Powershell ESXCLI

 Recently at work I was tasked with gathering information for all of our VM Hosts at work. In the process of doing so, I realized that documentation was a bit hard to find and unclear how to get from point A to point B without hopping from blog to blog, doc to doc. So here is my explanation of it all from start to finish of how to interact with EsxCli through PowerShell. I will include a simple script at the end.

The first thing is we need to make sure we have the module we need to do it. To just simply install it via command, it is as follows:

Install-Module -Name VMware.PowerCLI -AllowClobber

This will pull the necessary module to work with EsxCli stuff. After that we need to import it with this command:

Import-Module VMware.PowerCLI

Simple enough. Now we can actually start using the VMware PowerCLI stuff. There are a ton of commands for it which can be looked at via this command:

Get-Command -Module VMware.*

The next goal for me was to connect to a server because you cannot do much of anything until you connect. To do so, you need to consider whether or not the certificate for your server will throw an error or not. If it will, it may be best to tell it to be ignored to speed things up. You do all of this with the following commands (This connects to either a regular server or VCenter):

Set-PowerCLIConfiguration  -InvalidCertificateAction Ignore

$server = Connect-VIServer -Server YourServerNameHere

Hopefully all goes well up to this point. It should ask you for credentials to log in. If you're still with me, all is well. We are mere moments away from being able to access all of the EsxCli stuff. We need to interact with the VM host or hosts. If you connect to VCenter, you will have multiple hosts. We can access the one or more hosts with this command:

Get-VMHost

The results of that will give us the objects necessary to then access the EsxCli. We do that like so:

$esxcli = Get-EsxCli -VMHost HostReturnedFromGetVMHost

Everything can then be accessed through the $esxcli object through properties. There is also a V2 option that changes things slightly. Adding that changes things slightly when calling. I will use that in the script example at the end. As it stands now, if we want something like the server platform information, we do so like this:

$esxcli.hardware.platform.get()

There you have it, the basics of how to use PowerShell to interface the EsxCli interface. Now here is the script I made, then modified a bit while writing this up for improvement. It gets a CSV file that will contain the IP, Make, Model, and Serial Number for an inventory of the VM hosts.

# Install necessary powershell module for EsxCli

If (-Not $(Get-Module -ListAvailable -Name VMWare.PowerCLI)) {

    Install-Module -Name VMware.PowerCLI -AllowClobber

}

Import-Module VMware.PowerCLI

# Collection object for exporting later

$vmhostinfo = @()

# Need to ignore because no CA

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore

# Should ask for credentials the first time probably

$server = Connect-VIServer -Server boe-vcenter5.ecsd.effingham.k12.ga.us

# Iteration, loops, and that stuff

Get-VMHost | ForEach-Object {

    $x = Get-EsxCli -VMHost $_ -V2

    # This is to get around the special interpretation of $_

    $ip = $_.Name

    # Adds an IP property to the collection

    $vmhostinfo += $($x.hardware.platform.get.Invoke() | Select-Object -Property @{Name = "IP"; Expression = {$IP}},VendorName,ProductName,SerialNumber)

}

#Given in CSV format because it's easier to manipulate and exports to a spreadsheet

$vmhostinfo | Export-Csv -Force vmhostinfo.csv -NoTypeInformation

# Good luck!

There you have it, a simple script for gathering some information. There's obviously a lot more that you can do, but at work we do not have a need for any of that just yet. I will probably create something later on down the pipeline to script out other tasks I normally do manually just to see if I can. Hope this helps people.

File Synchronization and Backup

 Having access to your files at any given time is a convenience some people today rely on so heavily, that as a person who often never really needs any particular files I find it humorous. Despite this, I have been rather obsessive about file access and backups in the past few years. This is so much so that I realized recently I have over 50 USB flash drives and 4 external hard drives accessible to the network. tow of the hard drives are specifically for TV and movies because I keep duplicates at the ready should an external fail on Kodi. One of them is an old Apple time machine that is ready to go, but I don't actually use it. Another is an old Seagate I have had for about 10 years or so now that keeps chugging along despite the slow speeds and for the small files I usually work with it works just as I need it. Taking it a step further, I have a RAID 1 setup on my main laptop with most of my documents duplicated onto a secondary laptop, and everything else was in Google Drive.

So here's the thing about all of this. Google Drive, like any other cloud service, can have terms changed, storage space altered, and on top of that, do you really want your files in "the cloud?" Truth be told you could easily just manually copy files onto each device you have and be relatively fine. So if you do have storage available, you should make use of it. So stop being lazy and back up your files yourself!

That being said, of course there are solutions that depending on the effort you put in, can be  Let me start out by saying that ANY local network solution can be an "anywhere" solution with tools like a VPN. I personally have OpenVPN setup at home because my Asus router has that option built in. You can create your own OpenVPN server fairly easily, but that's not the topic at hand for this.

For file synchronizing across multiple devices and types of devices, I was recently made aware of some rather cool software called Syncthing. The program name is rather unappealing, but the software is one of the coolest things I did not realize I needed in my life. What sets this apart from any solution I have seen before is that it is a "decentralized" file sync program. This means it uses a Peer-to-Peer model as opposed to the typical Server-Client model. If that doesn't make sense to you, view it like this. Normally you have a "centralized" server that handles all requests, files get uploaded to and downloaded from the server. In a peer-to-peer model, any device can serve files to any device asking and any device can ask any device that has the file for the file. This creates a huge advantage in file accessibility for a busy connection.

This means a few things to consider. The first is that you will need at least two devices to synchronize, not a hard thing to find now-a-days. The second is that rather than configuring a server, you must configure each device. As of writing this, I have four devices connected and the only limiting factor is a raspberry pi 4 connected to a very slow external. So here is some food for thought over any problems I have run into.

The first thing is be certain where you want the files stored and what you will sync. The reason being if you blanket a whole swath of folders, there is a chance some program specific or computer specific stuff will take up room on devices you do not need it to. I have separated all of my stuff to be synchronized out of the normal workflow and pieced it back together with shortcuts. I have also tried to break down the folders that get synced into separate items on the list for greater control and flexibility. The second thing to keep in mind is space on each device, what you need, and where. This is in addition to deciding a good folder structure.

With that in mind, there is a little catch on Linux. I have an external formatted in NTFS, which Linux is not exactly a fan of. I did this because the ntfs-3g stuff works better than ext drivers on Windows which love to lock up the file system and make everything unusable. If you have the same setup, the device should be mounted with the user you launch Syncthing under as the owner. If you launch it as root, there's probably nothing to worry about.

Head on over to the download page and install Syncthing on any and every device you want to be involved. For Windows, I suggest also installing the SyncTrayzor just for ease of access. To launch on Windows, you can use the SyncTrayzor in the start menu or you can launch it via command line with the syncthing command. To get to the console to set everything up you can either launch a web browser and go to http://127.0.0.1:8384/ or if you have SyncTrazor, there is an icon in your notification tray there is an icon that you can right click on and select "Open SyncTrayzor." We want to begin to lock things down a bit and make them better.

It will start out with asking you for statistical data, do as you want there. Then it will mention something about setting a username and password, let's do that. If you missed it on the box, just go to the "Actions" menu on the top right hand corner and select "Settings." Under the "GUI" tab at the top you can set a username, a password, and select a theme if you wish to change the color scheme. I also recommend you check the option to use HTTPS for the GUI because why wouldn't you encrypt when there's an option? Click save, then "X" out of the GUI and relaunch. If you are using the website, you need to change http://127.0.0.1:8384/ to https://127.0.0.1:8384/ if you checked the option. After that you should be all set where it has a default folder. Let's remove that. To remove a folder, you click on it and select "Edit" and then "Remove" on the edit page, bottom left corner this time. Now you can go through and add all the folders you want to sync, remember to organize them first. After you get all the folders set, you can start on the next device. Follow the same process. It does a good job at auto-discovery for when you add a device. When you add the device, the device you are trying to add will prompt for approval, nice little security measure.

When you have both devices set of any folder, if any, each is going to share (keep in mind if you want to merge a folder on both devices, sync one to the other and then move the files you want into that folder to make things easier). Just edit the folder on the device and use the "Sharing" tab up top and check any device you want to sync with.

Before you add more devices, I recommend you let everything sync and normalize before you add the next device. When you get a third setup, you will need to add it to  ALL devices you want to sync with, then on ALL the other devices elect to share with ALL devices expected to sync for the best stability and performance. You can keep a more-or-less centralized model, but I would take advantage of removing single point failures and have everything connect.

Now let's talk phone. Chances are the big thing is going to be syncing your photos to your computer. We can do that and ditch Google Photos or whatever other invasive "online photo album" software is the flavor of the day. It's generally more polite this way because chances are you will also help protect the privacy of friends and family that may make an appearance in your photos. Unless you're like me and the majority of your pictures are sleeping dogs, screw-ups at work, and memes.

That being said, just download the app for your phone. Add your folders in there, then we can add devices the cool way. Select the devices tab, hit the plus, then select that little QR code icon. Then on the device you need to add, on it's interface under "Actions" there is a "Show ID" option that gives you a QR code you can scan. As usual, it the device will want confirmation that you are trying to add it. Share your folders like normal.

So that's a quick overview of a fairly easy to use, decentralized, file sync program. So here are my thoughts.

The first is, it's really cool and I am quite happy with it. The interface is usable and it's just easy to setup and use. The only real critique I have is I really wish there was a built in function to move a folder. Instead I have to remove the folder in the control panel, move it on the system, then tell it to re-add the folder in the new location and wait for it to sync and a couple of times complain about "conflicting" files. Not a deal breaker for me, the advantages are just too good.

All that being said, I will continue in my search for secure and private alternatives for everyday conveniences and hope that you too will join me in taking the necessary steps to protect your data. Targeted marketing and advertisements on top of data breaches has hit levels it never should have all for the sake of what is convenient and I hope we can remedy it. If that's not your goal, then maybe you will at least find some cool software to check out.

Stay Safe and Private

 With everything going on in the world, I have been very busy between work and life. I wanted to make a quick post about some things you can do to keep yourself digitally safe during these uncertain times. So let's begin.

If you have an Android phone, there are some steps you can take to mask yourself a bit. While it's not perfect, you can hide yourself and your data a little better. The first big thing that popped into my brain was keyboard. Chances are that your keyboard is sending everything you type and your habits typing somewhere for the sake of analysis to make typing easier. However, do you really want everything you type sitting on a server that you do not know that well? I would rather not because I know the things I look up and some things are better off going to the grave. I found a keyboard that does enough to keep me happy and keep my privacy. AnySoftKeyboard is a good privacy focused keyboard. It can be challenging at times, but privacy is worth taking some extra time to spell check yourself. Another glaring hole for security is text messages. They are oh so convenient, however convenience should not take away from privacy and security. Signal has our backs here. It can do many other things, however text messaging is primarily what I use it for. You can also conveniently link it to your computer. Quite a cool app. More often than not another key function we use on a day to day basis is web browsers. Web browsers are nice, but they can harvest so much data you would not even think about. In this area there are multiple options. The cool thing about browsers focused on privacy is they usually block ads, so it's a great thing to have. I use DuckDuckGo, but Brave is also a good option. Privacy, Ad blocking, and there's alternatives to choose from, this is a great thing to see. Finally for the phone, if you are worried about Google tracking everything you download and install you can try other "play store" variations. I have been trying out APKPure. Aside from a lot of ads, there isn't anything I have found "wrong" with it. Keep in mind, there entirety of the Google Play Store is basically an ad platform, so it is what it is.a

Now we are going to start rolling into some crossover of what to use for any device you have. One of the greatest points of protection you can consider is a VPN. If you don't know what a VPN is, it stands for Virtual Private Network and allows you to connect to a different network remotely for accessing local resources in another network or region. The majority of them offer encrypted tunnels, meaning your traffic is going to be very difficult for people in between to see what you're doing. Even more so, by using a major VPN along side everyone else, the traffic to and from the VPN is going to be difficult to determine who it is for or from. There are MANY options like ExpressVPN, Nord VPN, Surf Shark, Private Internet Access and so on. For the sake of honesty, I use ExpressVPN. They are fast, outside of most legal jurisdictions you might worry about, have not had any data breaches to my knowledge, the price is reasonable, and I have not had a problem with them yet. I encourage you to do your own research and find what you think is best. Remember to install an equivalent app for your phone, computer, and any other device you can put it on.

Next thing to cover is Tor. Tor can be used while on a lot of VPNs, has an app for your phone, runs on the computer and so on. The main idea with Tor, in my opinion, is security through obscurity. Basically, it bounces the connection around like mad making it hard to trace. The concern you should have is here it is bouncing through. So I would not recommend using any passwords over the Tor network.

Email is another must have today. There are many secure email options now. The one I have been using is Proton Mail. There's an app to use it on your phone as well. Not much else to say other than do some research and find the best option for you.

Options for computer security include web browsers like Brave, or the modified version from Gab called Dissenter. I would mention others, but it is a long list that seems to grow every day. Regardless, I highly recommend if you have the option to use an addon called uBlock Origin. uBlock Origin is hands down the best ad block I have ever used with great performance. It works better than Ad Block Plus and feels far faster. So if you're an ABP fan, I would consider trying upgrading and see how it fits for you. Ads are notorious for tracking, so blocking them is a must for privacy and security. Not to mention most of the tracking is done for targeted advertising so just make it even harder for them to deliver there messages. Make them work for it.

That all being said, remember to use a firewall on any device possible, whenever possible. Do not connect to open wireless access or the wireless access of any store, hotel, or other. Be smart, question everything, and do your own research before you hit a download button or run a program, click a link, so on and so forth.

Other things I will hopefully have time to look into in the future will be a more secure camera app, file sync/storage, and so on. There is a lot to look into.

Now the big speech. This isn't about being paranoid. This isn't about hiding. This is about being aware of our own safety and security. This is about being aware of the information we allow others access to. For far too long we have sacrificed an understanding of what information there is being bought and sold about us purely for convenience sake. I am guilty of this myself. I hope you will join me in trying to become aware of all of this and taking the steps necessary to protect yourself in today's world. Not everyone has your best interest in mind and the only person you should trust absolutely is yourself. Please stay safe.