VMworld Europe 2019 day 2 report

Day 2 of VMworld was interesting for me. I actually did my first (and only) breakout session in the afternoon about VSAN and was in the first row for the one and only Virtually Speaking Podcast. The day actually started with having control of the @VMware_NL twitter handle during the general session (lots of demos!!) and until noon. I also did another two Design Studio sessions and I can’t encourage enough people to do those because you’re helping out with creating our tools from the future. I was for 45 minutes at the VMworld Fest but there where huge lines at the food stands so I grabbed a but and went back to my hotel where I was asleep in no-time.

 

Day 1 of VMworld Europe 2019

So yesterday was a very interesting day for me. It started at the reserved bloggers seats for the keynote where we didn’t see too much really big announcements. After that I had to rush to the community area for my appearance in the vExpert daily this year. If you’re interested to watch that you can find it over here. And at 12.45 I had another go at vBrownbag presenting on a couple of helpdesk tools for VMware Horizon. The rest of the day mainly was hanging around in the community area distributing Pink Cookies, Stroopwafels and gathering swag inn the solutions Exchange. In the evening I once again went onto a stage with Hans Kraaijeveld at the EUC Community beer and tapas event. This was my biggest crowd to present for until now but the beer part made it rather easy. We even showed a brand new fling called Horizon Reach from Andrew Morgan that hasn’t even been released yet. The evening came to a closing for me at the Benelux party where we had some beers and tapas again.

 

The VMworld day 0 report in text and some tweets

Ever played football (or Soccer for the yanks) after a day at a conference? I did this yesterday for the second year in a row but at least we waited with most of the beer until after doing the active bit. Before that my morning was filled with a couple of sessions at the Design Studio’s. The afternoon was more interesting with a a workshop on operationalizing NSX-T. Or well to be more exact that was the description but it ended up being 4 hours of death by powerpoint. But hey it gave me more time for networking with friends at the vCommunity area after bailing out.

https://twitter.com/GreatWhiteTec/status/1191446898017742848

The VMware Labs flings monthly for October 2019

Only two days before I am flying to Barcelona, I am really looking forward to VMworld. The bad things is that it will probably be over before we know it as well. One of the new flings from last month has been renamed, one new was posted and six received updates. Kubernetes eXtensible Desktop Client (KXDC) was renamed to Kubewise and the Virtualized High Performance Computing Toolkit is the new fling posted. Updated flings are vRealize Operations REST Notifications Helper, vSphere Mobile Client, Workspace One UEM Workload Migration Tool, Virtual Machine Compute OptimizervRealize Build Tools and the vSAN Performance Monitor.

New releases

Virtualized High Performance Computing Toolkit

The toolkit helps you in performing High Performance Computing

High Performance Computing (HPC) is the use of parallel-processing techniques to solve complex computational problems. HPC systems have the ability to deliver sustained performance through the concurrent use of distributed computing resources,and they are typically used for solving advanced scientific and engineering problems, such as computational fluid dynamics, bioinformatics, molecular dynamics, weather modeling and deep learning with neural networks.

Due to their extreme demand on performance, HPC workloads often have much more intensive resource requirements than those workloads found in the typical enterprise. For example, HPC commonly leverages hardware accelerators, such as GPU and FPGA for compute as well as RDMA interconnects, which require special vSphere configurations.

This toolkit is intended to facilitate managing the lifecycle of these special configurations by leveraging vSphere APIs. It also includes features that help vSphere administrators perform some common vSphere tasks that are related to creating such high-performing environments, such as VM cloning, setting Latency Sensitivity, and sizing vCPUs, memory, etc.

Feature Highlights:

  • Configure PCIe devices in DirectPath I/O mode, such as GPGPU, FPGA and RDMA interconnects
  • Configure NVIDIA vGPU
  • Configure RDMA SR-IOV (Single Root I/O Virtualization)
  • Configure  PVRDMA (Paravirtualized RDMA)
  • Easy creation and  destruction of virtual HPC clusters using cluster configuration files
  • Perform common vSphere tasks, such as cloning VMs, configuring vCPUs, memory, reservations, shares, Latency Sensitivity, Distributed Virtual Switch/Standard Virtual Switch, network adapters and network configurations

Update flings

vRealize Operations REST Notifications Helper

vRealize Operations REST Notifications Helper helps vRealize Operations Manager users improve and customize the REST notifications of alerts. It collects the most useful information about an alert, creates a new payload by user configuration, and sends it to third parties.

Changelog

Version 1.3.0

  • Added a configuration for preferred HTTP request type
  • Added severity mapping configuration
  • Enabled blacklisting with resourceName property
  • Arranged the endpoint configuration structure for different behavior based on alert trigger states
  • Added symptoms as a single string (like recommendations)
  • Minor fixes

 

vSphere Mobile Client

vSphere Mobile Client enables administrators to monitor and manage vSphere infrastructure directly from any mobile device. Whether you want to check on the current or historical resource consumption; you want to get notifications on long running tasks; or you want to check the currently running tasks – the vSphere Mobile Client is there to help.

Changelog

Version 1.6.0

  • Hosts can now be rebooted from the UI
  • Recent tasks can now be viewed in tasks view (running/in-progress)
  • Redesigned cards: VM card, host card, cluster card, task card
  • Quick actions can now be easily accessed with a tap on the card
  • VM cards display a screenshot which can be enlarged by taping on it
  • A feedback portlet has been added to the dashboard, you can know provide feedback from within the app
  • Performance charts are now available for hosts
  • Navigation menu items are now larger to faciliate taping on those
  • Supports mobile devices using Android version 4.4 (KitKat) or newer
  • Supports mobile devices using iOS version 10 or newer
  • No other mobile operating systems are currently supported
  • For Notification Appliance – 2 vCPU, 4 GB RAM, 14 GB storage
  • An existing VC (version 6.0 or newer) installation (VCSA or Windows).
  • Application is tested on the vCenter VCSA 6.5 GA release.
  • Hosts can now be rebooted from the UI
  • Recent tasks can now be viewed in tasks view (running/in-progress)
  • Redesigned cards: VM card, host card, cluster card, task card
  • Quick actions can now be easily accessed with a tap on the card
  • VM cards display a screenshot which can be enlarged by taping on it
  • A feedback portlet has been added to the dashboard, you can know provide feedback from within the app
  • Performance charts are now available for hosts
  • Navigation menu items are now larger to faciliate taping on those

Workspace One UEM Workload Migration Tool

The Workspace One UEM Workload Migration Tool allows a seamless migration of Applications and Device configurations between different Workspace One UEM environments. With the push of a button, workloads move from UAT to Production, instead of having to manually enter the information or upload files manually. Therefore, decreasing the time to move data between Dev/UAT environments to Production.

Changelog

Version 2.0.1

  • Fixed Baseline Migration issue
  • Fixed Profile Errors not displaying in the UI

Virtual Machine Compute Optimizer

The Virtual Machine Compute Optimizer (VMCO) is a Powershell script that uses the PowerCLI module to capture information about the hosts and VMS running in your vSphere environment, and reports back on whether the VMs are configured optimally based on the Host CPU and memory. It will flag a VM as “YES” if it is optimized and “NO” if it is not. For non-optimized VMs, a recommendation is made that will keep the same number of vCPUs currently configured, with the optimal number of virtual cores and sockets.

Changelog

Version 2.0.1

  • Corrected Get-OptimalvCPU.ps1 where sometimes cluster information would show as System.Object[].

Version 2.0.0

  • Priority of the findings are captured
  • Details on the findings are included
  • Cluster information is captured to determine if Host HW is not consistent across the cluster
  • Report if a VM spanning pNUMA nodes actually has the pNUMA exposed to the guest OS
  • Report if advanced settings have been changed on the VM or host level to expose pNUMA to the guest OS
  • Reports if the number of vCPUs for a VM exceeds the physical cores of the host (using hyperthreads as vCPUs)
  • Ability to use the stand alone “Get-OptimalvCPU” function for more flexibility

vSAN Performance Monitor

The vSAN performance monitor is a monitoring and visualization tool based on vSAN Performance metrics. It will collect vSAN Performance and other metrics periodically from the clusters configured. The data collected is visualized in a more efficient and user-friendly way. The vSAN performance monitor comes with preconfigured dashboards which will help customers evaluate the performance of vSAN clusters, identify and diagnose problems, and understand current and future bottlenecks. The dashboards are heavily inspired by vSAN Observer.

Changelog

Version 1.2

  • Fixed issues with the fling while CA certificates
  • Minor tweaks to the data collection agent
  • Removed anonymous statistics collection by influxdb

vRealize Build Tools

vRealize Build Tools provides tools to development and release teams implementing solutions based on vRealize Automation (vRA) and vRealize Orchestrator (vRO). The solution targets Virtual Infrastructure Administrators and Solution Developers working in parallel on multiple vRealize-based projects who want to use standard DevOps practices.

Changelog

Version 1.7.1

  • Further enhanced the TypeScript projects support (still experimental)
  • Bug fixes

My schedule for VMworld 2019 Barcelona

In less than two weeks VMworld Europe will begin, for me it will be a busy one this year. With four sessions that I will participate in, a bunch of Design Studio sessions, parties and let’s not forget vSoccer (or football for us Europeans). Let me give you an insight into how my schedule will probably look. Probably because things can still change even during the event itself. Sadly there is no Hackathon this year but it would have been a hard choice between that and playing some football anyway.

Monday

My earliest session during the week will actually be on Monday starting at 8am with a Design Studio session. Later in the morning there will be another Design Studio session followed by the entire afternoon filled with an NSX-T workshop. While I am still undecided about the Partner reception I will go to the vSoccer in the evening. After last year’s first but very successful version of it in Las Vegas I am again looking forward to playing some footie with friends. Having lost a bit of weight the last year will also help in how long I will actually stay on the pitch.

Tuesday

This is a packed day for me, after the keynote where we bloggers can sit in the press area I will spend the entire day in the Community area and maybe the Solutions Exchange. I will be there because I will be in the vExpert Daily, will be presenting my own vBrownbag session and someone has to be there as emotional support for my buddy Hans’s first ever vBrownbag as well. From 17.30 I will be at Brian Madden’s EUC Community Tech Talks & Beer evening where I am presenting with previously mentioned Hans. Party wise I can go to the vExpert party but that’s a bit further away than I would like so I’ll wait on where the Benelux party is or I might even just go to the Veaam party.

Wednesday

The Wednesday is a mixed day for me starting in the community area to watch the vExpert Daily followed by two Design Studio sessions and two regular sessions. Well regular? One of the two is the live Virtually Speaking podcast with a lot of great names.

Thursday

On Thursday I will be presenting my own Horizon API 101 Session at the VMware{Code} stage. This session is fully booked but there’s probably a spot for everyone. Session wise I will be doing three regular sessions and a workshop. I will be flying back on Friday so if anyone wants to go out for dinner or something just let me know!

The VMware Labs flings monthly for September 2019

And yet another month gone, next week I will be in Kopenhagen for Nutanix .Next and the month after that I will be speaking at VMworld Barcelona. Will I see you at either of these two events? Last month one new fling was released:  Kubernetes eXtensible Desktop Client (KXDC) , seven received updates: App Volumes Entitlement Sync, vSphere HTML5 Web Client, DoD Security Technical Implementation Guide(STIG) ESXi VIB, VMware OS Optimization Tool, vSphere Mobile Client, Workspace One UEM Workload Migration Tool, USB Network Native Driver for ESXi and one was marked deprecated: VIB Author.

New releases

Kubernetes eXtensible Desktop Client (KXDC)

The Kubernetes eXtensible Desktop Client (KXDC) is a simple and multi-platform desktop client for Kubernetes (K8S). In the same way the kubectl command requires only a valid kubeconfig file to run commands against a K8S cluster, KXDC requires you just to configure one or more valid kubeconfig files to interact with one or more K8S clusters.

Main features:

  • Support for multiple kubeconfig files.
  • UI-driven interaction with the most frequently used K8S entities.
  • One-click terminal with the proper KUBECONFIG env variable set.
  • Generation of custom kubeconfig files for a given namespace.
  • Highlight sustainability and security-related data.

Updated flings

App Volumes Entitlement Sync

The App Volumes Entitlement Sync fling will read, sync and compare entitlements between various App Volumes instances.

Changelog

Version 2.2

  • Ignore Extra AppStacks on Primary or Secondary Server – these would cause compare to crash
  • Export Primary or Secondary Server Entitlements to XML

vSphere HTML5 Web Client

Do you want to have the latest version of the html5 client? Than you need the vSphere HTML5 Web Client fling!

Changelog

Fling 4.3.0 – Build 14483008
New Features

  • Ability to customize the header color per vCenter to differentiate vCenter servers. Go to Administration -> System Configuration and select the vCenter for which you want to change the header color. If you have more than one vCenter server in linked mode, you can change the color for each of the vCenter servers

Bug fixes

  • Upload OVF files to Content Library

Release Notes

  • vSphere Perspective Management has been removed

DoD Security Technical Implementation Guide(STIG) ESXi VIB

The DoD Security Technical Implementation Guide(STIG) ESXi VIB fling helps in hardening your vSphere environment.

Changelog

Update September 2019

  • New ESXi 6.7 STIG VIB release
  • Updated sshd_config file. Removed protocol 2 setting as it is deprecated. Added “FipsMode yes” setting. Updated Ciphers and MACs for newer version of OpenSSH
  • Removed /etc/issue and /etc/pam.d/passwd files from VIB as those settings can be set via advanced settings now
  • Note – This VIB is based on draft STIG content! It is recommended to use this over the previous 6.5-7 STIG VIB

VMware OS Optimization Tool

The VMware OS Optimization Tool or OSOT in short is one of the best tools around to optimize your VDI image before publishing a desktop or rds host.

Changelog

September, 2019, b1110

  • New Common Options button – Allows you to quickly choose and set preferences to control common functionality. These would normally involve configuring multiple individual settings but can now be done with a single selection through this new interface
  • Split Windows 10 into two templates to better handle the differences between the versions; one for 1507-1803 and one for 1809-1909
  • Improved and new optimizations for Windows 10, especially for 1809 to 1909.

Updated and changed template settings for newer Windows 10 versions to cope with changes in the OS, registry keys and functionality:

  • Move items from mandatory user and current user to default user
  • Add 34 new items for group policies related to OneDrive, Microsoft Edge, privacy, Windows Update, Notification, Diagnostics
  • Add 6 items in group of Disable Services
  • Add 1 item in group of Disable Scheduled Tasks
  • Add 1 item in group of Apply HKEY_USERS\temp Settings to Registry
  • Add 2 items in group of Apply HKLM Settings
  • Removing Windows built-in apps is now simplified. Removes all built-in apps except the Windows Store.

Numerous bug and error fixes:

  • Reset view after saving customized template
  • Unavailable links in reference tab
  • Windows Store is unavailable after optimizing
  • Start menu may delay after optimizing
  • VMware Tools stops running after optimizing
  • Analysis Summary Graph is cropped

vSphere Mobile Client

Personally I think a phone screen is too small but this was one of the most asked questions the last few years: when can we manage vSphere from our phones? Well now you can with the vSphere Mobile Client fling.

Changelog

Version 1.5.0

New features

  • Direct connections to the ESXi hosts are now supported
  • Host can now be put in maintenance mode

Improvements

  • Going back from the details pages would not refresh the VM list
  • Improvements to how we indicate the user is in focused mode
  • Cluster card now shows issues, DRS, HA and number of vMotion events
  • Host card now shows issues, number of VMs, uptime and connection status

Bug Fixes

  • Removing a bookmark when in focused mode removes the item from the list too

Workspace One UEM Workload Migration Tool

With the Workspace One UEM Workload Migration Tool it’s easy to move devies and applications between WS One UEM environments.

Changelog

Version 2.0.0

  • Baseline Migration Support
  • MacOS application
  • UI refactoring to make bulk migrations easier
  • Added support for script detection with Win32 applications

USB Network Native Driver for ESXi

For the USB Network Native Driver for ESXi fling we need to thank WIlliam Lam I guess. For me it at least seems like he is the driving factor behind this fling.

Changelog

September 27, 2019 – v1.2

  • Added support for Aquantia Multi-Gig (1G/2.5G/5G) USB network adapter (see Requirements page for more details)
  • Added support for Auto Speed/Connection detection for RTL8153/RTL8152 chipsets

ESXi670-VMKUSB-NIC-FLING-28903484-offline_bundle-14722970.zip
ESXi650-VMKUSB-NIC-FLING-28903792-offline_bundle-14722993.zip

New Horizon API explorer posted (new queries!)

While watching the VMworld US 2019 video of Sean Massey presenting about getting started with the Horizon API’s I decided to check if the API explorer has been updated. To my surprise it was and it is good to see that several queries have been added besides the method’s that I previously found.

The new queries that I found are:

  • DesktopAssignmentView
    • Description:
      • Desktop id + Desktop assignment data which will include desktop pool information, operation system, global entitlement.
  • DesktopHealthInfo
    • Description:
      • Desktop health Information. This data will be populated only for the desktops which support application remoting.
  • GlobalEntitlementSummaryView
    • Description:
      • Summary information about Global Entitlements.
  • MachineSummaryView
    • Description:
      • This View includes summary data of all entities related to this Machine

So the DesktopAssignmentView seems to give a lot of similar data to what the DesktopSummaryData query already gives. They both give global entitlement data plus user assignment data. The big difference is that it gives way more detailed information about the desktop pool itself like vGPU settings. The names should have been DesktopInfo in my opinion.

Desktophealthinfo is created for the new Windows 10 App remoting and the monitoring for that. The globalentitlementsummaryview and machinesummaryview are linked to GlobalEntitlementInfo and MachineDetailsView from which they give a subset of data.

I hope to have a new blog post soon with more detailed information of what the new method’s and queries will bring but I wanted to update you with the fact that the api explorer has been updated as soon as possible.

The VMware Labs flings monthly for August 2019

It’s been a bit quiet on the fling front with VMworld US happening. None the less there have been two new releases and three updates. New releases are the vSAN Performance monitor and Enterprise OpenShift as a Service on Cloud Automation Services flings. Updated where the vSphere Mobile Client, vRealize Operations REST Notifications Helper and Virtual Machine Compute Optimizer.

New Releases

vSAN Performance Monitor

The vSAN performance monitor is a monitoring and visualization tool based on vSAN Performance metrics. It will collect vSAN Performance and other metrics periodically from the clusters configured. The data collected is visualized in a more efficient and user-friendly way. The vSAN performance monitor comes with preconfigured dashboards which will help customers evaluate the performance of vSAN clusters, identify and diagnose problems, and understand current and future bottlenecks. The dashboards are heavily inspired by vSAN Observer.

The vSAN performance monitor is delivered in a virtual appliance with three major components, i.e., a Telegraf collector, InfluxDB, and a Grafana frontend.

  • Telegraf: Telegraf is the agent that collects metrics from vSAN cluster and stores them in InfluxDB.
  • InfluxDB: InfluxDB is the database to store the metrics
  • Grafana: We use Grafana as the frontend to virtualize the metrics stored in the InfluxDB

Once deployed, users will need to do some simple configuration changes to point the collector to target vSAN cluster(s) and start the service. After that, the data will be collected periodically and can be visualized for meaningful insights.

Enterprise OpenShift as a Service on Cloud Automation Services

This Fling enables a cloud admin to download the package, integrate with Cloud Assembly and other Infrastructure services and be able to provide an “OpenShift Cluster as a Service” offering. This Fling automates the end to end deployment process. End users can simply request for and get an enterprise grade distributed instance of OpenShift Cluster. This Fling provides all the required packages to configure and deploy an enterprise production grade OpenShift cluster using VMware Cloud Assembly Services with minimal effort and in a repeatable, fully automated fashion.

Updated Flings

vSphere Mobile Client

The vSphere Mobile Client is under heavy development to make sure we have the best experience in managing our vSphere environments using our mobile phones.

Changelog

Version 1.4.0

New features

  • Cluster view

Improvements

  • Confirmation dialog on VM quick actions

New Bug Fixes

  • Task card layout improvements
  • Alarms and events truncation issue has been fixed
  • iOS crash report improvementsVersion 1.3.0

New features:

  • Hosts view
  • vCenter dashboard now includes items with most alerts

Improvements

  • Crash reporting for iOS
  • Event categories are now visible (alarm, error, warning)

Bug Fixes

  • Better handling of vCenter name retrieval

vRealize Operations REST Notifications Helper

The vRealize Operations REST Notifications Helper helps in creating better REST notifications of alerts.

Changelog

Version 1.2.1

  • Updated instructions for v1.2
  • Minor fixes and improvements

Version 1.2.0

  • Multiple endpoint configurations
  • Blacklist
  • Windows support
  • Minor new features, improvements and fixes

Virtual Machine Compute Optimizer

The Virtual Machine Compute Optimizer (VMCO) is a Powershell script that uses the PowerCLI module to capture information about the hosts and VMS running in your vSphere environment, and reports back on whether the VMs are configured optimally based on the Host CPU and memory.

Changelog

Version 1.0.4

  • Added a -Property filter to the Get-View commands for hosts and VMs to reduce time and amount of returned data
  • Removed if statement in Get_Optimal_CPU function that included $hostCPUs as it was not yet being used

 

Updates to the Horizon API’s in PowerCLI 11.4

So today PowerCLI 11.4 was released with the following updates:

  • Add support for Horizon View 7.9
  • Added new cmdlets to the Storage module
  • Updated Storage module cmdlets
  • Updated HCX module cmdlets

As usual we need to wait for API explorer to be updated before we get the exact changes to the api’s but I already grabbed s short list by comparing the methods. Later I will create a more elaborate blog post about the changes if I have an overview. What I do see are some new additions that might be added to the vCheck for Horizon.

Also: even though the updates are for Horizon 7.9 there’s a good chance that a lot of this also works for previous versions, the examples below where done with 7.8.

  • Datacenter
  • DesktopHealth
  • Gateway
  • GatewayHealth
  • MessageClient
  • Monitoring
  • PersistentDiskQueryService
  • Privilege
  • SecondaryCredentials
  • SessionStatistics
  • StorageAccelerator
  • UsageStatistics
  • Validator
  • VirtualCenterStatistics

Sadly it’s late so I can only show a couple of examples:

$services.Privilege.Privilege_ListSelectablePrivileges()

 

$services.SessionStatistics.SessionStatistics_GetLocalSessionStatistics()

Finally we can reset the usage counters as well now

And some statistics from vCenter

($services.VirtualCenterStatistics.VirtualCenterStatistics_listSummaryStatistics())
($services.VirtualCenterStatistics.VirtualCenterStatistics_listSummaryStatistics()).DataStoreSummaryStatistics

Generating a clean Host Profile using PowerCLI

First of all: I love Host Profiles! But they’re easy to mess up as well, leave something selected related to hardware and an update in ESXi, vib’s or even a firmware update might break it. For a customer where we are going to do the entire vSphere build from scratch I got the idea to generate an empty Host Profile and extend that one using scripting. At first I though this would be an easy thing but it definitely isn’t, a reply from PowerCLI guru Luc Dekens at the VMware{Code} forums set me on the right path to do so. Luc’s remark that editing Host Profiles might take some reverse engineering for the lack of documentation is a huge understatement. It has cost me many many hours to build the script below.

I strongly recommend having the reference host as clean as possible.

These are the steps the script takes

  1. connect to vCenter
  2. extract a new Host Profile
  3. Gets the new Host Profile
  4. Copies all members of the new Host Profile to an object that can be edited
  5. Sets everything that I could find in my environment to false
  6. Updates the Host Profile with the edited object

Required parameters

  • vCenter
    • Your vCenter host
  • Referencehost
    • the name of the host in vCenter
  • Hostprofilename
    • Name for the Host Profile

There are also a couple of optional parameters:

  • dnshost
    • It’s mandatory to have a DNS set in the defaulttcpipstack. With this parameter you can change this.
  • domainname
    • Like DNS it’s mandatory to have a domainname set in the defaulttcpipstack. With this parameter you can change this
  • Cleanup
    • This one defaults to false but can be set to true. It will remove all NFS Datastores, vmkernel ports, portgroups, device aliases and direct i/o profiles.
    • Use this one with care, if you apply it to a host it will most probably remove all networking details for that host making it unusable.

This is how a manual extracted Host Profile looks

This is how a Host Profile looks after using my script without the cleanup option, everything is deselected but the device aliases for example are kept.

.\create_clean_hostprofile.ps1 -vcenter vCenter -Hostprofilename demo_no_cleanup -referencehost hostname

And this is how it looks with the cleanup used.

.\create_clean_hostprofile.ps1 -vcenter vCenter -Hostprofilename demo_no_cleanup -referencehost hostname -cleanup $true

The script itself can be found on Github as well:

#-------------------------------------------------
# Generates a clean Host Profile
#
# Build using PowerCLI 11
#
# Version 1.0
# 17-08-2019
# Created by: Wouter Kursten
# Website: https://www.retouw.nl
#
#-------------------------------------------------

param(
[Parameter(Mandatory=$true)][String]$Hostprofilename,
[Parameter(Mandatory=$true)][String]$vcenter,
[Parameter(Mandatory=$true)][String]$referencehost,
[Parameter()][String]$dnshost,
[Parameter()][String]$domainname,
[Parameter()][bool]$Cleanup = $false
)

# I grabbed this function somewhere from an example by Luc Dekens
function Copy-Property ($From, $To, $PropertyName ="*"){
    foreach ($p in Get-Member -In $From -MemberType Property -Name $propertyName){
        trap {
            Add-Member -In $To -MemberType NoteProperty -Name $p.Name -Value $From.$($p.Name) -Force
            continue
        }
    $To.$($P.Name) = $From.$($P.Name)
    }
}

#connect to the vCenter
connect-viserver $vcenter

# This deletes any existing Host Profile with the same name as we're using in this script
get-vmhostprofile -name $Hostprofilename  -ErrorAction SilentlyContinue | Remove-VMHostProfile -Confirm:$false

# This creates a new Host Profile from the referencehost
new-vmhostprofile -name $Hostprofilename -referencehost $referencehost

# Retrieves the newly created Host Profile
$hp = Get-VMHostProfile -Name $Hostprofilename

# Creates the spec where the cleanup is done
$spec = New-Object VMware.Vim.HostProfileCompleteConfigSpec

# Copies all properties of the new Host Profile to the spec
Copy-Property -From $hp.ExtensionData.Config -To $spec

# This removes everything that could be specific to the referencehost
if ($cleanup -eq $true){
    $spec.ApplyProfile.Network.Vswitch=$null
    $spec.ApplyProfile.Network.VMportgroup=$null
    $spec.ApplyProfile.Network.HostPortGroup=$null
    $spec.ApplyProfile.Network.pnic=$null
    $spec.ApplyProfile.Storage.NasStorage=$null
    ($spec.ApplyProfile.Property | where-object {$_.PropertyName -like "*DeviceAlias*"}).profile=$null
    ($spec.ApplyProfile.Property | where-object {$_.PropertyName -like "*PCI*"}).profile.property.profile=$null
}

# From here it's just disabling of items except for:
# -items under storage> PSA Configuration (profiles are removed)
# -Properties of the fixed DNS config (set to the default values from this scripts parameters)
$spec.ApplyProfile.Datetime.Enabled=$False
$spec.ApplyProfile.Authentication.Enabled=$False
$spec.ApplyProfile.Authentication.ActiveDirectory.Enabled=$False

foreach ($o in $spec.applyprofile.Option){
    if ($o.Enabled){
        $o.Enabled=$False
    }
}

foreach ($p in $spec.ApplyProfile.Property.Profile){
    if ($p.Enabled){
        $p.Enabled=$False
    }
    foreach ($pa in $p.Property.Profile){
            if ($pa.Enabled){
                $pa.Enabled=$False
                }
        foreach ($paa in $pa.Property.Profile){
                if ($paa.Enabled){
                    $paa.Enabled=$False
                }
        }
    }
}

foreach ($s in $spec.ApplyProfile.Storage.Nasstorage){
    if ($s.Enabled){
        $s.Enabled=$False
    }
    foreach ($sa in $s){
        if ($sa.Enabled){
            $sa.Enabled=$False
        }
    }
}

foreach ($s in $spec.ApplyProfile.Storage.Property.Profile){
    if ($s.Enabled){
        $s.Enabled=$False
    }

    if ($s.ProfileTypeName -eq "psa_psaProfile_PluggableStorageArchitectureProfile" -AND $cleanup -eq $true){
        foreach ($sa in $s.property){
            if ($sa.propertyname -like "*psa_psaProfile_PsaDevice*"){
                [email protected]()
            }
        }
    }
    foreach ($sa in $s.Property.Profile){
        if ($sa.Enabled){
            $sa.Enabled=$False
            }
        foreach ($saa in $sa.Property.Profile){
            if ($saa.Enabled){
                $saa.Enabled=$False
            }
        }
    }
}

foreach ($f in $spec.ApplyProfile.Firewall.ruleset){
    if ($f.Enabled){
        $f.Enabled=$False
    }
}

foreach ($n in $spec.ApplyProfile.Network.vswitch){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
        foreach ($naa in $na.link){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NumPorts){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NetworkPolicy){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.pnic){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.VmPortGroup){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
        foreach ($naa in $na.Vlan){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.Vswitch){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NetworkPolicy){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.HostPortGroup){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n){
        if ($na.Enabled){
            $na.Enabled=$False
        }
        foreach ($naa in $na.IpConfig){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.Vlan){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.Vswitch){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
        foreach ($naa in $na.NetworkPolicy){
            if ($naa.enabled -eq $True){
                $naa.Enabled=$False
            }
        }
    }
}

foreach ($n in $spec.ApplyProfile.Network.Property.Profile){
    if ($n.Enabled){
        $n.Enabled=$False
    }
    foreach ($na in $n.Property.Profile){
        if ($na.Enabled){
            $na.Enabled=$False
            }
        foreach ($np in $na.policy.policyoption){
            if ($np.id -eq "FixedDnsConfig"){
                foreach ($npp in $np.parameter){
                    if ($dnshost){
                        if ($npp.key -eq "address") {
                            [string[]][email protected]($dnshost)
                            $npp.value=$dnsarray
                        }
                    }
                    if ($domainname){
                        if ($npp.key -eq "domainName"){
                            $npp.value=$domainname
                        }
                    }
                }
            }
        }
        foreach ($naa in $na.Property.Profile){
            if ($naa.Enabled){
                $naa.Enabled=$False
            }
            foreach ($naaa in $naa.Property.Profile){
                if ($naaa.Enabled){
                    $naaa.Enabled=$False
                }
            }
        }
    }
}


(Get-VMHostProfile $Hostprofilename).ExtensionData.Updatehostprofile($spec)
disconnect-viserver $vcenter -confirm:$False

And yes that’s a lot of foreach’s.