NAEPS (Not Another ESX Provisioning Script)

Version 4

    This script builds on the excellent work done by lberc and others in the forums and at VMware


    We are deploying VC+ESX to a somewhat interesting environment:

    • engineering is not directly involved in provisioning so it needs to be as automated as possible within a cost-effective constraint

    • security is important

    • We're using ESX not ESXi


    The scripts I found stopped too soon for my O-C taste, so this one goes a bit further than others I found including:

    • Configure the license server

    • Upload signed SSL key and certificate files to the ESX server

    • Rename all local datastores to try to reduce the accidental deployment to local stores

    • Configure the firewall for NTP and updateManager

    • Targeted for ESX although there is also a nod to ESXi provisioning

    • Configure the environment for our special case where the VCS-ESX communications are on an isolated network

    and a separate isolated VMotion network

    • Rescan the HBAs


    It does the "usual" stuff borrowed from lberc and others:

    • reset the root password

    • configure networks

    • joining to VCS servers

    • configuring NTP, DNS, domain, name, IP's etc.


    Some interesting concepts explored here, although hints of topics on these throughout the forums

    • Upload files to an https server with a self-signed SSL certificate

    • Finding the local datastores on an ESX server

    • Accessing and modifying the firewall configuration

    • Dealing with Passwords entered with the Read-Host -asSecureString


    Some caveats

    • This is my first significant Powershell, .Net and VI project. I am sure many of you will cringe when you look at the arcane methods I found.

    • We do a manual install of ESX rather than using kickstart. I expect we'll head towards ESXi and this work wouldn't have paid back. This script is run immediately after the reboot following the installation.

    • It works pretty well in our target environment, but there is no guarantee or warranty it will work in yours.

    • The upload stuff works here works for fairly small files. (file size=memory consumed) Carter Shanklin and I are

    working to improve the upload process. Watch Carter's (c_shanklin) blog and his VI Toolkit Extensions at


    A few features for the next version of this script - perhaps in another life:

    • It should really attach the server to an Update Manager baseline and remediate.

    • Replace all the anachronisms with the best-practice methods

    • Configure a VMKernel network and gateway on the Management VLAN

    • A way cool Windows.Forms with drop-down lists to capture the information

    • Automatically download backup ESXi configuration file to the local disk


    Oct 16 2008


    I meant to mention how to generate a log file but forgot.


    As you may have noticed all the messages in this script are simply dumped to the console, rather than explicitly output with Write-Host.  You can redirect this to a log file and still see the console messages by invoking the script as follows:

    .\configureESX.ps1 | Tee-Object .\configureESX-server.log