Common PowerCLI examples for VM Provisioning in VMware Cloud on AWS

One of the huge benefits of VMware Cloud on AWS (VMC) is not only the ability to extend your existing on-premises environment and tap into the potentially unlimited capacity of the Cloud, but customers can continue to use the existing tools and scripts that they are already familiar with. When it comes to Automation, PowerCLI is still by far the most popular tool that our customers uses on a regular basis. With VMC, this is no different as the SDDC is simply made up of vSphere, vSAN and NSX which PowerCLI fully supports.

One learning curve that I have seen for some customers when working with VMC is around general provisioning and the implication of the restrictive permission model in VMC. Unlike your on-premises vSphere environment, in VMC, you are no longer running as a vSphere Administrator but rather a Cloud Administrator. This simply means you no longer have to worry about managing the underlying infrastructure (patch, upgrade, monitor, etc) and you get to focus deploying and managing your workloads.

What this technically translates to is that you are restricted to a particular part of the vSphere Inventory where you have permissions to actually deploy workloads. This is to help isolate your workloads and ensure that you do not negatively impact the VMware Management VMs by accident and thus affecting your SDDC.

• From the Hosts/Clusters view, you must use the Compute-ResourcePool
• From the VM view, you must use the Workloads Folder
• From the Datastore view, you must use the WorkloadDatastore

When using the vSphere UI to deploy new workloads, the UI does a really good job of guiding you towards the right inventory objects, but this may not always be apparent when using the CLI or API, especially for new folks or folks who never use the UI 😉

Below are some examples of the most common VM Provisioning operations along with the respective PowerCLI example which can be used as a reference to help folks quickly get ramped up when working with VMC.

To help simplify any scripts you may write against VMC, you should consider setting the following global variables which map to the specific vSphere Inventory objects that you need to specify when provisioning a new workload:

$VMCVMFolder = "Workloads"
$VMCResourcePool = "Compute-ResourcePool"
$VMCDatastore = "WorkloadDatastore"

Note: For VM Folder and Resource Pool, you do have the ability to create nested objects and if you do so, you will obviously want to set it to the name of those objects.

Create a brand new VM

When creating a new VM from scratch, make sure to specify the name of NSX-T Logical Network which may have been pre-created for you or more likely, one that you had created. In this example, we are creating a new VM named TestVM-01 and attaching it to the sddc-cgw-network-1

$NewVMName = "TestVM-01"
$VMNetwork = "sddc-cgw-network-1"
New-VM -Name $NewVMName -Location (Get-Folder $VMCVMFolder) -ResourcePool (Get-ResourcePool $VMCResourcePool) -Datastore (Get-Datastore $VMCDatastore) -NetworkName $VMNetwork

Clone from an existing VM

Here we are cloning from an existing VM named TestVM-01 and creating a new VM named TestVM-02

$NewVMName = "TestVM-02"
$ExistingVM = "TestVM-01"
New-VM -Name $NewVMName -VM (Get-VM $ExistingVM) -Location (Get-Folder $VMCVMFolder) -ResourcePool (Get-ResourcePool $VMCResourcePool) -Datastore (Get-Datastore $VMCDatastore)

Clone from an existing vSphere VM Template

Here we are cloning from an existing vCenter VM Template named TestVM-01-Template and creating a new VM named TestVM-03

$NewVMName = "TestVM-03"
$VMTemplate = "TestVM-01-Template"
New-VM -Name TemplateVM -Template (Get-Template $VMTemplate) -Location (Get-Folder $VMCVMFolder) -ResourcePool (Get-ResourcePool $VMCResourcePool) -Datastore (Get-Datastore $VMCDatastore)

Clone from an existing Content Library VM Template

Here we are cloning from an existing Content Library VM Template named TestVM-01-CL-Template and creating a new VM named TestVM-04

$NewVMName = "TestVM-04"
$ContentLibraryVMTemplate = "TestVM-01-CL-Template"
New-VM -Name $NewVMName -ContentLibraryItem (Get-ContentLibraryItem $ContentLibraryVMTemplate) -Location (Get-Folder $VMCVMFolder) -ResourcePool (Get-ResourcePool $VMCResourcePool) -Datastore (Get-Datastore $VMCDatastore)

Cross vCenter vMotion a VM from on-premises vSphere to VMC

Replace the values with your environment configuration:

$VMName = "Workload-01"
$VMCVCServer = "FILL-ME-IN"
$VMCVCUsername = "*protected email*"
$VMCVCPassword = "FILL-ME-IN"
$OnPremVCServer = "FILL-ME-IN"
$OnPremVCUsername = "*protected email*"
$OnPremVCPassword = "FILL-ME-IN"

Connect to both VMC vCenter Server and on-premises vCenter Server:

$vmc = Connect-VIServer -Server $VMCVCServer -User $VMCVCUsername -Password "$VMCVCPassword"
$onPrem = Connect-VIServer -Server $OnPremVCServer -User $OnPremVCUsername -Password "$OnPremVCPassword"

Build out the required parameters for migration:

$VM = Get-VM -Server $onPrem -Name $VMName
$DestinationRP = Get-ResourcePool -Server $vmc $VMCResourcePool
$DestinationFolder = Get-Folder -Server $vmc -Name $VMCVMFolder
$DestinationDatastore = Get-Datastore -Server $vmc $VMCDatastore
$DestinationNetwork = Get-VirtualNetwork -Server $vmc $VMCNetwork

Initiate Cross vCenter vMotion:

Move-VM -Server $vmc -VM $VM -Destination $DestinationRP -InventoryLocation $DestinationFolder -Datastore $DestinationDatastore -Network $DestinationNetwork

Managing VMs with NSX-T

Today, all new VMC SDDCs are deployed with NSX-T. The reason this is important is that NSX-T uses a different Network object typed in vSphere called an Opaque Network to represent the underlying Logical Network (also known as a Network Segment in the NSX-T UI). The way in which you manage and automate VM reconfiguration with an NSX-T Opaque Network is different than how you manage standard Portgroup and Distributed Portgroups. There are some changes you need to make in your code to properly handle Opaque Network, for more details please refer to this KB 66907 which goes into more details around using the vSphere API and includes a number of samples including PowerCLI, Python, Ruby and Ansible.

Importing OVF/OVA into VMC

If you are looking to import VMs into VMC, especially with OVFTool or Import-VApp, be sure to check out this blog post on some additional networking requirements that is required before you can perform those types of operations.