This requires PowerCLI 6.5.1 and has been tested on vSAN 6.6 #Apache2.0 #VMwarePowerCLI #powercli #Encryption #vSAN6.6 #PowerShell #vSAN
Vsan-EncryptionRekey.ps1
The script requires PowerCLI 6.5.1, released 4/20/2017 and has been tested against vSAN 6.6. Using PowerCLI 6.5.1, this could still be used against vSAN 6.1/6.2/6.5 Stretched Clusters. VM's that do not have a Site Affinity vSAN 6.6. Policy, will require a VM Tag for proper site assignment
Vsan-StretchedClusterDrsRules.ps1
Requires PowerCLI 6.5.1 (or higher) and vSAN 6.6 with Encryption enabled
Vsan-EncryptionReport.ps1
3 Comments - no search term matches found in comments.
DESCRIPTION This script will look to see if a KMS Server is running on the same Encrypted vSAN Datastore that it is providing Key Management Services for. Tested on vSAN 6.6 and PowerCLI 6.5.4 The KMS Server Appliances must have VMware Tools installed for this to work properly ** Powershell on MacOS may throw an error when performing KMS Host lookups ** Resolve this issue with adding KMS entries in the hosts file .SYNTAX Check-VsanKmsCircularDependency.ps1 -ClusterName #KMS #PowerShell #Encryption #vSAN #VMwarePowerCLI #Apache2.0
Check-VsanKmsCircularDependency.ps1
1 Comment - no search term matches found in comments.
This script will go through a single host, or each host in a designated cluster, and set /Mem/SwapExtendChunkSizeInMB to either 0 or 65536 Used to mitigate KB 2150316 https://kb.vmware.com/kb/2150316 Tested on vSAN 6.6 and PowerCLI 6.5.4 Syntax is: To Set to Max Vsan-SetSwapChunkSize.ps1 -Target <Target> -Type <cluster/host> -ChunkSize max To Set to Default Vsan-SetSwapChunkSize.ps1 -Target <Target> -Type <cluster/host> -ChunkSize default This is only applicable to ESXi hosts with vSAN 6.5 or greater Blog covering this situation here: https://blogs.vmware.com/virtualblocks/2017/12/12/virtual-machine-with-more-than-64gb-memory-fails-to-storage-vmotion-to-vsan-cluster/ #PowerShell #vSAN #Apache2.0 #StoragevMotion #VMwarePowerCLI #64GB #SvMotion
Vsan-SetSwapChunkSize.ps1
This has been tested with vSphere/vSAN 6.5/6.6/6.7 but should work with 6.2 also
Vsan-WitnessReplace.ps1
This module provides several functions that are relevant to vSAN Encryption Export-ModuleMember -Function Invoke-VsanEncryptionRekey Export-ModuleMember -Function Set-VsanEncryption Export-ModuleMember -Function Set-VsanEncryptionKms Export-ModuleMember -Function Get-VsanEncryptionKms Export-ModuleMember -Function Set-VsanEncryptionDiskWiping Export-ModuleMember -Function Get-VsanEncryptionDiskWiping Set-VsanEncryption - Enables/Disables vSAN Encryption on a vSAN Cluster Get-VsanEncryptionKms - Get the current KMS for the vSAN Cluster Set-VsanEncryptionKms - Set (changes) the current KMS to an alternate KMS Get-VsanEncryptionDiskWiping - Get the current Disk Wiping state of an Encrypted vSAN Cluster Set-VsanEncryptionDiskWiping - Configure Disk Wiping to remove residual data performing a deep rekey Invoke-VsanEncryptionRekey - Invoke a shallow or deep rekey for an Encrypted vSAN Cluster Prerequisites/Steps to use this module: This module only works for vSphere products that support vSAN Encryption. E.g. vSAN 6.6 and later with a vSAN Enterprise license All the functions in this module only work for KMIP Servers
Modules-master.zip
Tested on PowerCLI 6.5.4 against vSphere 6.5/vSAN 6.6 Not supported by VMware, use at your own risk
2 Comments - no search term matches found in comments.