NAEPS (Not Another ESX Provisioning Script)

This script builds on the excellent work done by lberc and others in the forums and at VMware

We are deploying VC+ESX to a somewhat interesting environment:

  • engineering is not directly involved in provisioning so it needs to be as automated as possible within a cost-effective constraint

  • security is important

  • We're using ESX not ESXi

The scripts I found stopped too soon for my O-C taste, so this one goes a bit further than others I found including:

  • Configure the license server

  • Upload signed SSL key and certificate files to the ESX server

  • Rename all local datastores to try to reduce the accidental deployment to local stores

  • Configure the firewall for NTP and updateManager

  • Targeted for ESX although there is also a nod to ESXi provisioning

  • Configure the environment for our special case where the VCS-ESX communications are on an isolated network

and a separate isolated VMotion network

  • Rescan the HBAs

It does the "usual" stuff borrowed from lberc and others:

  • reset the root password

  • configure networks

  • joining to VCS servers

  • configuring NTP, DNS, domain, name, IP's etc.

Some interesting concepts explored here, although hints of topics on these throughout the forums

  • Upload files to an https server with a self-signed SSL certificate

  • Finding the local datastores on an ESX server

  • Accessing and modifying the firewall configuration

  • Dealing with Passwords entered with the Read-Host -asSecureString

Some caveats

  • This is my first significant Powershell, .Net and VI project. I am sure many of you will cringe when you look at the arcane methods I found.

  • We do a manual install of ESX rather than using kickstart. I expect we'll head towards ESXi and this work wouldn't have paid back. This script is run immediately after the reboot following the installation.

  • It works pretty well in our target environment, but there is no guarantee or warranty it will work in yours.

  • The upload stuff works here works for fairly small files. (file size=memory consumed) Carter Shanklin and I are

working to improve the upload process. Watch Carter's (c_shanklin) blog and his VI Toolkit Extensions at

A few features for the next version of this script - perhaps in another life:

  • It should really attach the server to an Update Manager baseline and remediate.

  • Replace all the anachronisms with the best-practice methods

  • Configure a VMKernel network and gateway on the Management VLAN

  • A way cool Windows.Forms with drop-down lists to capture the information

  • Automatically download backup ESXi configuration file to the local disk

Oct 16 2008

I meant to mention how to generate a log file but forgot.

As you may have noticed all the messages in this script are simply dumped to the console, rather than explicitly output with Write-Host. You can redirect this to a log file and still see the console messages by invoking the script as follows:

.\configureESX.ps1 | Tee-Object .\configureESX-server.log

Attachments