WilliamLam.com

Quick Tip - Certificate is not trusted when importing signed OVF/OVA into vCenter Server

by // 1 Comment

An OVF/OVA can be digitally signed by a vendor to ensure its authenticity and when importing it into vCenter Server, the vSphere UI will either display that it contains a valid certificate or the certificate is not trusted as demonstrated in the example below:


If you are using a self-signed TLS certificate to sign an OVF/OVA, then it is expected that it would not be trusted by the Root Certificate Authority (CA) stored within the vCenter Server Appliance (VCSA).

However, if you have a valid TLS certificate that has been issued from a trusted certificate authority to sign an OVF/OVA, would you still see the error message? The answer actually surprised me.

[Read more...]

Can you really deploy the vCenter Server Appliance (VCSA) without DNS and NTP?

by // 12 Comments

The simple answer is Yes. Now, you might be wondering why anyone would want to put themselves through the pain without setting up proper DNS and NTP?

Well, not all environments have the luxury of having either outbound connectivity and/or access to basic infrastructure services like DNS and NTP. This may come as a surprise to some, but there are customers out there that need to operate in very unique and constrained environments. One such example of this is typically from customers that need to deploy vSphere in a "dark site" where local infrastructure services like DNS and NTP are not available.


I recently re-validated this deployment model using the latest vSphere 7.0 Update 3 release running on an Intel NUC 11 which had no outbound connectivity and it was only connected to my laptop, which also had no outbound connectivity or access to DNS or NTP. Since this question recently came up from a customer who was looking to automate this, so I ran through the deployment workflow using the VCSA CLI Installer but this should also be possible with VCSA UI Installer as the same options are supported.

OK, so how do you make this work?

[Read more...]

How to programmatically retrieve vCenter Server Patch & Update History?

by // 3 Comments

After upgrading my homelab to the latest vSphere 7.0 Update 3 release, I was just looking at the "History" tab within the Virtual Machine Management Interface (VAMI), which gives you a historical view of all the patches and updates that have been applied to your vCenter Server since its initial deployment. I am not exactly sure when this was feature was introduced, but it can definitely be useful for both auditing but also debugging/troubleshooting purposes.

Of course, I was curious about this information and wanted to see if I could retrieve it using something like PowerCLI. However when I started to look for the API, I realized that there may not be a public API for this ... but that did not stopped me and taking a look at Chrome Developer, I quickly saw the endpoint which was /rest/appliance/update/history and I was able to figure out a workaround giving the same data.

Below are two examples on accessing this data using either PowerShell or cURL

[Read more...]