vSphere Update Manager Network Connections

Recently I was struggling getting vSphere Update Manager to work properly across firewalls. Information for the required firewall ports that need to be opened can be obtained from the following VMware KB articles:


During troubleshooting, some information got me confused and as the saying goes, “a picture is worth a thousand words.”, I decided to craft a picture from all this information.

vCenter Update Manager

Table 1 – vSphere Update Manager network port requirements.

Port Protocol Source Target
80 TCP vSphere Update Manager www.vmware.com and xml.shavlik.com
80 TCP ESXi Host vSphere Update Manager
80 TCP vSphere Update Manager vCenter Server
80 TCP vSphere Update Manager ESXi Host
443 TCP vSphere Update Manager www.vmware.com and xml.shavlik.com
443 TCP ESXi Host vSphere Update Manager
443 TCP vCenter Server vSphere Update Manager
902 TCP vSphere Update Manager ESXi Host
1433 TCP vSphere Update Manager Microsoft SQL Server
1521 TCP vSphere Update Manager Oracle Database Server
8084 TCP vCenter Server vSphere Update Manager
9084 TCP ESXi Host vSphere Update Manager
9087 TCP vCenter Server vSphere Update Manager

Restoring the default vCenter Server alarms

I’ve been troubleshooting some vCenter alarms lately, which involved a lot of editing, removing and adding of alarms. After the troubleshooting I wanted to reset everything back to default and ran into VMware KB article 2009166, explaining how to restore the default vCenter Server alarms.

To restore the default vCenter Server alarms you first have to delete all existing alarms, including the custom created alarms. Be warned that the restore procedure from the KB article will restore only the default vCenter Server alarms and not the custom created ones.

Backing up Alarms

When you’ve created a lot of custom alarms then KB Article 1032660 provides a way to backup your alarms by copying the alarms to another (temporary) vCenter server. Using the same procedure you can restore your custom alarms again and guess what? It’s done using a PowerCLI script :-)

Deleting Alarms

As per KB article:
To delete all the existing alarm definitions in the vCenter Server:

  1. Log in to the vCenter Server using the vSphere Client.
  2. Click the Hosts and Clusters view.
  3. Click the Alarms tab.
  4. Click Definitions.Note: All custom alarms must be manually recreated after they are removed. Ensure to note the custom alarms before removing.
  5. Select all alarms, right-click, and  click Remove.

Note: ALL vCenter Alarms need to be removed on ALL objects, not just only the alarms on the vCenter object.

Deleting Alarms using PowerCLI

When you’ve created alarms on different objects, going through the GUI deleting all of them might be a tedious task. You can easily remove all vCenter Server alarms using PowerCLI with just a one-liner regardless of the object the alarm is defined on.

Get-AlarmDefinition | %{$_.ExtensionData.RemoveAlarm()}

Restoring the Default Alarms

As per KB article:
To restore the default vCenter Server alarms, change the alarm version in vCenter Server:
  1. Connect to vCenter Server using the vSphere Client.
  2. Click Administration > vCenter Server Settings.
  3. Click Advanced Settings.
  4. Set alarm.version to 0.
  5. Set alarms.upgraded to false.
  6. Restart the VMware VirtualCenter Server service.

Creating Custom Alarms

If you’re interested in creating custom alarms then the document available at http://communities.vmware.com/docs/DOC-12145 is a great read.

PowerCLI automation: Create vCenter Notification Email Alarm Action

I’ve received a request from a customer recently who wanted to configure all vCenter alarms to send a notification email. This instantly made me decide that PowerCLI was the best way to go rather than wasting a lot of valuable time in the vSphere client configuring the email notification alarms.

PowerCLI Automation Script:

I’ve created a quick and dirty script to do the job that I wanted to share with you. It’s probably not the fastest or the best optimized script, but it got the job done.

Get-AlarmDefinition | %{
   $_ | Set-AlarmDefinition -ActionRepeatMinutes (60 * 24);
   $_ | New-AlarmAction -Email -To "vcenteralarms@customer.corp" | %{
      $_ | New-AlarmActionTrigger -StartStatus "Green" -EndStatus "Yellow" -Repeat
      $_ | Get-AlarmActionTrigger | ?{$_.repeat -eq $false} | Remove-AlarmActionTrigger -Confirm:$false
      $_ | New-AlarmActionTrigger -StartStatus "Yellow" -EndStatus "Red" -Repeat

Line 1: The script first retrieves all the alarms. You can easily adapt the script to update only a specific alarms by changing this line to include the name of the alarm you want to update like:

Get-AlarmDefinition "Datastore usage on disk"

or even all datastore alarms with:

Get-AlarmDefinition "Datastore*"

Line 2: The script then configures the alarm action repeat frequency to repeat the action every 24 hours. The value must be specified in minutes and the default value is to repeat every 5 minutes.

Line 3: On this line a new send notification email action is created to send an email to the email address vcenteralarms@customer.corp.

Line 4: This creates an alarm action trigger when the status changes from “Green” to “Yellow” or from “Normal” to “Warning”.

Line 5: During the creation of the send notification email alarm action, a default alarm action trigger is created. Because there’s currently no Set-AlarmActionTrigger cmdlet available, I decided that it’s easier to remove the default trigger rather than trying to change it from “Once” to “Repeat” by falling back to using the SDK methods. I warned you that it was quick and dirty ;-)

Line 6: finally this line creates an alarm action trigger when the status changes from “Yellow” to “Red” or from “Warning” to “Alert”.

Have Fun!

Top Bloggers Voting Time Again

Eric Siebert has opened up another top VMware & virtualization blogs poll over at vSphere-land.com.  Please take a moment and cast your vote  for your favourite 10 bloggers.  It’ll take only a couple of minutes of your time and you can win a copy of the Train Signal’s new vSphere 5 and View 5 video training courses.

So head on over to http://vote.vsphere-land.com to cast your vote and reward the best bloggers for their hard work and dedication by letting them know that you appreciate them. They deserve it!

PHD Virtual Backup and Replication 5.3

PHD Virtual Backup and Replication 5.3, earlier demonstrated at VMworld 2011 by PHD Virtual, is coming soon. According to PHD Virtual it will be offering even faster backup and restore of virtual machines and new technologies that offer more flexibility for disaster recovery of your virtual environment.


  • New Job Processing Engine with I/O optimizations
  • Up to 8 Concurrent Data Streams per VBA (Enterprise Edition)
  • Virtual Machine Replication
  • Virtual Machine Test Mode
  • Mass Restore Virtual Machines
  • Open Export of VM’s from Backup Storage to standard OVF
  • Tape Friendly Backup Support

For more information have a look at the PHD5.3 Datasheet or watch the recently released demo video below.

Masking LUN paths using PowerCLI

I got a question on my previous post about the Get-EsxCli cmdlet, ESXCLI the PowerCLI way, from Alasdair Carnie who was having trouble using the Get-EsxCli cmdlet to mask luns at the ESXi host level. In this post I’ll show you how to accomplish LUN masking at the ESXi host level.

Note 1:
Before you read any further, please notice that the Get-EsxCli cmdlet is experimental. Also notice that in order to retrieve an esxcli instance you have to be connected directly to an ESX host.

Note 2:
When using the esxcli methods in PowerCLI, remember that you pay close attention to the definition of the specific method. You always have to provide a value for every parameter. If you don’t need to provide a value for a specific parameter, you have to specify the $null value.

Now that we are aware of these requirements, let’s create an additional claimrule to mask a LUN at the ESXi host level. Before we create a new claimrule, we’re going to have a look at the running claimrules on the ESXi host first.

Continue reading →

Managing VMware DRS rules using PowerCLI

One of the core features of VMware vSphere is the Distributed Resource Scheduler (DRS). VMware DRS is vSphere’s workload load balancer and relies on VMware vMotion technology to live-migrate workloads from one ESX host to another.

You can constrain the VMware DRS decisions by defining DRS Rules. As of vSphere 4.1 there are 2 type of DRS rules:

  • VM-to-VM rules
  • VM-to-Host rules (new in vSphere 4.1)

VM-to-VM rules

Until vSphere 4.1 you could only create VM-to-VM rules. This type of rule specifies the affinity between virtual machines (VMs). You can define both affinity- and anti-affinity rules.

Affinity rules

Affinity rules keep workloads together on the same ESX host. This is beneficial if for instance an application server needs fast access to its database that resides on another VM. Keeping both VMs together on the same host boosts performance as network traffic between the VMs won’t leave the ESX host. Note that if both servers are in different VLANs or subnets this benefit could be undone, as network traffic might need to be routed externally.

Anti-affinity rules

Anti-affinity rules separate workloads on different ESX hosts. This is beneficial if you have services running on multiple servers for redundancy, like domain controllers or Network Load Balancing (NLB) clusters. In these situations you want to make sure that the VMs are distributed over different ESX hosts. If one ESX host fails, the service would still be available through other VM(s) residing on other ESX hosts.

Continue reading →

Living the dream

Who would’ve thought that 2011 would become such a great year for me? Earlier this year a dream came true with the release of our PowerCLI book on March 28th. Now, only 2 months after, another dream is about to happen. I think I can honestly say that I’m living my dream right now.

Well, it’s official.
I will be joining VMware as a Senior Consultant starting June 6th.

After almost 13 years, I’m leaving my current employer KEMBIT. During that period KEMBIT has always felt like family to me, so deciding to leave them was not that easy. On the other hand, working for VMware was something I could only dream about and I simply couldn’t refuse the offer. :-)

I want to thank KEMBIT for the opportunity to let me grow my VMware knowledge and for their support and understanding. Thanks guys, it was a blast.

The PowerCLI Book Raffle – Behind the scenes

Now that our PowerCLI Book Raffle has ended and the lucky winner is published, I want to give you a full disclosure of the drawing process. Because our PowerCLI Book is about PowerCLI, what other tool than PowerShell could we use to perform the drawing process?

Twitter Fun

So first we need to retrieve all the twitter messages that people re-tweeted on Twitter. In order to do that we need to call the HTTP based Twitter search API. For more information on how to use the Twitter search API have a look at http://search.twitter.com/api/ This page shows us that the Twitter search API supports the Atom format through the Atom service URL “http://search.twitter.com/search.atom?q=<query>”. It also shows us the supported URL parameters. The most important parameters are:

  • rpp: the number of tweets to return per page, up to a max of 100
  • page: the page number to return, up to a max of roughly 1500 results (based on rpp * page

In order to perform a simple search, we only need to fill in the query parameter. We are interested in all messages that contain both “powerclibook” and “magictweet”. In order to search for tweets that contain both words, we need to concatenate them with the plus (+) sign, like http://search.twitter.com/search.atom?q=powerclibook+magictweet. To see the results you could simply paste that URL into your browser.

Continue reading →

VMware vSphere PowerCLI Reference: Automating vSphere Administration

It has been quite a journey, but it has finally arrived. Today our book: “VMware vSphere PowerCLI Reference: Automating vSphere Administration” will be released by Sybex. The journey started about a year ago when Alan Renouf and Luc Dekens decided to write a PowerCLI book that should have a practical approach to vSphere administration. Later that year they contacted 3 co-authors to help them out in order to keep meeting the deadlines. The PowerCLI book team was born and the book was to be written by “4 vExperts and a MVP”.

From this point I would like to personally thank Alan and Luc for the opportunity to realize a dream. I would also like to personally thank Mary Ellen Schutz, Developmental Editor, for transforming my technical gibberish into readable and most importantly understandable language. Last but not least I would like to personally thank our Technical Editor, Stuart Radnidge. He left no script unturned and served as the gatekeeper, ensuring that any code you find in the book will run the first time, every time. You might think that’s all there is to it, but then you’re wrong. I’ve never written a book before and I was impressed by the number of people that were involved behind the scenes in this book thing. On the Sybex team there were numerous people involved including but not limited to: Editorial Manager, Acquisition Editor, Production Editor, Copyeditor, Indexer, Proofreader and Compositor. Without each of their contributions, this book would have never made it to the presses.

Continue reading →