Host Profiles for vSphere customers without Enterprise Plus

Not everyone can justify the costs associated with VMware vSphere Enterprise Plus licenses.

For vSphere 5 the licensing is broken down as follows, with each “higher” license level adding to the features of the previous levels:

  • “Standard” featuring:
    • High Availability
    • Data Recovery
    • vMotion
  • “Enterprise” adds the following features:
    • Virtual Serial Port Concentrator
    • Hot Add
    • vShield Zones
    • Fault Tolerance
    • Storage APIs for Array Integration
    • Storage vMotion
    • Distributed Resource Scheduler
    • Distributed Power Management
  • “Enterprise Plus” adds:
    • Distributed vSwitch
    • Network and Storage I/O Controls
    • Host Profiles
    • Auto Deploy
    • Policy-Driven Storage
    • Storage DRS
Enterprise Plus adds a lot of neat features but can be a little harder to justify when trying to get a project approved. The good news is that you can use vSphere PowerCLI to get some (parts) of those Enterprise Plus “features” for free.
My example for today is host profiles. If you manage an environment with a large number of ESXi hosts the vSphere Enterprise Plus Host Profiles feature is something you should probably have. It will help you streamline host deployment and guarantee a standard configuration across your entire environment (important when you are subject to various regulations). If you run a smaller environment, and regulatory concerns aren’t as big of a deal to you, and IF you are willing to spend some time with PowerCLI perhaps you can learn to live without the Host Profiles (and those more expensive Enterprise Plus licenses).
Disclaimer: I am not a PowerCLI expert. I do however own the Vmware vSphere PowerCLI Reference: Automating vSphere Administration book and I can attest that it is the most “powerful” vSphere book out there. I would expect the authors to release an updated version soon which covers some of the new features of vSphere 5, as there appears to be enough new features to warrant it.
My goal was to create a script that configures my lab hosts with all those tedious settings I would otherwise have to do by hand. I’ve divided up the commands into three sections but the truth is that you could paste them all at once into the PowerCLI window. You will of course need to download PowerCLI first to run these commands.
My goals were as follows:
  • Enable SSH Server, create the necessary firewall exceptions, and start the SSH Server service (in that order).
  • Enable the ESXi shell, create the necessary firewall exceptions, and start the ESXi Shell service (in that order).
  • Set the NTP servers, create the necessary firewall exceptions, and enable the NTP service (in that order).
  • Set the Sysvol server and create any required firewall exceptions
  • Set the domain name and DNS search domain values
  • Create the firewall rules required for vCenter update manager
The commands below query vCenter for all attached hosts. You could target individual ESXi hosts if you wanted, you would just need to edit the commands some.
Set syslog host, search domains, domain name, and NTP servers:
foreach ($esxhost in $esxhosts) {Set-VMHostAdvancedConfiguration -VMHost $esxhost -Name -Value ‘udp://′}
foreach ($esxhost in $esxhosts) {set-vmhostnetwork -VMHost $esxhost -name SearchDomain “”}
foreach ($esxhost in $esxhosts) {set-vmhostnetwork -VMHost $esxhost -name DomainName “”}
foreach ($esxhost in $esxhosts) {Add-VmHostNtpServer -VMHost $esxhost -NtpServer “″}
foreach ($esxhost in $esxhosts) {Add-VmHostNtpServer -VMHost $esxhost -NtpServer “″}
Firewall exceptions for VUM, SSH inbound, syslog, and NTP:
get-vmhost | Get-VMHostFirewallException | where {$_.Name -eq “SSH Server”} | Set-VMHostFirewallException -Enabled:$true
get-vmhost | Get-VMHostFirewallException | where {$_.Name -eq “vCenter Update Manager”} | Set-VMHostFirewallException -Enabled:$true
get-vmhost | Get-VMHostFirewallException | where {$_.Name -eq “NTP client”} | Set-VMHostFirewallException -Enabled:$true
get-vmhost | Get-VMHostFirewallException | where {$_.Name -eq “syslog”} | Set-VMHostFirewallException -Enabled:$true
Enable/start service console, SSH, and NTP:
Get-VMHost | Get-VMHostService | Where { $_.Key -eq “TSM-SSH” } | set-VMHostService -Policy On
Get-VMHost | Get-VMHostService | Where { $_.Key -eq “TSM” } | set-VMHostService -Policy On
Get-VMHost | Get-VMHostService | Where { $_.Key -eq “ntpd” } | set-VMHostService -Policy On
Get-VMHost | Get-VMHostService | Where { $_.Key -eq “TSM-SSH” } | start-VMHostService
Get-VMHost | Get-VMHostService | Where { $_.Key -eq “TSM” } | start-VMHostService
Get-VMHost | Get-VMHostService | Where { $_.Key -eq “ntpd” } | start-VMHostService
These commands are just the tip of the iceberg when it comes to PowerCLI. You only need refer to the cmdlet reference to see the many different ways that you can leverage PowerCLI to help you configure and administer your vSphere environment, and maybe even make up for the lack of features that you are missing by only having Standard or Enterprise licensing.
– Jason
About these ads

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s