Following my previous post which took you through the install of PowerCLI I thought it was time to add another back to basics (B2B) post and show how to take the first step in using PowerCLI… Connecting to your vCenter or vSphere host.
Yes, PowerCLI can be used to connect to both vCenter and also the vSphere host independently, of course not all the cmdlets will be relevant if you connect to just the host but still, this can be useful during the initial setup or automated deployments of the complete infrastructure.
How to connect
If you are connecting to either a vCenter server or a vSphere Host the cmdlet is the same, you can use the Connect-VIServer cmdlet to connect to both of these (even at the same time), lets take a look at an example:
C:\PS>Connect-VIServer -Server vcenter01 -User admin -Password pass
In the above example you can see we are connecting to our vCenter server called “vcenter01” with a username and password to gain access to the vCenter server, we did not specify a protocol or port, by default HTTPS and port 443 is assumed which is the same as the vSphere Client or Web Client, unless you specify a –port or –protocol parameter for the cmdlet.
In the example above we used the –User and –Password parameters to pass through the credentials but this might not always be what you want to do, especially as PowerShell files are plain text! There are multiple ways in which we can specify the credentials or store the credentials, its really up to you which you use and which is best suited for your situation.
C:\PS>Connect-VIServer -Server vcenter01
If we do not enter a username or password parameter and just use the cmdlet like the above example then the credentials of the current user are passed through to the vCenter or vSphere host and used to try and authenticate the connection. This is great if your environment is setup in the same domain as your vCenter box or your specific user account has been given access to vCenter or the host. One thing to watch out for here is this may work whilst you are logged in but if you have a script which runs as a scheduled task or is to be run as another user then you will need to make sure the account running the scheduled task or as the other user also has vCenter access.
As a note, the Connect-VIServer cmdlet first tries Kerberos authentication, if this does not work it then tries NTLM authentication.
Kerberos should work for Windows based vCenters, the vCenter Virtual Appliance (VCVA) and ESXi when they are connected to Active Directory.
NTLM works only for the Windows vCenter.
To monitor the authentication and diagnose which is being used we can use the –verbose parameter with Connect-VIServer as below:
In the above case my pass-through authentication failed and I was prompted for credentials to the host.
With PowerCLI we have the ability to store credentials for connections to different vCenter Servers or vSphere hosts and it can also be used to store credentials for vCloud Director when using the Connect-CIServer cmdlet, this feature is called the VICredentialStore, this becomes useful when we want to connect but do not always want to specify the username and password to use, the cmdlets we provide are listed below:
Get-VICredentialStoreItem This cmdlet retrieves the credential store items available on a vCenter Server system.
New-VICredentialStoreItem This cmdlet creates a new entry in the credential store.
Remove-VICredentialStoreItem This cmdlet removes the specified credential store items.
The New-VICredentialStoreItem cmdlet creates a new entry in the credential store and encrypts the password. If there is an existing entry for the specified host and user, it is overwritten. If the credential store file does not exist, it is created (along with its directory if needed).
If no file is specified, the item is created in the default credential store file %APPDATA%\VMware\credstore\vicredentials.xml.
Credential store items for vCloud Director servers must contain user name and organization in the following format: user_name:organization_name, where both names are lower-cased.
An example of this command is shown below:
C:\PS>New-VICredentialStoreItem -Host vCenter01 -User Admin -Password pass
Once this has been added to the VICredentialStore we are able to connect to vcenter01 without using the –User or –Password parameters.
A key thing to remember when using the Connect-VIServer cmdlet is that in a case where we did not provide a username/password parameter we first check the VICredentialStore. If the credential store doesn’t have the connection information for the requested server we try passthrough authentication. In a case where the credential store does contains connection information, but we fail to connect for some other reason (e.g. network connectivity) we don’t try pass-through and just show the error.
If a username/password parameter is used in the cmdlet then the VICredentialStore is ignored and the parameters are used for credentials.
Recently Connected Servers
Another nice parameter in the Connect-VIServer cmdlet is the –Menu parameter. If you use the –Menu parameter it Indicates that you want to select a connection server from a list of recently connected servers. If Menu is set to $true, the cmdlet retrieves a list of the last visited servers and enters a nested command prompt, so that you can select a server from the list.
An example of this is shown below, this can be great if you connect to multiple vCenter servers as you don’t always have to remember or retype the names!
Now you are connected to the vCenter you can access a global variable which stores the connection information, this is the $defaultVIServer variable and contains the connection information:
If you connect to more than one vCenter or vSphere Host you will see that a new variable is created called $defaultVIServers this stores the connection information for all connected entities where as the $defaultVIServer will only be the most recent connection.
These variables can be used to check your connection has been successful and also used for further reference later on in our scripts.
Now you have learned how to connect to your vCenter or vSphere host and a few more tricks why not start trying out some of the other cmdlets!