Bulk Virtual Machines Deployment and Zero Clicks Part 1

A recent project revisited deploying virtual machines via PowerCli. Its fair to say this isn’t a new tool but sometimes over looked.

Part 1 /  Part 2

My requirements were to deploy :

  • 100+ virtual machines (within a few hours)
  • domain join all machines
  • license the OS
  • various virtual machine specifications
  • various Windows OS versions.
  • to two different data centers within a linked vCenter setup
  • to resource pools
  • to different data stores
  • to different networks

 

The constraints:

  • vSphere 6.0 update 2
  • no budget for third party automation tools
  • small window of opportunity to deploy the VMs

 

On the plus side there was:

o    Loads of available CPU and RAM
o    Large datastores presented
o    Subnets prepared
o    Stretched VLANs across Data Centers

 

The tools I used to the task

  • Excel (CSV)
  • Notepad++
  • PowerCLi

 

The CSV file example

# Example Bulk_VMs_Deploy.csv

Template Datastore VMhost Custspec VMname IPaddress Subnet Gateway
2012_Template Storage1 ESXi.domain 2012_Spec test2003VL1 192.168.0.191 255.255.255.0 192.168.0.1
PDNS SDNS ResourcePool RAM CPU VLAN Size Format
192.168.0.10 127.0.0.1 resource1 2 2 VM Network 10 thin

 

The Script

# Automate the deployment of customised virtual machines deployed in vSphere 6.0. Tested against u2
#
# Prereq’s
# 1) Populate the a CSV file called Bulk_VMs_Deploy.csv
# 2) Create a Windows Server template
# 3) Create a customization spec within vSphere for Windows
# 4) Run Bulk_VMs_Deploy.ps1 script via PowerCli as administrator (CSV file must be stored in the same location where the script is run from)
#
#https://blogs.vmware.com/PowerCLI/2015/03/powercli-6-0-introducing-powercli-modules.html
if ( !(Get-Module -Name VMware.VimAutomation.Core -ErrorAction SilentlyContinue) ) {

###### IMPORTANT, Check this file path is correct##########
. “C:\Program Files (x86)\VMware\Infrastructure\PowerCLI\Scripts\Initialize-PowerCLIEnvironment.ps1”
}
Connect-VIServer VC6.test.domain
#connect to a VC. This also works with Linked VC’s
$vmlist = Import-CSV .\Bulk_VMs_Deploy.csv
foreach ($item in $vmlist) {

#set variables to read from CSV
$template = $item.template
$datastore = $item.datastore
$vmhost = $item.vmhost
$custspec = $item.custspec
$vmname = $item.vmname
$ipaddr = $item.ipaddress
$subnet = $item.subnet
$gateway = $item.gateway
$pdns = $item.pdns
$sdns = $item.sdns
$resourcepool = $item.resourcepool
$cpu = $item.cpu
$ram = $item.ram
$vlan = $item.vlan
$size = $item.size
$format = $item.format

#Get the Specification and set the Nic Mapping
New-OSCustomizationNicMapping -Spec $custspec -IpMode UseStaticIp –Position 1 -IpAddress $ipaddr -SubnetMask $subnet -DefaultGateway $gateway -Dns $pdns,$sdns

#Create VM using Template with the adjusted Customization Specification
New-VM -Name $vmname -Template $template -Datastore $datastore -VMHost $vmhost -ResourcePool $resourcepool | Set-VM -OSCustomizationSpec $custspec -Confirm:$false

#Set the Network Name
Get-VM -Name $vmname | Get-NetworkAdapter | Set-NetworkAdapter -NetworkName $vlan -Confirm:$false

#Set the CPU and Memory
Get-VM -Name $vmname | Set-VM -MemoryGB $ram -NumCPU $cpu -Confirm:$false

#Additional Disk
#Get-VM -Name $vmname | New-HardDisk -CapacityGB $size -StorageFormat $format -Confirm:$false

#Remove the NicMapping
Get-OSCustomizationSpec $custspec | Get-OSCustomizationNicMapping | Remove-OSCustomizationNicMapping -Confirm:$false

#PowerOn VM
Start-VM $vmname

}
#Disconnect from VC.
disconnect-VIServer VC6.test.domain -Confirm:$false

 

 

Disclaimer Please take the code and evolve it into a different project? Credit / Tag me on your project Twitter #StephenHackers

Any use of this code is at your own risk. Remember bulk automation jobs require the right resources to be available.

This project & code was based on :
https://communities.vmware.com/thread/315193
Which progressed to : https://communities.vmware.com/thread/436734

Part 1 /  Part 2

Bulk Virtual Machines Deployment and Zero Clicks Part 2

Based on the CSV file used to create the VMs, re-use the CSV to control
Part 1 / Part 2

What else can I do now?

  • Delete Computer Objects from Active Directory
  • Bulk guest shutdown
  • Bulk power on virtual machines
  • Bulk power off virtual machines
  • Bulk Delete Virtual Machines from disk
  • Bulk change Computer Object OU

 

  • Delete Computer Objects from Active Directory

# Delete Computer Objects from Active Directory

$vmlist = Import-CSV .\Bulk_VMs_Deploy.csv

foreach ($item in $vmlist) {

$template = $item.template
$datastore = $item.datastore
$vmhost = $item.vmhost
$custspec = $item.custspec
$vmname = $item.vmname
$ipaddr = $item.ipaddress
$subnet = $item.subnet
$gateway = $item.gateway
$pdns = $item.pdns
$resourcepool = $item.resourcepool

Remove-ADComputer -Identity $vmname -Confirm:$false

}

 

  • Bulk guest shutdown

# Guest power down is a gracefull shutdown of the VMs
# VM requires VMware Tools to be installed on the VMs

Connect-VIServer vc6.test.domain

$vmlist = Import-CSV .\Bulk_VMs_Deploy.csv

foreach ($item in $vmlist) {

$template = $item.template
$datastore = $item.datastore
$vmhost = $item.vmhost
$custspec = $item.custspec
$vmname = $item.vmname
$ipaddr = $item.ipaddress
$subnet = $item.subnet
$gateway = $item.gateway
$pdns = $item.pdns
$resourcepool = $item.resourcepool

#Guest Shutdown VM
Shutdown-VMGuest $vmname
}
disconnect-VIServer vc6.test.domain -Confirm:$false

 

  • Bulk power on virtual machines

# Bulk power on virtual machines

Connect-VIServer vc6.test.domain

$vmlist = Import-CSV .\Bulk_VMs_Deploy.csv

foreach ($item in $vmlist) {

$template = $item.template
$datastore = $item.datastore
$vmhost = $item.vmhost
$custspec = $item.custspec
$vmname = $item.vmname
$ipaddr = $item.ipaddress
$subnet = $item.subnet
$gateway = $item.gateway
$pdns = $item.pdns
$resourcepool = $item.resourcepool

# POWER ON vms
Start-VM $vmname
}
disconnect-VIServer vc6.test.domain

 

  • Bulk power off virtual machines

# Bulk Power OFF VMs (Big Button OFF the VMs)
Connect-VIServer vc6.test.domain

$vmlist = Import-CSV .\Bulk_VMs_Deploy.csv

foreach ($item in $vmlist) {

$template = $item.template
$datastore = $item.datastore
$vmhost = $item.vmhost
$custspec = $item.custspec
$vmname = $item.vmname
$ipaddr = $item.ipaddress
$subnet = $item.subnet
$gateway = $item.gateway
$pdns = $item.pdns
$resourcepool = $item.resourcepool

#PowerOFF VM (Big Button OFF the VM)
Stop-VM $vmname -Confirm:$false

}

Disconnect-VIServer vc6.test.domain -Confirm:$false

 

  • Bulk Delete Virtual Machines from disk

# Delete Virtual Machines from disk
# VM should be already powered off

Connect-VIServer vc6.test.domain

$vmlist = Import-CSV .\Bulk_VMs_Deploy.csv

foreach ($item in $vmlist) {

$template = $item.template
$datastore = $item.datastore
$vmhost = $item.vmhost
$custspec = $item.custspec
$vmname = $item.vmname
$ipaddr = $item.ipaddress
$subnet = $item.subnet
$gateway = $item.gateway
$pdns = $item.pdns
$resourcepool = $item.resourcepool

Remove-VM -VM $vmname -DeleteFromDisk -Confirm:$false
}
disconnect-VIServer vc6.test.domain -Confirm:$false

 

  • Bulk change Computer Object OU#Move and AD Computer Object to a specific OU from a CSV file
    $vmlist = Import-CSV .\Bulk_VMs_Deploy.csvforeach ($item in $vmlist) {$template = $item.template
    $datastore = $item.datastore
    $vmhost = $item.vmhost
    $custspec = $item.custspec
    $vmname = $item.vmname
    $ipaddr = $item.ipaddress
    $subnet = $item.subnet
    $gateway = $item.gateway
    $pdns = $item.pdns
    $resourcepool = $item.resourcepoolGet-ADComputer $vmname|Move-ADObject -TargetPath “OU=VM,DC=TEST,DC=DOMAIN”
    }

 

Disclaimer Please take the code and evolve it into a different project? Credit / Tag me on your project Twitter #StephenHackers

Any use of this code is at your own risk. Remember bulk automation jobs require the right resources to be available.

Part 1 / Part 2

Learn NSX Day 16 : Useful Commands & Errors

NSX Manager ( Open console of NSX Manager – try basic commands)

List

List
List

sho? (displays commands starting with “sho”)sho

Privileged mode

Privileged Mode
Privileged Mode

Ping

Ping
Ping

Show Clock

Time
Time

Show file system

show filesystem
show filesystem

Type : quit     (to exit)

 

 

NSX Controller CLI Commands:

Identify which port the switch manager is using
Show controller-cluster connections

Identify control cluster majority leader
show control-cluster status

Very useful blog on trouble shooting NSX http://www.yet.org/2014/09/nsxv-troubleshooting/

 

Errors

Error Message : Invalid_ID_Information

Reason : PreShared Key doesn’t match

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 15 : NSX Backups

Backup NSX Two options available

  • Via NSX Manager

    backups
    backups
  • Via NSX API

Details required for backups

  • Filename prefix
  • Transfer protocol
backup-details
backup-details

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 14 : Monitoring

Activity Monitor

activity-monitor
activity-monitor

To monitor add VMs in to a activity monitoring security group (service composer)

  • Enable data collection
  • Then you can validate security policies are applied

Monitor Traffic

  • vDS allows port mirroring to be configured
  • Remote mirroring is an option to configure. (duplicate traffic to another port)

Flow Monitoring

flow-monitor
flow-monitor

 

  • Includes the ability to detect rouge services

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall

vDS (Distributed Switch)
An interface on a distributed switch can connect to the rest of the network

distributed-switch
distributed-switch

Advanced Settings

distributed-switch-settings
distributed-switch-settings

 

To implement:

  • Enable OSPF

    OSPF
    OSPF
  • Config uplink
  • Add subnet to new interface
  • Assign VLAN number to distributed port group for VLAN IF

Limits

There can be up to x1000 logical interfaces to one distributed router

 

Distributed Logical Firewall
Diagram to try and display my understanding of how the firewall rules apply based on security groups

Distributed Logical FirewallRules only apply to the ESXi hosts which have the source or destination VM traffic

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 12 : Spoof Guard

Spoof Guard

A useful feature, help prevent rouge systems connecting in to your network by pretending to be another server. An approved list of authorized servers is generated on IP, MAC. This is a separate feature from firewalls. My understanding it would increase security alongside firewall rules. See VMwares description for further information

spoof-guard
spoof-guard

Operation Modes

  • Auto trust IP on their first use
  • Manually inspect and approve before use

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 11 : NSX EDGE

Features

edge
edge

HA – Loose the Primary node and the secondary takes over. Existing connection then need to reconnect.

Load balancing – One option is to load balance based on Least connections

VPN – Edge service gate can form Layer 2 VPNs (even retain existing IPs)

Authentication – A few auth options are RSA Secure ID and Active directory

DNS – Edge will forward DNS requests to the DNS server

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

 

Learn NSX Day 10 : Layer 2 Bridging

Diagram is to try and display my understanding how layer 2 bridging might work.
Layer 2 BridgingWhy

  • Extend the physical services to virtual machines
  • Allow physical devices to use NSX edge gateway as a router
  • VPN’s over untrusted medium

What does it require?

  • Distributed F/W rule to allow layer 2 bridging

    layer-2-bridging
    layer-2-bridging
  • A logical router

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologies if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.

Learn NSX Day 9 : Load Balancing Feature

EDGE Load Balancing
Networking and Security > NSX EDGE > Manage > Load Balancer tab.

load-balancing-edge
load-balancing-edge

Three load balancing options available

  • Enable Loadbalance – For internal servers distributed traffic
  • Enable Service Insertion – Load balance with third party vendor appliances
  • Acceleration Enabled – For faster L4 LB engine instead of L7

You can also select a variety of logging options

Details can be found in the VMware Document Centre

 

vSphere standard switch – Load Balancing

Diagram try to display my understanding of the vSphere standard switch load balancing using Round Robin of physical NICs

Load Balancing Feature

 

Topics :
Learn NSX – Home
Learn NSX Day 1 : NSX Requirements
Learn NSX Day 2 : NSX Deployment Best Practice
Learn NSX Day 3 : NSX Manager and NSX Controller
Learn NSX Day 4 : NSX Roles
Learn NSX Day 5 : NSX HA, Edge, REST API
Learn NSX  Day 6 : NSX and Logical Switches
Learn NSX Day 7 : Deploying ESXi
Learn NSX Day 8 : vDS (vSphere Distributed Switch)
Learn NSX Day 9 : Load Balancing Feature
Learn NSX Day 10 : Layer 2 Bridging
Learn NSX Day 11 : NSX EDGE
Learn NSX Day 12 : Spoof Guard
Learn NSX Day 13 : Distributed Router and Distributed Logical Firewall
Learn NSX Day 14 : Monitoring
Learn NSX Day 15 : NSX Backups
Learn NSX Day 16 : Useful Commands & Errors

 

These are notes made during my study of VMware NSX for vSphere. Apologise if any of the detail is incorrect. Hopefully posts under “Learn NSX” help others to start learning about VMware NSX for vSphere.