WilliamLam.com

Retrieving vCenter Server certificate (Machine, VMCA Root, STS & Trusted Root) details using the vSphere API 

by // 4 Comments

In the vSphere UI, users can easily view and manage all of their vCenter Server certificates by navigating to Administration->Certificate->Certificate Management as shown in the screenshot below.


There are four types of vCenter Server certificates: Machine SSL, VMware Certificate Authority, STS Signing Certificate and the Trusted Root. On the main summary view, we can see the validity of the certificate, which is useful to quickly determine if you need to plan on replacing a specific certificate. We can also get more information about a specific certificate by clicking on the "View Details".

A question recently came up internally asking whether there is a vSphere API to retrieve all of this information programmatically, especially the validity of the certificate?

[Read more...]

Quick Tip - New remote version of ESXCLI 8.x

by // Leave a Comment

I was recently made aware of a nice update from our developers that we now have a new version of the remote ESXCLI utility that is much simpler to install across any operating system and is fully backwards compatibility with ESXi hosts running 6.7.x, 7.x and 8.x.

Many of you are probably familiar with the local version of ESXCLI which is available when connecting to ESXi whether that is over SSH or directly in the ESXi Console. However, a remote version of ESXCLI has been available since the introduction of ESXCLI back in vSphere 4.0, but surprisingly, I still come across users who never knew that this was possible!

In the past, the remote version of ESXCLI was platform specific and it was distributed in a number of diffrent ways from being bundled as part of the vSphere CLI (6.7) to being a standalone download (7.0) and this inconsistency brought many challenges, not just from an internal development standpoint but also operationally for users who needed to deploy this utility across their administrative systems.

[Read more...]

How to relocate an existing vSphere Content Library from one vSphere Datastore to another?

by // 6 Comments

When you create a vSphere Content Library using vCenter Server, the content library is comprised of both the raw uploaded files (OVF, OVA, VM Templates, ISO, etc) which are stored in a vSphere Datastore and the metadata that is generated by vCenter Server for the individual files, which are stored in the vCenter Server Database (VCDB). In contrast, when an External vSphere Content Library is created, which can be backed by any HTTP(s) endpoint, both the metadata along with the raw files are stored external to the vCenter Server and is managed separately.

Today, there is not an easy way to relocate or move an existing vSphere Content Library from one vSphere Datastore to another. The process would require creating a new vSphere Content Library, then manually using either the vSphere UI or API to then copy all the files from the previous content library to the newly created one which is backed by a different vSphere Datastore.

Typically, the reason for this use case is either you are running out of storage and can not expand further or you need to decomission the underlying storage backing the content library.

Recently, I needed to look into this for my own homelab setup where I plan to rebuild one of my setup which is running on vSAN and I wanted to preserve existing content library without having to transfer content back/fourth. The context above was important as I was able to figure out this could be done with some minor tweaks to the VCDB (which I typically do not recommend touching for this reason) but for this purpose, it really is the only way which I had also confirmed with Engineering.

Disclaimer: This is not officially supported by VMware, use at your own risk.

[Read more...]