How to ssh/scp between ESXi 6 hosts

20150924225507This is a quick post to show you how to enable ssh/scp between several separate ESXi 6 hosts. This is very useful if you need to send files from one host to another using scp. The whole process can be done within the vSphere client. The steps must be carried out on all the ESXi hosts that need to scp to each other.

The Steps

1. Log onto one of the ESXi hosts via the vSphere client.

2. Once connected, navigate to the Configuration tab, select Security Profile, on the right-hand side, go to the Services section and select Properties:

20150925182623

3.  In the Services Properties, scroll down to SSH and select Options. Ensure Start and stop with host is selected, then click OK to save:

20150925182904

4. Back in the Security Profile, in the Firewall section, select Properties, then check SSH Client & SSH Server. Click OK to save:

20150925183014

5. Perform the same steps on the other ESXi hosts.

6. You should then be able ssh onto either host and scp files to the other one:

20150925185429

7. The command to scp from one ESXi host to another is:

scp /vmfs/volumes/hyp1-local-1/ISO/Windows_Server_2008_R2.iso root@172.16.0.11:/vmfs/volumes/hyp1-local-1/ISO

References:
Using SCP to copy files to or from an ESX host (1918)
Remote ESXi Shell Access with SSH

Remove VM swap file in ESXi 5.x

There may be specific scenarios where it is not desirable to have a VM swap file. In my most recent experience a customer was short on storage so wanted to save space occupied by the large VM swap files, which are equal in size to the memory allocation to the VM. As physical memory on the ESXi host was not over-subscribed this would not have negatively impacted the performance of the VMs .

To remove the VM swap files perform the following steps:

  1. In the vSphere client locate the VM, right-click on it and select Edit Settings.
  2. Go to the Resources tab and select Memory
  3. In the right-hand side check Reserve all guest memory (All locked) and click OK. The screenshot below shows this setting:

20130419130220

This setting reserves all 32GB of vRAM allocated to the VM on the ESXi host, and only if that memory is locked and guaranteed will that VM be able to power on.

Prior to making the configuration change the VM’s folder on the datastore contained a 32GB swap file:

/vmfs/volumes/514c4fc8-21030200-2f06-bc305bf615e3/VM1 # ls -al | grep vswp
-rw-------    1 root     root     34359738368 Apr 19 12:07 VM1-6d3a3a7d.vswp
-rw-------    1 root     root     119537664 Apr 19 12:07 vmx-VM1-1832532605-1.vswp

After locking the reserved guest memory, the swap file was zero-length, so occupied no storage space (0kb):

/vmfs/volumes/514c4fc8-21030200-2f06-bc305bf615e3/VM1 # ls -al | grep vswp
-rw-------    1 root     root             0 Apr 19 12:10 VM1-6d3a3a7d.vswp
-rw-------    1 root     root     119537664 Apr 19 12:10 vmx-VM1-1832532605-1.vswp

You can ignore the VMX swap file, above it is vmx-VM1-1832532605-1.vswp. These files are not related to ordinary host memory swapping but allow the swapping of the memory overhead associated with the VMX process. The ESX/ESXi host creates VMX swap files automatically when the VM is powered on, as long as there is sufficient free disk space. This is a new feature in ESXi 5.x and more info can be found here.

Note: Removing the swap file is not recommended in solutions where memory has been over-subscribed to VMs. Doing so precludes the use of and benefits VMware memory management techniques such as ballooning, TPS (transparent page sharing), memory compression and host swapping (in that order).

PowerCLI one-liner to change PortGroup membership on all VMs in a cluster

In my previous post I provided a PowerCLI command to rename PortGroups across multiple hosts in an ESX/ESXi cluster. You would usually do this when making network segment/infrastructure changes. These would be done in two phases:

  1. Rename PortGroups and tag them with the new vlan(s).
  2. Move VMs from the old network segment (PortGroups) into the new one.

The following command would do it:

Get-Cluster "ESX Cluster" | Get-VM |Get-NetworkAdapter | Where {$_.NetworkName -eq "Inside-VLAN" } |Set-NetworkAdapter -NetworkName "DMZ-VLAN" -Confirm:$false

So the command connects to all the VMs running in Cluster ESX Cluster and changes the networks or PortGroups the vNICs are located in from Inside-VLAN to DMZ-VLAN. The last parameter -Confirm:$false suppresses the prompt to confirm the PortGroup changes.

PowerCLI one-liner to rename a PortGroup on all ESX/ESXi hosts in a cluster

It can be a huge hassle to manually rename PortGroups across multiple ESX/ESXi hosts in a cluster. This is where PowerCLI becomes super handy – the one-liner below will take of it:

Get-Datacenter London-DC | Get-Cluster "ESX Cluster" | Get-VMHost | Get-VirtualPortGroup -Name "Inside-VLAN" | Set-VirtualPortGroup -Name "DMZ-VLAN" -vlanid 1002

The above command connects into the London-DC Datacenter object and then to the Cluster ESX Cluster. It will get all the ESX/ESXi servers in the cluster by running Get-VMHost. It then locates the PortGroup called Inside-VLAN and renames it to DMZ-VLAN and tags it with vlan ID 1002.

If you have upwards of 5 ESX/ESXi hosts it will save you a lot of time and effort.

PowerCLI one-liner to rename a PortGroup on an ESX/ESXi host

If having to login to your VMware vSphere infrastructure is a hassle just to rename a PortGroup on a single ESX/ESXi host is a hassle you can run the following PowerCLI one-liner to take care of business:

Get-VMHost -name esx1 | Get-VirtualPortGroup -Name "Inside-VLAN" | Set-VirtualPortGroup -Name "DMZ-VLAN"

The command connects to the ESX/ESXi host called esx1 and renames the PortGroup called Inside-VLAN to DMZ-VLAN.

If the PortGroup being changed is the native vlan on a trunk port then you would not tag it. However, if it was tagged with a vlan id and you were changing your network configuration this could also mean that you want to change the vland id. If so add the -vlanid parameter followed by the id:

Get-VMHost -name esx1 | Get-VirtualPortGroup -Name "Inside-VLAN" | Set-VirtualPortGroup -Name "DMZ-VLAN" -vlanid 1002

Simple as that!