[PowerShell] Getting started with Windows PowerShell Desired State Configuration – Part 2 – Pull Server

After the introduction with DSC I got exited of possibilities, so what’s next?

Setting up a PS DSC Pull Server is the next step. I had some issues with the Pull Server installation on Windows 2008 R2, so I try to keep it simple and deployed a Windows 2012 R2 server. Maybe I will try later on to install the DSC Pull Server on Windows 2008 R2, for research purposes.

I meanly used the blog post of Steven Murawski Building a Desired State Configuration Pull Server, but there were some point in there that needed clarification. In the walk-through below I will add the extra steps and command snippets, but I will keep most settings default.

So I split the installation of the DSC Pull Server into 2 phases, Installation and Configuration:


Step 1) Deploy a Windows 2012 R2 Standard server (in my case a VM with 1 CPU and 2GB of memory)

Step 2) Join domain, set a static IP, and run every Windows Update

Step 3) Install Windows Management Framework 4.0 (Download@MS) and reboot

Step 4) Install DSC-Services: Start PowerShell (as Administrator) and use command below:

Step 5) Enable IIS Manager using the command below:


Step 1) Create directories:

Step 2) Copy files:

Step 3) Open the IIS Manager and create Application pool that runs under the “LocalSystem” account:


Step 4) Open the IIS Manager and create a new site or reuse the default site (as I did), point the root of the site to the PSDSCPullServer and change the Application Pool to the pool and directory we created earlier:


Step 5) Unlock the sections of the web config as below:

Step 6) Update the web.config we copied earlier, put the code in the “appSettings”:


Now Test

If you navigate to http://localhost/psdscpullserver.svc you will see something like below:


Now the configuration of the PowerShell Desired Configuration Pull Server is done and you can proceed with creation of the Configurations.

Also see my earlier post on Getting started with Windows PowerShell Desired State Configuration – Part 1


Other Links I can recommend:




[PowerShell] Getting started with Windows PowerShell Desired State Configuration – Part 1

I recently started with PowerShell DSC, this post is to get you up to speed.

Last year Microsoft announced Windows PowerShell Desired State Configuration (DSC) as part of PowerShell v4 during TechEd North America. DSC is a very cool new feature that lets administrators write a declarative “script” that describes what a computer should look like. PowerShell takes that, matches the declarative components with underlying modules, and ensures that the computer does, in fact, look like that. Nearly anything can be checked and controlled: roles, features, files, registry keys. Anything that a PowerShell module can do.

This year Microsoft announced the CTP release of the Windows PowerShell DSC for Linux on GitHub, the step by step guide for Linux DSC.
Will DSC replace other Configuration Managers like Puppet/Chef/etc.? No surely not, Microsoft enables the other Configuration Managers to leverage DSC to saves them, and their users, work.

How does DSC work?
The process is very much like any other Configuration Managers:

  • Client configuration (Windows Management Framework 4)
  • Push or Pull Server
  • Managed Object Format (MOF), the declarative “script”

Basically there is no need to manually create the MOF script, there are already a lot of MOF scripts available on the DSC GitHub.

So where should you start?
I started with 2 related pages: DSC GitHub and Building a DSC Pull Server.
Creating a DSC Pull server on Windows 2008 R2 like me then you need some extra step, I still have some issues getting the Pull server to work on a AD server.

Let me know if you find some cool and useful stuff about DSC.

BYOD for Dummies by VMware

A good read: “BYOD for Dummies” edition by VMware, without the VMware mantra.
Online resource: BYOD for Dummies
Or offline:

[PowerCLI] Show ESX cluster CPU/Mem averages

As a follow-up on my earlier [PowerCLI] Report ESX vCPU vs pCPU & Memory ratio script, I created a script that only shows average CPU and Memory usages per Cluster.
This brief cluster overview is (for example) usable for management reporting.

See [PowerCLI] Report ESX vCPU vs pCPU & Memory ratio for more information about how to read the output.


[PowerShell] Freeware script editor comparison

Having a PowerShell script editor that helps you in with your task at hand improves your speed and quality enormously. This is for PowerShell beginners and even for expert users. I myself started with MS Notepad as my PowerShell editor, it’s fast but there are zero features that help you. Soon I switched over to Notepad++, a fast and simple editor with syntax support/highlighting for PowerShell.

Nowadays I also need debug support for the big and complex scripts, there are many varieties of script editors that have debugging. I choose PowerGUI (Quest/Dell) as my script editor with debug capability, also because of the PowerPacks that are created by their community. PowerPacks are pre-built scripts with customizable interfaces, for example the VMware Community PowerPack gives a management console for your daily VMware tasks.
Not to forget the Microsoft very own Windows PowerShell ISE, I’m not a huge fan. PowerShell ISE is fast and has debugging, still it lacks the community hooks and has less features than PowerGUI.

MS Notepad, used when a better editor is not available:
Notepad++, replaces MS Notepad and gives great inside in to any script:
PowerShell ISE, fast but missing features:
PowerGUI, great for editing big and complex scripts:

More PowerShell script editors, this is my selection.

[PowerCLI] Change DefaultPSP and SATP/PSP for every lun on every host

Changing the default Path Selection Policy (PSP) on every host can be time consuming challenge, after that you also need to change the PSP on every lun on every host.
In the past you needed to SSH login to every host and change the settings “manually”, but there is also a PowerCLI way to do that. Using PowerCLI cmdlet Get-EsxCli you can execute the esxcli command from PowerCLI directly to the host. Using foreach to loop through all the hosts and check and change with Get-EsxCli the setting on every host and lun.
You can simply change the $VMW_SATP and $VMW_PSP for your required Storage Array Type Plugin (SATP) and Path Selection Policy (PSP), the script below is configured for IBM SVC-based systems (SVC, V7000, Actifio).



[PowerCLI] Report ESX vCPU vs pCPU & Memory ratio

Here is a script that will show you 3 things per host:
1. vCPU:pCPU ratio,
2. Host Memory Granted,
3. Host Memory Used.

It will count all the vCPUs on a host and the (physical) pCPUs, the vCPU differed by pCPU is the ratio. The vCPU:pCPU should in my opinion be:
High CPU load environment <4:1 Medium CPU load environment ~4:1 Low CPU load environment >4:1

The “Host Memory Granted” percentage value is the sum of all VM granted memory compared to the total host memory, you can also call this Worst-Case usage. The “Host Memory Used” percentage is the real value of the host used memory.
“Host Memory Granted” should be <90% unless you know what you are doing. "Host Memory Used" should be <80% depending on the cluster size (see Duncan’s HA Deep Dive).


[PowerCLI] Check Ballooning vCenter wide (quick)

I used the Check Ballooning script allot in the pasted, the script can be found on many blogs and sites. I simply adjusted the script so it would also show Compressed Memory.
Why add “Compressed Memory”?, it gives a extra dimension to the ballooning an swapped values.
Compressed Memory tells you how memory intensive the VM is, so:
Higher compression value then the ballooning or the swapped: Lower priority
Lower compression value then the ballooning or the swapped: Higher priority

The code I use:

Based on the script of ICT-Freak.

Undeduplicatable/uncompressible data

Testing anything that uses deduplication and/or compression? Use data that is entirely unique.

You can create unique data with the /dev/random (or urandom) but it’s terribly slow if you need allot of data, 10-20MB/s(per thread). OpenSSL has a faster and better way to create random data, using OpenSSL will improve the speed up to 120MB/s(per thread).
Create a 1GB unique file with the following command(openssl required):
openssl rand -out 1GB-random-A -base64 $(( 2**30 * 3/4 ))

Want to fill 1TB of storage with random data, use the line below (openssl & bash required):
for i in {1..1000}; do openssl rand -out 1GB-random-%i -base64 $(( 2**30 * 3/4 )); done

Using this while testing an PureStorage storage array I was able to keep the dedup/compression ratio on a 1:1 with 10TB of pseudo data. (FYI same result on Nexenta)

4 unique 1GB files you can download and use directly:

[PowerShell] AD enable UNIX Attributes

When using Active Directory and UNIX Attributes (User/Group Unique Identifiers) the first thing you need is the Identity Management for UNIX Components. Now you are ready to start using UNIX Attributes.

Adding UNIX Attributes to every user and group in your domain, using PowerShell.

Get every user that already has UNIX Attributes enabled, only change the and the to you specifics:

Setting the Unix IDs it a bit more difficult, you need to do 4 thing:
1. Get the last Unix User ID available
2. Enable NIS on the User account
3. Give the user a unique Unix User ID
4. Make the user member of a Unix Group

Set every user that didn’t receive a UNIX Attributes yet, only change the and the to you specifics: