Browsed by
Category: Clouds

vRA 7.x Snapshotting using PowerCLI Script

vRA 7.x Snapshotting using PowerCLI Script

Recently, I was looking for a scripted method for cold snapshotting of vRA in enterprise deployment. First, I wanted to confirm the shutdown order. VMware’s product documentation is quite limited regarding this topic, but it describes the right shutdown order. Looking further I found a better explanation here, where the documentation talks about vRA backup order. Of course, I wanted to check the proper starting procedure as well. I found it quickly here.

Well equipped with all information needed, I decided to write a script. Usually I use PowerCLI for tasks related to VMware software. I was sure that someone had the same idea before me so in order not to reinvent the wheel I started to check what Google will find.
I found a few elegant approaches, but one was the most interesting and inspiring.
Distributed vRealize Automation 7.x Orchestrated Shutdown, Snapshot and Startup using PowerCLI
Razz made it the way that I found I could use in my environment. I adjusted the script to my needs and it worked quite well. Of course, there is a lot to polish, but it works for me.

I decided to share Razz’s script adjusted by me. Maybe it will help someone with their administration tasks related to vRA.

$vCSA = ""
$snapName = ""
$snapDescription = ""
$log = ""

# vRA components
$proxy = @() 
$worker = @() 
$activeMgr = ""
$passiveMgr = @()
$primaryWeb = ""
$secondaryWeb = @()
$masterVRA = ""
$replicaVRA = @()
$dbServers = @()
$vRB = ""
$vRO = @()
$allVMs = @()

# Log file
$log = "coldvRASnapshots.log"

function shutdownVMandWait($vms,$log) {
    foreach ($vmName in $vms) {
        try {
            $vm = Get-VM -Name $vmName -ErrorAction Stop
            foreach ($o in $vm) {
                    if (($o.PowerState) -eq "PoweredOn") {
                        $v = Shutdown-VMGuest -VM $o -Confirm:$false
                        Write-Host "Shutdown VM: '$($v.VM)' was issued"
                        Add-Content -Path $log -Value "$($v)"
                    } else {
                        Write-Host "VM '$($vmName)' is not powered on!"
        } catch {
            Write-Host "VM '$($vmName)' not found!"
    foreach ($vmName in $vms) {
        try {
            $vm = Get-VM -Name $vmName -ErrorAction Stop
            while($vm.PowerState -eq 'PoweredOn') { 
                sleep 5
                Write-Host "VM '$($vmName)' is still on..."
                $vm = Get-VM -Name $vmName
            Write-Host "VM '$($vmName)' is off!"
        } catch {
            Write-Host "VM '$($vmName)' not found!"

function snapshotVM($vms,$snapName,$snapDescription,$log) {
    foreach ($vmName in $vms) {
        try {
            $vm = Get-VM -Name $vmName -ErrorAction Stop
        } catch {
            Write-Host "VM '$($vmName)' not found!"
            Add-Content -Path $log -Value "VM '$($vmName)' not found!"
        try {
            foreach ($o in $vm) {
                    New-Snapshot -VM $o -Name $snapName -Description $snapDescription -ErrorAction Stop   
        } catch {
            Write-Host "Could not snapshot '$($vmName)' !"
            Add-Content -Path $log -Value "Could not snapshot '$($vmName)' !"

function startupVM($vms,$log) {
    foreach ($vmName in $vms) {
        try {
            $vm = Get-VM -Name $vmName -ErrorAction Stop
            foreach ($o in $vm) {
                if (($o.PowerState) -eq "PoweredOff") {
                        Start-VM -VM $o -Confirm:$false -RunAsync
                    } else {
                        Write-Host "VM '$($vmName)' is not powered off!"
        } catch {
            Write-Host "VM '$($vmName)' not found!"

# vCenter Server FQDN
$vCSA = Read-Host -Prompt "Enter vCenter's FQDN"

# Connect vCenter Server
$creds = Get-Credential

Connect-VIServer $vCSA -Credential $creds -ErrorAction Stop

# Get VM names
$proxy = @(((Read-host -Prompt "Enter comma separated names of Proxy Agent VMs").Split(",")).Trim()) 
$worker = @(((Read-host -Prompt "Enter comma separated names of DEM worker VMs").Split(",")).Trim()) 
$activeMgr = Read-host -Prompt "First, check which VM is a Primary Manager and then enter its name"
$passiveMgr = @(((Read-host -Prompt "Enter comma separated names of Secondary Manager VMs").Split(",")).Trim())
$primaryWeb = Read-host -Prompt "First, check which VM is a Primary Web Server and then enter its name"
$secondaryWeb = @(((Read-host -Prompt "Enter comma separated names of Secondary Web VMs").Split(",")).Trim())
$masterVRA = Read-host -Prompt "Enter a name of Master vRA Node VM"
$replicaVRA = @(((Read-host -Prompt "Enter comma separated names of Replica vRA Node VMs").Split(",")).Trim())
$dbServers = @(((Read-host -Prompt "Shutdown MSSQL AlwaysOn Cluster first, than enter comma separated names of DB Cluster Node VMs").Split(",")).Trim())

<# ### Uncomment all commented block of code if you have vRB or the external vRO instances in your environment
$vRB = Read-host -Prompt "Enter a name of vRB VM"
$vRO = @(((Read-host -Prompt "Enter comma separated names of external vRO VMs").Split(",")).Trim())

$allVMs = @($proxy, $worker, $passiveMgr, $activeMgr, $secondaryWeb, $primaryWeb, $replicaVRA, $masterVRA, $dbServers)

# Snapshot definition
$snapName = Read-Host -Prompt "Enter Snapshot Name"
$snapDescription = Read-Host -Prompt "Enter Snapshot Description"

# Shutting down vRA VMs
foreach ($vmName in $allVMs) {
    foreach ($vm in $vmName) {
        if ($vm) {
            Write-Host "### Shutting down " + $vm
            shutdownVMandWait -vms $vm -log $log
        } else {
            Write-Host "VM '$($vm)' doesn't exist!"

# Snapshotting vRA VMs
foreach ($vmName in $allVMs) {
    foreach ($vm in $vmName) {
        if ($vm) {
            Write-Host "### Taking snapshot of " + $vm
            snapshotVM -vms $vm -snapName $snapName -snapDescription $snapDescription -log $log
        } else {
            Write-Host "VM '$($vm)' doesn't exist!"

# Starting vRA VMs
Write-Host "### Starting vROs"
startupVM -vms $vRO -log $log

Write-Host "### Starting vRB"
startupVM -vms $vRB -log $log

Write-Host "### Starting DB Servers"
startupVM -vms $dbServers -log $log
Write-Host  " Sleeping 5 minutes until db is up"
Start-Sleep -s 300

Write-Host "### Starting primary VRA"
startupVM -vms $masterVRA -log $log
Write-Host  " Sleeping 5 minutes until Licensing service is registered"
Start-Sleep -s 300

Write-Host "### Starting secondary VRA"
startupVM -vms $replicaVRA -log $log
Write-Host  " Sleeping 15 minutes until ALL services are registered"
Start-Sleep -s 900

Write-Host "### Starting Web"
startupVM -vms $primaryWeb -log $log
startupVM -vms $secondaryWeb -log $log
Write-Host  " Sleeping 5 minutes until services are up"
Start-Sleep -s 300

Write-Host "### Starting Primary manager"
startupVM -vms $activeMgr -log $log
Write-Host  " Sleeping 3 minutes until manager is up"
Start-Sleep -s 180

Write-Host "### Starting Secondary manager"
startupVM -vms $passiveMgr -log $log
Write-Host  " Sleeping 3 minutes until manager is up"
Start-Sleep -s 180

Write-Host "### Starting DEM workers"
startupVM -vms $worker -log $log

Write-Host "### Starting Proxy Agents"
startupVM -vms $proxy -log $log

Write-Host "### All components have been started"

# Disconnect vCenter 
Disconnect-VIServer -Server $vCSA -Confirm:$false 
vCloud Director Network considerations

vCloud Director Network considerations

One of the most tricky parts of vCD – networks. It took my some time to to digest how those network relations between different types of network in vCD works. Just to remind we distinguish:

  • External Networks
  • VDC Organization Networks
  • vApp Networks

Moreover for both VDC Orgzanization and vApp networks we distinguish folowing types:

  • Directly connected to upper layer network
  • Routed network
  • Isolated Network

To complicate even further vApp directly connected network can be fenced 🙂

All networks apart from directly connected will create an ESG (yes, even isolated network requires an ESG!). Just don’t be fooled during some test that they are not visible in vSphere  as soon as you create new vApp/Org VDC Network. ESG as well as port group on DVS will be established not at the time of vCD network creation but when you connect and power a VM to this network for the first time.

To understand how we can mix and match these networks I’ve created a diagram as a reference mostly for myself but maybe it will be helpful for you as well as I didn’t find any diagram covering all options. So here we have a vCD network diagram starting from an external network combining all (apart from fenced one) options.

1vCD networks


Plus another diagram including ESG as an Org perimiter interconnected with DLR.

2vcd Networks



Hope it will be informative, if you have any comments or questions, don’t hesitate to write a comment!

vCloud Director 9 – Released!

vCloud Director 9 – Released!

Today new version of VMware vCloud Director for Service Providers was released.

There are plenty of new features and enhancements like:

  • vVols support
  • Increased vCD-vCenter latensy up to 100 ms
  • Multisite feature which lets service providers offer a single port of entry to Tenants having multiple Virtual Data Centers (Org vDC’s) in different instances of vCD
  • Ability to manage routing between two or mogr Org vDC Networks with NSX DLR
  • PostgreSQL database support as an externam database

There are a few more as well as a list of known issues resolved.

Release notes for the product can be found here.

Complete list of new features and enhancements could be found here.

VMUG VIRTUAL EMEA 2017 – 28 September

VMUG VIRTUAL EMEA 2017 – 28 September

Tomorrow starts VMUG Virtual EMEA 2017 – it is a great oppportunity for all of those who missed VMworld or was not able to participate in-person or even online. It is a huge oportunity to learn about newest technology from VMware and supporting companies, play around with dedicated Hans-on labs and so on.

You can register for the event here.

As of VMUG website definition it is a FREE day-long event is meant to empower you through education, training, and collaboration – all with the goal of improving your projects and impacting your career.


I highly recommend to attend it 🙂

Configuring the Dukes Bank Sample Application Blueprint

Configuring the Dukes Bank Sample Application Blueprint

In the previous part importing steps of Dukes Bank Sample Application Blueprint were described. Now it’s time to perform additional configurations steps to makes it works. (If you thought that you will be able to request sample three-tier app out of the box after you import it, you were wrong! Do not worry I overinterpreted it also when first seeing it during a training long time ago ;))

But going back to vRA Dukes Bank App – after successful import you have to configure the blueprint.

First of all you must prepare Centos template for the blueprint. There are following prerequesities:

  1. Install Guest Agent.
    • Guest agent can be downloaded from https://your_vra_FQDN:5480/software. You can download it on your mgmt station and then transfer to template machine or directly from template using following command:  #wget –no-check-certificate https://your_vra_FQDN:5480/software/download/ . After that it have to be made executable e.g # chmod u+x and simply run it. A few information must be provided1gugent2gugent3gugent
    • SeLinux feature have to be disabled. without disabling it you can expect following error during deployment.selinux2To disable SELinux rom the command line, you can edit the /etc/sysconfig/selinux file. This file is a symlink to /etc/selinux/config. Changing the value of SELINUX or SELINUXTYPE changes the state of SELinux and the name of the policy to be used the next time the system boots. Simply change it to disabled and save settings.[root@host2a ~]# cat /etc/sysconfig/selinux
      # This file controls the state of SELinux on the system.
      # SELINUX= can take one of these three values:
      # enforcing – SELinux security policy is enforced.
      # permissive – SELinux prints warnings instead of enforcing.
      # disabled – SELinux is fully disabled.
      # SELINUXTYPE= type of policy in use. Possible values are:
      # targeted – Only targeted network daemons are protected.
      # strict – Full SELinux protection.
  2.  When your tepmlate is up and ready you have to make additional changes in blueprint. ( Do not forget to run data collection to see current state of your template/snapshot)
    • Modify the blueprint machine specs for each node:
      •Template Name / Customization Spec
      •Reservation Policy
      •Machine Prefix
      •Edit the property http_node_ips in Apache Load Balancer and Binding = Yes
    • In case you use DHCP address allocation you must add a dependency from Load Balancer Node machine to App Server node. Simply put an arrow to connect them.


That’s it now you are ready to resuest and test your sample Dukes Bank Application.




VCIX6-CMA – another goal achieved

VCIX6-CMA – another goal achieved

It is almost a tradition or habbit for me to share my experience about VMware exmination taken so far.

Well, it happened, I eventually passed the VCAP6-CMA Design exam which together with previos passed VCAP6-CMA Deploy exam gave me VCIX6-CMA tiltle and badge. It looks like this:vmware_milestone_CMA_expert-e1502128382899Nothing special, it was not an easy way to get it, though!

The biggest problem with that IMHO is that it is and old version which is based on vRA 6.X, whilst we currently have 7.3 available since sometime already..

Besides that I experienced a few additional problems with Pearson Vue/ VMware certification engine which made me to take it each exam more than once.  And still it’s version 6 and a few days ago VMware announced new versions of VCAP certs, however that’s only Design ones.

There is nothing more to do right nowe, just prepare for new version 🙂 which as a certification addicted I will for sure try to gain.

P.S. to be honest VCAP6-CMA Design exam was the most tricky one I have ever took so far.


Importing the Dukes Bank sample application blueprint – Introduction to vRealize CloudClient

Importing the Dukes Bank sample application blueprint – Introduction to vRealize CloudClient

Have you just installed the vRealize Automation in your lab and do not know how to start the journey with services? The Dukes Bank for vSphere application might be a perfect start for you!

But what is that mystery Dukes Bank application ? It is not widely known that there are let’s say “embedded” samples of multi-tiered vRealize Automation blueprints  that includes multiple machine components with networking and software components.

The reason that it is not known by many is that they are not available ad-hoc after installation, you will not see them inside your catalog. To publish these services in Tenant’s catalog you need to import and configure it first. Bellow I described the procedure how to import and publish these services, in another article you will find out how to configure it.

The ZIP file for Dukes Bank sample application blueprint is include on the vRA appliance, however to import it you have to use vRealize Cloud Client which can be downloaded here.

vRealize CloudClient is a CLI utility that provides verb-based access with a unified interface across vRA APIs, it is available since vRA version 6.2. The purpose of CloudClient tool is to create a layer of abstraction between vRA and end consumer, I mean Administrator of vRA to increase the ease by which he is able to run automated actions against vRA. It is worth to meantion that this tool is not a REST or SOAP API. It uses the vRA API instead.

Just to list a few of use cases for vRA API:

  • Reporting;
  • Monitoring and troubleshooting;
  • Change request system;
  • Operation scripts;
  • Migration between environments;
  • Creating reservations;
  • Creating business groups;
  • Creating entitlements;
  • Other management tasks.

Going back to the point, after downloading the CloudClient you can run it from Windows as well as Linux, however I realized that if you want to import Dukes Bank application you must run it from vRA appliance.

Whilst running it from Windows I received an error like below:


Well, my recommendation is to copy CloudClient into vRA appliance and run it using

Before you will be ready to import Dukes Bank you need to download the package using following command:

#wget –no-check-certificate https://YOUR_vRA_URL:5480/blueprints/dukesbankappforv

Then you could copy it to /tmp for easier navigation.


When you have the package it is hight time to run CloudClient and connect to vRA using following command:

vra login userpass –user tenant_admin_username –tenant your_tenant_name –server –password your_pass


After successful login you can validate and import the package.

To validate use the following command with dry-run:

vra content import –path / –dry-run true –resolution OVERWRITE

NOTE! Pay attention to capital letters, it is case sensitive.

To import the package change the argument of dry-run to false:

vra content import –path / –dry-run false –resolution OVERWRITE


And that is it, the first step to deploy sample blueprints is done. You can validate that these packages are imported by from your vRA console. You need to log in as a user with software and infrastructure architect privileges. The Dukes Bank blueprints and software components on the Design > Blueprints tab and the Design > Software Components tab.