Bulk VMware administration: Using PowerCLI with standard switches

Learn how to autoquickly create of a VLAN with a tagged port group for multiple VMware ESX hosts -- even if you don't have Enterprise Plus licensing.

The best way to explain this article is to give you a scenario, so here we go: It's Monday morning, and your boss tells you that a new virtual LAN (VLAN) is being created for a new project. You have 32 ESX hosts in a VMware Distributed Resource Schedule (DRS)/High Availability (HA) cluster, and you need to create a VLAN with a tagged port group for VLAN20 on all 32 ESX hosts.

If you were using VMware vSphere4 and new vNetwork Distributed Switches, this would be a relatively trivial task...

of adding in the port group to the distributed switch, and waiting a short time for it to be pushed out to every ESX host. Of course, you might not be able to do this even if you did have vSphere, because distributed switches are only available to the most expensive SKU within vSphere – Enterprise Plus. Rats!

Without Enterprise Plus, you will be forced to use the standard switch, and take the following steps with the VMware Infrastructure Client or the vSphere Client:

  1. Select the ESX host.
  2. Select the Configuration tab.
  3. Select the Network option in the Hardware Pane.
  4. Select the properties Standard vSwitch.
  5. Run through a wizard to add a port group (the wizard has three steps in it in addition to these steps).
  6. Spend most of the morning carrying out steps 1-5 consistently on the remaining 31 ESX hosts. Of course carrying out the same laborious process over again is extremely tedious, but it's also fraught with potential human error. Give any human being the same task to do over and over again and the potential for making mistakes increases incrementally.

PowerCLI to the rescue!
One thing the VMware graphical client sucks at is carrying out bulk administrative tasks such as this. But all it is not lost -- using a couple of lines of PowerCLI code you can carry out this task in a matter of minutes.

The first step in this process is learning how to add a port group to an ESX host on an existing vSwitch. Then, you need to apply this process to every ESX host in a cluster in a loop that applies the configuration to every ESX host using the very handy "for-each" option available in PowerCLI. To do this you use the Get-VitualSwitch cmdlet to set the set vSwitch you want to modify – together with the New-VirtualPortGroup to create the Port Group in question.

The next step involves ensuring this process carries out on every ESX host in a given cluster. To do this safely and securely, you will want to use filter mechanisms to ensure that other ESX hosts that should not be reconfigured are not included in the process. These filter mechanisms basically instruct PowerCLI only to apply the changes to hosts within a specific VMware HA/DRS cluster within a datacenter. This five line wonder is below:

connect-viserver vc4nyc.corp.com -username corp\administrator -password vmware

Foreach ($vmhost in (get-cluster -name "AMD Cluster1" | get-vmhost))
  $vs =  Get-VirtualSwitch -VMHost $vmHost -Name "vSwitch0"
  $vlan =  New-VirtualPortGroup -VirtualSwitch $vs -Name "vlan20" -vlanid 20

The script above searches for every ESX host in the cluster called "AMD Cluster1" and then uses the Get-VirtualSwitch cmdlets to indicate which vSwitch should be modified, followed by the New-VirtualSwitch cmdlets to create the Port Group –- and then the script repeats itself until every ESX host has been processed in the array.

If you did want to apply the change to every ESX host in every ESX cluster, then you would simply take the "Get-Cluster –name "AMD Cluster1" filter away. However, while it's perfectly possible to write a PowerCLI script that will change the network settings of every ESX host in a data center, it's somewhat dangerous if your script has not been properly tested. Remember: with great power, comes great responsibility.

Mike Laverick (VCP) has been involved with the VMware community since 2003. Laverick is a VMware forum moderator and member of the London VMware User Group Steering Committee. Laverick is the owner and author of the virtualization website and blog RTFM Education, where he publishes free guides and utilities aimed at VMware ESX/VirtualCenter users, and has recently joined SearchVMware.com as an Editor at Large. In 2009, Laverick received the VMware vExpert award and helped found the Irish and Scottish VMware user groups. Laverick has had books published on VMware Virtual Infrastructure 3, VMware vSphere4 and VMware Site Recovery Manager.

Dig Deeper on Scripting administrative tasks