Press "Enter" to skip to content

Protecting VMs by tag with Rubrik REST APIs

Joshua Stenhouse 0

Following on from my last post on getting vSphere Tags by REST API, in this post I’m going to share my extension of the script to automate VM protection in Rubrik using vSphere tags via REST APIs.

If we boil it down the minimum PowerShell code required, then protecting VMs by tag is as simple as:

Import-Module Rubrik
Import-Module VMware.PowerCLI
$RubrikCreds = Get-Credential -Message "Enter Rubrik Creds"
$vCenterCreds = Get-Credential -Message "Enter vCenter Creds"
Connect-Rubrik -Server "192.168.1.201" -Credential $RubrikCreds
Connect-VIServer -Server “hchlv2vcenter.lab.local” -Credential $vCenterCreds
Protect-RubrikTag -Category "Rubrik" -Tag "Protect" -SLA "Tier1-Gold" 

So if any vendor is telling you that their solution is superior because vSphere tag protection is in their UI, they just boiled down their competitive differentiation to 7 lines of PowerShell. Fail.

One challenge with the above script is that it does rely on PS modules. If you relate back to my vSphere tags by REST API post the use case was for a large health insurance provider who didn’t have internet access or permission to load modules locally.  This meant we needed to use Invoke-RestMethod directly from PowerShell to interact with both the vCenter and Rubrik REST APIs rather than use the modules.

The prospect also gave me some additional design requirements:

  • By default show “what if” and not make changes in Rubrik
  • Easily configurable to apply the protection
  • Support multiple vCenters
  • Process a CSV list of all categories/tags that need an SLA assigned to the VMs
  • Correct any VMs that have existing protection applied, but doesn’t match the vSphere tag
  • Run headless so it can be scheduled

Here’s the result of what I built both in PowerShell 5.1 and 6.x:

Both scripts come with a sample CSV. Simply edit the variables at the start, put your assigned tags into the CSV and run the scipt. On the first run the PowerShell 5.1 script will prompt then save your credentials securely into an XML file in the script directory for subsequent headless runs.

If you found this useful please follow me on twitter for future scripts and musings. Happy scripting,

@JoshuaStenhouse

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: