PowerCLI

Automating HCX Add On for VMware Cloud on AWS

06/19/2019 by William Lam 1 Comment

Enabling Hybrid Cloud Extension (HCX) for a VMware Cloud on AWS SDDC is just a click of a button and is completely self-service which makes consuming the HCX Service extremely easy! All the hard work of deploying and configuring the required HCX infrastructure for your SDDC is completely automated for you by VMware when you click on "Deploy HCX" button.

Once the HCX infrastructure has been deployed in your SDDC, you can then deploy the respective HCX components for your on-premises vSphere environment which you can fully automate end-to-end which I have blogged about here.

Although the deployment of the HCX components for the SDDC is just click of a button, I recently had a need to automate this and I figure this would be a nice addition to my HCX PowerShell Community Module and complete the end-to-end story quite nicely from enabling the HCX Cloud Service to automating the deployment and configuration of the on-premises HCX components.

Automating VMware Site Recovery (DRaaS) with VMC

05/28/2019 by William Lam Leave a Comment

VMware Site Recovery provides customers with an easy and on-demand Disaster Recovery as-as-Service (DRaaS) for both their on-premises and VMware Cloud on AWS (VMC) workloads. DRaaS is one of the most popular VMware Cloud Service as it literally enables customers to setup a fully functional target DR site with just a click of a button, no joke!

As simple as this is, customers are also interested in automating the setup of DRaaS, especially for testing purposes. A couple of weeks back, I had a customer reach out asking if it was possible to automate the setup of DRaaS?

Funny enough, I just had this conversation a few weeks prior with the PM/Engineer and was in the process of looking into this. It turns out we do indeed have DRaaS Service API, which is what the VMC Console uses, however we had not publicized the API nor showed how to actually get more information about it. Do not worry, I have already feature request with the PM to not only get this published publicly but also show up as part of the VMC Developer Center API Explorer 🙂

Automating complete HCX deployment and configuration to first cloud migration using PowerCLI

03/04/2019 by William Lam Leave a Comment

PowerCLI 11.2.0, was just released last week and for a "dot" release, it includes a number of new capabilities and enhancements. One of the most exciting features for me personally was the introduction of the VMware Hybrid Cloud Extension (HCX) PowerCLI module which I also had the pleasure of working on and providing early feedback to the HCX Engineering team. The new HCX module enables customers to use PowerCLI to now easily automate the HCX Fleet deployment (Interconnect, WAN Optimization and Network Extension) as well as perform bulk live migrations of workloads between two HCX-enabled environments, with on-premises vSphere to VMware Cloud on AWS (VMC) being the most popular.

I have written a number articles on HCX Automation using both the HCX REST API and PowerCLI and with this latest PowerCLI module, I realized that we now have complete end-to-end automation with PowerCLI from the HCX OVA deployment to initial configuration and fleet deployment to your very first HCX vMotion! This is quite exciting as I know a number of folks have been asking about automating the fleet deployment, especially for enabling quick proof of concepts and quickly showing the value of HCX to our customers for moving large amount of workloads without any downtime.

Below, you will find a breakdown of the HCX setup which I have split into three sections, each section includes the respective PowerCLI sample code that can easily be adapted to your own environment. I look forward to seeing what customers do with the new HCX PowerCLI module and if you have any feedback, be sure to leave a comment or better yet, file a feature enhancement using the PowerCLI Feature Request Tool.

Common PowerCLI examples for VM Provisioning in VMware Cloud on AWS

02/07/2019 by William Lam 2 Comments

One of the huge benefits of VMware Cloud on AWS (VMC) is not only the ability to extend your existing on-premises environment and tap into the potentially unlimited capacity of the Cloud, but customers can continue to use the existing tools and scripts that they are already familiar with. When it comes to Automation, PowerCLI is still by far the most popular tool that our customers uses on a regular basis. With VMC, this is no different as the SDDC is simply made up of vSphere, vSAN and NSX which PowerCLI fully supports.

One learning curve that I have seen for some customers when working with VMC is around general provisioning and the implication of the restrictive permission model in VMC. Unlike your on-premises vSphere environment, in VMC, you are no longer running as a vSphere Administrator but rather a Cloud Administrator. This simply means you no longer have to worry about managing the underlying infrastructure (patch, upgrade, monitor, etc) and you get to focus deploying and managing your workloads.

What this technically translates to is that you are restricted to a particular part of the vSphere Inventory where you have permissions to actually deploy workloads. This is to help isolate your workloads and ensure that you do not negatively impact the VMware Management VMs by accident and thus affecting your SDDC.

From the Hosts/Clusters view, you must use the Compute-ResourcePool
From the VM view, you must use the Workloads Folder
From the Datastore view, you must use the WorkloadDatastore

When using the vSphere UI to deploy new workloads, the UI does a really good job of guiding you towards the right inventory objects, but this may not always be apparent when using the CLI or API, especially for new folks or folks who never use the UI 😉

Using NSX-T Policy API to retrieve the Routing Table in VMC

02/04/2019 by William Lam Leave a Comment

When configuring connectivity from your on-premises environment to your VMware Cloud on AWS (VMC) NSX-T SDDC, you can either use a Direct Connect (DX) or a Route/Policy-based VPN. During the configuration, it can really be useful to have insights into the network routing table, especially if you need to verify a specific route or for general network debugging. Today, the NSX-T routing table in VMC is not currently available in the Network and Security UI, however this information can be retrieved using the NSX-T Policy API, which I have written about quite extensively here, here, here and here.

The NSX-T routing table can be retrieved by performing a GET operation on /policy/api/v1/infra/tier-0s/vmc/routing-table?enforcement_point_path=/infra/deployment-zones/default/enforcement-points/vmc-enforcementpoint By default, you will get the entire routing table, but you also filter out specific route sources such as BGP, Static or Connected routes by appending the following query parameter to the request URL ?route_source={BGP,CONNECTED,STATIC}

To demonstrate how this API works, I have created a new function in my VMC NSX-T PowerShell Module as well as a quick shell script sample using cURL.

For PowerShell/PowerCLI users, I have a new Get-NSXTRouteTable function which will list the entire routing table by default as shown in the screenshot below.

You can also filter on a specific route source such as BGP, CONNECTED or STATIC routes by simply providing the -RouteSource argument and the route source type. In the screenshot below, I am only interested in the BGP routes.

Here is the output when running the list_vmc_nsxt_route_table.sh script which requires a valid CSP Refresh Token, OrgId and SDDCId

Automating Customer Experience Improvement Program (CEIP) configuration using vSphere API and PowerCLI

01/24/2019 by William Lam 2 Comments

After publishing my recent article on the new the vSphere Health capability which takes advantage of VMware's Customer Experience Improvement Program (CEIP), I had a couple of folks reach out asking how their customers could check whether CEIP is enabled for a given vCenter Server and if not, how to enable it using Automation. For one of these customers, they had over 25+ vCenter Server, so they were not interested in doing this by hand and nor should they.

For those interested in the vSphere UI, the CEIP settings is configured in the Administration menu under the Deployment section as shown in the screenshot below.

We can also manage the CEIP settings programmatically using vSphere API and this is controlled by an Advanced vCenter Server setting called VirtualCenter.DataCollector.ConsentData. The value of this property is actually a JSON payload as you can see in the screenshot below and when updating this property, we need to update both the change version as well as whether we want CEIP enabled or disabled for a given vCenter Server.