vcenter server appliance

Quick Tip - How to deploy vCenter Server Appliance (VCSA) to legacy CPU without VMX Unrestricted Guest feature?

03.02.2023 by William Lam // 1 Comment

I recently had a customer reach out who was having an issue deploying the latest vCenter Server Appliance (VCSA) 8.x to an ESXi host that had a CPU that was no longer supported. After the VCSA OVA was uploaded by the VCSA (UI/CLI) installer, it fails to power on the VM with the following error message:

The Intel "VMX Unrestricted Guest" feature is necessary to run this virtual machine on an Intel processor

This problem is only observed with older legacy CPUs that do not support some of the modern CPU instructions that is expected by most workloads today. There is workaround for those that still wish to run on unsupported hardware, which may yield other unexpected behaviors, by adding a VM Advanced Setting monitor.allowLegacyCPU = TRUE

However, there is a chicken/egg problem that user was not able to add this setting before the VM was automatically powered on by the VCSA Installer.

[Read more...]

Can you really deploy the vCenter Server Appliance (VCSA) without DNS and NTP?

10.21.2021 by William Lam // 9 Comments

The simple answer is Yes. Now, you might be wondering why anyone would want to put themselves through the pain without setting up proper DNS and NTP?

Well, not all environments have the luxury of having either outbound connectivity and/or access to basic infrastructure services like DNS and NTP. This may come as a surprise to some, but there are customers out there that need to operate in very unique and constrained environments. One such example of this is typically from customers that need to deploy vSphere in a "dark site" where local infrastructure services like DNS and NTP are not available.

I recently re-validated this deployment model using the latest vSphere 7.0 Update 3 release running on an Intel NUC 11 which had no outbound connectivity and it was only connected to my laptop, which also had no outbound connectivity or access to DNS or NTP. Since this question recently came up from a customer who was looking to automate this, so I ran through the deployment workflow using the VCSA CLI Installer but this should also be possible with VCSA UI Installer as the same options are supported.

OK, so how do you make this work?

[Read more...]

Using PowerCLI to automate the retrieval of VCSA Identity Sources

03.02.2020 by William Lam // 3 Comments

Similiar to automating the retrieval of the vCenter Server Appliance (VCSA) password policies using PowerCLI, we can extend that example and leverage the Guest Operations API via Invoke-VMScript cmdlet to also retrieve the identity sources configured for a given VCSA without requiring SSH access.

I have created a new VCSA.psm1 PowerCLI Module which now includes the previous Get-VCSAPasswordPolicy function along with the new Get-VCSAIdentitySource function which accepts the name of the VCSA VM and root password to the VM as shown in the screenshot below.

If you need to add a specific Identity Source such as an Active Directory Domain which you have joined the VCSA, you can simply use Invoke-VMScript cmdlet and pass in the following command:

/opt/vmware/bin/sso-config.sh -add_identity_source -type nativead -domain vmware.corp