Home > Blogs > VMware PowerCLI Blog > Author Archives: Kyle Ruddy

Author Archives: Kyle Ruddy

About Kyle Ruddy

Kyle Ruddy is a Senior Technical Marketing Engineer at VMware in the Cloud Platform Business Unit. Kyle currently focuses on vSphere with Operations Management as well as all things API, SDK, and CLI. Kyle can be found blogging on VMware blogs, http://blogs.vmware.com/vSphere and http://blogs.vmware.com/PowerCLI, and his personal blog, http://www.thatcouldbeaproblem.com. You can follow Kyle on twitter as @kmruddy.

Configuring Per-VM EVC with PowerCLI

vSphere 6.7 was released a couple weeks ago and there were a ton of new features announced. However, there was one feature I was particularly interested in and that was Per-VM EVC (Enhanced vMotion Compatibility).

Giving a brief, high-level overview, EVC can be used to set a baseline of CPU features available to a VM or a set of VMs. In the past, this was a cluster-based setting. It was really nice because you could take hosts which didn’t have the same CPUs, use EVC to apply a common CPU baseline, and still put them in a cluster to take advantage of features like DRS and HA. The problem is that once a VM left that cluster, the EVC configuration would no longer be enforced. With vSphere 6.7 that changes, EVC can now be applied at the VM object level. This is awesome because now a VM can move across clusters, across datacenters, or even out to VMware Cloud on AWS and remain powered on and compatible! Be on the lookout for a much deeper dive on Per-VM EVC by my counterpart Emad Younis shortly.

Currently, configuring a VM’s EVC mode with PowerCLI is only available through a low-level command. That means, to configure this setting, we’re going to need to use methods that are exposed through either Get-View or a VM’s ExtensionData.

Let’s take a look at how we can automate this new setting using PowerCLI!

Introduction

First things first, we need to cover some requirements. To configure Per-VM EVC we need a couple things, including:

  • vSphere 6.7 (vCenter and ESXi host version)
  • A VM with hardware version 14
  • PowerCLI 10.1.0

Once we have those all inline, we need to figure out what EVC mode is appropriate for this particular VM.

Determining the Desired EVC Mode

PowerCLI makes it extremely easy to figure out what EVC modes are available. Each ESXi host object has a top-level property we can use to discover what their maximum EVC mode is. Once we obtain that information from all the potential hosts, we choose the lowest baseline and configure the VM with that.

Obtaining an ESXi host’s maximum EVC mode can done with the following command:

Example: Discovering VMHost MaxEVCMode

From the above example, we can see that the VM’s EVC mode should be no higher than ‘intel-sandybridge’ to work on these hosts. If we anticipate moving this VM between vCenters, we would want to run the same command against the ESXi hosts managed by that vCenter. If we anticipate moving this out to VMware Cloud on AWS, we already know those hosts are configured to be at an EVC mode of ‘intel-broadwell’. Broadwell is a higher, more advanced, mode than Sandy Bridge, so we’re still going to use the Sandy Bridge mode for our VM.

For more details about each EVC mode and how they rank, see the following KB article: 1003212 – Enhanced vMotion Compatibility (EVC) processor support

Assigning EVC Mode

We’re now ready to configure the per-VM EVC mode for this particular VM. The method we’ll be using is ‘ApplyEvcModeVM_Task’. More information about this can be found in the vSphere 6.7 Web Services API: ApplyEvCModeVM_Task

Based on the documentation, we have a couple parameters available to use:

Parameter Type
mask completeMask
HostFeatureMask object Boolean

The ‘mask’ parameter is looking for the CPU masking features we wish to configure. This is where the API gets a little more advanced than the UI. Where the UI only allows us to set the top level EVC mode, the API enables us to either specify all the feature masks which correlate to the EVC mode or be as granular as to only specify specific masks, the choice is ours. To be clear, this method does not accept the top-level EVC mode as input. Personally, I configure all the feature masks so that the VM’s level is aligned with the top level EVC mode.

The second parameter is ‘completeMasks’. This parameter is essentially asking if the masks presented are the complete list of masks to enable for this VM. This parameter accepts true or false as input and defaults to true. This is another reason I, personally, specify all the feature masks because then there is no confusion over what is or is not enabled for the virtual machine object.

Before we run the method, we need to obtain a list of feature masks. Starting from a high level, we can obtain the EVC Modes which are supported by our present vCenter with the following command:

To only retrieve information about the ‘intel-sandybridge’ mask, we can add a ‘where’ statement searching for that as the ‘key’ property:

Then, to isolate the masks we will be using as inputs for the ‘mask’ parameter, we can store the ‘FeatureMask’ output into a variable:

The above can also be wrapped up into a one-liner with the following command:

We’re now ready to run the command as follows:

Putting It All Together

If we combine all of the code above, it will look like the following:

Example: Putting everything together to set Per-VM EVC mode of a single VM

In 6 lines of code, we’ve gone from a VM with no EVC mode to a VM configured with an EVC mode of ‘intel-sandybridge’!

Community Module

If you found all the above to be a little too cumbersome, there’s a community module you can use to simplify this entire process. This module is available on the PowerCLI Community Repository: PerVMEVC

The PerVMEVC module provides the following three functions:

  • Get-VMEvcMode
  • Remove-VMEvcMode
  • Set-VMEvcMode

Here’s an example of them in action:
Example: Community Module Usage

Summary

vSphere 6.7 came packed with new features. One feature in particular really enables VMs the mobility to run anywhere. That feature is Per-VM EVC. This new feature takes the cluster based EVC functionality we’re already familiar with and now makes it available at the VM object level. PowerCLI gives us the ability to automate the entire process through the API using the ‘ApplyEvcModeVM_Task’ method as well as a new community module that can be used to simplify the process!

Let us know in the comments what you think of Per-VM EVC mode!

New Release: VMware PowerCLI 10.1.0

April has been a release heavy month for VMware. We have seen releases for vSphere 6.7, the entire vRealize suite, Site Recovery Manager 8.1, Horizon 7.4.1, and quite a few more. As of today, PowerCLI is being added to that list with the release of 10.1.0!

PowerCLI 10.1.0 offers the following updates:

  • Support for vSphere 6.7
  • Support for NSX-T 2.1
  • New VMware.Vim module
  • New cmdlets for managing Auto Deploy script bundles

Let’s take a look at those and some of the other updates.

Updated Support

Compatibility is something very important to PowerCLI. PowerCLI version 10.1.0 adds support for both vSphere 6.7 and NSX-T 2.1. This update gives you access to continue automating the latest and greatest VMware releases, plus have access to all those new APIs!

PowerCLI Compatability

New Module

This new version of PowerCLI brings our 20th module! This new module is named: VMware.Vim The goal of this module is to be able to allow you to have access to the latest vSphere APIs, including those available as part of VMware Cloud on AWS.

New Auto Deploy Cmdlets

Auto Deploy has two new cmdlets available to help with management of script bundles. These new cmdlets are:

  • Set-ScriptBundleAssociation
  • Remove-ScriptBundle

The Set-ScriptBundleAssociation cmdlet allows us to configure ESXi hosts to be associated with specific Auto Deploy script bundles.

The Remove-ScriptBundle cmdlet allows us to remove script bundles from Auto Deploy in an automated fashion. This functionality was actually requested by the community as PowerCLI Idea 114, so it’s really cool to see the direct impact the community can have.

General Updates

There’s a number of other improvements available in PowerCLI 10.1.0 as well. The first of which is to allow Import-VApp to support SHA-256 and SHA-512 hash algorithms. Next, we have deprecated the ‘Version’ parameter for the New-VM and Set-VM cmdlets. This parameter has been replaced by ‘HardwareVersion’. The same deprecation has been applied to the VirtualMachine object as a whole. Instead of referencing the ‘Version’ property, reference the ‘HardwareVersion’ property instead. Then, the Get-TagAssignment cmdlet has had the functionality corrected so we can query tags on datastore clusters. Another shout out to the community for this update, since that’s how this was brought to our attention! Also, we have made some updates to the process of migrating a VM to a VMware Cloud on AWS environment.

Lastly, PowerCLI 10.0.0 brought a bit of a change when it comes to handling vCenter and ESXi certificates. Instead of producing a warning when connecting to resources using invalid or self-signed certificates, PowerCLI now produces an error. We found some valid certificates were still producing an error and have corrected that process with PowerCLI 10.1.0.

If you do need to change PowerCLI’s configuration for handling certificate validation, the following code can be used to ignore those invalid or self-signed certificates:

Wrap-Up

PowerCLI 10.1.0 is the second release of the year and its only April! This release brought support for both vSphere 6.7 and NSX-T 2.1. A new module was introduced, VMware.Vim, making PowerCLI 20 modules strong. Two new cmdlets were added to help in the management of Auto Deploy script bundles! Plus, there were a number of other improvements added as well.

Remember, updating your PowerCLI modules is now as easy as ‘Update-Module VMware.PowerCLI’.

Example: Update-Module to PowerCLI 10.1.0

For more information on changes made in VMware PowerCLI 10.1.0, including improvements, security enhancements, and deprecated features, see the VMware PowerCLI Change Log. For more information on specific product features, see the VMware PowerCLI 10.1.0 User’s Guide. For more information on specific cmdlets, see the VMware PowerCLI 10.1.0 Cmdlet Reference.

New Release: PowerCLI 10 Poster!

The release of VMware PowerCLI 10.0.0 was another big one for us. As a result, PowerCLI is now available on Linux, MacOS, and Windows! As part of every major release, there’s a large number of asks for the PowerCLI poster and today we’re releasing it!

The poster features a bit of a layout refresh which conforms to a more standardized poster sizing guideline, but still features all of our cmdlets, some basic examples, and links to helpful resources.

PowerCLI Poster

New Release: PowerCLI Poster

If you’re looking to print one out, they are best at 36 inches wide by 24 inches tall.

Be on the lookout for these posters coming to a VMworld and/or VMUG near you!

Let us know where you’re putting your poster and how you’re using it either in the comments or on Twitter by mentioning the PowerCLI account!

New Release: PowerCLI Preview for VMware NSX-T Fling

A new Fling has been released for PowerCLI! The PowerCLI Preview for NSX-T Fling adds 280 high-level cmdlets which operate alongside the existing NSX-T PowerCLI module.

What do I mean by ‘high-level’ cmdlets? There are generally two forms of cmdlets available through PowerCLI, high-level and low-level. High-level cmdlets abstract the underlying API calls and provide an easy to use and understand cmdlet, like Get-LogicalSwitch. Based on that, you can assume the output will be logical switches. However, every API call does not have a corresponding high-level cmdlet and that’s where the low-level cmdlets come into play. Low-level cmdlets interact directly with the API and therefore have complete coverage of the available API calls. An example of a low-level cmdlet would be Get-View, or in the case of the NSX-T module it would be Get-NsxtService. More information about the low-level cmdlet usage of the NSX-T module is available in the following blog post: Getting Started with the PowerCLI Module for VMware NSX-T

Why is this being released as a fling? This module is still being developed and we need your feedback! What cmdlets are you using the most? What should the output look like? What cmdlets aren’t working the way you think they should? What cmdlets are missing? As well as any other feedback you can come up with! The preference is to leave the feedback on the fling’s comments section. However, if you post it as a comment here, I’ll make sure the right people receive it.

With that said, let’s get started using this new module!

Geting Started

First, we’ll need to head out to the VMware Flings site, browse for the fling and download the zip file. Direct link: PowerCLI Preview for NSX-T Fling

Next, extract the module and place it into one of your $PSModule directories. Better yet, do it with PowerShell:

We can then verify the module was placed in the proper location and is available for us to use:

Unzipping the Fling download

Note: If you don’t see the VMware.VimAutomation.Nsxt module, you probably need to install the latest version of PowerCLI. Walkthroughs on how to do that are available:

Now that we can see the module, I would suggest browsing through all of the 280 cmdlets available in the module. We can do that with the following command:

Browsing through all the available cmdlets in the Fling Module

One last step before starting to use the new cmdlets, we need to authenticate to the NSX-T server. This requires the VMware.VimAutomation.Nsxt module because it makes available the ‘Connect-NsxtServer’ cmdlet. We can authenticate to the NSX-T server with the following command:

Authenticating to the NSX-T Management Server

We are now authenticated and ready to start pulling information from the environment. Following along with the prior blog post, let’s start by pulling information about our cluster. We can do that with the ‘Get-ClusterNodeConfig’ cmdlet.

Example: Get-ClusterNodeConfig

We can clean up the output through the use of the ‘Select-Object’ cmdlet with the following command:

Example: Simplifying output for Get-ClusterNodeConfig

Another item we looked at in the last blog post, Transport Zones. The ‘Get-TransportZone’ cmdlet can be used, however if we want to clean it up a bit we can run the following command:

Example: simplified output for Get-TransportZone

One last example, we’ll get the status of the cluster. This can easily be done with the ‘Get-ClusterStatus’ cmdlet. However, the results are probably not what you expect. The ControlClusterStatus and MgmtClusterStatus each have an additional nested property of ‘Status’ which we’ll need to gain access to for this to really make sense. To do that, we’ll create a custom dynamic property with PowerShell! These custom properties will be made of hashtables used as part of the ‘Select-Object’ cmdlet. Each hashtable will need a ‘Name’ and an ‘Expression’. Here’s an example of this concept with the ‘Get-ClusterStatus’ cmdlet:

Example: Get-ClusterStatus and handling nested property values

Summary

There’s a great new fling available called the PowerCLI Preview for NSX-T Fling. This fling adds an additional 280 high-level cmdlets for VMware NSX-T, like Get-TransportZone, which means that automating NSX-T has never been easier!

As with all of our Flings, please leave feedback on the Comments section! We want to know what you think. What cmdlets are you using the most? What should the output look like? What cmdlets aren’t working the way you think they should? What cmdlets are missing? As well as any other feedback you can come up with!

Installing PowerCLI 10.0.0 on MacOS

PowerCLI 10.0.0 was released just a few weeks ago and one of the key updates was the added support for MacOS and Linux operating systems. It’s still amazing to think about! PowerShell and PowerCLI available to users on OSes other than just Windows. Wow!

Let’s put this to action and get PowerCLI installed on a MacOS system.

Prerequisite: Installing PowerShell Core – Package

The minimally required version for MacOS is PowerShell Core 6.0.1. There’s a couple different ways to install PowerShell onto a MacOS system. This first method is downloading the PowerShell package and installing it through GUI installer.

We can start by browsing to the PowerShell GitHub repository, and clicking on the ‘Releases’ button. Alternatively, here’s a direct link: PowerShell Releases page

Example: PowerShell Repo Releases Page

On the PowerShell Releases page, we will want to download the latest MacOS package to our local system. Now, we will want to run through the installer. Accepting all of the defaults worked in my environment.

Example: PowerShell Core Package Install

Prerequisite: Installing PowerShell – Homebrew

The other main way of installing PowerShell is through Homebrew. Homebrew is a package manager. It will easily allow us to install, update, and remove packages, like PowerShell, directly from the command line!

If you don’t already have Homebew installed, it too can be installed from the command line with the following within Terminal:

Next, we’ll need to install Homebrew-Cask. Homebrew-Cask is extension of Homebrew to allow for the downloading of additional, pre-compiled, applications. We will perform the install with the following command within Terminal:

Now, we’re ready to install PowerShell onto our MacOS system! This can be done with the following command within Terminal:

Example: Installing PowerShell Core through Homebrew Cask

Installing PowerCLI

We have our prerequisite of PowerShell installed on our MacOS system. We’re now ready to install PowerCLI!

Start by opening Terminal and starting our PowerShell session by entering:

Example: Launching the PowerShell Core terminal

At this point, we’re in PowerShell so we install PowerCLI just like we have for the past couple versions!

Example:

Example: Installing PowerCLI with PowerShell Core

At this point, we’re all set! We can start using PowerCLI just like we normally have on Windows systems for years!

Example: Connecting to a vCenter Server

Couple Things to Keep in Mind

There are still a couple things to keep in mind as you move forward in the excitement of having PowerCLI on a non-Windows system. PowerShell Core, as well as the underlying .NET Core, are not feature complete to their non-Core counterparts. Make sure to test your scripts thoroughly prior to using them. A recent example that was brought up within the PowerCLI channel in the VMware Code Slack group: ConvertFrom-SecureString doesn’t currently work, as per Issue 1654. Therefore, if you have any scripts containing secure string objects, PowerShell Core will not be able to decrypt them.

The PowerCLI 10.0.0 release starts with support for the following modules, and the rest of the modules will be added over time:

  • VMware.VimAutomation.Cis.Core
  • VMware.VimAutomation.Common
  • VMware.VimAutomation.Core
  • VMware.VimAutomation.Nsxt
  • VMware.VimAutomation.Vds
  • VMware.VimAutomation.Vmc
  • VMware.VimAutomation.Sdk
  • VMware.VimAutomation.Storage
  • VMware.VimAutomation.StorageUtility

Some cmdlets, even though they may be in the above list, also still may not function properly. Examples:

  • Get-VICredentialStoreItem
  • New-VICredentialStoreItem
  • Remove-VICredentialStoreItem
  • Get-VMHostHardware
  • Open-VMConsoleWindow

Wrap-Up

The PowerCLI 10.0.0 release added the much requested support for MacOS and Linux systems! In this blog, we walked through two different methods to make PowerShell Core available on MacOS and how to install PowerCLI.

Let us know what you’re most excited about now that PowerCLI works on multiple OSes!

New Release: VMware PowerCLI 10.0.0

We are only two months in to 2018, but it has already been pretty exciting from an automation standpoint. Let’s review some of the big news. Microsoft open-sourced and released PowerShell 6.0. They also made it available on a number of operating systems, from Windows to Linux to Mac OS. Then, PowerCLI hit 2,000,000 downloads from the PowerShell Gallery! Today, we are releasing VMware PowerCLI 10.0.0!

Let’s talk about the version change for a second. If you’ve been a PowerCLI user for a couple years, you have probably noticed quite the transformation here recently. One item of note was when the name was changed from vSphere PowerCLI to VMware PowerCLI. This was due to PowerCLI’s ability to manage more than just vSphere. With this release, we are taking that next step to remove ourselves from being in lockstep with vSphere’s versioning. Why did we go with 10? Well, PowerCLI recently celebrated its 10th birthday so it seemed like the perfect number!

Time to take a look at everything that’s new!

Multi-Platform Support

PowerCLI 10.0.0 adds support for Mac OS and Linux! The only pre-requisite is to have PowerShell Core 6.0 installed. The installation process is also the same:

PowerCLI 10 Install Example on a MacOS System

This release brings support for the following modules:

  • VMware.VimAutomation.Cis.Core
  • VMware.VimAutomation.Common
  • VMware.VimAutomation.Core
  • VMware.VimAutomation.Nsxt
  • VMware.VimAutomation.Vds
  • VMware.VimAutomation.Vmc
  • VMware.VimAutomation.Sdk
  • VMware.VimAutomation.Storage
  • VMware.VimAutomation.StorageUtility

Future releases of PowerCLI will continue to add support for the remaining modules.

Default Certificate Handling

This version changes the way certificates are handled when connecting to a vCenter server or ESXi host with the Connect-VIServer cmdlet. If your connection endpoint is using an invalid certificate (self-signed or otherwise), PowerCLI would previously return back a warning. The handling has been updated to be more secure and now return back an error.

If you are using an invalid certificate, you can correct the error with the ‘Set-PowerCLIConfiguration’ cmdlet. The parameter needing to be configured is ‘InvalidCertificateAction’ and the available settings are Fail, Warn, Ignore, Prompt, and Unset.

The following code will configure the ‘InvalidCertificateAction’ parameter to be Ignore:

Deprecated Cmdlets and Property

There are five cmdlets being deprecated. These cmdlets are found in the VMware.VimAutomation.Core module. They are:

  • Get-VMGuestNetworkInterface
  • Set-VMGuestNetworkInterface
  • Get-VMGuestRoute
  • New-VMGuestRoute
  • Remove-VMGuestRoute

These cmdlets are replaced with the use of the Invoke-VMScript cmdlet.

Sample code to change the IP Address of a Windows VM:

One other deprecation is to the Client property. If you have any scripts that are making use of the ‘Client’ property, you’ll want to get those updated to use the ServiceInstance managed object. More information can be found at the following: ServiceInstance

Resolved Issues

First, I want to thank the community for this section. There was an overwhelming amount of feedback that came in and I’m quite excited about how many items we were able to get resolved! Let’s check some of them out:

  • Piping the Get-Datacenter cmdlet output to Get-Cluster now works when more than one datacenter is present
  • Configuring manual MAC addresses with the New/Set-NetworkAdapter cmdlet now accepts all addresses, not just MAC addresses in the 00:50:56 range
  • VMs with snapshots can be Storage vMotioned to VMFS6 datastores without hitting a ‘redoLogFormat’ error
  • Lots of updates to the Get-TagAssignment cmdlet, including when connected to two vCenter Servers and also displays the Tag Category as expected

Summary

Today, we release PowerCLI 10.0.0. This release adds support for PowerShell Core 6 which can be run on Linux and Mac OS systems. There are also a handful of VMGuest related cmdlets which have been removed from the release. Their functionality can be replaced with the usage of Invoke-VMScript. Lastly, there have been several corrections. Many of which are thanks to our amazing community for bringing them to our attention.

Remember, updating your PowerCLI modules is now as easy as:

For more information on changes made in VMware PowerCLI 10.0.0, including improvements, security enhancements, and deprecated features, see the VMware PowerCLI Change Log. For more information on specific product features, see the VMware PowerCLI 10.0.0 User’s Guide. For more information on specific cmdlets, see the VMware PowerCLI 10.0.0 Cmdlet Reference.

Getting Started with the VMware Cloud on AWS Module

VMware Cloud on AWS is a new on-demand service that enables you to run applications across vSphere-based environments plus access to a broad range of AWS services. PowerCLI already helps to automate your VMware Cloud on AWS tasks! This includes tasks such as creating SDDCs, adding or removing ESXi hosts, managing firewall rules, and so forth.

The VMware Cloud on AWS (VMC) module was released as a low-level, API access only, module and will feature the following cmdlets:

  • Connect-VMC
  • Disconnect-VMC
  • Get-VmcService

Let’s take a look at how we can get started using this new module.

Getting Started

When getting started with the VMC module, we’ll notice immediately that it has a little different authentication process than the other PowerCLI connection cmdlets. This module requires you first acquire the OAuth Refresh Token from the VMware Cloud Console:
Example: VMware Cloud on AWS Console - OAuth Refresh Token

Copy the refresh token, open a new PowerShell session, and connect to the VMC service with the following command:

Now that we are connected, let’s start by doing some discovery. The more you work with this module, and the VMC API as a whole, the more you’ll notice the need to be able to easily recall the organization (Org) ID. Therefore, let’s start by looking into how we can discover information about our org. First, we want to figure out what the service is itself with the ‘Get-VmcService’ cmdlet. Notice that we can use the standard PowerShell filtering and wildcard usage to help make the discovery process a bit simpler. Example code:

Next, we’ll make use of the ‘Get-Member’ cmdlet which will show us the available properties and methods for each issued command. We can pipeline the return from the ‘com.vmware.vmc.orgs’ service to the ‘Get-Member’ cmdlet and discover there’s a ‘Get’ and a ‘List’ method available. Since we don’t have any current information about the Orgs within this environment, we’ll opt for the ‘List’ method. Example code:

Example: Service and Org Discovery

Now that we have our org information, the next thing we will want to discover is information about the org’s SDDC. That information can be found with the following commands:

Example: SDDC Discovery

Notice, there’s quite a bit of information to parse through. Let’s look at a simple way to pull out some information about the SDDC’s ESXi hosts. Example code:

Example: ESXi Host Information

VMware Cloud on AWS uses NSX under the covers to provision all of the networking. Therefore, we will also want to have an understanding of the Edge nodes that are available in the environment. This information is actually in a separate service. Remembering what we’ve done previously, here’s some example code to discover some basic information about the SDDC’s Edge nodes:

Example: NSX Edge Discovery

Another good area to be aware of in your SDDC are the firewall rules. These are also easily retrievable through the ‘Get-VmcService’ cmdlet as well. Example of the firewall rules associated with the edge-2 node:

Example: Firewall Rule Discovery

Last example, let’s do something exciting! How about we automate the creation of an SDDC? This is going to require quite a bit of what we’ve learned so far, plus some new tricks. We can find the ‘Create’ method against the com.vmware.vmc.orgs.sddc service. We see that input requires the Org ID and an ‘sddc_config’ input. This is where it gets tricky.

If we remember back in the PowerCLI 6.5.3 release, there was the addition of the ‘Create’ method to a couple cmdlets. This method is also available with the ‘Get-VmcService’ cmdlet. The whole point of this method is to allow us to create a specification in an easy manner. For this example, we’re reference the ‘sddcSvc’ variable, the ‘Help’ property, then the create property. This shows us a property of ‘sddc_config’. This is the specification we’ll need to use. The ‘sddc_config’ property has this ‘Create’ method available so we can automatically build out the specification. Pretty simple, right?

We’re not quite done quite yet though. Each SDDC can have multiple VPC subnets. Therefore, we also need to populate the spec’s customer_subnet_ids list object with the ‘Add’ method.

Example code:

Example: SDDC Creation

The output above from our last create method is a task object. There’s a service for those too! Since the call we made is asynchronous, you can also have a bit of fun and build a progress checker as well!

Here’s some example code I tossed together while waiting on the SDDC to deploy:

Example: SDDC Creation Progress Output

Summary

VMware Cloud on AWS is a fantastic new service that enables you to run applications across vSphere environments as well as accessing a broad range of AWS services. Within this service, PowerCLI is one of the best ways to automate your VMware Cloud on AWS tasks! In this blog post we covered how to discover the available services, explore was methods are available as actions against each of those services, and how to start interacting with those services. We obtained detailed information about our organization, that org’s SDDC and its accompanied configuration including firewall rules, and then had some fun while deploying a brand new SDDC!

Check PowerCLI’s functionality in your own VMware Cloud on AWS environment today and let us know your feedback!

PowerCLI Offline Installation Walkthrough

Can you believe it? PowerCLI is closing in on a year of being in the PowerShell Gallery! We’re up to 20 different modules and, wait for it, over 2,000,000 downloads of those modules!

VMware Profile on PowerShell Gallery

As exciting as that is, there’s still quite a few questions on how to install PowerCLI to systems that do not have internet access. We’re going to take a much closer look at that with this post.

Preparing the Offline System

First things first, we need to uninstall any prior instance of PowerCLI that was installed by way of the MSI. This can be done by:

  • Open the Control Panel
  • Look beneath the ‘Programs’ section, select ‘Uninstall a Program’
  • Select ‘VMware PowerCLI’, click ‘Uninstall’

Uninstalling Prior PowerCLI Versions

One last thing to check, ensure there is no folder containing PowerCLI as part of the title in the following directory: C:\Program Files (x86)\VMware\Infrastructure\

We can verify whether such a folder exists or not with a oneliner:

Accessing the PowerCLI Modules

We’re now ready to download the PowerCLI modules. This task will require a system with internet access. This section has a couple of variables which depend on the version of PowerShell available on your online system and whether or not you’ve ever accessed the PowerShell Gallery previously by way of the PowerShellGet module.

The easiest way to figure out which version of PowerShell you have is by using the PSVersionTable variable. Based on the output of that, follow the set of instructions below that matches the output.

PowerShell PSVersionTable Output

Online System with PowerShell 5.x:

  • Open PowerShell
  • Use the ‘Save-Module’ cmdlet to download the PowerCLI modules locally. Example:

    • If requested, update the NuGet provider
    • If requested, trust the ‘Untrusted repository’ that is named PSGallery
      Note: This is a local system trust, not something that has something to do with an SSL certificate
  • Copy those downloaded module folders to a location that can be made accessible to the offline system.
    Example: USB Flash Drive, Internal File Share, etc.

Online systems with the older PowerShell versions of 4.0 or 3.0, may need to have an additional module installed to access the PowerShell Gallery. The module is called ‘PowerShellGet’. We can verify whether the online system has the ‘PowerShellGet’ module available with the following command:

If there’s a response, you have it already! If there’s no output, you’ll need to make it available. Depending on the output, follow the instructions below.

Online System with PowerShell 4.0 or 3.0 with the PowerShellGet module:

  • Open PowerShell
  • Use the ‘Save-Module’ cmdlet to download the PowerCLI modules locally. Example:

    • If requested, update the NuGet provider
    • If requested, trust the ‘Untrusted repository’ that is named PSGallery
      Note: This is a local system trust, not something that has something to do with an SSL certificate
  • Copy those downloaded module folders to a location that can be made accessible to the offline system.
    Example: USB Flash Drive, Internal File Share, etc.

Online System with PowerShell 4.0 or 3.0 without the PowerShellGet module:

  • Download and install the ‘PowerShellGet’ module by way of the PackageManagement PowerShell Modules MSI.
  • Open PowerShell
  • Use the ‘Save-Module’ cmdlet to download the PowerCLI modules locally. Example:

    • If requested, update the NuGet provider
    • If requested, trust the ‘Untrusted repository’ that is named PSGallery
      Note: This is a local system trust, not something that has something to do with an SSL certificate
  • Copy those downloaded module folders to a location that can be made accessible to the offline system.
    Example: USB Flash Drive, Internal File Share, etc.

Save-Module Example and associated output

Adding PowerCLI to the Offline System

It’s now time to put the PowerCLI modules on to the offline system. To take advantage of the magic that is module auto-loading, we’ll want to copy and paste those downloaded folders in one of the locations listed in the PSModulePath variable.

By default, the PSModulePath variable contains the following directories:

  • $home\Documents\WindowsPowerShell\Modules
  • $pshome\Modules

When everything is all said and done, you should have one of the directories listed above looking a bit like this:
Directory Structure with PowerCLI Modules on the Offline System

That’s it! Open a PowerShell session and start using your PowerCLI commands as you did before!

Wait… It’s Not Working For Me!

What happens when you go through the above instructions and it’s not working?

The most common scenario we’ve come across is where the ‘Save-Module’ cmdlet was used with an online system that has PowerShell version 5.x. When this happens, there are an additional level of folders created between the top-level module folder and the module files themselves. This is extremely beneficial because we can then have multiple versions of the same module available on the local system. The issue though, older versions of PowerShell do not recognize those folders and therefore cannot load the modules.

When I say issue, I truly mean it. Jake Robinson, the PowerCLI Product Manager, actually created a GitHub issue for PowerShellGet calling out this problem: Offline installation of modules from Save-Module does not work on PS <5.x

Good news though, there are a couple workarounds available!

First option: Upgrade your version of PowerShell on the offline system to 5.x with Windows Management Framework 5.0.
Second option: Find an online system that has PowerShell versions 4.0 or 3.0 installed and use ‘Save-Module’ on that system.

Those two options are simple enough, but generally in an ‘easier said than done’ manner. With that said, I’m very excited to show off a third option. This option doesn’t require installing any software or powering on that older VM you hadn’t decommissioned quite yet. This option is a simple script that is run on the offline system. The script simply looks for the folders that already exist in any of the PSModulePath listed directories, searching specifically for PowerCLI module folders, and then removes that additional nested level of version-based folders.

The script is openly available on the PowerCLI Community Repository and is named: PowerCLI_FixNestedFolders.ps1

Here’s an example of the script in action:
Fixing the nested PowerCLI folders on older versions of PowerShell

Here’s an example of the results: (Left is the before, right is the after)
Directory Structure Before, left, and After, right

Wrap-Up

PowerCLI has seen a lot of success on the PowerShell Gallery. A set of modules with over 2,000,000 combined downloads is pretty impressive! However, there’s still a lot of questions over the installation process for systems that are offline. This blog post walked us through the offline installation process, covers the most common issue users hit, and provides a new solution to help overcome that issue.

Don’t delay, upgrade your version of PowerCLI on all your systems to ensure you’re getting access to the most up-to-date features, performance improvements, and bug fixes today!

If you’re looking to install PowerCLI and have direct internet access, use the following link: PowerCLI – Online Walkthrough
If you’re looking to install PowerCLI on a MacOS based system, use the following link: PowerCLI – MacOS Installation Walkthrough

VMware Tools Community Module Introduction

VMware Tools is a collection of in-guest drivers and agents that optimize performance and increase the manageability for VMs within vSphere environments. Guess what, PowerCLI provides a way to automate the management of the VMware Tools lifecycle! Even better, a new module was recently entered into the PowerCLI Community Repository to help make those management tasks even easier than before!

The module includes a collection of over 10 different advanced functions! These include the following:

Get-VMByToolsInfo Retrieves the virtual machines with specified VMTools info.
Get-VMToolsGuestInfo Retrieves the guest info of specified virtual machines.
Get-VMToolsInfo Retrieves the VMTools version and build number info of specified virtual machines.
Get-VMToolsInstallLastError Retrieves the error code of last VMTools installation on specified virtual machines.
Get-VMToolsUpgradePolicy Gets the VMTool’s upgrade policy of specified virtual machines.
Invoke-VMToolsListProcessInVM Lists the running processes in the virtual machine.
Invoke-VMToolsUpgradeInVMs Upgrades VMTools to the version bundled by ESXi host.
Invoke-VMToolsVIBInstall Installs VMTool VIB in specified ESXi hosts.
Set-VMToolsUpgradePolicy Sets the VMTool’s upgrade policy to either “manual” or “upgradeAtPowerCycle” of specified virtual machines.
Update-VMToolsConfInVM Updates the tools.conf content in guest OS.
Update-VMToolsImageLocation Updates the /productLocker link in an ESXi host directly

Let’s take a look at how to get started using this great module.

Accessing the Module

There are a couple ways to get access to this great module, all of which go through the PowerCLI Community Repository. One of the easiest ways is to load up the repository’s page, click on the green ‘Clone or download’ button, then clicking on ‘Download ZIP’. This downloads the entire contents of the repository to your local system.

Download PowerCLI Community Repository to Local System

Once the download is complete, unzip the files and browse to the ‘Modules’ directory. We are now going to copy the VMToolsManagement folder and paste it in one of the directories that are listed in the PSModulePath variable. Doing this allows the module to be available for automatic importing by your PowerShell session!

By default, the PSModulePath variable contains the following directories:

  • $home\Documents\WindowsPowerShell\Modules
  • $pshome\Modules

In my environment, I have placed the module in the first of the above options. This is also where my PowerCLI modules are available.

Extracted Module Placed in a PSModulePath sourced location

One item to keep in mind, the ‘Update-VMToolsImageLocation’ does require the usage of an ESXi host’s SSH service. Therefore, the SSH service on the ESXi host must be running as well as having an SSH library on your local system.

Module Usage

There are a couple functions that make it really easy and straight forward to retrieve VMware Tools information from VMs in the environment. These functions accept VM input from either direct VM parameter usage or pipeline. Here’s example output from the following advanced functions:

  • Get-VMToolsInfo
  • Get-VMToolsGuestInfo
  • Get-VMToolsInstallLastError

Example of retrieving VMware Tools information from a VM

There’s a very versatile function which allows us to query our environment for specific information about the state of VMware Tools on our VMs. This advanced function is ‘Get-VMByToolsInfo’ and has a couple nice parameters to help us out. The first parameter is ‘Tools Version’ which displays only VMs which contain the specified version. The next parameter is ‘ToolsRunningStatus’ which displays only VMs which are of the specified running state. The last parameter is ‘ToolsVersionStatus’ which displays only VMs that are of a certain status. The last two parameters feature tab complete functionality for each of their inputs.

Here are examples of a couple commands I ran within my environment:
Example of retrieving VMs by VMware Tools configuration

Let’s move on past simply retrieving information now. There are two functions which allow us to both retrieve and manage the upgrade policy for VMs. This can be done with the following advanced functions:

  • Get-VMToolsUpgradePolicy
  • Set-VMToolsUpgradePolicy

The Set-VMToolsUpgradePolicy allows us to modify the upgrade policy for a VM with the ‘UpgradePolicy’ parameter. This parameter also allows for tab completion between the two accepted policies. Here’s an example of those two functions in action:
Example of configuring the VMware Tools Upgrade Policy for a VM

We also have the ability to change the VMware Tools logging level. This is something that is normally done internally on the guest system but, through the magic of PowerCLI, we can now do this remotely with the ‘Set-VMToolsConfInVM’ advanced function! This function features a ‘LogLevel’ parameter which handles the changing of log level. Tab completion is available for this parameter as well. Additional information about configuring these settings can be found in KB 1007873. One note about this function, be aware of what the permissions are on the local system. Certain OSes can be touchy about modifying files within the folders where these configuration files are held.

Example of modifying the VMware Tools logging level

This module wouldn’t be complete without the ability to also upgrade a system’s VMware Tools too! This is accomplished with the ‘Invoke-VMToolsUpgradeInVMs’ advanced function. Here’s an example of it in action:
Example of upgrading the VMware Tools on a specified VM

Lastly, there are two functions that help to manage VMware Tools’ accessibility directly from ESXi hosts! The ‘Update-VMToolsImageLocation’ advanced function allows us to change the location of where VMware Tools are stored for ESXi hosts. For example, we could store the VMware Tools and floppy files on a datastore instead of the local system! One other nice feature of this function, there is no reboot required for the configuration update to go into effect. Then, there is the ‘Invoke-VMToolsVIBInstall’ advanced function. This function allows us to install and make available updated versions of VMware Tools out of the normal ESXi update lifecycle.

Here’s an example of updating an ESXi host with a newer version of VMware tools by way of a VIB:
Example of updating the VMware Tools version that's available on the ESXi host

Summary

The VMToolsManagement module is a terrific resource for any administrator needing to get quick and easy access to manage the lifecycle of VMware Tools in their environment. This module comes packed with over 10 different advanced function to handle a majority of the tasks admins face.

Head out to the PowerCLI Community Repository, download it, and let us know in the comments how you’re putting it to use in your environment!

Getting Started with the PowerCLI Module for VMware NSX-T

PowerCLI 6.5.3 was released a few short weeks ago and one of the biggest additions was the module to manage VMware NSX-T! This version of NSX provides network virtualization to not only VMware environments, but also multi-cloud and multi-hypervisor environments too.

Before diving into the module itself, there are a couple things we should cover first. This module was released as a low-level, API access only, module. That means the module comes with the following cmdlets: Connect-NsxtServer, Disconnect-NsxtServer, and Get-NsxtService. The first two cmdlets should be fairly straight forward, but the third is where it gets interesting. The Get-NsxtService cmdlet allows us to have full access to NSX-T’s public API! This module also gives users the capability to use a ‘create’ method to create PowerShell objects. These objects can then be modified and used as input back to the endpoint. This really helps simplify and streamline the interaction between PowerCLI and the NSX-T API endpoint!

For more information about the NSX-T 2.0 release, see the Network Virtualization blog: NSX-T 2.0 is Here!
For more information about the NSX-T 2.0 API, see the VMware Code API Explorer

Getting Started

First things first, open up a PowerShell session and authenticate to your NSX-T Manager with the ‘Connect-NsxtServer’ cmdlet.

Output Example:
Connect-NsxtServer Example

We are now ready to start exploring the NSX-T API with the ‘Get-NsxtService’ cmdlet. Running that cmdlet as is will return every named call for the NSX-T API, so this may be a little overwhelming at first. To make this easier, remember to reference the API Explorer as well as PowerShell’s ‘where-object’ cmdlet to help filter the names for what you need.

Example: Getting NSX-T Manager Information

For the first example, we are looking for information about the NSX-T Manager node. Searching through the VMware Code API Explorer for NSX-T for ‘nsx manager appliance’, we see a ‘GET’ method against ‘/node’ that is probably the most relevant call.

NSX-T API Explorer Example

To consume this in the PowerCLI module, we will use the ‘Get-NsxtService’ cmdlet to search for a name that ends in ‘node’ with the following code:

We can then save that service in a variable to easily reference for future commands:

We can now explore the methods available by piping the ‘nodeSvc’ variable to PowerShell’s ‘Get-Member’ cmdlet. Example:

There, In the output from ‘Get-Member’, we will see a ‘get’ method. We’ll want to perform that with the following code:

Combined Command Example:

Output Example:
NSX Manager Node Information Retrieval Example

Example: Retrieve Transport Zone Information

In our second example, we will retrieve information about the configured Transport Zones. We can do this as easily as we did the NSX Manager node. Referring back to the VMware Code API Explorer for NSX-T, we can search through the available namespaces for ‘transport zones’. We’ll find one in particular that has a description of ‘List Transport Zones’.

Based on that information we can infer that the service name is going to end in ‘zones’. We’ll run the following command to find the service:

We’ll then store the ‘com.vmware.nsx.transport_zones’ service into a variable. We’ll pipeline that variable to the ‘Get-Member’ cmdlet to find the available methods we can use. An example:

This service offers a couple methods which could fit our scenario of retrieving information about the environment’s Transport Zones. The methods available are a ‘get’ and a ‘list’. In order to perform the ‘get’, we would need to have the ID. Since we don’t have that information yet, we’ll run the ‘list’ method and store that into a variable with the following command:

Refering to the ‘tZones’ variable we can see some information, but the info about the Transport Zones themselves are within the ‘results’ property. We can refer back to the ‘tZones’ variable but specifying the ‘results’ property and find the information we’re looking for.

Combined Command Example:

Output Example:
Transport Zone Example

Example: Logical Switch Management

We have now covered much of the basics on how to get started, so let’s start doing some other tasks. In this example, we are going to list out the Logical Switches and then create a new one!

First, we’ll retrieve information about our existing Logical Switches using the knowledge we built from the first two examples. This can be done with the following commands:

Referring back to the output from the ‘Get-Member’ cmdlet, we noticed a ‘create’ method was available. This is where the ‘Help’ property is going to become very important. We can obtain some additional information about the requirements of the ‘create’ method by calling the variable’s ‘help’ property. We can also target the help for our example by further calling the ‘create’ property. We can do that with the following command:

The output includes a lot of valuable information such as the required and optional parameters, expected output, potential errors, and so forth. The last property, ‘logical_switch’, is the important one. We can refer to this as the structure the ‘create’ method is looking for. We can take that a step further and actually create a specification based off of that information as well with the command:

Checking the output of the variable ‘logSwitchSpec’ we can now see a PowerShell object that can be modified to be included as part of our ‘create’ action. The required parameters are the Logical Switch name, Transport Zone ID, and admin state. However, since this is an overlay logical switch, we can also specify the replication mode as noted in the ‘Help’ output. We can make those modifications with the following commands:

Lastly, we will run the original ‘create’ method against the ‘logSwitchSvc’ variable. Example command:

Combined Command Example:

Example Output:
Logical Switch Creation Example

Example: IP Pool Management

The last example will be taking a look at managing IP Pools.

Much like the prior examples, we’ll start by retrieving information about the existing IP Pools with the following commands:

However, we’d like the output to be a little more readable and include information which is nested within a property. This can be accomplished by using PowerShell’s ‘Format-Table’ cmdlet. We will take the ipPools variable output and pipeline that into the ‘Format-Table’ cmdlet. There we can use the ‘property’ parameter to specify only the properties that we are concerned with viewing.

Command Example:

Output Example:
IP Pool Information Retrieval Example

With our custom output, we realize there happens to be an IP Pool which doesn’t have any IPs assigned to it. We’ll want to remove that IP Pool so someone doesn’t try to use it. Performing a ‘Get-Member’ against the ipPoolSvc variable, we see there’s a ‘delete’ method we can use to remove that unneeded IP Pool. To find more information about what the method requires, we can call the ipPoolSvc’s ‘Help’ property and even further specify the ‘delete’ property. There we can see the IP Pool’s ID is the only required input while the ‘force’ input is optional. We are then ready to use the ‘delete’ method with the following commands:

Output Example:
IP Pool Removal Example

Summary:

PowerCLI 6.5.3 introduced a great new module to manage VMware NSX-T environments. In the NSX-T module’s current release, it has three cmdlets to connect and disconnect from the NSX Manager while the third is used to interact directly with the NSX-T API. This blog post went through several examples including retrieving information about the NSX Manager node, Transport Zones, Logical Switches, and IP pools. We then took a look at using the API access to create a logical switch and remove an IP Pool.

Let us know in the comments how you’re using the NSX-T module to manage your environment!