sdecoret -


How to use PowerCLI for alarm automation in vCenter

Alarms are central to good security. Bypass the unwieldy GUI and use PowerCLI instead to quickly and easily retrieve, monitor and modify alarms in your vCenter ecosystem.

For years, VMware has stated that PowerCLI is the best way to automate vSphere. VMware administrators can also use PowerCLI to save time when managing vCenter alarms.

Good security requires proper and in-depth monitoring of IT infrastructure. In a complex system such as vCenter, it might seem daunting to monitor services, ESXi hosts and hardware, in addition to all the other parts of the ecosystem. Fortunately, vCenter creates many alarms by default to keep you aware of anything that might need your attention.

However, configuring additional alarms can be very time-consuming and burdensome if you do it through the vCenter GUI. You can instead use PowerCLI for alarm retrieval and configuration.

Understand alarms

In vSphere, there are three different aspects to an alarm:

  • the object that the alarm monitors, such as a VM or the vCenter server;
  • what triggers the alarm, such as a change in health status for a server; and
  • the action the alarm takes once a certain condition occurs, such as sending an email when a network loses connectivity to a host.

If you configure an alarm high up in the vCenter hierarchy, lower levels also inherit that alarm. For instance, if you configure an alarm at the vCenter level, then all objects in vCenter inherit that alarm, if applicable.

View existing alarms

You can use the PowerCLI cmdlet Get-AlarmDefinition to show all existing alarms in vCenter. To see all existing alarms and their entities -- meaning objects for which the alarms are defined -- you can run the following command:

Get-AlarmDefinition cmdlet output

This command shows you two properties: the name of the alarm and the entity with which it's associated. You can sort the list by alarm name.

If you want to dive deeper into one particular alarm definition -- for example, 'Datastore Connectivity' -- you can use Get-AlarmDefinition again. The output shows you that this specific alarm detects when a data store is disconnected from its hosts.

Get-AlarmDefinition cmdlet secondary output

To see what happens when something triggers this alarm, use the Get-AlarmAction cmdlet. If you pipe the previous command, Get-AlarmDefinition, into Get-AlarmAction, it shows you that this alarm sends an email to [email protected].

Get-AlarmAction cmdlet output

VMware color-codes the severity of a condition: green for normal, yellow for warning and red for alert.

In the case of the 'Datastore Connectivity' alarm, the system sends an email when the status goes from yellow to green or yellow to red. Use the Get-AlarmActionTrigger command to see this:

Get-AlarmActionTrigger cmdlet output

PowerCLI for alarm configuration

You can create custom alarms in vSphere, but it's easier to modify existing alarms with PowerCLI. Use New-AlarmAction, New-AlarmActionTrigger and Set-AlarmDefinition to change existing alarms.

For example, you can use the New-AlarmAction cmdlet to have 'Datastore Connectivity' run a Python script when something triggers that alarm.

New-AlarmAction cmdlet

To create a separate trigger for that alarm action, use the New-AlarmActionTrigger command.

New-AlarmActionTrigger cmdlet

PowerCLI also enables you to make bulk changes to alarms. For example, you can disable all alarms that include the string "vCenter."

Set-AlarmDefinition cmdlet

Next Steps

Learn how you can use PowerCLI to manage an ESXi firewall.

Know the cmdlets that make managing hard disks easier.

Use PowerCLI to take care of your data stores.

Dig Deeper on VMware ESXi, vSphere and vCenter

Virtual Desktop
Data Center
Cloud Computing