SDDC in pocket – virtualization, cloud, networking, storage, devops, cloudops
VMware technologies
TPM is an industry-wide standard for secure cryptoprocessors. Since vSphere 6.7 VMware has supported TPM v2.0 A Trusted Platform Module (TPM) is a specialized microcontroller designed to secure hardware through integrated cryptographic keys. It is embedded […]
In this post, we’ll walk through the step-by-step process of deploying of the vSAN Witness Appliance for my Homelab’s 2-node vSAN cluster. Before we dive into the deployment, let’s quickly recap how a 2-node vSAN cluster works. Unlike larger vSAN clusters that require a minimum of three vSAN […]
The long awaited 64GB DDR5 SODIMM memory modules from Crucial was just released this week! π I was so excited about the news, I quickly splurged on a pair of these brand new modules, which are currently priced at $364 USD on Amazon! π π° As of publishing this blog post, there is currently no [β¦]
Unlock mini PCs with 128 GB RAM. The new Crucial 128 GB SODIMM RAM modules have officially been released and you can find them now online
VCF is a powerful platform designed to simplify the deployment of vSphere, NSX and the Aria product family. This is both a blessing and a curse. On the one hand, the Cloudbuilder and SDDC Manager significantly simplify deployment, but this also takes away a certain […]
Managing encryption across multiple ESXi hosts can be a bit of a hassle. But don’t worry. I’ve got a simple PowerCLI script that’ll save you time and headaches by quickly retrieving encryption status and recovery keys from your VMware environment.
Ensuring your ESXi hosts are correctly encrypted is essential for security. Regular checks help prevent surprises later, especially during troubleshooting or audits.
First, make sure you’re connected to your vCenter:
Connect-VIServer -ServerReplace with your vCenter IP or FQDN.
Here’s a quick rundown of the PowerCLI script to verify encryption settings across all ESXi hosts and who Recovery key for each ESXi host. (link to GitHub repository and file tpm_recovery_key_backup.ps1):
# Connect to your vCenter server (if not already connected)
# Connect-VIServer -Server <VCENTER_IP_OR_FQDN>
$esxis = get-vmhost | Sort-Object
foreach ($esx in $esxis) {
$key= @()
$enc = @()
if ($esx.ConnectionState -ne "Connected" -and $esx.ConnectionState -ne "Maintenance") {
Write-Host ""
Write-Host "================================================================================" -ForegroundColor Yellow
Write-Host "π« SKIPPED HOST" -ForegroundColor Yellow
Write-Host "Host : $($esx.Name)" -ForegroundColor DarkYellow
Write-Host "Reason : Not powered on or disconnected." -ForegroundColor DarkYellow
Write-Host "================================================================================" -ForegroundColor Yellow
Write-Host ""
continue
}
$esxcli = Get-EsxCli -VMHost $esx -V2
try {
$key = $esxcli.system.settings.encryption.recovery.list.Invoke()
$enc = $esxcli.system.settings.encryption.get.Invoke()
Write-Host "================================================================================" -ForegroundColor DarkCyan
Write-Host "πΉ ESXi Host : $($esx.Name)" -ForegroundColor Cyan
Write-Host "π Recovery ID : $($key.RecoveryID)" -ForegroundColor Green
Write-Host "ποΈ Recovery Key : $($key.Key)" -ForegroundColor Yellow
Write-Host "π Encryption Mode : $($enc.Mode)" -ForegroundColor Magenta
Write-Host "================================================================================" -ForegroundColor DarkCyan
Write-Host ""
}
catch {
Write-Host ""
Write-Host "================================================================================" -ForegroundColor DarkGray
Write-Host "β ERROR for host : $($esx.Name)" -ForegroundColor Red
Write-Host "β οΈ Failed to get encryption key for $($esx.Name) ."
Write-Host "𧨠Error details : $_"
Write-Host "================================================================================" -ForegroundColor DarkGray
Write-Host ""
}
}
This quick script helps you stay on top of ESXi encryption keys effortlessly. Just copy, adjust if needed, and run. Happy scripting!
See how Docker NFS Mount can provide shared storage for your Docker containers in home lab environments.
Join Leonid FR, 3/14, for a @VMware{code} CMTY Call. 101 on using vRO tool, at 11am Pacific. Register here – Come one, come all! https://broadcom.zoom.us/meeting/register/ilVI-dH3TSCSRp6BSp6t9A#/registration
I started thinking about how I could use this blog to make a sizer based on my previous AVS storage sizing post. Of course, as a reminder this is not an official sizer, but I understand that many in the partner and customer community donβt have any access to this basic need. So here we are! […]
We recently spun up a new datacenter and used another site to bootstrap our DNS configuration. Now that weβve got local DNS services, itβs time to change all our configuration! In this article Iβll show you how you can change the DNS configuration in your NSX environment. The process is the […]
