/ #powercli #sso 

Using PowerCLI to vMotion VM between different SSO domains

Edit (December 21st, 2020): I created this script a while ago for my specific need. However, a lot happened since 2016! In the meantime the Cross vCenter Workload Migration Utility Fling was released in 2018, and the Fling has been recently productized and is now part of the vSphere 7.0 Update 1c (Patch 02) release.

For vSphere 6.x-to-6.x Migration, the Fling can still be used, but for newer migrations, it is recommended that you use the official Advanced Cross vCenter vMotion feature included in vSphere 7.0 Update 1c.

For more information about the history of Cross vCenter Workload Migration Utility and its productization, you can check William’s and Niels’ blog posts.

FacepalmThis was me when I saw the Spotlight on the Move-VM Cmdlet including PowerCLI 6.5 Enhancements article as I spotted the new Move-VM native capabilities a couple months back.

Well, not a big loss, but I could have published my script and this article a few weeks back.

Cross-vCenter vMotion

So, what’s the big deal here? vSphere environments are typically organized into data centers and clusters. The datacenter object is the highest building block of a vCenter hierarchy, and the highest-level logical boundary representing a vMotion domain. Architects and engineers had to respect those vMotion domains to design their infrastructures before vSphere 6.0.

With vSphere 6.0, this limitation of restricting vMotion within a single vCenter was removed with the Cross vCenter vMotion feature. What was not very well known was that the same feature allows to vMotion a running VM between 2 different vCenters which do not belong to the same SSO domain. However, this is something not available with the GUI: William was the 1st to release a script allowing you to vMotion a VM between SSO domains, and his script was using the API.

PowerCLI Move-VM cmdlet

Starting from PowerCLI 6.5, the Move-VM cmdlet now supports natively Cross vCenter vMotion and the ability to vMotion VMs between vCenters (even if they are not part of the same SSO domain).

I created a simple PowerCLI script to demonstrate this new capability: Cross-SSO-vMotion-between-vCenters.ps1.

The script use the native Move-VM cmdlet capabilities to vMotion a running Virtual Machine between 2 vCenter Servers, independently if they belong to the same SSO domain or not. Also, a function determine the port group type and return the correct network object (removing the need to know if the distant port group is standard or distributed).

In the screenshot below, you can see the vMotion initiated from the script, migrating the web01 VM from my vc01-dc-a vCenter to the vc01-dc-b vCenter: vc01-dc-a belongs to ssodomain-a.local SSO domain, while vc01-dc-b belongs to ssodomain-b.local.

Example: vMotion VM between 2 vCenters in different SSO domains with a PowerCLI script

Here is the output of the script:

vMotion VM between different SSO domains: script output

I have uploaded my script on GitHub with all associated information: Cross-SSO_vMotion.

PowerCLI script to vMotion a running VM between two vCenters, even if they are not in the same SSO domain. The script will use the _GetPortGroupObject_() function to determine the portgroup type (standard or distributed) and return the correct object.

Enjoy!

Author

Romain

Staff II Technical Product Manager, technologist with 18+ years of Networking and Security experience in Data Center, Public Cloud & Virtualization (VMs and Containers). He is a double VCDX (DCV and NV, #120), VCDX panelist, frequent VMUG/VMworld speaker and contributor to the community via this blog or social media (follow him on Twitter @woueb).