Doug DeFrank

PowerCLI: Enable/Disable SSH and Lockdown Mode

So, as you can probably tell from my past couple of posts, I’ve been spending a bit of time working with PowerCLI to script and automate several tasks for managing VMware environments. My most recent script combines four tasks I seem to do often when performing cluster-wide maintenance; Enabling and Disabling both SSH and Lockdown Mode. This was actually one of the scripts I discussed at the recent Western PA VMUG meeting held on October 20, 2017.

In this script, like many of my other scripts, it asks the user to enter the vCenter server to connect to, as well as the cluster to work with. Then, the user is presented with five options:

Enable SSH
Disable Lockdown Mode
Disable SSH
Enable Lockdown Mode
Exit

My Upcoming VMUG Presentation

Hello everyone! I want to take this opportunity to let you all know that I’ll actually be presenting at the Western PA VMware User Group meeting on Friday, October 20th! We’re going to meet at Alloy 26 (100 South Commons in Pittsburgh’s North Shore) starting at 11:00 AM. Official registration and full meeting information can be found on the official VMUG page. If you’re a VMware user working or living in the Western Pennsylvania region or surrounding areas, c’mon out and use this opportunity to collaborate and network with other users I’m the VMware community! After all, events like this are put together specifically to get VMware users, administrators, engineers, etc. together to talk about their experience in using VMware products and services.

I will actually be presenting after Kyle Ruddy’s (@kruddy on Twitter) “PowerCLI and vSphere REST APIs: Your Path To Automating All the Things” session. My presentation will cover automation using PowerCLI to manage things like RDM disks, virtual standard switches, NTP settings, and more. You’ll learn how I develop the scripts to simplify repetitive tasks, but also how I use PowerCLI to perform tasks that you may not even be able to do in the GUI! Not only can scripting save time, it can also maintain consistency across within your environment! My goal is to show give you some examples and insight into how you can utilize both PowerShell and PowerCLI to augment the management of your vSphere environment. Continue reading “My Upcoming VMUG Presentation”

PowerCLI: Add/Remove NTP Servers in a VMware Cluster

I recently built out a new VMware cluster, and in doing so, needed to configure the NTP servers for each host. While this can certainly be done manually, it’s very repetitive and opens up the possibility of missing or misconfigured setting. Fortunately, there’s a way to automate that using PowerCLI!

Now, the way I wrote this script makes it a bit more interactive for the person running it. Typically, you could just define the NTP servers you want to remove, the ones to want to add, and let it run. With this script, it asks the user several questions along the way. Questions like, “What vCenter do you want to connect to?”, “What cluster do you want to scan?”, “Do you want to remove all existing NTP servers? [Y] / [N]”, and so on. There’s also validation included on the responses to the Y/N questions. And at the very end of the script, it checks the NTP services on each host in the cluster. If the NTP service is already running, it will restart the service. If it’s not running, it will start the service. All automatically.

PowerCLI: Create New VM Port Groups in a Cluster

Hello again, everyone! Recently, I’ve been working on a script that will create new VM Port Groups on a virtual standard switch (vSS) in a given cluster. While this could probably be alleviated by using a virtual distributed switch (vDS), let’s assume that you have a need to stick with vSS for whatever reason (licensing, company standards, etc.).

In this script, it validates that the VLAN number is in fact a whole number within the range of 1 through 4905. At the end of the script, it asks if you’d like to add another port group to the same cluster or not. I found this to be very handy if you’re standing up a new cluster that only contained vSS, or simply adding more port groups to an existing cluster.

PowerCLI: Get or Set VAAI Settings for VMware Hosts

During a recent technical engagement with a vendor, my team was asked to verify that VAAI was disabled for all hosts attached to that vCenter. There are several different ways to go about doing this, so I figured I would put this blog post together to showcase some of the different ways in which this can be accomplished. There are three settings that need to be reviewed (or changed). They are: DataMover.HardwareAcceleratedMove, DataMover.HardwareAcceleratedInit, and VMFS3.HardwareAcceleratedLocking. A value of 1 means the setting is enabled, and a value of 0 means the setting is disabled.

PowerCLI: Find a VM Based on RDM’s LUN ID

Let’s say you have a LUN ID that you clearly know is a RDM. How do you determine what virtual machine is associated with that disk?

Recently, I was prepping a cluster for routine ESXi patching. As part of my preparation, I scanned the cluster for RDM disks first to ensure that they were set to Perennially Reserved = True. After doing the RDM scan, I found a cluster that had a single RDM disk, but didn’t know which VM it was associated with. Although VMware has a Knowledge Base article (KB2001823) on how to do find RDM’s and which VM’s they’re associated with, it looks like it will find all RDM’s and VM’s across the entire vCenter Server. Since I know the cluster, and I know the RDM LUN ID, I wanted to narrow down the results for my particular needs.

Creating a UEFI-Enabled VM in VMware Fusion 8.x

Update: 2018-OCT-01 – This post applies to VMware Fusion version 8.x and older. Updates were made in VMware Fusion 10 to make it easier to create a UEFI-enabled VM from the GUI.

Let’s say you want to build a new VMware Fusion virtual machine using the newer UEFI firmware instead of the traditional BIOS. How is that done in VMware Fusion? Unlike VMware Workstation and ESXi, there’s no GUI-based option to choose EFI over BIOS (at least as of this writing). So, I decided to put this post together to walk you through the process. I should also point out that this needs to be done before an operating system is installed to the VM.

If you’re not sure what the differences are between UEFI and BIOS, How-To-Geek has two great articles that explain how newer UEFI firmware differs from traditional BIOS; “What Is UEFI, and How Is It Different from BIOS?” and “What You Need to Know About Using UEFI Instead of the BIOS.”
Continue reading “Creating a UEFI-Enabled VM in VMware Fusion 8.x”

Building a New Virtual Machine in VMware Fusion

In this blog post, we’ll take a look at how to setup and install a brand-new virtual machine using VMware Fusion. For this post, I’ll be installing a fresh copy of Microsoft Windows to use as an example, but these same steps should apply to just about any operating system. Let’s get started!
Continue reading “Building a New Virtual Machine in VMware Fusion”

New Phishing Attempt: Dropbox

If you’ve been following the news, there was a recent phishing scam going around that was involving a number of Google Docs users. (If you’re not familiar with this story, check out this post by US-CERT). Fortunately, I didn’t receive that phishing attempt message myself.

However, there now seems to be a similar phishing attempt going around, but this time it involves Dropbox. A number of sites have stories on the Google Docs scheme, but as of this writing, I haven’t seen very much involving this particular Dropbox scheme. In the email I received, there were a couple of giveaways that stood out to me:

I wasn’t expecting any sort of shared document from the sender. Even though she’s in my contact list and is someone I do communicate with, it wasn’t something we had previously discussed.
This one is probably the most obvious, but the From: and To: email addresses were the same. Even though I received the email, MY email address wasn’t listed in the To: field.
It was sent to the wrong email address. Although this email address was once associated with Dropbox at one time, it isn’t any more. If this was legit, it would’ve gone to another email address.
If I hovered over (not clicked) the “Secured Document” link, I could clearly see that it wasn’t going to a Dropbox URL.
At this point, it was pretty obvious to me that this was an attempted phishing email, but I even reached out to the “sender” of this email to see if she had sent it. Her response back made it clear that she hadn’t sent this out.

Here’s a screenshot of what the email looks like. Remember to stay vigilant and question emails like this, especially when it’s not something you were expecting to receive!

Mac Seems to Routinely Wake Up from Sleep

Now, I know I said this blog was going to focus mostly on virtualization and all, but every once in a while, you stumble across a tech-related issue and a fix or workaround that’s just worth sharing. This, in my opinion, is one of those times.

Occasionally, my Mac would wake itself up from sleep mode every now and again. At first, it didn’t seem like much of an issue, but I recently noticed that it seemed to be recurring at regular intervals, almost on a schedule of sorts. So, I took to the web to see if I could figure out the issue and here’s what I found:

Check the logs using Terminal

Open a new Terminal window (found in /Applications/Utilities) and run one of the following commands (based on your OS version):
For Mac OS 10.12 “Sierra”:
```
log show | grep -i "wake reason"
```
For Mac OS 10.11 “El Capitan” or earlier:
```
syslog | grep -i "wake reason"
```
I ran the terminal commands on my system, and in the screenshot below, the logs showed that a “Wake from sleep” instance was occurring almost every two hours!

What do these “Wake Reason” codes mean?

Ok, so my system is waking from sleep on a regular basis due to a RTC code, but what does that actually mean? Well, I found a blog post over at www.osxdaily.com that explains the codes in more detail:

OHC: Open Host Controller (usually a USB or Firewire device). If you see OHC1 or OHC2 it is probably an external USB keyboard or mouse that has woken up the machine.
EHC: Enhanced Host Controller is another USB interface, but can also be wireless devices and bluetooth since they are also on the USB bus of a Mac.
USB: a USB device woke the machine up
LID0: this is literally the lid of your MacBook portable, when you open the lid the machine wakes up from sleep
PWRB: Power Button, which is the physical power button on your Mac
RTC: Real Time Clock Alarm, is generally from wake-on-demand services like when you schedule sleep and wake on a Mac via the Energy Saver preference pane. It can also be from a launched setting, user applications, backups, and other scheduled events.

As you can see from my Terminal screenshot, I had a RTC code kicking off every two hours. Because of the RTC codes, I decided to check my settings in the Energy Saver system preferences. I also had a few UHC and EHC codes mixed in there, which was probably me (or someone in my family) clicking the mouse or keyboard to wake the system from sleep.

See if “Wake for network access” is set

Open System Preferences > Energy Saver
Uncheck: Wake for network access

See if a Schedule is set

While still in the System Preferences > Energy Saver window, click Schedule…
Ensure that Startup or wake is unchecked (unless, of course, you actually want your system to startup or sleep at a specific time).

As it turns out, my particular situation was indeed the result of “Wake for network access” being checked in the Energy Saver preference pane. After unchecking this setting, my system is no longer waking from sleep every two hours! Hopefully this post helps you to resolve your Mac’s “Wake from Sleep” woes. As always, thanks for stopping by!