ESXi Security Service Configurator (PowerCLI)

4 08 2012

Personally, I get annoyed when I have to dig through the vSphere Client GUI to turn on or off certain ESXi services on a regular basis. Since admins are generally on top of it in terms of following good security standards, I see Lockdown Mode on and SSH off by default on their ESXi hosts in many environments. When troubleshooting issues or configuring certain VMware-integrated products (such as HyTrust Appliance), it is sometimes necessary to temporarily undo this setup (enable SSH and disable Lockdown Mode).

The tool linked below can be used to turn on or off SSH and/or Lockdown Mode for a single host or all hosts in the environment. As usual, feel free to use all, some, or none of the code. I’m hoping to add additional services to it in the future, but these two are consistently needing to be toggled…

What it looks like in action:


Find virtual machine snapshots with PowerCLI

2 10 2011

Run from a PowerCLI session connected to a vCenter environment to find and list all of the snapshots (and users  who took them, which Get-VM | Get-Snapshot won’t do) on your managed ESX/ESXi hosts:

$myVMs = Get-VM
$VMsWithSnaps = @()
foreach ($vm in $myVMs) {
    $vmView = $vm | Get-View
    if ($vmView.snapshot -ne $null) {
        Write-Host "VM $vm has a snapshot"
        $SnapshotEvents = Get-VIEvent -Entity $vm -type info -MaxSamples 1000 | Where { 
            $_.FullFormattedMessage.contains("Create virtual machine snapshot")}
        try {
        $user = $SnapshotEvents[0].UserName
        $time = $SnapshotEvents[0].CreatedTime
        } catch [System.Exception] {
            $user = $SnapshotEvents.UserName
            $time = $SnapshotEvents.CreatedTime
        $VMInfo = “” | Select "VM","CreationDate","User"
        $VMInfo."VM" = $vm.Name
        $VMInfo."CreationDate" = $time
        $VMInfo."User" = $user
        $VMsWithSnaps += $VMInfo
$VMsWithSnaps | Sort CreationDate

Storage Capacity Script (PowerShell) – new and improved!

26 09 2011

Updated version of my storage capacity script has been uploaded:

Now with no need for a direct connection to the vCenter database, so removing a lot of the problems people had with the original:

Get off my array! (Scripting datastore migrations with PowerCLI)

6 05 2011

We were recently asked by our storage team to migrate all VMs off of one array we are using and onto another.  Not being a huge fan of planning and carrying out a move like this one virtual disk at a time, I decided to take a stab at a datastore evacuation script.  There was already some know-how out there, so I started poking around and found some useful posts & threads: Read the rest of this entry »

Thin Provisioning and Storage Capacity on vSphere

24 09 2010

I like thin provisioning on vSphere.  I also like not over-allocating datastores by half a terabyte without knowing it.  To prevent crazy amounts of over-allocation (but still keep the environment going with a slightly-less-crazy amount of over-allocation) it is important for me to know the “true” free space on all of my datastores.  By this, I do not mean what vCenter tells me is the free space, but rather a blend of a couple things: the actual usage on the datastore, and the current allocation on that datastore.  With these, I can determine how far I can push the provisioning of virtual machines before I need to worry about running out of space and DOSing other VMs on the same datastore.

Lucky for me, this data is readily available with the PowerCLI, here’s the source code: Read the rest of this entry »

Gathering virtual machine IOPS statistics by datastore

9 09 2010

Our friendly storage admin sometimes calls me up or sends alert my way from the array when the virtual environment is generating too many IOPS on a particular parity group. From his side, this could be happening on any of a number of LUNs that have been presented to our hosts, and he has no way of telling me what virtual machines could be causing the trouble.

Through the PowerCLI, I’ve scripted a way to check performance across the environment for the heavy hitters and report that info back. The script takes in an array of datastores, a vCenter Server FQDN, and a number of statistical samples to grab. It tracks down the physical hosts of the virtual machines that reside on those datastores and reports back the IOPS done (read & write) for each of those VMs over the interval specified.  The credentials it asks for are a local account on the ESX/ESXi hosts, NOT for vCenter.

Here’s the link for the full source code (feel free to use/steal/augment etc.):

PowerCLI 4.1 Released

14 07 2010

Also, an updated Cmdlet reference page that now includes output types:

Downloading and installing now…