kitten-is-harm-when-editing-vmx-by-hand
Following up on a recent article that I wrote a kitten dies every time you query the VCDB, I wanted to raise another topic that could also bring harm to kittens as well as making me cringe (JK on the harming of kittens). The topic, as you might have guessed is about editing a Virtual Machine's VMX configuration file by hand which comes up some what frequently from customers. There are many valid reasons on why a customer would need to perform such an operation such as enabling Change Block Tracking for efficient Virtual Machine backups to the hardening of a Virtual Machine based on the vSphere Security Hardening Guideline, the list just goes on and on. Outside of extreme troubleshooting scenarios (debatable unless directed by VMware GSS), you should be leveraging the vSphere API to automate these changes and instead of manually editing the VMX file by hand.

Disclaimer: No kittens were harmed during the writing of this article

There are several disadvantages when editing a VMX file by hand:

  • Very error prone, you might get it right for the first VM but what about 500 VMs with couple of settings each?
  • VMX editing requires the VM to be powered off
  • Requires ESXi host to have SSH enabled unless you plan to manually download/re-upload the edited VMX file
  • Changes to VMX file must also be reloaded for changes to take affect

I think there are two main reasons customers are manually editing VMX files by hand. First, it might seem to be the quickest way but looking at the list of disadvantages, you will soon realize it really is not when you need to scale this change beyond a single Virtual machine. The second reason I think is the perceived intuitiveness of the change. I mean, all configuration changes made to a Virtual Machine whether it is using the vSphere Web/C# Client or vSphere API will need to eventually persist onto disk and those changes is what is saved into Virtual Machine's VMX configuration file. However, that is not the only way nor would I say the "correct" way of modifying your Virtual Machines when it comes to these and other settings. As I have already mentioned, you can already use the vSphere Web/C# Client to make these changes which in turn leverage the vSphere API. So why would it be any different if you were to perform these operations outside of a UI?

In fact, the vSphere API abstracts away the complexity of needing to edit the VMX file and provides nice programmatic/scripting interfaces to perform some of these Virtual Machine configurations. Taking our two existing examples, Change Block Tracking is actually exposed through a simple boolean property called changeTrackingEnabled and you can just call the ReconfigVM_Task() method to enable this functionality to ensure that you have efficient Virtual Machine backups. You do not need to manually tweak each Virtual Disk since that will automatically be handled by vSphere once this has been configured.

The second example is around hardening your Virtual Machines based on the vSphere Security Hardening Guide. Luckily, to implement those settings among other Virtual Machine Advanced Settings, it just simply an array property called extraConfig that accepts a list of key/value pairs. In fact, you can easily automate the configuration of one or dozen parameters using the scripts found in this blog article called Accessing Virtual machine Advanced Settings which I wrote a couple years back. If you want to automatically harden your Virtual Machines based on a set of pre-defined settings, you can also take a look at my Automate the hardening of your Virtual Machine VMX Configurations article.

The point that I am trying to make here is that though these changes may eventually end up in the Virtual Machines VMX configuration file, there are better, easier and more efficient ways of making these changes through the use of the vSphere API and that is one of the many benefits of using an API. If you have gotten this far in the article, then I would like to conclude with some of the benefits I mentioned earlier that you will not find if you were to manually edit a VMX file by hand. The first is that the Virtual Machine Advanced Settings can be applied while the Virtual Machine is up and running, yes the changes will not go into effect, but you can at least stage the changes. If really can not take down time of the Virtual Machine to completely power off and power on for the changes to reload, another trick that I learned from a friend in the VMware Community is to vMotion the Virtual Machine from one host to another. By doing a vMotion, a new VMX will be created on the destination host and the Virtual Machine Advanced Settings will then become active as a new VMX process is spawned. This is not something you can do if you manually edited the VMX file by hand 🙂

4 thoughts on “A kitten is also harmed, every time you edit a VMX file by hand

  1. I’d be in 100% agreement if the API/UI would allow you to switch a vNIC type without needing to remove/add the vNIC. It’s trivial to change a vSCSI adapter when the VM is off; why not the vNIC? What’s so special that there isn’t a persistent drop-down to easily switch from e1000 (the default for several OSes, much to our recent chagrin) to VMXNET3 without losing the assigned (dynamic or manual) MAC, etc?

    In that case, editing the .vmx *can* be a timesaver, even with the limitations you describe.

  2. Hi,

    Is it possible to reload .vmx file or new vmx process in PowerCLI too, without acutally vMotioning VM for the Advanced Settings configuration to take effect ?

    Problem is, that i’m trying to use script that adds multi-writer VMDK disks online to both VM-s. But adding disk to second node fails unless i vMotion both VM-s after adding multi-writer flag.

    New-AdvancedSetting -Entity vmNAME -Name ‘scsi1:1.sharing’ -Value ‘multi-writer’ -Confirm:$false

    • Actually reloading vmx and vmotioning a vm at two different thing.
      1) reloading the vm means actually refreshing hostd/esx with the new vmx configuration/latest change. however it does not apply those change.
      2) vmotion is different as it efefctivelly start a new vm on the target host, synchronise it state with teh source vm. once both vm are in sync, the switch is made by stopping the source and activating teh target.
      so vmpotion is like reboot itng the vmand therefore allow to activate most of the vmx updated options.

      so, you should reload teh vmx and then vmotion.

Thanks for the comment!