ESXi Security Service Configurator (PowerCLI)

4 08 2012

Personally, I get annoyed when I have to dig through the vSphere Client GUI to turn on or off certain ESXi services on a regular basis. Since admins are generally on top of it in terms of following good security standards, I see Lockdown Mode on and SSH off by default on their ESXi hosts in many environments. When troubleshooting issues or configuring certain VMware-integrated products (such as HyTrust Appliance), it is sometimes necessary to temporarily undo this setup (enable SSH and disable Lockdown Mode).

The tool linked below can be used to turn on or off SSH and/or Lockdown Mode for a single host or all hosts in the environment. As usual, feel free to use all, some, or none of the code. I’m hoping to add additional services to it in the future, but these two are consistently needing to be toggled…

What it looks like in action:


Find virtual machine snapshots with PowerCLI

2 10 2011

Run from a PowerCLI session connected to a vCenter environment to find and list all of the snapshots (and users  who took them, which Get-VM | Get-Snapshot won’t do) on your managed ESX/ESXi hosts:

$myVMs = Get-VM
$VMsWithSnaps = @()
foreach ($vm in $myVMs) {
    $vmView = $vm | Get-View
    if ($vmView.snapshot -ne $null) {
        Write-Host "VM $vm has a snapshot"
        $SnapshotEvents = Get-VIEvent -Entity $vm -type info -MaxSamples 1000 | Where { 
            $_.FullFormattedMessage.contains("Create virtual machine snapshot")}
        try {
        $user = $SnapshotEvents[0].UserName
        $time = $SnapshotEvents[0].CreatedTime
        } catch [System.Exception] {
            $user = $SnapshotEvents.UserName
            $time = $SnapshotEvents.CreatedTime
        $VMInfo = “” | Select "VM","CreationDate","User"
        $VMInfo."VM" = $vm.Name
        $VMInfo."CreationDate" = $time
        $VMInfo."User" = $user
        $VMsWithSnaps += $VMInfo
$VMsWithSnaps | Sort CreationDate

Storage Capacity Script (PowerShell) – new and improved!

26 09 2011

Updated version of my storage capacity script has been uploaded:

Now with no need for a direct connection to the vCenter database, so removing a lot of the problems people had with the original:

Adding Active Directory users to a group by Display Name with PowerShell

21 08 2011

There are a number of ways to do this, including simply pasting the users’ display names into the Add Member box in Active Directory Users & Computers and clicking through the errors by hand. If you’re like me, and don’t like having to deal with things like this manually, then PowerShell is the way to go. Read the rest of this entry »

Get off my array! (Scripting datastore migrations with PowerCLI)

6 05 2011

We were recently asked by our storage team to migrate all VMs off of one array we are using and onto another.  Not being a huge fan of planning and carrying out a move like this one virtual disk at a time, I decided to take a stab at a datastore evacuation script.  There was already some know-how out there, so I started poking around and found some useful posts & threads: Read the rest of this entry »

Thin Provisioning and Storage Capacity on vSphere

24 09 2010

I like thin provisioning on vSphere.  I also like not over-allocating datastores by half a terabyte without knowing it.  To prevent crazy amounts of over-allocation (but still keep the environment going with a slightly-less-crazy amount of over-allocation) it is important for me to know the “true” free space on all of my datastores.  By this, I do not mean what vCenter tells me is the free space, but rather a blend of a couple things: the actual usage on the datastore, and the current allocation on that datastore.  With these, I can determine how far I can push the provisioning of virtual machines before I need to worry about running out of space and DOSing other VMs on the same datastore.

Lucky for me, this data is readily available with the PowerCLI, here’s the source code: Read the rest of this entry »

Gathering virtual machine IOPS statistics by datastore

9 09 2010

Our friendly storage admin sometimes calls me up or sends alert my way from the array when the virtual environment is generating too many IOPS on a particular parity group. From his side, this could be happening on any of a number of LUNs that have been presented to our hosts, and he has no way of telling me what virtual machines could be causing the trouble.

Through the PowerCLI, I’ve scripted a way to check performance across the environment for the heavy hitters and report that info back. The script takes in an array of datastores, a vCenter Server FQDN, and a number of statistical samples to grab. It tracks down the physical hosts of the virtual machines that reside on those datastores and reports back the IOPS done (read & write) for each of those VMs over the interval specified.  The credentials it asks for are a local account on the ESX/ESXi hosts, NOT for vCenter.

Here’s the link for the full source code (feel free to use/steal/augment etc.):