Highlighted
Hot Shot
Hot Shot

implemeting vsphere best practices and features_powercli

Jump to solution

Hi Luc,

i have been trying to implement  vsphere best practices and new features on vmware environment using powercli .

i am in process of checking following and thought of discussing with you if we can  add additional features in following list.

1:content Library

2:vcenter high availability

3:virtual machines encryption (that need KMS server i think that incur cost to customer)

4:file based backup(needs location of ftp server)

5:per vm evc

6:enhanced link mode

7:i am planning to do this with powercli 11.5 and posh ssh module .

1 Solution

Accepted Solutions
Highlighted
78 Replies
Highlighted
User Moderator
User Moderator

I would also consult these

It's obvious that these are all collections of guidelines and best practices.
I would suggest taking from these what can easily be defined in a simple rule and translated to a PowerCLI script (verification & setting)


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
Hot Shot
Hot Shot

thnaks Luc ,

i am checking what yu suggested .

just thought of asking if you happen to know any free community solution that work as a KMS server for virtual machine encryption .

0 Kudos
Highlighted
User Moderator
User Moderator

Several implementations used PyKMIP, but that, as they state themselves, is not intended for production.

In fact, I'm currently reading an interesting, recent thesis, named Secure handling of encryption keys for small businesses
I haven't finished it yet, but Vault, by HashiCorp, seems to be the most promising.
It is marked as 'freemium' SW.
Basic version is free, and there are paid versions available.

Another point I haven't looked at yet is which prereqs vSphere encryption has, and how a package like Vault complies with these prereqs.
Perhaps something to ask in the Security community on VMTN?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
Hot Shot
Hot Shot

thnaks Luc ,

i am checking this ...

0 Kudos
Highlighted
User Moderator
User Moderator

If you want a KMS that is verified by VMware check this https://www.vmware.com/resources/compatibility/pdf/vi_kms_guide.pdf


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
Hot Shot
Hot Shot

Thanks Luc,

i am going to check this.

However just found that vcenter high Avalaibility can only be configured on vcenter appliance not on windows.

0 Kudos
Highlighted
User Moderator
User Moderator

Yes, that is correct.
But then again, vCenter on Windows is in any way on the way out.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
Hot Shot
Hot Shot

yes it is ...

is it fine with you if leave this thread open for further discussion on the of above mentioned features ...

it will help me to get all info in one place for this topic .

0 Kudos
Highlighted
User Moderator
User Moderator

Sure


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
Hot Shot
Hot Shot

Thnaks Luc .

currently i m in process of developing powercli  script  to implement below features .

however i am checking some environemt where vcenter appilance is installed so that i can include vcenter high availabilty and file based backup ...

will share with you to check and modification .

1:content Library

2:vcenter high availability

3:virtual machines encryption (that need KMS server i think that incur cost to customer)

4:file based backup(needs location of ftp server)

5:per vm evc

6:enhanced link mode

7:i am planning to do this with powercli 11.5 and posh ssh module

0 Kudos
Highlighted
Hot Shot
Hot Shot

if you know the vsphere HOL lab  for implementing file  vcenter(appliance)  file based backup feature .

just thought of configuring it on vmware lab .

0 Kudos
Highlighted
User Moderator
User Moderator

That's a good idea, but be aware that these HoL do not always have the most up-to-date PowerShell and PowerCLI version installed.

And there is no Internet connection, so you can't update.

That shouldn't be a problem in most cases though


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
Hot Shot
Hot Shot

i did it on one lab tested content library .

what i wanted to ask is are you aware of lab number which has file based backup discussed as i need ftp location and i think it will be in that specific lab.

0 Kudos
Highlighted
User Moderator
User Moderator

You can set up an FTP server on the W2K12R2 server in the HOL-2012-01-SDC - VMware vSphere Automation - PowerCLI lab.
Just add the IIS - FTP Server (see for example
How to Install FTP on Windows Server 2012 R2 for instructions).
Now you have a local FTP server.

ftp.jpg


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
Hot Shot
Hot Shot

if you could suggest me on following two points on file based backup for vcsa

1:iam unable to login to cis server and im unsing administrator@vsphere.local

pastedImage_0.png

2:if you can tell me about the best way to configure ftp server for storing backup of vcsa  in prod environment.

0 Kudos
Highlighted
User Moderator
User Moderator

1. If the VCSA credentials don't work for the Connect-CisServer, they probably configured the permissions differently.
Haven't tried that in that lab.

2. It's a straight-forward FTP server.
Configure the permissions on the folders correctly, and that should be about it.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
Hot Shot
Hot Shot

Thanks Luc,

1:i will check on different lab .hope its not at all related to execution policy .

2:thanks for suggestion on ftp server it will be extra configuration if does not exist in environment .

0 Kudos
Highlighted
Hot Shot
Hot Shot

HI Luc ,

for some reasons there is no option to do ftp publishing  though webserver and ftp server role is installed .

if you can provide the required powershell code for doing this.

0 Kudos
Highlighted
User Moderator
User Moderator

On which Windows Server version are you trying to set up an FTP server?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos