VMware
PowerCLI: New cmdlets for Update Manager
Mar 3rd
VMware have this morning / last night released some PowerCLI cmdlets for VMware Update Manager (VUM). A short description can be found of them below:
| Cmdlet Name | Cmdlet Description |
| Attach-Baseline | Attaches baselines to the specified Template, VirtualMachine, VMHost, Cluster, Datacenter, Folder, and VApp objects.
Attaching a baseline to a container object such as a folder or datacenter transitively attaches the baseline to all objects in the container. |
| Detach-Baseline | Detaches baselines from the specified inventory objects. |
| Download-Patch | Downloads new patches into the Update Manager patch repository from the enabled patch download sources. |
| Get-Baseline | Retrieves the baselines specified by the provided cmdlet
parameters. |
| Get-Compliance | Retrieve baseline compliance data for the specified object of type Template, VirtualMachine, VMHost, Cluster, Datacenter, Folder, and VApp. |
| Get-Patch | Retrieves all available patches or those specified by the provided cmdlet parameters. |
| Get-PatchBaseline | Retrieves all patch baselines or those specified by the provided cmdlet parameters. |
| New-PatchBaseline | Creates a new patch baseline. Patch baselines can be applied to either hosts or virtual machines. Depending on the patch criteria you select, patch baselines can be either dynamic or static (fixed). |
| Remediate-Inventory | Remediates an inventory object against the specified baselines. |
| Remove-Baseline | Deletes the specified baselines from their servers. Before the
removal, the baselines are detached from all entities they have been attached to. |
| Scan-Inventory | Scans inventory objects for baselines attached to them. |
| Set-PatchBaseline | Modifies the properties of a patch baseline. You can specify explicitly the patches you want to include in the baseline through the IncludePatch parameter. |
| Stage-Patch | Initializes staging of patches. Staging allows you to download
patches from the Update Manager server to the ESX/ESXi hosts, without applying the patches immediately. |
The cmdlets can be downloaded from VMware’s website as a PowerShell Snapin and require PowerCLI 4.0 U1.
I look forward to seeing a few scripts pop out in the next few days that make use of these.
Veeam Surebackup
Feb 19th
Everybody is talking about it. If I asked my brother-in-law (an advertising creative) he’d probably say that this is a good marketing strategy. It certainly works on me anyway – I’m as curious a hell! Like everyone else who’s been talking about it, I registered to find out more. Some have specualted about features or approaches (VirtualisedReality) and some (the SLOG), better connected than me, may find out more.
Actually I registered a few hours ago now but something has been bugging me. The big reveal is due on March 22nd. There are still 9 days of February to go. Doing the maths, 22 + 9 does not equal 23 (see the image below). It’s a lot closer to 32. Perhaps Veeam have a small code problem? I’d hope not and I think not.
Having had a look at the page source,
it looks like the countdown is configured to run until March 15th. I’m guessing that there will be more revealed or some change to their site around that time. I wait in eager anticipation.
Update (20/02/2010): Found a tweet from @veeam this morning:
RT: @veeam: RT @mpoore: New Post: Veeam Surebackup http://bit.ly/bAVtum <- Good detective work…the countdown will be changed for March 22 (OOPS) 
Basics: Open PowerCLI using different credentials
Feb 19th
Everytime I use a different PC or laptop I always forget to do this after installing PowerCLI. I happily open PowerCLI up and try to connect to a vCenter server and get prompted for my login information. This is how I feel:
Every time in that session that “Connect-VIServer” is used I’ll get it because my normal domain account doesn’t have any privileges in vCenter. The point of this post isn’t to teach anyone to suck eggs but maybe it’ll help me remember in future to make one tiny change after installing PowerCLI.
Right click on the PowerCLI shortcut and open the shortcut’s properties.
Click the “Advanced” button.
Tick the box “Run with different credentials”. OK everything.
The next time the the shortcut is used the option to specify different credentials is shown:
Entering a different account here saves having to do it each time “Connect-VIServer” is used. There are other things that can be done of course. Maybe I’ll save those for another day.
Released: VMware View 4.0.1
Feb 19th
VMware View 4.0.1 is a maintenance release that adds a small number of features / enhancements:
- Localisation of the View client in a number of languages including French and German.
- Support for vCenter 2.5 Update 6 and ESX 3.5 Update 5
- PCoIP now supports Virtual Printing, a couple of Single Sign-On Providers and International keyboards.
There are a few bug fixes included also. The best thing to do is to head over to the release notes and check them out. Then it’s time to download and update 
.
PowerCLI: Documenting vCenter Permissions (Part 1)
Feb 12th
It’s a nice feeling being asked to do something challenging and new. There I was writing lots of lovely documentation and I was asked if I could document the permissions in vCenter. I said “Ok” without really thinking about it. Do you know how many different privileges there are in vCenter? Quite a few, I realised a few seconds later.
After consulting the PowerCLI cmdlets reference I found out exactly how many there were.
(get-VIPrivilege).count
Only 249. Multiply that by 14 default roles and you get 3486 permissions to document. It’s not quite that bad really. You only need to document permissions that have been assigned so that cuts the number down considerably. Still, there must be an easier way.
I’ve all but hit you over the head with the solution. Let’s take the default “Admin” role as an example. The following shows exactly which permissions it has:
get-VIPrivilege -role Admin
The output isn’t pretty but it gets the job done. Suppose you want the privileges for all roles. To borrow Apple’s catch-phrase, there’s a cmdlet for that.
get-VIRole
This is all well and good but we need to combine these cmdlets, their output and present it in some sort of meaningful way. PowerShell has a number of builtin cmdlets for formatting and / or exporting data. What I wanted was something that didn’t require me to do any extra formatting afterwards and that I can use again. Given the nature of the data we’re trying to extract, one of the best ways of presenting it is in an Excel spreadsheet. For this we could use the export-csv cmdlet but to avoid any extra formatting I decided to experiment with Excel interaction. That is the part that took most of the time and has made the script below such an ungainly beast. Thanks though to the magic of Google and inspiration from one of Alan Renouf’s scripts, I cobbled together the following:
####################################################################
# List-Privileges.ps1 #
# #
# Author: Michael Poore (www.wekabyte.co.uk) #
# Version: 0.1 #
# Date: 12/02/2010 #
# #
# Change History: #
# - 0.1 - First working version #
# #
####################################################################
$vcserver = "myvcserver"
$startrow = 3
$date = get-date -format F
# Connect to VC Server
Connect-VIServer $vcserver
# Get a list of all privileges from the VC Server
$privs = @()
foreach ($priv in Get-VIPrivilege | sort Id)
{
$objecta = "" | select-Object ID,Description
$objecta.ID = $priv.Id
$objecta.Description = $priv.Description
$privs += $objecta
}
# Get a list of all roles from the VC Server and determine which privileges they hold
$roles = @()
foreach ($role in Get-VIRole)
{
$objectb = "" | select-Object Name,System,Description,Privileges
$objectb.Name = $role.Name
$objectb.System = $role.IsSystem
$objectb.Description = $role.Description
$myprivs = @()
$roleprivs = $role.PrivilegeList | Sort
$roleprivs
foreach ($priv in $privs)
{
$myprivs += $roleprivs -contains $priv.ID
}
$objectb.Privileges = $myprivs
$roles += $objectb
}
# Create new Excel object
$Excel = New-Object -Com Excel.Application
$Excel.visible = $True
$Excel = $Excel.Workbooks.Add(1)
$Sheet = $Excel.WorkSheets.Item(1)
# Write Worksheet title
$Sheet.Cells.Item(1,1) = "Roles and Privileges Report for $vcserver - $date"
$Sheet.Cells.Item(1,1).font.bold = $true
$Sheet.Cells.Item(1,1).font.underline = $true
$Sheet.Cells.Item(1,1).font.size = 18
# Write worksheet column headers
$row = $startrow
$Sheet.Cells.Item($row,3) = "ROLE:"
$Sheet.Cells.Item($row,3).font.bold = $true
$Sheet.Cells.Item($row,3).HorizontalAlignment = 4
$Sheet.Cells.Item($row,3).Borders.Item(10).LineStyle = 1
$Sheet.Cells.Item($row,3).Borders.Item(10).Weight = 4
$row++
$Sheet.Cells.Item($row,3) = "DESCRIPTION:"
$Sheet.Cells.Item($row,3).font.bold = $true
$Sheet.Cells.Item($row,3).HorizontalAlignment = 4
$Sheet.Cells.Item($row,3).Borders.Item(10).LineStyle = 1
$Sheet.Cells.Item($row,3).Borders.Item(10).Weight = 4
$row++
$Sheet.Cells.Item($row,3) = "SYSTEM:"
$Sheet.Cells.Item($row,3).font.bold = $true
$Sheet.Cells.Item($row,3).HorizontalAlignment = 4
$Sheet.Cells.Item($row,3).Borders.Item(10).LineStyle = 1
$Sheet.Cells.Item($row,3).Borders.Item(10).Weight = 4
$Sheet.Rows.Item($row).Borders.Item(9).LineStyle = 1
$Sheet.Rows.Item($row).Borders.Item(9).Weight = 4
$row++
$sheet.columns.item(1).columnwidth = 5
$sheet.columns.item(2).columnwidth = 5
$sheet.columns.item(3).columnwidth = 30
$sheet.columns.item(4).columnwidth = 2
foreach ($priv in $privs)
{
$level = [regex]::matches($priv.ID,"\.").count
switch ($level)
{
0 {$col = 1}
1 {$col = 2}
default {$col = 3}
}
$Sheet.Cells.Item($row,$col) = $priv.Description
$Sheet.Cells.Item($row,3).Borders.Item(10).LineStyle = 1
$Sheet.Cells.Item($row,3).Borders.Item(10).Weight = 4
#$Sheet.Cells.Item($row,3).WrapText = $true
$Sheet.Cells.Item($row,4) = " "
$row++
}
$col = 5
foreach ($role in $roles)
{
$row = $startrow
$Sheet.Cells.Item($row,$col).Orientation = 90
$Sheet.Cells.Item($row++,$col) = $role.Name
$Sheet.Cells.Item($row,$col).HorizontalAlignment = 3
$Sheet.Cells.Item($row++,$col) = $role.System
$Sheet.Cells.Item($row,$col).HorizontalAlignment = 5
$Sheet.Cells.Item($row++,$col) = $role.Description
foreach ($priv in $role.Privileges)
{
if ($priv)
{
$Sheet.Cells.Item($row,$col).HorizontalAlignment = 3
$Sheet.Cells.Item($row,$col) = "Yes"
}
$row++
}
$sheet.columns.item($col).columnwidth = 6
$col++
}
Clear
It’s a little slow to run but fairly easy to read the output. These are the default roles in vCenter 4.0.
So that’s part 1. The next step is already underway – tidying the script and adding to it to try and give some indication of which AD users and groups map to which roles.
