ESXi Host Patching with PowerShell & Update Manager

Update Manager certainly makes host patching simple, but leaves a few things to be desired. How many times have you attempted to update a host in Update Manager only to have the host never enter maintenance mode because of a DRS rule, VMware tools installation or local ISO mapped to a VM? I wanted to find a way to check for all these things as I’m performing the patching process and be able to accomplish it at the cluster level.

For the script itself I have broken it down into the different sections along with screenshots of what you’ll see when running the script. It makes it a little busy to follow along with for this entry, but hopefully it makes sense. At the bottom of the page I have the whole script put together to make it easier to copy and run it on your own.

Let’s dig into the script.

1. While you can manually define the vCenter server in the script, I prefer being prompted as I have multiple vCenter servers that I work with. The multiple lines and color emphasis was for a customer that would forget to enter the vCenter name and instead enter the ESXi host name.

Write-Host "Enter the FQDN of the " -NoNewline
Write-Host "[vCenter Server]" -ForegroundColor Red -NoNewline
Write-Host " to connect to: " -NoNewline
$vCenterFqdn = Read-Host
Connect-viserver $vCenterFqdn

2. Here we’re going to list all the clusters. I use this menu system all the time now in my PowerShell scripts to make it easier to make selections instead of having to remember and manually enter the name of an object. This is getting all the clusters then converting the number selection that’s entered into the cluster name.

$global:i=0
Get-Cluster | Sort Name | Select @{Name="Number";Expression={$global:i++;$global:i}},Name -OutVariable menu | format-table -AutoSize
$clusterNum = Read-Host "Select the number of the Cluster to be patched"
$clusterName = $menu | where {$_.Number -eq $clusterNum}


3. Now that we have the cluster we’re going to work with we search for DRS rules. Specifically, we’re looking for “Must Run” rules. This will prevent a VM from moving to another host. While every environment is different and they have “must run” rules for a variety of reasons, I’m comfortable disabling this during patch events. If there are any rules we’re going to list the rule names in the PowerShell console and give you the option to disable or not.

a. Remember, this is only looking at “Must Run” DRS rules for the entire cluster, not for an individual host. If you’re patching, odds are you’ll be doing the entire cluster anyway so I didn’t break this down on a host-by-host basis.

$drsRules = Get-Cluster $($clusterName.Name) | Get-DrsVMHostRule | Where {$_.Type -eq "MustRunOn"} | Where {$_.Enabled -eq $True}
IF ($drsRules.Count -gt "0"){Write-Host "The following rules may prevent a host from entering Maintenance mode:" -foreground "Yellow"; $drsRules.Name; $disableRules = Read-Host "Press Y to disable these rules. Anything else to continue";
IF ($disableRules -eq "Y"){Write-Host "Disabling DRS Rules..." -foreground "Yellow";
foreach ($name in $drsRules){Set-DrsVMHostRule -rule $name -enabled:$false}} ELSE {Write-Host "Skipping disabling of DRS Rules. Continuing..." -foreground "Yellow"}} ELSE {Write-Host "No "Must Run" Rules in $($clusterName.Name). Continuing..." -foreground "Yellow"}

In the picture I have the name of the DRS rule highlighted (the VM name was in the rule so it’s been obscured).


4. Now that we’ve decided what to do with our DRS rules, we can get down to selecting the baseline. This script can be used for both patching and for Upgrades. There is a check later on in the script that will skip the “Staging” step and go right to remediation if it’s an upgrade. Once again, we’re using that menu selection function to display all upgrades/baselines and let us choose the one to use.

$global:i=0
Get-Baseline | Select Name | Sort Name | Select @{Name="Number";Expression={$global:i++;$global:i}},Name -OutVariable menu | format-table -AutoSize
$baselineNum = Read-Host "Select the number of the Baseline to be attached"
$baselineName = $menu | where {$_.Number -eq $baselineNum}
Write-Host "Attaching $($baselineName.Name) Baseline to $($clusterName.Name)..." -Foreground "Yellow"
$baseline = Get-Baseline $baselineName.Name
Attach-Baseline -Baseline $baseline -Entity $clusterName.Name


5. Here’s where we’re going to complicate things a bit. I have 2 loops in this script. Loop number 1 is for checking if a host has any patches available. We’ll check a selected host against the attached baseline, if there are no available updates/upgrades then we report that in the PowerShell console and return to the host selection screen. The second loop is when a selected host has been patched we return to the host selection screen to choose the next one in the list.

DO
{
DO
{

6. Now that we’ve opened up our loop, we can start with selecting a host in the cluster. Once again, menu selection, this time we’re getting all the hosts in the chosen cluster and we’re displaying the host name, build, esxi version, and state. This makes it easier to know what hosts have been patched, which ones are still left, and what hosts are already in maintenance mode. In a larger environment you may forget what host name you were working on so seeing if a host was in maintenance mode and ready to be upgrade may be beneficial.

$global:i=0
Get-Cluster $clusterName.Name | Get-VMhost | Sort Name | Select @{Name="Number";Expression={$global:i++;$global:i}},Name,Build,Version,State -OutVariable menu | format-table -AutoSize
$hostNum = Read-Host "Select the number of the Host to be patched"
$hostName = $menu | where {$_.Number -eq $hostNum}


7. With our first host chosen we’re going to scan its inventory to see what patches it currently has installed.

Write-Host "Scanning $($hostName.Name) patch inventory..." -foreground "Yellow"
Scan-Inventory -Entity $hostName.Name


8. Now that we’ve scanned it, we’re going to check it for compliance. If there are patches available, we’ll move on to the next step to see if there are any VMs with ISO or Vmware tools installations. If there aren’t any patches, we’re reporting that and then sending us back to the host selection screen.

a. As a note, the second ‘}’ after the “Write-Host ‘Host is out of date” command is to close the second loop from step 5.

Write-Host "Scanning $($hostName.Name) for patch compliance..." -foreground "Yellow"
$compliance = Get-Compliance $hostName.Name
IF ($compliance.Status -eq "Compliant"){Write-Host "No available patches for $($hostName.Name). Choose a different host" -foreground "Red"}ELSE{Write-Host "Host is out of date" -foreground "Yellow"}}
UNTIL ($compliance.Status -ne "Compliant")


9. Now that we have some patches to apply, we check for active VMware tools installations. We perform the lookup for VMs with tools installer mounted then we perform a count on that output. If there are more than 0, we list all the VMs. Now that you see all the VMs, you can press ‘Y’ to force the unmount and continue or you can ignore it and hope the VMs move.

a. The unmount command works most of the time, but on some Linux OS’s I’ve run into issues with it. Just keep that in mind

$vmtools = Get-VMHost $hostName.Name | Get-VM | Where {$_.ExtensionData.RunTime.ToolsInstallerMounted -eq "True"} | Get-View
IF ($vmtools.Count -gt "0"){Write-Host "The following VMs on $($hostName.Name) have VMTools Installer Mounted:";
$vmtools.Name;
$unmountTools = Read-Host "Press "Y" to unmount VMTools and continue. Anything else to skip VMTools unmounting";
IF ($unmountTools -eq "Y") {Write-Host "Unmounting VMTools on VMs..." -foreground "Yellow"; foreach ($vm in $vmtools) {$vm.UnmountToolsInstaller()}}ELSE{Write-Host "Skipping VMTools unmounting..." -foreground "Yellow"}}ELSE{Write-Host "No VMs found with VMTools Installer mounted. Continuing..." -foreground "Yellow"}


10. With all our VMware tools installations killed, we move on to ISOs. ISO’s that are stored in shared datastores won’t have an issue moving, but if ISOs have been mounted directly to a VM through a console window those can cause a hang up. Again, you know your environment better than me so use your best judgement when picking what to do.

$mountedCDdrives = Get-VMHost $hostName.Name | Get-VM | Where { $_ | Get-CdDrive | Where { $_.ConnectionState.Connected -eq "True" } }
IF ($mountedCDdrives.Count -gt "0"){Write-Host "The following VMs on $($hostName.Name) have mounted CD Drives:";
$mountedCDdrives.Name;
$unmountDrives = Read-Host "Press "Y" to unmount these ISOs and continue. Anything else to skip ISO unmounting";
IF ($unmountDrives -eq "Y") {Write-Host "Unmounting ISOs on VMs..." -foreground "Yellow"; foreach ($vm in $mountedCDdrives) {Get-VM $vm | Get-CDDrive | Set-CDDrive -NoMedia -Confirm:$False}}ELSE{Write-Host "Skipping ISO unmounting..." -foreground "Yellow"}}ELSE{Write-Host "No VMs found with ISOs mounted. Continuing..." -foreground "Yellow"}


11. Now we check if the host is in maintenance mode. This check isn’t required and we could just try to put a host in maintenance mode that’s already in maintenance mode without any errors, I just prefer to have this called out so people know that the host will be placed in maintenance mode. Also, if you don’t want to confirm and just want the host to automatically go into maintenance mode, you can remove the “Read-Host “Press Enter to place $($hostName.Name in Maintenance mode”;” section and it will automatically place the host in maintenance mode.

$hostState = Get-VMHost $hostname.Name
IF ($hostState.State -eq "Maintenance"){Write-Host "$($hostName.Name) is already in maintenance mode. Continuing to patch Staging/Remediation" -foreground "Yellow"}ELSE{Read-Host "Press Enter to place $($hostName.Name) in Maintenance mode"; Start-Sleep 7; Write-Host "Enabling Maintenance mode for $($hostName.Name). This may take a while..." -foreground "Yellow"; Set-VMHost $hostName.Name -State "Maintenance"}


12. This was an interesting issue I ran into. I had a customer running ESXi 6.0 with PernixData installed which wasn’t compatible with ESXi 6.5 which we were upgrading to. When we attempted to upgrade we’d fail because the PernixData VIB was present. I threw this check in to see if this VIB existed on their hosts and to remove it before proceeding. I also added a second placeholder VIB name in case you have multiple VIBs to remove you can just replace the name with the appropriate VIB name and even add additional VIBs with another -OR $_.ID -eq “vibname”

$esxcli = Get-esxcli -vmhost $hostName.Name
$vibCheck = $esxcli.software.vib.list() | Where {($_.ID -eq "PernixData_bootbank_pernixcore-vSphere6.0.0_3.5.0.2-39793" -OR $_.ID -eq "Other_vib_name_xxxxxx")}
IF ($vibCheck.Count -gt "0"){Write-Host "Incompatible VIB found. Removing from host..." -foreground "Yellow"; foreach ($a in $vibCheck){$esxcli.software.vib.remove($null, $true, $false, $true, $a.Name)}}ELSE{Write-Host "No known incompatible VIBs found. Continuing..." -foreground "Green"}


13. And, of course, if removing a VIB we need to reboot so now we throw this reboot check in there as well. If there were no VIBs found in Step 12, this will be ignored. Otherwise, we prompt for reboot, enter the reboot command, check for the host to enter the NotResponding state and report on the state until it responds in vCenter and returns to Maintenance state.

IF ($vibCheck.Count -gt "0" -AND $baseline.BaselineType -eq "Upgrade"){Read-Host "VIBs were removed from host. Press enter to reboot host before attempting upgrade";Restart-VMhost $hostName.Name -confirm:$false}ELSE{$skip = "1"; Write-Host ""}
IF ($skip -ne "1"){
Write-Host "$($hostName.Name) is going to reboot..." -foreground "Yellow"
do {
Start-Sleep 3
$hostState = (get-vmhost $hostName.Name).ConnectionState
}
while ($hostState -ne "NotResponding")
Write-Host "$($hostName.Name) is currently down..." -foreground "Yellow"

#Wait for server to reboot
do {
Start-Sleep 5
$hostState = (get-vmhost $hostName.Name).ConnectionState
Write-Host "Waiting for $($hostName.Name) to finish rebooting..." -foreground "Yellow"
}
while ($hostState -ne "Maintenance")
Write-Host "$($hostName.Name) is back up..." -foreground "Yellow"}ELSE{Write-Host ""}

14. Now that all that work is done, we can start staging patches. If this is a patch baseline we run stage command. If it’s an upgrade baseline, we’ll skip this step

IF ($baseline.BaselineType -eq "Upgrade"){Write-Host "$($baseline.Name) is an Upgrade Baseline. Skipping to remediation..." -foreground "Yellow"}ELSE{Write-Host "Staging patches to $($hostName.Name) in Cluster $($clusterName.Name)..." -foreground "Yellow"; Stage-Patch -entity $hostName.Name -baseline $baseline}


15. Once patches have been staged (or upgrades ready to push) it’s time for remediation. We prompt that the host will reboot on its own once the patch has completed and we set a few advanced options. These are the defaults, but can still be environment specific so check to make sure this is what you want to use.

Write-Host "Remediating patches on $($hostName.Name) in Cluster $($clusterName.Name). Host will reboot when complete" -foreground "Yellow"
Remediate-Inventory -Entity $hostName.Name -Baseline $baseline -HostFailureAction Retry -HostNumberofRetries 2 -HostRetryDelaySeconds 120 -HostDisableMediaDevices $true -ClusterDisableDistributedPowerManagement $true -ClusterDisableHighAvailability $true -confirm:$false -ErrorAction SilentlyContinue


At the top of our PowerShell window we get the percentage of completion for our task. It’s not very accurate as it stays at 30% then goes to 92% when it’s nearly complete.

16. Once the host has been rebooted and comes back online we want to see the current status of that host to ensure updates were successful. We are comparing the build number we grabbed before we started patching against the build number after the reboot. If they are the same, something didn’t work and we need to check into it. Otherwise, we do nothing.

Write-Host "Retrieving Host build status..." -foreground "Yellow"
$hostBuild = Get-VMHost $hostName.Name
IF ($hostBuild.Build -eq $hostState.Build){Write-Host "Patch/Upgrade was not applied. Check status in vCenter and re-run the script. Exiting..." -foreground "Red";$error;Start-Sleep 20;break}ELSE{}

17. Now that the host was patched, we show a list of all the hosts in that cluster along with their build, version, and state. This gives us a full view of the cluster so we can see if there are any hosts left to be patched and then we exit maintenance mode for this host.

Get-Cluster $clusterName.Name | Get-VMhost | Select Name,Build,Version,State | Sort Name | format-table -autosize
Write-Host "Exiting Maintenance mode for Host $($hostName.Name)..." -foreground "Yellow"
Get-VMHost $hostName.Name | Set-VMHost -State Connected


18. Based on that list will determine the answer to our next question. We are being prompted to re-enable the DRS rules we previously disabled (if any). If any rules were chosen to be disabled we captured that in a variable in step 3. We can choose to re-enable just those disabled rules by pressing ‘Y’ or if there are other hosts left to patch we just press any other key to continue.

IF ($disableRules -eq "Y") {$enableRules = Read-Host "If Cluster patching is complete press "Y" to re-enable DRS rules. Anything else to continue";
IF ($enableRules -eq "Y") {Write-Host "Re-enabling DRS Must Run rules" -foreground "Yellow"; 
foreach ($name in $drsRules){Set-DrsVMHostRule -rule $name -enabled:$true}} ELSE {
Write-Host "DRS Rules not being re-enabled. Continuing..." -foreground "Yellow"}} ELSE {}


19. In this last question we’re just displaying the output from our last host patched and prompting the user to quit patching or go back to step 6 and pick the next host in the cluster to patch.

$answer = Read-Host "$($hostname.Name) patched in Cluster $($clusterName.Name). Press "1" to re-run the script. Anything else to exit"


20. Finally, to close out the first loop, we have the following lines. In step 19 we have the variable $answer which asks the user to enter ‘1’ to re-run the script and pick another host. This line at the bottom is saying until the user enters something other than 1, keep performing that loop. If anything else is entered, the script exits. Answering “1” will start the script over from Step 6. We will perform another “Get-Cluster | Get-VMHost” on the chosen cluster and retrieve the current build and state information for each of the hosts and display the updated results. As you can see from the screenshot below, vmm-04 is no in a Connected state with a Build number of 9298722,

}
UNTIL ($answer -ne "1")


Below is the script all put together to copy and test. Like all scripts pulled from the internet, make sure you test them in a lab/isolated environment until you can ensure proper functionality.

Write-Host "Enter the FQDN of the " -NoNewline
Write-Host "[vCenter Server]" -ForegroundColor Red -NoNewline
Write-Host " to connect to: " -NoNewline
$vCenterFqdn = Read-Host
Connect-viserver $vCenterFqdn

$global:i=0
Get-Cluster | Sort Name | Select @{Name="Number";Expression={$global:i++;$global:i}},Name -OutVariable menu | format-table -AutoSize
$clusterNum = Read-Host "Select the number of the Cluster to be patched"
$clusterName = $menu | where {$_.Number -eq $clusterNum}

$drsRules = Get-Cluster $($clusterName.Name) | Get-DrsVMHostRule | Where {$_.Type -eq "MustRunOn"} | Where {$_.Enabled -eq $True}
IF ($drsRules.Count -gt "0"){Write-Host "The following rules may prevent a host from entering Maintenance mode:" -foreground "Yellow"; $drsRules.Name; $disableRules = Read-Host "Press Y to disable these rules. Anything else to continue";
IF ($disableRules -eq "Y"){Write-Host "Disabling DRS Rules..." -foreground "Yellow";
foreach ($name in $drsRules){Set-DrsVMHostRule -rule $name -enabled:$false}} ELSE {Write-Host "Skipping disabling of DRS Rules. Continuing..." -foreground "Yellow"}} ELSE {Write-Host "No "Must Run" Rules in $($clusterName.Name). Continuing..." -foreground "Yellow"}

$global:i=0
Get-Baseline | Select Name | Sort Name | Select @{Name="Number";Expression={$global:i++;$global:i}},Name -OutVariable menu | format-table -AutoSize
$baselineNum = Read-Host "Select the number of the Baseline to be attached"
$baselineName = $menu | where {$_.Number -eq $baselineNum}
Write-Host "Attaching $($baselineName.Name) Baseline to $($clusterName.Name)..." -Foreground "Yellow"
$baseline = Get-Baseline $baselineName.Name
Attach-Baseline -Baseline $baseline -Entity $clusterName.Name

DO
{
DO
{
$global:i=0
Get-Cluster $clusterName.Name | Get-VMhost | Sort Name | Select @{Name="Number";Expression={$global:i++;$global:i}},Name,Build,Version,State -OutVariable menu | format-table -AutoSize
$hostNum = Read-Host "Select the number of the Host to be patched"
$hostName = $menu | where {$_.Number -eq $hostNum}

Write-Host "Scanning $($hostName.Name) patch inventory..." -foreground "Yellow"
Scan-Inventory -Entity $hostName.Name

Write-Host "Scanning $($hostName.Name) for patch compliance..." -foreground "Yellow"
$compliance = Get-Compliance $hostName.Name 
IF ($compliance.Status -eq "Compliant"){Write-Host "No available patches for $($hostName.Name). Choose a different host" -foreground "Red"}ELSE{Write-Host "Host is out of date" -foreground "Yellow"}}
UNTIL ($compliance.Status -ne "Compliant")

$vmtools = Get-VMHost $hostName.Name | Get-VM | Where {$_.ExtensionData.RunTime.ToolsInstallerMounted -eq "True"} | Get-View
IF ($vmtools.Count -gt "0"){Write-Host "The following VMs on $($hostName.Name) have VMTools Installer Mounted:";
$vmtools.Name;
$unmountTools = Read-Host "Press "Y" to unmount VMTools and continue. Anything else to skip VMTools unmounting";
IF ($unmountTools -eq "Y") {Write-Host "Unmounting VMTools on VMs..." -foreground "Yellow"; foreach ($vm in $vmtools) {$vm.UnmountToolsInstaller()}}ELSE{Write-Host "Skipping VMTools unmounting..." -foreground "Yellow"}}ELSE{Write-Host "No VMs found with VMTools Installer mounted. Continuing..." -foreground "Yellow"}

$mountedCDdrives = Get-VMHost $hostName.Name | Get-VM | Where { $_ | Get-CdDrive | Where { $_.ConnectionState.Connected -eq "True" } }
IF ($mountedCDdrives.Count -gt "0"){Write-Host "The following VMs on $($hostName.Name) have mounted CD Drives:";
$mountedCDdrives.Name;
$unmountDrives = Read-Host "Press "Y" to unmount these ISOs and continue. Anything else to skip ISO unmounting";
IF ($unmountDrives -eq "Y") {Write-Host "Unmounting ISOs on VMs..." -foreground "Yellow"; foreach ($vm in $mountedCDdrives) {Get-VM $vm | Get-CDDrive | Set-CDDrive -NoMedia -Confirm:$False}}ELSE{Write-Host "Skipping ISO unmounting..." -foreground "Yellow"}}ELSE{Write-Host "No VMs found with ISOs mounted. Continuing..." -foreground "Yellow"}

$hostState = Get-VMHost $hostname.Name
IF ($hostState.State -eq "Maintenance"){Write-Host "$($hostName.Name) is already in maintenance mode. Continuing to patch Staging/Remediation" -foreground "Yellow"}ELSE{
#Read-Host "Press Enter to place $($hostName.Name) in Maintenance mode"; Start-Sleep 7; Write-Host "Enabling Maintenance mode for $($hostName.Name). This may take a while..." -foreground "Yellow"; Set-VMHost $hostName.Name -State "Maintenance"}
Write-Host "Enabling Maintenance mode for $($hostName.Name). This may take a while..." -foreground "Yellow"; ; Start-Sleep 7; Set-VMHost $hostName.Name -State "Maintenance"}

$esxcli = Get-esxcli -vmhost $hostName.Name
$vibCheck = $esxcli.software.vib.list() | Where {($_.ID -eq "PernixData_bootbank_pernixcore-vSphere6.0.0_3.5.0.2-39793" -OR $_.ID -eq "Other_vib_name_xxxxxx")}
IF ($vibCheck.Count -gt "0"){Write-Host "Incompatible VIB found. Removing from host..." -foreground "Yellow"; foreach ($a in $vibCheck){$esxcli.software.vib.remove($null, $true, $false, $true, $a.Name)}}ELSE{Write-Host "No known incompatible VIBs found. Continuing..." -foreground "Green"}

IF ($vibCheck.Count -gt "0" -AND $baseline.BaselineType -eq "Upgrade"){Read-Host "VIBs were removed from host. Press enter to reboot host before attempting upgrade";Restart-VMhost $hostName.Name -confirm:$false}ELSE{$skip = "1"; Write-Host ""}
IF ($skip -ne "1"){
Write-Host "$($hostName.Name) is going to reboot..." -foreground "Yellow"
do {
Start-Sleep 3
$hostState = (get-vmhost $hostName.Name).ConnectionState
}
while ($hostState -ne "NotResponding")
Write-Host "$($hostName.Name) is currently down..." -foreground "Yellow"

#Wait for server to reboot
do {
Start-Sleep 5
$hostState = (get-vmhost $hostName.Name).ConnectionState
Write-Host "Waiting for $($hostName.Name) to finish rebooting..." -foreground "Yellow"
}
while ($hostState -ne "Maintenance")
Write-Host "$($hostName.Name) is back up..." -foreground "Yellow"}ELSE{Write-Host ""}

IF ($baseline.BaselineType -eq "Upgrade"){Write-Host "$($baseline.Name) is an Upgrade Baseline. Skipping to remediation..." -foreground "Yellow"}ELSE{Write-Host "Staging patches to $($hostName.Name) in Cluster $($clusterName.Name)..." -foreground "Yellow"; Stage-Patch -entity $hostName.Name -baseline $baseline}

Write-Host "Remediating patches on $($hostName.Name) in Cluster $($clusterName.Name). Host will reboot when complete" -foreground "Yellow"
Remediate-Inventory -Entity $hostName.Name -Baseline $baseline -HostFailureAction Retry -HostNumberofRetries 2 -HostRetryDelaySeconds 120 -HostDisableMediaDevices $true -ClusterDisableDistributedPowerManagement $true -ClusterDisableHighAvailability $true -confirm:$false -ErrorAction SilentlyContinue

Write-Host "Retrieving Host build status..." -foreground "Yellow"
$hostBuild = Get-VMHost $hostName.Name
IF ($hostBuild.Build -eq $hostState.Build){Write-Host "Patch/Upgrade was not applied. Check status in vCenter and re-run the script. Exiting..." -foreground "Red";$error;Start-Sleep 20;break}ELSE{}

Get-Cluster $clusterName.Name | Get-VMhost | Select Name,Build,Version,State | Sort Name | format-table -autosize
Write-Host "Exiting Maintenance mode for Host $($hostName.Name)..." -foreground "Yellow"
Get-VMHost $hostName.Name | Set-VMHost -State Connected

IF ($disableRules -eq "Y") {$enableRules = Read-Host "If Cluster patching is complete press "Y" to re-enable DRS rules. Anything else to continue";
IF ($enableRules -eq "Y") {Write-Host "Re-enabling DRS Must Run rules" -foreground "Yellow"; 
foreach ($name in $drsRules){Set-DrsVMHostRule -rule $name -enabled:$true}} ELSE {
Write-Host "DRS Rules not being re-enabled. Continuing..." -foreground "Yellow"}} ELSE {}

$answer = Read-Host "$($hostname.Name) patched in Cluster $($clusterName.Name). Press "1" to re-run the script. Anything else to exit"

}
UNTIL ($answer -ne "1")

Change IP of vCSA

While changing the IP address of my vCenter Server is not something I’ve ever had to do before that changed this week. In my quest to separate networks into more logical groupings instead of everything living on the same subnet I had to change the IP address of my vCenter Server Appliance to place it on a new network along with the hosts it was managing. There is apparently a right way and a wrong way to do this.

I logged into the vCSA web interface (vCenterIP:5480), clicked on the “Network” tab and then click on “Address” and assumed this would be the correct place. So I changed the IP address and clicked “Save Settings” then rebooted the appliance.

changeip012315-step1

Yeah…that wasn’t right. As I watched the appliance boot from the console I saw a lot of errors being thrown trying to access services running on the old address and failing. Then I decided to shut down (not reboot) the vCSA and try a different method. This is a pretty simple process, but in case you’re looking for the right way of doing it, this is what worked for me.

Once the appliance is powered off, right click and choose “Edit Settings”
changeip012315-step2

Click the “Options” tab then choose “Properties” under “vApp Options”
changeip012315-step3

Enter the new IP address, gateway, and any other information that is changing. If you’re moving it to a new portgroup, update that now as well and click “OK”
changeip012315-step4

Once the changes have been made, power on the appliance and you should see the new addresses being referenced during start up.
changeip012315-step5

And now that start up is complete, we see the new IPs listed for managing the appliance and you should be able to connect on the new IP.
changeip012315-step6

Like I said, this is a very simple process. Once the vCSA was running, my hosts were notified of the change and were still in their cluster. Nothing bad happened and the lab continued to function as expected.

Deploy NetApp OnCommand Balance 4.2

OnCommand Balance is a virtual appliance deployed within vCenter that allows you to monitor the health of your VMware environment at the Virtual Machine, vCenter and Storage level. Having a single place that displays end-to-end performance allows you to spend less time troubleshooting performance issues and trying to correlate data and address potential issues in your environment.

I’ve been using OnCommand Balance (formerly OnCommand Insight Balance) for a few years now and it has saved countless hours finding issues in the environment. We’ve had historical data available to look at growth and performance trends, as well as increased demand on individual servers after code releases/updates. Having access to the information within the VMs (such as drive space filling up) also makes this an invaluable tool.

The following documentation will take you through the deployment process of the Virtual Appliance and initial setup. You will go through adding your vCenter hosts, storage controllers, creating saved credentials, connecting to Active Directory for authentication and provision a Windows proxy service for monitoring Windows Servers.

Prerequisites:
1. A user account with appropriate permissions to vCenter for OnCommand Balance to use
2. A domain account with permissions to access all monitored Windows machines (preferrably a Domain Admin account)
3. A separate Windows Server/VM that will be used as the Proxy service to monitor Windows machines
a. Must have latest version of Java 6 installed and User Account Control disabled
4. Username/password for the NetApps that will be monitored

Steps:
1. Download the latest version of OnCommand Balance (4.2) for this writing from the NetApp website
balance101414-step1
2. Connect to the vSphere web interface, click on “vCenter”, “Hosts and Clusters”, expand the Datacenter, and click on the Cluster/Host that will host OnCommand Balance. Right click and choose “Deploy OVF Template”
balance101414-step2
3. Click “Local file” and then “Browse”
balance101414-step3
4. Locate the OnCommand Balance OVA and click “Open” then click “Next”
balance101414-step4
5. Review the details of the OVF then click “Next”
balance101414-step5
6. Accept the EULA then click “Next”
balance101414-step6
7. Give the appliance a name and choose the folder location of the appliance (if any) and click “Next”
balance101414-step7
8. Set the virtual disk format (I prefer Thin since one of the drives is 220GB) and choose the datastore. Click “Next”
balance101414-step8
9. Choose the appropriate network and then click “Next”
balance101414-step9
10. Review the settings then click “Finish”
balance101414-step10
11. After deployment completes, locate the appliance, right click and choose “Power On”
balance101414-step11
12. Open the console of the VM (Right-click and choose “Open Console”) where you’ll see this countdown to install VMware tools prior to configuring the Balance virtual appliance (If you miss your chance to do this at this point, I was unable to install VMware tools at all on the appliance)
balance101414-step12
13. Right-click on the VM, go to “All vCenter Actions”, then “Guest OS” and then click “Install VMware Tools”
balance101414-step13
14. After the VMware tools dialog box is displayed, click “Mount”
balance101414-step14
15. The Balance virtual appliance should recognize VMware tools ISO has been mounted and proceed with the installation
balance101414-step15
16. After VMware tools install completes, press “y” then enter to configure static Network connection for the management interface
balance101414-step16
17. Enter the following information:

a. Host name
b. Host IP address
c. Netmask
d. Gateway
e. Primary DNS address
f. Secondary DNS address
g. Search domains
balance101414-step17g

18. Review the settings and then press “y” and enter if everything is correct
balance101414-step18
19. Default OnCommand Balance console login is netapp/netapp. Login to the console
balance101414-step19
20. After a few minutes (5-10) the web service will be up and running. Connect to the https://IPofAppliance/bp to begin configuration
21. Enter the name of your organization and click “Continue”
balance101414-step21
22. Choose if you want to participate in AutoSupport and click “Submit”
balance101414-step22
23. Enter the time zone, NTP Server address, the address of the primary Balance admin (preferably a distribution group), and the SMTP server address. Click “Continue” (You can choose to change the password at this time)
balance101414-step23
24. Sit around and wait a couple minutes…
balance101414-step24
25. A blank screen may appear during this time, but eventually should take you to the OnCommand Balance login page. Login with the default credentials of admin/password or whatever password was set in step 23.
balance101414-step25
26. Click the link for “Configure you storage arrays & appliances”
balance101414-step26
27. Choose the type of storage (NetApp FAS in this case), enter the management address for one of the nodes, Enter the name of the filer, enter the credentials (root in my case) and enter a nickname of these credentials as they can be modified later on during password changes. Click “Save”
balance101414-step27
28. Even though DNS is configured correctly, I usually receive this error about the other filer of this HA system not being resolvable. Click “Enter IP address instead” and then enter the IP of the other filer and click “Resolve”
balance101414-step28
29. Click the “Refresh” link on the right side of the page a few times until “Discovery Collection” status changes to “OK”
balance101414-step29
30. Click the “Add storage system” button to add additional storage arrays (Including the HA partners). Click on “Dashboard” then choose “Configure your vCenter Server”
balance101414-step30
31. Enter the FQDN/IP Address of the vCenter server. Click “Add new” next to Credentials to add the credentials for the vCenter server
balance101414-step31
32. Enter the username, password, and nickname for these credentials. Click “Next”
balance101414-step32
33. Choose what you want monitored (though I can’t imagine why you’d choose not to monitor everything) and click “Save”
balance101414-step33
34. Click the “refresh” link until “Discovery Collection” status changes to “OK”
balance101414-step34
35. Click “Add vCenter Server” button to add any additional vCenter servers. Otherwise, hover over “Discovery” and choose “Credentials”
balance101414-step35
36. To monitor the OS’s of your VMs and physical servers, you can add those credentials on this page. I’ll add domain admin credentials for monitoring my Windows domain VMs. Click “Add credentials” button
balance101414-step36
37. Choose the login method, login name (domain\username), password, nickname for the credentials, and a description. Click “Save”
balance101414-step37
38. Once added they will appear on this screen
balance101414-step38
39. Hover over “Discovery” and choose “Proxies”
balance101414-step39
40. A proxy is required to monitor the guest OS status of Windows VMs and Physical servers. This proxy runs on a windows server. Once you’ve determined (or built) the appropriate server for the proxy, enter it’s FQDN or IP address and click “Continue”. Much like the picture below says, UAC MUST be disabled. You’ll beat your head against the wall for hours trying to figure out why it fails without that.
balance101414-step40
41. Download and install the latest 32-bit Java 6 runtime on this proxy server. Then navigate to the link listed on that proxy VM to begin the installation
balance101414-step41
42. Once the Balance Proxy Installer screen appears, click “Next”
balance101414-step42
43. Locate the folder path for the 32-bit java install and click “Next”
balance101414-step43
44. Enter an admin account for the service to be run under. Check the box for “Start service immediately after install” and click “Next”
balance101414-step44
45. Select any additional components you might need for other vendors and click “Next”
balance101414-step45
46. Review the information and click “Install”
balance101414-step46
47. Click “Finish”
balance101414-step47
48. Back at the Balance web interface, click “Validate proxy setup” and if successful, click “Continue”
balance101414-step48a
balance101414-step48b
49. Hover over “Discovery” and click on “Servers”
balance101414-step49
50. Click the link on the right side for “Unmonitored Servers”
balance101414-step50
51. Click the link next the vCenter server for “# guests are not being monitored”
balance101414-step51
52. Check the box next to the VMs you wish to monitor, choose your Credentials from the dropdown box in the center and click “Monitor guest(s)”
balance101414-step52
53. Hover over “Admin” and choose “Configuration”
balance101414-step53
54. Click “Email”. In here you can set authentication for your SMTP server, choose the “From” address for Balance emails. Click “Enable alerts” and then check all the boxes for Critical, Warning, and all categories (I prefer as many alerts as I can get). Click “Update”
balance101414-step54
55. Click on “Active Directory” and click the check box for “Enable Active Directory”
balance101414-step55
56. Enter the IP/hostname of your AD server, enter the Distinguished name of the account used to search Active Directory, and enter the password for that account. Click “Test”
balance101414-step56
57. Once successful, enter the Distinguished Name of the of the OU for the user/group that will have access to login. Enter the Distinguished name of the Group that will be able to login. Enter “sAMAccount” for the search attribute. Click “Update”
balance101414-step57
58. Hover over “Admin” and click “Users”
balance101414-step58
59. Click “Add User”
balance101414-step59
60. Change “Authentication” to “Active Directory”. Enter the username and click “Lookup”. If successfully, configured, it should populate the e-mail address. Choose the appropriate user type (Admin or User) and click “Save”
balance101414-step60

You’re all setup and ready to let OnCommand Balance start collecting data in your environment. You start to receive some information within about 30 minutes, but after 3-5 days you start to get a better understanding of what is going on in your environment and have more useful metrics.

Tegile NFS Datastore Management in vCenter

As the primary VMware and storage admin, I try to minimize the number of tools I have to use to accomplish my tasks. When it comes to provisioning and managing volumes for VMware, I prefer to do it all from within the vSphere if possible. The VSC console for my NetApp filers has saved a lot of time over the years, but as we continue to explore our Tegile array we can see what their software has to offer.

My last post was about registering the Tegile plugin with vCenter to have this functionality available in the vSphere client. This post goes into the basic administration of NFS volumes from within the vSphere client.

Prerequisites:
1. Credentials to the Tegile web interface (default is admin/tegile)
2. Registered the Tegile plugin on your vCenter server. Click here for those steps.

Steps:
1. Login to the vSphere thick client then click on “Home” and choose “Tegile Management” under “Solutions and Applications”
tegilenfs092214-step1
2. Proceed through any security warnings and login to the Tegile interface
tegilenfs092214-step2
3. On the left you’ll see a list of all the datastores on the Tegile that have been mounted on the ESXi hosts in this vCenter. Towards the bottom, click on “Add Datastore”
tegilenfs092214-step3
4. Enter the following information and click “Create”

a.Name: Name of the datastore
b. Type: Whether block or file based (SAN or NAS)
c. Protocol: NFS, iSCSI
d. Quota: Check this box to set a max size of the volume
e. ESX/ESXi Server (Version): Check the hosts that this datastore will be provisioned to
f. Pool: The disk pool for this datastore (if multiple are available)
g. Project: The project that this datastore will be associated with
h. Purpose: The type of workload hosted on this datastore (important for block size assignment)
i. Zebi Floating IP Address: The IP each ESXi host will connect to
tegilenfs092214-step4i

5. Once the operation is complete, click “OK”
tegilenfs092214-step5
6. The new datastore has been created and mounted and appears in the list of Zebi datastores
tegilenfs092214-step6
7. Click the “More Details” button for the newly created datastore to see all the details of this volume
tegilenfs092214-step7
8. In order to resize this volume, click the “resize” button
tegilenfs092214-step8

a. Check the box for “New Share Quota” and enter the new size and press “Submit”
tegilenfs092214-step8a

9. This view will refresh and the new size will be reflected
tegilenfs092214-step9
10. I have moved a virtual machine into this datastore to test the snapshot function with quiesce enabled. Click the “Snapshot” button for the datastore
tegilenfs092214-step10
11. Enter the name of the snapshot, change “Quiesce” to “on” and click “Create”
tegilenfs092214-step11
12. You’ll receive a message that snapshot creation has been triggered. Click “OK”
tegilenfs092214-step12

a. A new task will be created to snapshot all VMs that are in that datastore
tegilenfs092214-step12a

13. Once the task to remove the virtual machine snapshot completes, click the “Refresh” button on the snapshot screen to see the new snapshot
tegilenfs092214-step13
14. To delete the snapshot, check the box to the snapshot and press the “Delete” button
tegilenfs092214-step14

a. Click “Yes” to confirm deletion
tegilenfs092214-step14a
b. After this box disappears the snapshot is deleted
tegilenfs092214-step14b

i. *UPDATED 10/9/14* There was a bug in version 2.1.2.4.140802 of the Zebi software that stopped the confirmation box was going away after the snapshot deletion completed. Clicking “No” would allow you to return to the snapshot list without any errors. In version 2.1.2.5.140925 this has been fixed and now the confirmation box disappears after the snapshot deletion completes.

Those are the basic functions you can perform from within the plugin. In a future release I would like to see the ability to create full snapshot schedules from the plugin. Since I am the one who is responsible for VMware and storage in our environment it’s simple for me to create the schedule on the web interface of the Tegile array, but that is not always the case. Another function I would like to see is mounting existing datastores on new hosts without having to go through the “Add Storage” process in vCenter for each host.

I’m confident the functionality will get there and I’ll continue to build my list of feature requests for the Tegile team.

Register vCenter Server on Tegile

After 7 years of NetApp administration and implementation I have started looking for a new storage vendor that can “do it all” like NetApp has been able to do. Protocol support is a big deal in each of the environments I’ve worked in, but performance (IOPs and low-latency) are 2 things my existing NetApps haven’t been able to provide. The idea of adding capacity just to add performance is an antiquated way of thinking and NetApp just hasn’t been able to keep up with the evolving storage market.

I am starting a short series on Tegile setup and administration. Tegile came to us a couple of months ago and has impressed us from the very first conversation and all throughout our sizing and implementation. The box is simple to setup and administer and its performance is crushing our current NetApp.

This guide walks you through connecting the Tegile array to your vCenter server, installing the NFS VAAI Plugin, and setting the Tegile recommended values on the ESXi hosts. Once this is completed, you’ll be able to provision new volumes, resize existing volumes, create VM-aware storage snapshots as well as view storage performance of your VMs all from within the vSphere client.

Prerequisites:
1. Admin credentials to the Tegile and vCenter server
2. Dedicated service account in vCenter (I created an account called “ZebiAdmin”)
3. Root password for the ESXi hosts (required to set recommended values)

 

Steps:
1. Connect to the web interface of the storage array and login with Admin credentials

a. Default username: admin
b. Default password: tegile

vctegile091614-step1
2. Click on “Settings” then choose “App-Aware”
vctegile091614-step2
3. Click “Add vCenter/ESXi Host” towards the bottom
vctegile091614-step3
4. Enter the following information:

a. Host Name/IP address: Host name or IP of the vCenter server
b. Username: User account with admin access to vCenter
c. Password: Password for user account
d. Enable Quiesce: This needs to be checked if quiescing will be used at all (a VMware snapshot is taken during thestorage snapshot process for OS consistency). Can be toggled per snapshot job

vctegile091614-step4d
5. Click “Test” to see if the connection is successful. If it is, the “Save” button will turn solid blue and can be clicked
vctegile091614-step5
6. Click “OK” to confirm enabling of quiesce on VMware
vctegile091614-step6
7. Once saved, click the green “Register” button to add the Tegile plugin to vCenter
vctegile091614-step7
8. Once the registration is successful, click “OK”
vctegile091614-step8
9. Login to the vSphere thick client (not the web client). Click the “Home” button then click on “Tegile Management” under “Solutions and Applications” (Click yes to proceed through any certificate warnings)
vctegile091614-step9
10. Login to the Tegile web interface (Likely the same username and password as in step 1)
vctegile091614-step1
11. In this interface you’ll see a list of Datastores on the Tegile that are mounted on your ESXi hosts as well as real-time stats of your array, datastores, and VMs.
vctegile091614-step11
vctegile091614-step11-2
12. Click on “ESX Settings”
vctegile091614-step12
13. Select all the ESXi hosts and then click the Green Arrow icon to install/upgrade the VAAI NFS plugin on these hosts
vctegile091614-step13
14. After the install completes (may take 2-3 minutes), click the “Configuration” button for each host
vctegile091614-step14
15. Login to the ESXi host (likely “root” credentials)
vctegile091614-step15

a. Click “Yes” to enable SSH on this host if it isn’t already enabled
vctegile091614-step15a

16. NFS.MaxQueueDepth should be set to “32” and the rules for iSCSI and FC can be installed in this location. Click “Save” to enable these changes

17. After the NFS VAAI plugin has been installed and settings saved, reboot the host. Repeat for each host in vCenter.

a. The settings changes are immediate, but the NFS VAAI plugin requires a host reboot

 

The process is simple and straight forward. This same process on the NetApp requires the Virtual Storage Console plugin to be installed on a separate server and configured then registered on the vCenter side with much more configuration. Also, installing the NetApp NFS VAAI plugin on the hosts is done through vCenter Update Manager and has been downloaded separately from the NetApp support site. That being said, the Tegile solution is lacking some of the polish that NetApp provides. I would like to see recommended values of the ESXi hosts set all at once, as opposed to one host at a time. In addition, I’d like the Tegile to change NFS.MaxVolumes default value from 8 to something much higher like the NetApp (256).

vCenter Orchestrator Install and Config

I have wanted to get started with vCO for awhile now, but I have not had much of use for it. Justifying the time to deploy and learn a new tool when you don’t have a glaring need for it proves tricky, but recently I was able to carve out some time to learn. One of the biggest hurdles was finding step-by-step deployment guide that worked so I decided to document this process.

The following documentation is for installing the vCenter Orchestrator (vCO) Appliance v5.5.1 with an already deployed vCenter 5.5 server (vCSA in my case). The appliance allows you to run vCO without installing it on a dedicated Windows Server.

1. Search for VMware-vCO-Appliance and download the latest version (VMware-vCO-Appliance-5.5.1.0-1617225_OVF10.ova for this writing)
VCO080414-step1
2. Accept the license terms and save the file locally
3. Connect the vSphere client to your vCenter Server then choose File -> Deploy OVF Template
VCO080414-step3
4. Click the “Browse” button, locate the .OVF downloaded previously and click “Open” then click “Next”
VCO080414-step4
5. Review the template details and click “Next”
VCO080414-step5
6. Accept the license agreement and click “Next”
7. Choose a name and location for this appliance and click “Next”
VCO080414-step7
8. Choose a datastore for the appliance and click “Next”
VCO080414-step8
9. Choose the appropriate disk format (I prefer thin provisioned) and click “Next”
VCO080414-step9
10. Choose the appropriate Destination Network (VM Port Group) and click “Next”
VCO080414-step10
11. Enter passwords for both the root user of the appliance and the password for the configuration interface (‘vmware’ is the username)
VCO080414-step11

  • Enter the Hostname, gateway, DNS, IP and subnet mask for the appliance and click “Next”
    VCO080414-step11a

12. Review the details of the configuration and then click “Finish”
VCO080414-step12
13. Once the appliance has been deployed successfully, click “Close”

VCO080414-step13
14. Right click on the appliance and choose “Open Console”
VCO080414-step14
15. Click the Power button to turn on the VM
VCO080414-step15
16. Boot to “VMware vCenter Orchestrator Appliance”
VCO080414-step16
17. Note the URLs for each function
VCO080414-step17
18. Open a web browser and connect to the URL for Orchestrator Configuration (Port 8283)
19. Login with the username “vmware” and the password entered for the vCO configuration during appliance deployment
VCO080414-step19
20. Click on “Network”
VCO080414-step20
21. Change the “IP address” to the IP used to access vCO and click “Apply changes” in the bottom right corner
VCO080414-step21
22. Click the “SSL Trust Manager” tab, enter the IP or hostname of your vCenter server and click “Import”
VCO080414-step22
23. Once the cert information is displayed, click the “import” link
VCO080414-step23
24.Repeat this process again, this time importing the certificate for SSO. Enter the FQDN of the SSO server with port 7444 and click “Import” then “Import” again once the certificate details are displayed
VCO080414-step24new
25. Click on “Authentication” to configure user access

VCO080414-step24
26. For this writing we will use the SSO Authentication method, so change Authentication mode to “SSO Authentication” and click “Advanced settings”
VCO080414-step25
27. Enter the Token and Admin service URLs, the SSO admin username and passwords. Click “Register Orchestrator”

  • Token service URL: https://vCenterIPaddress:7444/ims/STSService
  • Admin service URL: https://vCenterIPaddress:7444/sso-adminserver/sdk
  • Admin user name: administrator@vsphere.local
  • Admin password: Password for admin account
    VCO080414-step26d

28. Once registration completes, choose the vCO Admin – domain and group from the list (These are populated based on your SSO config). Click “Accept Orchestrator Configuration”
VCO080414-step27
29. Click on “Startup Options”
VCO080414-step28
30. Click “Restart the vCO configuration server”
VCO080414-step29
31. Log back in once the server has finished restarting and click “Licenses”
VCO080414-step30
32. Choose “Use vCenter Server license” and enter the host name of the vCenter server, port should be 443, path is /sdk, and for username and password I used the SSO admin. Click “Apply changes” towards the bottom right of the screen
VCO080414-step31
33. Click on “vCenter Server (5.5.1)”
VCO080414-step32
34. Click “New vCenter Server Host” and enter the hostname of the vCenter server, port is 443, path is /sdk, I chose “Session per user” and the username and password for the SSO admin account. Click “Apply changes”
VCO080414-step33
35. Click on “Mail (5.5.1)”
VCO080414-step34
36. Click the check box for “define default values” and enter in the following information and click “Apply changes”

  • SMTP host: The address for your mail server
  • SMTP Port: Usually 25
  • Username and password: If your mail server requires authentication
  • From name: Name that vCO emails will appear from
  • From address: Email address that vCO emails will appear from
    VCO080414-step35e

37. Open a new browser window/tab and navigate to https://vCOIPaddress:8281/vco/client/client.jnlp to access the Java web client for vCO. Login as user that is a member of whatever group was chosen in step 27 as a vCO Admin
VCO080414-step36

  • At first this did not work and kept reporting “No vCO license available” when I attempted to login. After restarting the service and configuration server through the web interface, I ended up restarting the vCO appliance within vCenter and then I was able to login without issue

38. At this point you’re all setup and ready to start creating workflows
VCO080414-step37
 

Unregister Plugin from vCenter

Sometimes the uninstallation of a plugin in vCenter will not remove it from the list of available plugins. Once you’ve confirmed the plugin can be removed, follow these steps to unregister it and remove it from the list.

1. Currently, the Virtual Storage Console for NetApp has been uninstalled, but it is still showing up as an available Plugin
rmplugin052114-step1
2. Open a web browser and navigate to https://vCenterAddress/mob

a. Ignore any security warnings

3. Login with your normal vCenter credentials
rmplugin052114-step3
4. After login, click on the “content” link under Properties
rmplugin052114-step4
5. Click on the link for “ExtensionManager”
rmplugin052114-step5
6. You’ll have a list of extensions to choose from under “extensionList” and “VALUE”

a. Click the link of the extension to be unregistered
rmplugin052114-step6a
i. If the name isn’t obvious, click each one until you see the correct one

7. Once you’ve clicked on the correct plugin, you’ll want to copy the Value (without the quotes) in the row labeled “key”
rmplugin052114-step7
8. Press the Back button in your browser and then click on “UnregisterExtension” under the Methods table
rmplugin052114-step8
9. Paste the string copied from step 6 into the “VALUE” text box and click “Invoke Method” at the bottom
rmplugin052114-step9
10. Restart the vsphere client and click on “Plug-ins” then “Manage Plug-ins” and the plugin should be gone
rmplugin052114-step10
11. Now we see that the Plugin has been removed
rmplugin052114-step11

Install & Configure vCSA and vCenter 5.5

The steps below are to install and configure the vCenter Server Appliance, configure SSO to lookup users in a specific OU in Active Directory, add an Administrator, add your first host, and configure email server settings.

Prerequisites:

  1. Download the latest version of the vCenter Server Appliance (5.5.0.5201 for this writing) and place it some where that is accessible by the client hosting the vSphere client
  2. Have the vSphere Thick client installed
  3. Have a datastore created for the appliance (VM_Appliances for this writing)
  4. Identify the Fully Qualified Domain name and IP address of the server ahead of time

Steps

      1. Login to the vSphere client, choose File then Deploy OVF Template
        step1
      1. Click “Browse”, locate the OVF/OVA, and click “Open”, then click “Next”
        step2
      1. Click “Next” after reviewing the template details
        step3
      1. Name the vCSA, choose the inventory location, and click “Next”
        step4
      1. Choose the datastore and click “Next”
        step5
      1. Verify the datastore name and size and click “Next” (Size is not adjustable)
        step6
      1. Select the appropriate “Destination Network” and click “Next”
        step7
      1. Enter the following information and click “Next”
        1. Hostname = Name of Appliance
        1. Default Gateway = IP of the gateway of  the Destination Network
        1. DNS = IP of the DNS Server (Separate each DNS server with commas, though it didn’t seem to apply these settings)
        1. Network 1 IP Address = IP address of the vCenter Server Appliance
        1. Network 1 Netmark = Subnet mask of the Destination Network
      1. Verify the settings and click “Finish” to begin deployment of the vCSA
      1. Once deployment is finished, click “Close”
      1. Right click on the vCSA in the vSphere client and choose “Upgrade Virtual Hardware” then click “Yes” to upgrade the configuration
        step11
      1. Right click on the vCSA and choose “Open Console”
      1. Click the “Power On” button in the console
        step13
      1. Once the appliance has finished booting, open a browser and connect to the web interface (https:// ipaddress:5480)
      1. Click “Continue” to the security warning on your web browser
      2. Enter the default username and password for the vCSA (username: root, password: vmware)
      1. After login, accept the licensing agreement and click “Next” (this part may take awhile)
        step17
      1. Once you get to “Configure Options” press the “Cancel” button (After a few unsuccessful attempts to configure through the wizard, it is easier setting it up manually)
        step18
      1. At the home page of the vCSA admin page, click on the “Database” tab
        step19
      •  Change the “Database type” to “embedded” and click “Save Settings” (may take a minute or 2)
        step19a
      1. Click on the “SSO” tab
        • Change the “SSO deployment type” to “embedded”
        • Set the admin password for the “administrator@vsphere.local” account (Save this information immediately!)
        • Click “Save Settings” (will take a few  minutes)
          step20c
        • Once you see the message “Operation was successful” you can move on to the next step
          step20d
      1. Click on the “Network” tab
        • Ensure the Hostname (must be a FQDN if adding to a domain), IPv4 gateway, preferred & alternate DNS servers, and IPv4 static IP addressing is set. If any entries is missing, add them now
        • Once saved, click on the “System” tab and click on “Reboot”
          step21b
      1. Log back in (if necessary and continue with the next step)
      1. Click on “Authentication” tab
        • Check the box for “Active Directory Enabled”
        • Enter the domain name
        • Enter a domain admin account for “Administrative user” (Domain admin)
        • Enter the password for this account and click “Save Settings” (This will add the appliance to the domain)
          step23d
      1. Click on the “Update” tab then click “Check Updates” to see if there are any available updates
        • Install any updates that are available
        • Click on “Settings” under “Update”
        • Choose “Automatic check for updates”
        • Set your frequency (usually once a week) and then click “Save Settings”
          step24d
      1. Click on the “Admin” tab
        • Enter the current administrator password (default is “vmware”)
        • Enter the new administrator password and immediately save it (I use keepass for my passwords)
        • Click “Yes” for administrator password expiration
        • Enter the password validity time in days
        • Enter a group account for email expiration warning
        • Click “Submit”
          step25f
      1. Once the settings are saved, click on “System” tab then choose “Reboot”
      1. Once the vCSA is back up, you should be able to login to the vSphere Web Client (https:// IPofvCSA:9443)
      2. Download and install the “Client Integration Plug-in”
        step28

        • You’ll need to close your current browser to complete installation. Reopen and enable the Plugins after revisiting the URL above
      1. Login using the username “administrator@vsphere.local” and the password setup in step 20
      1. Click on “Administration”
        step30
      1. Click on “Configuration”, then click the “Identity Sources” tab and press the “+” button
      1. Choose the following for setting up Active Directory Auth for a specific group using a service account
        • Choose “Active Directory as a LDAP Server”
        • Enter the name (Just a reference name)
        • Enter the Distinguished name of the OU where users will be located
        • Enter the Domain name
        • Enter the Domain alias
        • Enter the Distinguished name for groups (for us, it’s the same as for users)
        • Enter the primary server URL (Format: ldap:\\Dcname.domainname.com:389)
        • Enter the secondary server URL (same format as above)
        • Username: A domain account in the OU above (do not use a users account, make it a service account)
        • Password: Password for domain account
        • Press “Test Connection” to ensure it all works and then click “OK”
          step32k

 

      1. Under “Single Sign-On” on the left, click on “Users and Groups”
        step33
      1. Click the “Groups” tab, then click on “Administrators”
        step34
      1. Click the “Add Members” button
        step35
      1. Change the Domain to the Domain that was just added. Search for the Domain users/groups that need Administrator access, click on each one and click “Add” followed by “OK”
        step36
      1. Once the users have been added, click on the “Home” button towards the top left
        step37
      1. Click on “vCenter”
        step38
      1. Under “Inventory Lists”, click on “vCenter Servers”
        step39
      1. Click on the name of your vCenter Server
        step40
      1. Click the “Manage” tab, followed by the “Permissions” button
        step41
      1. Click the “+” button to add a new administrator.
        • When the “Add Permission” box appears, click the “Add” button at the bottom
        • Change the Domain to Domain added earlier
        • Search for the same users/groups added as vCSA admins, select each one and click “Add” followed by “OK” when completed
          step42c
        • Under “Assigned Role” change from “No access” to “Administrator”. Ensure “Propogate to children” is selected and click “OK”
          step42d
      1. Once Domain permissions have been assigned, sign out of the web interface as “administrator@vsphere.local” and login with domain credentials (domain\username)
      1. Once logged in as Domain account, click on “vCenter”
        step44
      1. If you see the number “1” next to “vCenter Servers” under “Inventory Lists” then permissions were assigned correctly.
      2. Click on vCenter Servers, then click on the vCenter server and click the “Manage” button in the middle pane
        step46
      1. Under the “Settings” tab click on “Advanced Settings”
        step47
      1. Locate the key “config.registry.key_managedIP” and if the Value is “–“,  click the “Edit” button towards the top right
        step48
      • Scroll down to that key and enter the IP address of the vCenter Server appliance and click “OK” (Without this entry, in the event of a DNS failure, the hosts will not be able to check in with the vCenter server and could become disconnected. Thanks to Virtual Barker for pointing this out)
      1. Click on on the “vCenter” link towards the top left
        step49
      1. Click on “Datacenters”
        step50
      1. Click the “Create a new datacenter” button
        step51
      1. Choose a name of the Datacenter (I usually use location), click on the vCenter server instance and click “OK”
        step52
      1. Click on “vCenter” towards the top left
        step53
      1. Click on “Hosts” under “Inventory Lists”
        step54
      1. Click the “Add a host” button
        step55
      1. Follow these steps to add a host to your newly created datacenter
        • Enter the fully qualified domain name of your host
        • Click on the destination datacenter and then click “Next”
          step56b
        • Enter the username and password for the “root” account then click “Next” (Click “Yes” for the security alert)
          step56c
        • Review the details of the Host then click “Next”
          step56d
        • Assign a license key (if available) and click “Next”
        • Make sure “Enable lockdown mode” is unchecked and click “Next”
        • Click “Next” through “VM location” as we haven’t created a new tag yet
          step56g
        • Click “Finish”
      1. Click on “vCenter” button towards the top left
        • Click on “vCenter Servers” under “Inventory Lists”
        • Click on the name of the vCenter server
        • Click the “Manage” tab
          step57c
        • Under “vCenter Server Settings” on the General page, click the “Edit” button
          step57d
        • Click the “Mail” link and enter your mail server address and the mail sender address and then click “OK”
          step57e

At this point you are ready to start adding more hosts, creating clusters and deploying virtual machines. Before you are ready for production, ensure that you create alerts for monitoring VM and Host health such as CPU and memory usage, CPU ready latency, storage latency and VM snapshot size. I’ll address the common alerts I create in each new build in a later post.