Tag Archives: PowerCLI

To SSH or not to SSH — Either way, there is a script!

I’ve had scripts in the past for enabling SSH on all of my VMware Hosts, but recently had a PCI Audit come through requesting that I disable SSH on all hosts in my PCI environment.  Well, that was something I hadn’t done before, but I knew it wouldn’t take long to “reverse engineer” my “enable SSH script” and make a “disable SSH script.”

Below are the different scripts I used for my different environments, and I hope you find them useful.  In the “enable SSH script” it will not only enable SSH, but will also change the default Startup Policy for SSH to “start and stop with the host”…additionally, it suppresses the shell warning you normally see when SSH is enabled on a Host.

In the “disable SSH script” it disables SSH and changes the default Startup Policy back to “start and stop manually.”  Each script is written to function at the Cluster Level in VMware, but you can easily modify it to focus on larger or smaller portions of your environment as needed.

Without further ado, here are the scripts….

Script for Enabling SSH


Script to Disable SSH


PowerCLI – Storage vMotion VMs from One Datastore to Another

SCRIPT SYNOPSIS / REASON CREATED – We are doing a good bit of underlying infrastructure work on our SAN environments, so we needed a script to move all VMs from an “old” datastore to a “new” (or different) datastore. Additionally, many of our VMs had been created as “thick provisioned eager zero” (before my arrival), so I wanted to use this opportunity to “thin provision” all of the VMs when I performed the Storage vMotion. As I looked for scripts to assist with this, I was amazed as how easy this is with just a few steps.


OVERVIEW OF STEPS – This is a very simple script that connects to your vCenter with the supplied credentials and then moves all VMs from one datastore to another datastore, while changing each VM to “thin provisioned” during the process. For my environment, I added the “-RunAsync” option at the end of the command so as to have all sVmotions running at the same time. If you want to run the sVmotions singularly (wait until one sVmotion is complete before starting another one), you can remove the “-RunAsync” option from the command.


PowerCLI – Indentify VMs with RDM disks

SCRIPT SYNOPSIS / REASON CREATED – At the time of this script, we have over 800 VMs across multiple datacenters. In a few of those DCs, we have a small number of VMs that have RDMs attached (for use with Microsoft Clustering). Our current environment is VMware 5.5 hosts, so we still are VERY careful when doing anything (vMotion, etc.) on these VMs with RDMs. Per the article at https://blogs.vmware.com/apps/2015/02/say-hello-vmotion-compatible-shared-disks-windows-clustering-vsphere.html this will be a non-issue for us when we get all hosts upgraded to vSphere 6.


OVERVIEW OF STEPS – This is a very simple script that connects to your vCenter with the supplied credentials and then gets all VMs in the environment, specifically looking for VMs with a disk type of “RawPhysical” or “RawVirtual.” Once the script identifies VMs with these types of disks, it outputs the Parent (VM) Name, Disk File Type, and SCSI Canonical Name. There is an additional line of code that is currently remarked out that can output the results to a CSV file if desired.


Create Patch Baselines and Remediate Hosts in a Cluster

SCRIPT SYNOPSIS / REASON CREATED – With Several Hundred Hosts in our environment, we seemingly are constantly applying host patches…many times, before we get all hosts updated to a current version, there are additional patches/fixes that need to be applied. The goal for this script is to make it easier to update all VMHosts in a designated cluster.

OVERVIEW OF STEPS – After manually putting the host(s) to be remediated into Maintenance Mode, the script below connects to vCenter, creates custom baselines (if not previously created), attaches baselines to the designated cluster, scans for needed patches, and then remediates the host(s) while disabling Power Management/FT/HA and runs simultaneously on all hosts in the cluster.



Complex Script – Rename vDS attached hosts from IP to DNS Name

SCRIPT SYNOPSIS / REASON CREATED — We have several hundred hosts in various DCs around the world, and the majority of these hosts were connected to vCenter via the IP address rather than the DNS Name, which we wanted to change.  We are running vSphere ESXi 5.5 on all hosts, and each host is connected to a site vDs, which added complexity to this renaming process.  This “complex” script is comprised of seven separate steps and should be run on hosts that are already in Maintenance Mode.

OVERVIEW OF STEPS — After manually putting the host(s) into Maintenance Mode, the script below connect to vCenter, migrate the host(s) from the vDS to a vSS, remove the host from the vDS (after the physical NICs are attached to the vSS), take the IP address of the host(s) and perform a reverse-DNS Lookup which is then piped out to a variable, remove the host(s) from vCenter, add the host(s) back to vCenter using the DNS variable previously created, add the host(s) back to the existing vDS and migrate the vmk ports and physical NICs from the vSS back to the vDS, and then disconnect from the vCenter.