-Output "Uila_OK"
}
Custom Script: Restart guest OS for a VM
.SYNOPSIS

Restart the guest OS for a particular VM.

.DESCRIPTION

Uses the VIServer1 to send command to restart the guest OS.

.PARAMETER vmName
Name of the VM

.OUTPUTS
Uila_OK if sucess, otherwise PS error

.EXAMPLE
PS>.restart_guestVM.ps1 -vmName webserver

#>

param (
[Parameter(Mandatory=$true)] [string]$vmName
)
$vm = $(get-vm $vmName -server $Global:viserver1 -ErrorVariable ProcessError) 2>$null
if (!($ProcessError)) {
$res = $(Restart-VMGuest -VM $vm -server $Global:viserver1 -confirm:$false -ErrorVariable ProcessError) 2>$null
}
if ($ProcessError) {
$res = $ProcessError -replace '[^x20-x7Ax09-x0C]+', ''
Write-Output $res
exit 1
}
else
{
Write-Output "Uila_OK"
}

Custom Script: Send command for vCenter to update VMTools for a VM
.SYNOPSIS

Send command for VCenter to update the VMTools for a particular VM.

.DESCRIPTION

Uses the VIServer1 to send command to update vmtools in the VM.

.PARAMETER vmName
Name of the VM

.OUTPUTS
Uila_OK if sucess, otherwise PS error

.EXAMPLE
PS>.update_vmTools.ps1 -vmName webserver

#>

param (
[Parameter(Mandatory=$true)] [string]$vmName
)

$vm = $(get-vm $vmName -server $Global:viserver1 -ErrorVariable ProcessError) 2>$null
if (!($ProcessError)) {
$res = $(Update-Tools -VM $vm -server $Global:viserver1 -ErrorVariable ProcessError) 2>$null
}
if ($ProcessError) {
$res = $ProcessError -replace '[^x20-x7Ax09-x0C]+', ''
Write-Output $res
exit 1
}
else
{
Write-Output "Uila_OK"
}

Sorry, your search returned no results.



Uila Architecture

Uila Open Firewall Ports for VMware On-Premise (One-box UMAS where you use 1 VM to host UMAS)
Uila Open Firewall ports for VMware On-Premise (Two-box UMAS where you use 2 VMs to host UMAS)
Uila Open Firewall Ports for VMware (Uila Cloud SaaS)
Differences between Uila vST and physical network probe that is attached switch span port or server Ethernet ports directly
Physical probe can only see traffic that pass through ethernet port to the switch, it can’t see traffic sent by VM’s through vSwitch within a physical host. In a large scale data center, it is impractical, and cost prohibitive to deploy physical probe everywhere. Furthermore Uila vST pre-processes traffic, sends only meta data to Uila Cloud. It reduces traffic overhead by 99% compared to physical probe without pre-processing capability.
Uila vST differences from other products that use agentless software
They typically employ SNMP polling, and other OS API to access statistical information from the Data Center infrastructure. Since it cannot see network packets, it does not have the ability to identify application type and its associated attributes. SNMP polling typically creates higher network overhead than vST.
Sorry, your search returned no results.



Uila Installation & Deployment

Uila VMWare Privileges and Permissions
Uila VIC Installation
Upgrading between versions (across v4.0)

For versions before 4.0, while upgrading to v4.1 and above, you must first upgrade the Uila vIC, and then upgrade UMAS.

If you do attempt a software upgrade of more than a version build jump across 4.0, you need to take care of the sequence to avoid the issue. If run into issues, reboot the vIC.

Ports on firewall to open for WMI
For Linux host, you need to open up TCP port 22 from VIC to each of the Linux Host.  For Windows, you need to not block any TCP ports to the windows hosts.  And it needs to be routable from the VIC to these hosts.
Setting up Active Directory (AD) Permissions for WMI

Step by Step configuration for Windows 10 and Windows Server:

1. Create a normal user via the Active Directory Users and Computers tool.


2. Add the created user to following groups Performance Monitor Users and Distributed COM Users under Builtin.


3. Open a command prompt window and execute the wmimgmt.msc command.


4. Select the Properties of WMI Control (local).


5. Select the Security tab.


6. Select Root and press the Security button.


7. Add the group Performance Monitor Users.


8. Enable all Remote Enable, Execute Methods, Enable Account and all read rights.


9. Close the add dialog and select the group Performance Monitor Users in the list.


10. Select Advanced in the Security for Root dialog and then select the group and press Edit.


11. Select This namespace and subnamespaces to grant read-only access to the whole WMI tree to this account .

 

Configure the Windows Firewall (needed if the firewall blocks the remote WMI access)

1. Start the Windows Firewall using the Control Panel.


2. It is not necessary to use the Windows Firewall with Advanced Security control.


3. Select Allow a program or feature through Windows Firewall.


4. Open Component Services, Computers, My Computer and then Properties of My Computer.


5. Enable Windows Management Instrumentation (WMI) for Domain and/or Home/Work Networks.

 

 

Uila UMAS Deployment options
Uila Saas Cloud: Require to install Uila vST and vIC in your Data Center.

On-Prem Server: For customer whose compliance policy prohibits the use of Public cloud service. It requires the installation of Uila server software inside your private data center.
System resources resources for Uila vST, vIC or UMAS
Uila vST traffic overhead
Since vST pre-analyze all traffic captured and only sends meta data in one minute internal, it consumes less than 1% of a 1Gbit network link.
Uila vST's host CPU consumption
It averages no more than 5% on a typical loaded ESXi host.
System resources for Public Cloud (AWS, Azure, Google Cloud, others) deployment
Sorry, your search returned no results.



Uila Configuration

How to setup alarm threshold levels in Uila

A) Go to Settings —>Alarm Configuration
B) Go to Threshold Settings, Select VM, and Click ‘New’.

 

C) Use the Scroll bar, find and Select VM’s that were previously selected in Alarm Action Configuration. The click ‘Next’.

 

D), Click Action of the Desired ‘Stat’ Type to reveal the Threshold Settings dialog box. Enter Thresholds, then Click ‘OK’.  

 

 

E) Screen below shows the new Threshold Setting, repeat steps above to make addition settings.

 

 

How to setup Email notifications in Uila?

How to setup Email notifications in Uila?

 

1)    Setting up Email Configuration server -

 

  1. On the Uila UI, go to Settings --> Global Configuration
  2. Under email configuration, enter the SMTP server configuration

 

 

2)    Setting up Email Notification –

 

  1. Click on Settings -->Alarm Configuration
  2. Click on New Email Action
  3. Select the Alarm Action’s to be configured and click Next

 


 4. Select the Alarm Severity and click Next
 5. Under filter, if you would like to receive notifications for specific nodes, “Enable Entity Filter” and specify the VM’s or Service Groups for which you would like to receive notifications.

 

 6. Add the recipient names and click on Finish

 

Note:

a)     You can create as many email actions as required.

b)    Separate email notifications can be created based on specific entities or alarms per user.

 

 

Enable logon details for VMware Horizon VDI

Enable logon details for VMware Horizon VDI

 

1)    Run regedit.exe as Administrator

2)    Go to HKEY_LOCAL_MACHINESOFTWARE[VMware, Inc.VMware Logon Monitor

3)    Change the key from 3 to 11 decimal (or 0x0B hex)

4)    Click OK and close regedit32

 

 

5)    Run services.msc as Administrator

6)    Find the VMware logon monitor executable service

7)    Set it to Auto Start to make sure it starts when it boots up.

 

 

 

 

How to enable Cyber Threat Monitoring

To apply the license, please follow these steps:
A) Go to Settings —> Global Configuration
B) Scroll to licenses 
C) Add the attached license and use the register id below:

Register ID: on-prem-your-uniqueID (Please note that the register id is case-sensitive and supplied by Uila)

After applying the CTM license, above, enable CTM for each host. 

To enable CTM for a host

  • Go to Settings.  Select the VST Configuration tab.
  • Click on the VST tab....as shown.

 

  • For the Host of choice, click on the corresponding Configuration (blue button).
  • While in the VST Configuration window, scroll down to the bottom.

 

  • Enable "Enable Security Module"

 

  • Click Apply
  • If you wish to Threat Rules Auto update from Uila, click the button below:

 

How to setup Alarm Threshold for Disk Usage

A)    Go to Infrastructure->Storage Analysis.

B)     Click on tab Capacity Usage.  Click on sub-tab Table.

C)    Enter VM name in the Filter VM search field under the sub-tab Table

 

 

D)    For the VM of choice, click on the pencil icon to set the thresholds, click OK.

(Default Thresholds for Critical, Major, Minor are 80, 85, 90)

 

 

 



 

Setup CPU/Memory/Storage and Process metrics for external Servers

Prerequisites –

 

1)    Ensure WMI is enabled on the external servers you are looking to monitor (For Windows only) 

2)    For external servers, ensure you add them manually using the steps from the article –(Monitoring Applications and Networkinn for Physical Servers link)  

3)    If the server is linux based, you would need to have SSH logon credentials that has access to read only commands like “top”

 

Steps –

 

1)    Go to settings à Server Montioring

2)     Click on “Setup Servers” 

3)     Click on "External Servers”

4)    Select the external servers you would like to monitor

5)    Click “New” to add the new login credentials and Select from the dropdown

 

 

6)    Select the options that apply and hit finish –

 

7)    Wait for 2-3 mins and see the monitoring status is “Ok” or “Failed”

 

Sorry, your search returned no results.



Uila User Interface

Monitoring Applications and Networking for Physical Servers within Uila

Uila’s External Device Monitoring feature provides the user with the ability to monitor physical servers outside the virtual environment.

 

To setup external devices to monitor for Network and Application-

 

1)     Go to settings à VIC Configuration

2)     Under “Manual Display external devices, click “New”

3)     Add the required external device configuration and click “Next”

  

 

4)     Add the “VM Name Prefix”. (This will be the name by which the server will be identified in the Uila UI)

5)     Click on “New Subnet”. Add an individual IP or a subnet for a group of devices.

 

  

Alternatively, if you have multiple physical servers to add, them via the excel template

 

1)     Create a CSV file with the fields shown below.

 

2)     Enter the information including the IP address of your Physical servers

3)     On the Uila UI, go to settings —> VIC configuration 

4)     Under “Upload External Device Address Book CSV file” upload your spreadsheet. 

 

 

 

 

 

Sorry, your search returned no results.



Uila How-to

How to create Application Dependency Maps?
How to determine Root-cause for Application Outages & Slowdowns?

How to identify Network Bottlenecks in your Data Center?
How to Optimize & Rightsize Infrastructure Resources?
How to plan your Datacenter Migration?
How to monitor and measure End-user Experience for remote users?
Top Tips for End-to-end visibility for Challenges faced by VDI & Remote Users

How to packet forward from a Uila VST to a windows machine
1) Download and install Wireshark on a windows box 
2) Add the IP address of the windows box into Uila under settings —> Global Config 
Select ERSPAN and click save 

3) Start a packet capture on Uila
4) On the windows wiresahk machine, select the network interface and use the capture filter - 
WireShark_edit_int_settings
5) Once the capture is started, you can see the traffic.
How to use for Uila for VMware Horizon VDI Monitoring and Troubleshooting
How to export CSV report for Cyber Threat Monitoring Assessment

1. While in Uila, go to Reports in the left menu.

2. Click on the CSV tab.

3. Click New Report.  

4. Select Threat Detection, Next.

5. In the time range, specify the range of interest.  Click Next.

6. Select your Data Center.  Click Finish.

7. After the report is generated, it will be listed in the Report Information list.  Download it using the Actions->Download icon.


8. Email Report to Uila. Uila will provide a security assessment report for your review.
How to configure and use AIOPS-based Remediation Actions?
Uila AIOPS
How do you troubleshoot performance issues with a specific server or VM?
Uila video
Sorry, your search returned no results.



Uila Cloud Service

Uila Saas Cloud security mechanisms

Uila SaaS is hosted with a well-regarded hosting company in the United States. Customer data currently resides in the United States of America and primarily in the state of California.

The hosting company tests their security systems and protocols regularly to ensure exceptional response rates, and each year participates in compliance validation programs such as ISO 27001, SOC 1 Type 2, SOC 2 Type 2, HIPAA and PCI DSS. All compliance examinations for those Data Centers are conducted by Schellman & Company, Inc., an independent, licensed CPA firm, QSA, and accredited ISO 27001 certification body by ANSI-ASQ National Accreditation Board (ANAB) and the United Kingdom Accreditation Services (UKAS).

The hosting company also directly employs experienced security officers at their facilities, who receive rigorous annual training and are required to pass certification. CoreSite data centers are protected by a gamut of technological security measures including IP-DVR cameras & perimeter fencing, Biometric SCANNERS & card readers, mantraps, locking cages and cabinets.

For detailed information refer to this document

Uila Cloud data storage
Although vST can capture and see the network traffics, it only analyzes the packet header to identify unique application and its response time. vST keeps both application response time and network response time for performance analysis.

However, when an application exhibits slow performances, vST will capture small portion of the transaction data, e.g. IP addresses to allow application developer to analyze application issue that might be the cause of slow response time. If capture partial data is prohibited by your company’s security policy, we recommend that you select the On-Prem deployment option.
Data captured by vST security during transmission to Uila Cloud
First, the data transmission between vST and Uila Cloud is using Secure Shell (SSH), an encrypted network protocol. Second, we added another security layer by using digital signed certification to ensure the true identity of the vST agent loaded in your server.
Sorry, your search returned no results.
© 2022 Uila, Inc.  All rights reserved.