WilliamLam.com

Can you really deploy the vCenter Server Appliance (VCSA) without DNS and NTP?

by // 8 Comments

The simple answer is Yes. Now, you might be wondering why anyone would want to put themselves through the pain without setting up proper DNS and NTP?

Well, not all environments have the luxury of having either outbound connectivity and/or access to basic infrastructure services like DNS and NTP. This may come as a surprise to some, but there are customers out there that need to operate in very unique and constrained environments. One such example of this is typically from customers that need to deploy vSphere in a "dark site" where local infrastructure services like DNS and NTP are not available.


I recently re-validated this deployment model using the latest vSphere 7.0 Update 3 release running on an Intel NUC 11 which had no outbound connectivity and it was only connected to my laptop, which also had no outbound connectivity or access to DNS or NTP. Since this question recently came up from a customer who was looking to automate this, so I ran through the deployment workflow using the VCSA CLI Installer but this should also be possible with VCSA UI Installer as the same options are supported.

OK, so how do you make this work?

[Read more...]

Using PowerCLI to automate the retrieval of VCSA Identity Sources

by // 3 Comments

Similiar to automating the retrieval of the vCenter Server Appliance (VCSA) password policies using PowerCLI, we can extend that example and leverage the Guest Operations API via Invoke-VMScript cmdlet to also retrieve the identity sources configured for a given VCSA without requiring SSH access.

I have created a new VCSA.psm1 PowerCLI Module which now includes the previous Get-VCSAPasswordPolicy function along with the new Get-VCSAIdentitySource function which accepts the name of the VCSA VM and root password to the VM as shown in the screenshot below.

If you need to add a specific Identity Source such as an Active Directory Domain which you have joined the VCSA, you can simply use Invoke-VMScript cmdlet and pass in the following command:

/opt/vmware/bin/sso-config.sh -add_identity_source -type nativead -domain vmware.corp

How to deploy the vCenter Server Appliance (VCSA) with a custom MAC Address?

by // 3 Comments

I recently had a question that came in from our field where a customer needed to deploy the vCenter Server Appliance (VCSA) with a specific MAC Address which was a requirement to ensure property connectivity within their network. This type of network requirement is not really new or unique, it is a common practice used to ensure only valid VMs with a static DHCP reservation can actually connect to a specific network but it certainly was the first time I had heard of this request for the VCSA.

With the default VCSA installer workflow, there is currently not a way to modify the network MAC Address which is automatically generated after the deployment of the OVA. Having said that, I have spent quite a bit of time exploring the various non-standard methods of deploying the VCSA in the past (see here, here and here) and with that information, you definitely can affect the MAC Address while still maintaining a valid VCSA deployment. With a bit of trial/error, there are two options depending if you are deploying the VCSA directly to an ESXi host (for initial setup) or to an existing vCenter Server. To demonstrate how this works, I have created a basic shell script called VCSAStaticMACAddress.sh which you can easily adapt to for a Windows-based environment.

The trick is that when you deploy to a vCenter Server endpoint, the required OVF properties are persisted which would allow you to only deploy the VCSA but not actually power it on and there you can easily augment a number of settings including the MAC Address. In the case of deploying directly to an ESXi host, OVF properties are not persisted and hence a challenge if you wish to make changes prior to powering on the VM. In earlier versions, it was possible to set these OVF properties by way of using the extraConfig property of the VM but it looks like this trick no longer works and requires a slight variation of the workflow which is described in the instructions below.

[Read more...]