Following on from my last post on getting vSphere Tags by REST API, in this post I’m going to share my extension of the script to automate VM protection in Rubrik using vSphere tags via REST APIs.
If we boil it down the minimum PowerShell code required, then protecting VMs by tag is as simple as:
Import-Module Rubrik Import-Module VMware.PowerCLI $RubrikCreds = Get-Credential -Message "Enter Rubrik Creds" $vCenterCreds = Get-Credential -Message "Enter vCenter Creds" Connect-Rubrik -Server "192.168.1.201" -Credential $RubrikCreds Connect-VIServer -Server “hchlv2vcenter.lab.local” -Credential $vCenterCreds Protect-RubrikTag -Category "Rubrik" -Tag "Protect" -SLA "Tier1-Gold"
So if any vendor is telling you that their solution is superior because vSphere tag protection is in their UI, they just boiled down their competitive differentiation to 7 lines of PowerShell. Fail.
One challenge with the above script is that it does rely on PS modules. If you relate back to my vSphere tags by REST API post the use case was for a large health insurance provider who didn’t have internet access or permission to load modules locally. This meant we needed to use Invoke-RestMethod directly from PowerShell to interact with both the vCenter and Rubrik REST APIs rather than use the modules.
The prospect also gave me some additional design requirements:
- By default show “what if” and not make changes in Rubrik
- Easily configurable to apply the protection
- Support multiple vCenters
- Process a CSV list of all categories/tags that need an SLA assigned to the VMs
- Correct any VMs that have existing protection applied, but doesn’t match the vSphere tag
- Run headless so it can be scheduled
Here’s the result of what I built both in PowerShell 5.1 and 6.x:
Both scripts come with a sample CSV. Simply edit the variables at the start, put your assigned tags into the CSV and run the
If you found this useful please follow me on twitter for future scripts and musings. Happy scripting,@JoshuaStenhouse