Install-Module -Name VMware.Powercli, behind the proxies!

Are you trying to install PowerCLI from your corporate server? If yes, then you might have faced some sort of errors simillar to this-

nuget

Issue: 

Based on my experience this issue happens mainly because your powershell session is not able to talk to powershell gallery through Nuget package providers. This happens because of corporate proxy connection.

Or

Sometime you don’t have required package provider. In that case ensure FIPS compliant encryption is disabled.

For detailed steps please refer below

  1. Ensure you are running with PSVerion 5 or above. run $psversiontable to check the ps version. 
  2. Ensure you have required package providers
    • Open powershell as an administrator and Run this Get-PackageProvider
    • If you see output as below then you are good. check the step 2.
    • MicrosoftTeams-image
    • If you do not see any package provider than there could be a possibility that FIPS is enabled on your system.
      • Disable FIPS
        • open gpedit.msc
        • Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
        • In the Details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing and Disable it.

Important: if you do not have default package provider as shown above (more specifically PowerShellGet) then you will not be able to use commands such as install-module/ Find-Module /Update-Module /Save-module etc. 

2. Check the PSRepository

  • Ensure that Powershell gallery is register as PSRepository.
  • Run This command
    • Get-PsRepository
    • PSRepo1.PNG
    • If you see above warning then it means that there is no PSRepo exists.
    • Register PSRepository. 
      • Run this to register a PSRepository.
      • if you recieve below error, then your corporate proxy server is not allowing PSRepository to communiate with your system.
      • PSrepoErr
    • bypass connections via a proxy server.
      • You would require proxy server details (ProxyServerName and Port number)
      • Create a powershell profile by following steps, If its not there. check the below snap and follow exactly the samae
        • New-item -itemtype file -Path $Profile
        • Test-Path $profile
        • notepad $profile
        • Profile
      • With this pase below lines of code in your profile, save and close it. Change your proxy server address and port number
      • This will allow communication to PSgallery after you restart your PSSession.

  • Again run get-Psrepository and you have PSGallery available and registered as ps repository

PSRepApp

3. Now you have Packagemanager and PSRepository. 

4. Run Install-module -name VMware.PowerCLI -Force

5. This will require Nuget and as you have allowed PSgallery communication via proxy, It will first install Nuget and then it will install VMware.Powercli. 

Summary:

Coporate systems do have proxy and sometime FIPS compliance enabled. These 2 security standards stops commincation to PSgallery. Disable FIPS if its enabled and not required and then allow communication to PSgallery via proxy server as explained above.

 

-Jatin Purohit

 

Automate VMFS6 Upgrade – Update-VMfsdatastore cmdlet

By now you must be switching onto vSphere 6.5. During this time you would have also figured it out that there is no online upgrade for VMFS5 to VMFS6, which means that there is a little bit of planning would require to upgrade your VMFS datastores to VMFS6 version.

As of now, the most common approach (and I believe the only approach) is to-

  • Create a temporary VMFS5 datastore
  • Migrate VM, files, and folder from source datastore to temporary datastore
  • Unmount source datastore and delete the source datastore
  • Re-create a new VMFS6 datastore with the same LUN
  • Move back all the VMs and its folder to new VMFS6 datastore

A lot of manual pieces of work right! if its a matter of 5-10 datastore then there should not be any problem in upgrading datastores manually. However, almost all enterprise infrastructures work with hundreds or even thousands of datastores and you certainly need an automated way to do the upgrade.

Update-VMfsdatastore 

PowerCLI has introduced this cmdlet with PowerCLI 6.5, and all the steps which I explained to you earlier are done by this cmdlet.

The “Script”

The above script is just a snippet from my actual production script, You can modify this to suit your environment and need.

Key Take Aways

    • There should be an update required from VMware to allow users to define max number of VMs to storage vMotion at a time. This will eventually speed up the upgrade process. As of now update-vmfsdatastore migrates one VM at a time.
  • During my tests in POC, It was observed that upgrade was failing on datastores which had vmkdump files stored on it, skip any datastore which has vmkdump files, You can skip those datastores by doing something like this-
  • After migrating all active or registered VMs from the source datastore, if swap files or delta.vmdk (snapshots of a virtual disk) files are found, the datastore will not be upgraded.

Visit PowerCLI reference to know more about this cmdlet and its usage.

Hope you have enjoyed this post. Would love to hear back your feedback, challenges and use case regarding VMFS6 upgrade.

Thanks,

Setting Up VSCode for PowerShell in 3 easy step

Recently I have switched from PowerShell ISE to VSCode for script development. I was very comfortable with PowerShell ISE except it’s “intellisense” feature which used to hang my system a lot. Switching to VSCode certainly improved my development experience and gave me a better tool for debugging and testing my Powershell scripts.

VSCode is an open-source source code editor which supports multiple programming languages with the help of VSCode extensions.

Installing and setting up VSCode for PowerShell

  1. Install VSCode
    VSCode is available for Windows, Linux and Mac devices. You can install VSCode from https://code.visualstudio.com/Download
  2.  Install PowerShell extension for VSCode
    • Go to Extension
    • Search for ‘Powershell’
    • Select and install ‘Powershell’ extension
    • Reload
  3. Change your default language mode to PowerShell, Once your PowerShell extension is installed you will see that intellisense in VSCode does not provide suggestions like it does for PowerShell ISE, That is because you have not set up your working environment to PowerShell. To change your working environment to PowerShell do follow below steps-
    • In VSCode, hit ctrl + shift + p 
    • Type “Change Language Mode”
    • and, Select Powershell

With the above steps intellisense will work in the current script file but it will not work in a new script file,

  • To make PowerShell as your default language mode do follow below steps.
    • Got to Settings
    • Search for ‘defaultlan’ and you will find below key 
    •  Set this key to ‘Powershell’ and hit ctrl+s,

That’s all you need to do in order to set up VSCode for PowerShell.

Thanks,

VMware Home Lab – Ravello

After a long time, I am coming back here and sharing my work, experience, and thoughts with all of you. A year back I started writing blogs about technology but it quickly went under the carpet and couldn’t able to continue the same. I felt that without having my own lab i won’t be able to engage with the community the way i wanted to. So here I am with my off-premise cloud lab.

I was doing a little bit of research to get the best lab setup for my learning and thought about Intel NUC to consider my physical hosts but quickly realized that it won’t be a good idea to have a bunch of physical hosts and dangling cables at my home. I didn’t feel the need for the on-prem lab as it was not offering me any additional benefits. So the only option left for me was to set up my VMware lab on the Public Cloud.

There were mainly 3 reasons for opting out a cloud-based solution.

  • Pay as you Go, the Capital cost of setting up the on-prem home lab was very high for me.

 

  • Scalability, ability to scale up/down compute resources is simply a cakewalk for us, all thanks to virtualization and cloud infrastructure. Scalability by default allows you to optimize your resources and results in an efficient infrastructure, However, that’s not the case with the hardware infrastructure. 

 

  • Hardware refresh, a typical lifecycle of any hardware is around 3-5 years and after that, it requires an upgrade to catch up with the trend. It is certainly not a good idea to have a bunch of hardware (Host, switches, Routers etc.) and periodically upgrading them. you simply can’t afford hardware maintenance cost just to keep your Lab infrastructure running.

927091980

#Ravello

Ravello was a startup founded by few KVM hypervisor developers and after that, it was acquired by Oracle. The unique ability of nested virtualization provided by #ravello allows us to host ESXi as a virtual machine on HVX hypervisor. I guess it is the only cloud provider which is offering nested virtualization thus becoming the only option for hosting VMware home lab on the public cloud. I figured it out about Ravello a few months back but at that time Ravello offering was not available for trial in India. However, the good news is that it’s now available for 30 days trial and has very competitive rates. It provides all the key feature which requires you to get started.

The interesting thing which I liked most about Ravello is, it provides key network services like DNS, DHCP, L2/L3 networking layer, VLAN and firewall services on the fly, Which essentially means that you can save few $$$ by not to deploy additional VM just to use these services for your lab environment.

As of today, I am able to setup 3 ESXi hosts, 1 VCSA 6.5, and a windows server 2016. Able to quickly configure my lab environment with public IPs so that I can seamlessly access all my workloads over the internet as an when required. In fact, I was impressed with the new ESX #H5client which was accessible on my smartphone and giving seamless experience on my mobile phone though it’s not a required thing for production infrastructure.

Take a look at below screenshot of ESXi which was accessed over the internet on a mobile browser.

Lab

The plan is to build this lab environment with different use cases, test vSphere upgrades with different test scenarios, and to build/test cloud-based automation solutions around it. I will keep sharing interesting use cases and “how to” stuff as I go along with this.

Feel free to post your queries, feedback or suggestions on “Virtual Reality” 

Thanks,

 

 

 

vCenter Server Appliance 6.5 : Way forward!

It’s quite evident that with the release of vSphere 6.5, VMware has bet on linux centric approach. vCenter Server appliance is in existence since the release of vSphere 5.0 , however there were few gaps in terms of capacity. vCSA 5.x was supported with embedded PostgrSQL database and only 100 hosts per vCenter were supported. Below is the table which shows vCSA 5.5 configuration maximum,

vCenter Hosts Powered On VMs
vCenter Windows 5.5 1000 10000
vCenter Appliances 5.5 (with PostgreSQL DB) 100 3000

In vSphere 5.x and 6.0, with Oracle 11g or 12c as an external database you can match with the same configuration maximums as windows vCenter Server. With this, both vCenter Windows and vCenter Appliance scores the same point. VMware community preferred to choose windows base vCenter 5.x over vCenter appliance just because of large user base on windows platform.

Now, this equation has changed with the release of vSphere 6.5, What has changed in vCenter server appliance 6.5, which made this shift? Let us take a look at vCenter Server Appliance 6.5 features in brief.

Configuration Maximum

Unlike previous version, vCenter Appliance 6.5 has similar config max compare to windows vCenter. Important thing to note over here is that PostgreSQL is the only supported database for vCenter Server appliance 6.5. There is no external database for vCenter server appliances 6.5.

Note: PostgreSQL is embedded database which comes with vCenter Server appliance 6.5. There is no option for external database in vCenter Server Appliance 6.5. 

Object Windows vCenter vCenter Server 6.5 Appliance (Embedded with PostgreSQL)
ESXi Hosts Per vCenter 1000 1000
Powered On VMs 10000 10000
Hosts Per Cluster 64 hosts 64 hosts
VMs Per Cluster 6000 6000
Linked mode 10 vCenter 10 vCenter

Native HA

vSphere 6.5 has introduced native HA solution which is built in to vCenter Server appliance 6.5. This is obviously a good feature and makes vCenter appliance a good choice. Native HA uses Active/Passive/Witness architecture which avoids single point of failure and High availability. Click here to know more about this feature.

Native Backup/Restore

Finally, a native file based backup and restore capability has been added to vCenter Server appliance 6.5. This new backup and restore mechanism allows customers to use a simple interface to remove reliance on third party backup solutions to protect vCenter Server and PSCs configurations. Native backup and restore feature streams vCenter and PSC configuration to external storage via HTTP,FTP or SCP protocols.

VMware Update Manager 

With vSphere 6.5, VMware Update manager is embedded with vCenter Server Appliance 6.5. Which means that you don’t need to set up any additional windows box for VUM. However, if you wish you can still have VUM running externally on windows box.

Conclusion:

Native HA, native backup/restore and Embedded VMware Update Manager features are exclusively available with vCenter appliance 6.5 and making it as preferred choice. There are no additional features included in vCenter Server (Windows). vCenter 6.5 (Windows based) still works as same and supported by VMware.

Thanks,

 

 

 

 

My Failed Attempt with PowerShell DSC + VMware !

The Idea: 

  1. Have a DSC Configuration for vSphere which get status of  vSwitch Security Policies like Forged transmit, Promiscuous mode and MAC address change.
  2. All 3 security settings must be set to Reject.
  3. DSC Configuration should set above 3 settings to Reject if it is not.
  4. And finally apply this configuration to all ESXi host in vCenter. 

In recent days I am learning PowerShell DSC. No doubt it is a great tool but need more DSC resources for various technologies. I am sure that PowerShell community will rise above all and work toward making DSC more powerful.

My initial idea was to create a vSphere Security Configuration for vSwitch Security policies using PowerShell DSC. However, It didn’t work out for me as expected. Initially i struggled with Script resource and variable scope in GetScript, TestScript and SetScript block. Basically I was not able to pass variable in Script Block. This issue is documented here. Thankfully with the help of my colleague Rohit Sharma, We were able to resolve variable scope issue. Bottom line of that issue is, we have to use $using to pass the data in script block(Get,Set and Test).

It was a great relief for me to resolve above issue but…. Problems didn’t stop here. GetScript Block returns hash table values. So, If you try to return any PowerShell Object, Variable or any other object then this script block will throw an error. Ultimately you have to return hash table.

Well, That was sorted out. GetScript and TestScript looked to be working fine but another problem occurs at SetScript block. This time we figured out that session which was connected with Connect-VIServer is no longer available in SetScript block, which means that it will not execute any PowerCLI commands and will throw an error

DSC

“You are not currently connected to any servers. Please connect first using a Connect cmdlet.”

Why is it throwing this error? I figured out that DSC Script resource has 3 script block; GetScript, TestScript and SetScript. These script block does not execute anything but pass its value to Get-TargetResource(), Test-TargetResource() and Set-targetResource as a parameter respectively. These functions uses Invoke-command cmdlet on remote computer or localhost. That was the reason for sing $using: for local scope variables and also reason for not passing connected VMware sessions to SetScript block.

Below is the Code for reference. Feel free to test this in POC/Test environment. 

 

As of now i am still struggling to fix these issues. Looks like DSC Script resource has some limitations.

What Next?

  1. Will Understand “How to create custom DSC Resources using PowerShell Classes and Object?”
  2. Will try to build a custom resource by my own.

Hopefully I will be able to resolve this issue and will come out with a DSC Configuration for vSwitch Security policy.

Thanks

 

 

PowerShell DSC + VMware: Issue with Script Resource

Hi Folks,

I am writing a Powershell DSC Configuration Using Script Resource using GetScript,TestScript and SetScript functions.

Idea is to create a configuration for vSwitch Security Policy. I want my all ESX to have security policy as reject. However, Configuration block looks good here but it is trying to set these settings on windows box where i am executing this script. This is not setting up these config on ESX vSwitch. Below is the code

 

VMwareDSCIssue

 

Here are the quick questions.

1.How can we set our node as ESX host?

2. Is there any other way to setup DSC Configuration for ESX hosts?

ESXCLI+PowerCLI: Perfect fusion for ESXi

powershell-cim_1

Hello Everyone,

In this post I will discuss about managing ESXi hosts using ESXCLI and PowerCLI. Yes, You got it right. ESXCLI is one of the widely used command line interface for ESXi whereas PowerCLI is a PowerShell based snap-in for VMware.

ESXCLI is intended to provide a single set of commands to perform host based administrative tasks. ESXCLI has set of namespace for various components like network, storage, device etc. Refer below pic to see available namespaces.

How to run ESXCLI?

Well working with ESXCLI is very simple. Take a putty session to host and type esxcliOnce you run this command then it will show you all the available namespace under ESXCLI. Further more you can type child namespace and it will show you available namespace and commands under that.

Ex. 1

~ # esxcli network nic list

The above command will list NIC details (MAC, Adapter type, Link status etc.)

ESXCLI
ESXCLI Namespace

When you have very small environment or performing specific tasks on 1-2 esxi then taking a putty session and running ESXCLI command is not a big pain. However there are scenarios where you want to perform management tasks on large number of ESXi hosts then above approach may not be a feasible one. Such scenarios could be-

  1. Getting certain reports across all the hosts (Firmware, driver version or specific configuration detail)
  2. Setting up standard configuration across multiple hosts or entire environment.

etc.

So in such type of scenario you would like to automate the task. For that obvious choice would be PowerCLI.

Tip: PowerCLI is a PowerShell snap-in for VMware. There is no specific training required for PowerCLI. 

How to execute ESXCLI Commands using PowerCLI?

PowerCLI has a cmdlet called Get-ESXCLI, This cmdlet can be executed against remote ESXi hosts. This can be done by passing a value (hostname) to -VMhost parameter. Refer below command-

PowerCLI C:\> Get-Esxcli -VMhost TestEsxi.poc

The above command will give you available ESXCLI namespace on TestEsxi.poc host.

For a moment let us consider Ex 1. ~ # esxcli network nic list

Same result can be achieved via executing below command in PowerCLI.

PowerCLI C:> (Get-Esxcli -VMhost "TestEsxi.poc").network.nic.list()

How to automate same task for multiple hosts?

Below is the PS script which will automate same task for multiple host. I don’t think that below script needs any explanation, It is very simple and straight forward script. First, You Get content from a .txt file. This file contains ESXi Host names. In later part you are just taking hostname one by one and dynamically passing it to cmdlet.

Please refer below screenshot for same, Though it does not harm anything to your environment but still i would highly recommend you to run this in POC first. Also please note that you have to connect vCenter first.

PowerCLI C:> Connect-VIServer -Server vCenterName

 

ESXCLItest.PNG
ESXCLI Test

Conclusion:

ESXCLI is a great tool for ESXi management and capability to integrate with PowerShell is just awesome. Next time if you have to collect few reports from multiple ESXi hosts then try to automate those reports using PowerCLI and ESXCLI.

FAQs:

  1. How to Learn PowerShell?
  2. How to install PowerCLI within PowerShell Console?
    • Check out this blog for your reference

Hope you liked this post, Please comment and share your feedback in comment section.

Thanks,

Resource Pool – Conclusion

In my previous posts about resource pool I have stressed on Resource Pool hierarchy. I have also highlighted one tip related to resource pool hierarchy, If you have not noticed that then below is the tip once again-

Tips: It is best practice to not allow VMs and resource pools to be siblings with each other. Otherwise, when there is contention, it is very likely for the VMs inside the pool to loose out in competion with VMs outside the pools.

So, Here I am trying to explain you why it is so and what impact it will have. Before I begin I would also like to state that Shares comes into picture only when there is a resource contention. If there is no resource contention then VMs will get resources whatever they require.

So coming back to the point, Let us assume that we have 3 resource pool with default share values High, Normal and Low. So in in the event of resource contention resource allocation would be in 4:2:1. Refer below Pic once again.

Shares
Resource Sharing: High, Normal and Low.

So far pretty straight calculation. Now assume that I have 11 VMs and I put 2 VMs in High, 1 VM in Low and 8 VM in Normal. So what you may think is in event of resource contention High priority VMs will get more share then normal resource pool VMs and Normal VMs should get more shares then Low resource pool VMs. Ideally that is what we wish for but unfortunately that does not happen. Have a look at below table which shows that how much shares each VM will get.

This clearly shows that with above distribution of VMs will give more shares to Low resource pool’s VM.

VM Share Resource Pool
VM-1 28.5 High
VM-2 28.5 High
VM-3 3 Normal
VM-4 3 Normal
VM-5 3 Normal
VM-6 3 Normal
VM-7 3 Normal
VM-7 3 Normal
VM-8 3 Normal
VM-9 4 Normal
VM-10 4 Normal
VM-11 14 Low
Share Distribution
Resource Distribution

You must be wondering how did it happen. So In case of shares, hierarchy and VM distribution is very important. When I add 2 VMs in High resource pool then as per 4:2:1 share, High gets 57% of share and as it has 2 VMs it evenly distributes this to both the VMs and each VM gets 28.5% of share.

Same applies for Normal and Low, Normal had 8 VMs so share value of normal resource pool 29% is evenly distributed among 8 VMs and ended up getting 3-4%. Now in case of low resource pool which had only one VM hence it gets 14% share.

Imagine if i have 3 resource pool and one VM-x which is not part of any resource pool. which means that VM and all 3 resource pool are in same hierarchy with respect to their parent cluster. Hence VM-x is sibling to other 3 clusters. Now If I give VM-x share value as Normal which is default however. In this case Normal share will be distribute evenly between Normal resource pool and VM-x and gets 14.5% respectively. Hence VMs in resource pool will get shares out 14.5% and not from 29%. This will enable VM-x to get more resources then VMs in normal resource pool. This example clarifies the point, why we should not have resource pool and VMs as siblings.

This has also been explained by Duncan Epping in his post “The Resource Pool Priority-Pie Paradox” .

Conclusion:

  1. Do not use resource pool to organize your VMs. For organization of VM we have folders.
  2. While planning out resource pool make sure that you distribute VMs carefully.
  3. VM level reservation and Resource Pool level reservation works slightly different from each other. refer http://frankdenneman.nl/2010/05/18/resource-pools-memory-reservations/ 
  4. Strategies and review your resource management design periodically. As infrastructure may change dynamically.

Thanks for putting your effort in reading this article. Please comment and share your feedback in below comment section. Also feel free to post questions if you have any.

Enjoy!