It is my pleasure to announce the release of PowerCLI 12.3. Here are some of the key highlights for this release.
Release Highlight
Workload Management
- Support for vSphere with Tanzu with vSphere Networking
- New cmdlet New-WMNamespaceNetworkSpec to create a network specification for Namespace network
vSphere
- Support for Native Key Provider
- Cross vCenter VM Cloning
vSAN
- vSAN file service Snapshot Management
Horizon
- Latest Horizon API 8.2 binding
SRM
- Latest SRM API 8.4 binding
Let’s explore some of these features in detail.
Workload Management
With the release of PowerCLI 12.3, additional parameters are introduced to Enable-WMCluster cmdlet. These new parameters allow you to enable a workload management cluster with vSphere networking.
Check out the updated syntax below.
Also, a new cmdlet New-WMNamespaceNetworkSpec has been introduced, which allows you to create a network specification for the Namespace network.
Let’s check out the sample script to enable workload management with vSphere Networking.
Do edit and customize the values If you choose to re-use the script for your environment.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
#Connect to vCenter. Edit values as appropriate. $vc = "192.168.x.x" $vc_password = "******" Connect-VIServer -User $vc_user -Password $vc_password -Server $vc $Cluster = Get-Cluster -Name "cluster" $datacenter = Get-Datacenter "datacenter" $datastore = Get-Datastore -Name "vsanDatastore" $vmhosts = Get-VMHost $tkgcl = "tkg-cl" $ntpservers = @("time.vmware.com") $ManagementVirtualNetwork = get-virtualnetwork "VM Network" # #Extracting CA Cert from the HAProxy VM $HAProxyVMname = "haproxy-demo" $AdvancedSettingName = "guestinfo.dataplaneapi.cacert" $Base64cert = get-vm $HAProxyVMname |Get-AdvancedSetting -Name $AdvancedSettingName while ([string]::IsNullOrEmpty($Base64cert.Value)) { Write-Host "Waiting for CA Cert Generation... This may take a under 5-10 minutes as the VM needs to boot and generate the CA Cert (if you haven't provided one already)." $Base64cert = get-vm $HAProxyVMname |Get-AdvancedSetting -Name $AdvancedSettingName Start-sleep -seconds 2 } Write-Host "CA Cert Found... Converting from BASE64" $cert = [Text.Encoding]::Utf8.GetString([Convert]::FromBase64String($Base64cert.Value)) # #Enable Workload Management with HAProxy and vSphere Networking Write-Host "Enabling Workload Management" Get-Cluster $Cluster | Enable-WMCluster ` -SizeHint Tiny ` -ManagementVirtualNetwork $ManagementVirtualNetwork ` -ManagementNetworkMode StaticRange ` -ManagementNetworkGateway "192.168.x.x" ` -ManagementNetworkSubnetMask "255.255.255.0" ` -ManagementNetworkStartIPAddress "192.168.x.x" ` -ManagementNetworkAddressRangeSize 5 ` -MasterDnsServerIPAddress @("192.168.x.x") ` -MasterNtpServer @("time.vmware.com") ` -ServiceCIDR "10.96.0.0/24" ` -EphemeralStoragePolicy "kubernetes-demo-storage" ` -ImageStoragePolicy "kubernetes-demo-storage" ` -MasterStoragePolicy "kubernetes-demo-storage" ` -ContentLibrary $tkgcl ` -HAProxyName $HAProxyVMname ` -HAProxyAddressRanges "192.168.24.208-192.168.24.222" ` -HAProxyUsername "admin" ` -HAProxyPassword "vmware" ` -HAProxyDataPlaneAddresses "192.168.x.x:5556" ` -HAProxyServerCertificateChain $cert ` -WorkerDnsServer "192.168.111.1" ` -PrimaryWorkloadNetworkSpecification ( New-WMNamespaceNetworkSpec ` -Name "network-1" ` -Gateway "192.168.24.1" ` -Subnet "255.255.255.0" ` -AddressRanges "192.168.24.2-192.168.24.126" ` -DistributedPortGroup "Workload24" ` ) # |
vSphere Security
vSphere Native Key Provider, a new feature in vSphere 7 Update 2, provides a way within vSphere to enable data-at-rest protections like vSAN Encryption, VM Encryption, and vTPM straight from vSphere itself. You can visit https://core.vmware.com/native-key-provider to learn more about the native key provider.
PowerCLI 12.3 extends the cmdlets to support the native key provider. Below are some of the operations which will help you manage the native key provider.
Filter the Native Key Provider
Get-KeyProvider cmdlet retrieves all key providers from the vCenter Server system. A new parameter -Type is introduced to filter the key provider based on its type.
|
1 2 |
#Get all the Native Key Provider from vCenter Server PS C:\> Get-KeyProvider -Type NativeKeyProvider |
Export the Key Provider Configuration
It is a good idea that you back up the native key provider, especially if the native key provider is a default key provider.
PowerCLI 12.3 introduces a new cmdlet, Export-KeyProvider to backup (Export) the native key provider.
Note: You can only specify the NativeKeyProvider value to the -KeyProvider parameter.
|
1 2 |
#backup native key provider PS C:\> Export-KeyProvider -KeyProvider NativeKeyProvider -FilePath .\SecurePath -Password ‘xxxx-xxxx’ |
Import the key provider configuration
Caution: As explained earlier, if you have already configured the native key provider, make sure that you do not delete it. The vSphere UI provides you a conscious choice before you actually hit delete.
PowerCLI 12.3 introduces a new cmdlet, Import-KeyProvider to import (Restore) the native key provider if you need to import the key provider.
Configure the VM encryption with Native key provider
You can now use PowerCLI to configure VM encryption using the native key provider. The Set-VM, Set-HardDisk, New-VM, and New-HardDisk cmdlets are updated to support the native key provider.
|
1 2 3 4 |
#Restore native key provider PS C:\> $vm = Get-VM TestVM PS C:\> $keyProvider = Get-KeyProvider HBT-Native-KeyProvider PS C:\> Set-VM $vm -KeyProvider $keyProvider |
vSAN File Service Snapshot Management
The vSAN file share snapshot is a built-in feature in vSAN that provides a point-in-time image of a vSAN file share. You can check out the details here.
There are 3 new cmdlets that has been introduced to manage the vSAN File Service snapshot.
New-VsanFileShareSnapshot
This cmdlet creates a vSAN file share snapshot for the specified vSAN file share.
|
1 2 |
#Creates a new vSAN File Share Snapshot PS C:\> New-VsanFileShareSnapshot -Name "FileShareSnapshot1" -FileShare $fileShare |
Get-VsanFileShareSnapshot
This cmdlet retrieves vSAN file share snapshots based on name or other filters.
|
1 2 |
#Retrieves all vSAN File Share Snapshot PS C:\> Get-VsanFileShareSnapshot |
Remove-VsanFileShareSnapshot
This cmdlet removes vSAN file share snapshot.
|
1 2 |
#Removes vSAN File Share Snapshot PS C:\> Remove-VsanFileShareSnapshot -FileShareSnapshot $vSanSnapshot -Confirm:$false |
Other Improvements and bugfixes
There are some notable enhancements done that will help you with day-to-day PowerCLI operations. For example, there is a new parameter -Reason is introduced with Set-VMHost, Stop-VMHost, and Restart-VMhost to specify the reason for respective VMhost Power operation via PowerCLI.
Similarly, The performance of Foreach-parallel has dramatically improved, and bug fixed the issues reported by the PowerCLI community.
Conclusion
The PowerCLI 12.3 is a small release in terms of feature offerings. However, it is quite a significant release for vSphere Security and vSphere with Tanzu. The support for vSphere with Tanzu with vSphere Networking will ease up the deployment of the tanzu environment. Similarly, The PowerCLI support for native key providers extends the automation capabilities to configure Native Key Provider during the build phase itself.
Concluding this, I recommend you to visit the PowerCLI 12.3 release notes to know more about improvements and bug fixes. Also, Do check out the PowerCLI home page for anything and everything related to PowerCLI.
