PowerCLI – Page 3

Exploring the new vSphere Privilege Recorder in vSphere 8.0 Update 1

09.13.2023 by William Lam // 3 Comments

Determining the minimum vSphere privileges that is required to perform a given vSphere operation (UI/API) has been a huge customer challenge to say the least. Strategies have included guessing along with trial and error by creating a custom vSphere Role and slowly removing privileges until you have identified the minimum required privileges. If you are familiar with the vSphere API and know exactly which API methods and properties are consumed, then you can use the vSphere API Reference since every method and property includes the specific privilege required in the documentation, but this method is pretty tedious and time consuming.

If only we had a way to record all the vSphere privilege that was used for a specific set of operation(s) in vCenter Server ... 🤔

Apparently I missed the initial news, but this was actually one of the new features that was introduced in vSphere 8.0 Update 1 called the vSphere Privilege Recorder! 😆

UPDATE (07/25/24) - Looks like the PowerCLI team has productized this capability with a new cmdlet introduced in PowerCLI 13.3 called Get-VIPrivilegeReport

[Read more...]

Retrieving vCenter Server certificate (Machine, VMCA Root, STS & Trusted Root) details using the vSphere API

09.11.2023 by William Lam // 11 Comments

In the vSphere UI, users can easily view and manage all of their vCenter Server certificates by navigating to Administration->Certificate->Certificate Management as shown in the screenshot below.

There are four types of vCenter Server certificates: Machine SSL, VMware Certificate Authority, STS Signing Certificate and the Trusted Root. On the main summary view, we can see the validity of the certificate, which is useful to quickly determine if you need to plan on replacing a specific certificate. We can also get more information about a specific certificate by clicking on the "View Details".

A question recently came up internally asking whether there is a vSphere API to retrieve all of this information programmatically, especially the validity of the certificate?

[Read more...]

Quick Tip - Retrieving the vSAN Rekey Interval using PowerCLI

07.26.2023 by William Lam // Leave a Comment

Since the release of vSAN 6.5.1, the PowerCLI team has introduced a number of high level vSAN cmdlets (current list HERE) that can be used to automate a variety of tasks. While the existing vSAN cmdlets are quite extensive and continues to get updated with new functionality, it will never be able to cover the rich set of functionality that is provided by vSAN.

For functionality that is not available in the high level vSAN cmdlets, user can still perform the task using PowerCLI, but they will need to directly access the underlying API, in this case the vSAN Management API.

Note: This concept also applies to other high level PowerCLI cmdlets, if you are unable to locate the functionality, then most likely you will need to interrogate the API using PowerCLI.

In the case of retrieving the vSAN Data-in-transit encryption rekey interval, which is not available in the high level Get-VsanClusterConfiguration cmdlet, we can easily retrieve it with the following PowerCLI snippet:

[Read more...]