Compare installed VMware ESXi VIBs

Last Week I had to analyze a huge VMware vSphere environment regarding configuration issues and risks. One of the challenges was to Compare installed VMware ESXi VIBs, to make sure not only the kernel but all packages are identical on the Hosts within the Cluster. Different packages on the VMware ESXi hosts are not necessarily a problem but a huge risk. An unused (not loaded) driver VIB for example is no risk, but different NIC driver versions on the Hosts in a VMware NSX enabled Cluster are a huge problem.

Compare installed VMware ESXi VIBs - Result

To get deeper insight in to the used NIC driver and firmware there is another PowerShell function available: Get-NICDetails.psm1 (Blog Post: Script – Get ESXi NIC Firmware and Driver Details).

The Function - Compare installed VMware ESXi VIBs

The comparison of the installed VIBs is based on the PowerShell Cmdlet Compare-Object:

The Compare-Object cmdlet compares two sets of objects. One set of objects is the “reference set,” and the other set is the “difference set.”

The data (Array of VIB IDs) for the comparison is simply gathered via the VMware PowerCLI Cmdlet Get-ESXCLI -V2.

My function only accepts a single vSphere Cluster object as input. If you need to verify multiple clusters against the reference host, the cluster input can also be piped: Get-Cluster | Validate-ESXiPackages -RefernceHost $(Get-VMHost "<Hostname>")

Compare installed VMware ESXi VIBs - Result multiple clusters

In all of the above examples, the VibDiffSideIndicator property is missing. This additional property should indicate if the package is missing on the reference host or the verified host. Explanation from the Compare-Object documentation:

The result of the comparison indicates whether a property value appeared only in the object from the reference set (indicated by the <= symbol), only in the object from the difference set (indicated by the => symbol) or, …

In my example is the NSX-V VIB not installed on the reference host but on the verified host:

Compare installed VMware ESXi VIBs - VibDiffSideIndicator

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75


function Validate-ESXiPackages {
    <#
    .DESCRIPTION
        Compares all ESXi Host VIBs within a vSphere with a reference Hosts.

    .NOTES
        File Name  : Validate-ESXiPackages.ps1
        Author     : Markus Kraus
        Version    : 1.0
        State      : Ready

    .LINK
        https://mycloudrevolution.com/

    .EXAMPLE
        Validate-ESXiPackages -Cluster (Get-Cluster | Select-Object -First 1) -RefernceHost (Get-VMHost | Select-Object -First 1)

    .PARAMETER Cluster
        vSphere Cluster to verify

    .PARAMETER RefernceHost
        The VIB Reference ESXi Host
    #>
    
    [CmdletBinding()]
    param( 
        [Parameter(Mandatory=$True, ValueFromPipeline=$True, HelpMessage="vSphere Cluster to verify")]
        [ValidateNotNullorEmpty()]
            [VMware.VimAutomation.ViCore.Impl.V1.Inventory.ComputeResourceImpl] $Cluster,
        [Parameter(Mandatory=$True, ValueFromPipeline=$false, HelpMessage="The VIB Reference ESXi Host")]
        [ValidateNotNullorEmpty()]
            [VMware.VimAutomation.ViCore.Impl.V1.Inventory.InventoryItemImpl] $RefernceHost
    )
        
    Process {
        
        #region: Get reference VIBs
        $EsxCli2 = Get-ESXCLI -VMHost $RefernceHost -V2
        $RefernceVibList = $esxcli2.software.vib.list.invoke()
        #endregion
        
        #region: Compare reference VIBs
        $MyView = @()    
        foreach ($VmHost in ($Cluster | Get-VMHost)) {
    
            $EsxCli2 = Get-ESXCLI -VMHost $VmHost -V2
            $VibList = $esxcli2.software.vib.list.invoke()
            [Array]$VibDiff = Compare-Object -ReferenceObject $RefernceVibList.ID -DifferenceObject $VibList.ID

            if($VibDiff.Count -gt 0) {
                $VibDiffSideIndicator = @() 
                foreach ($Item in $VibDiff) {
                    $VibDiffSideIndicator += $($Item.SideIndicator + " " + $Item.InputObject)
                }
            }
            else {
                $VibDiffSideIndicator = $null
            }

            $Report = [PSCustomObject] @{
                    Host = $VmHost.Name
                    Version = $VmHost.Version
                    Build = $VmHost.Build
                    VibDiffCount = $VibDiff.Count
                    VibDiff = $VibDiff.InputObject
                    VibDiffSideIndicator = $VibDiffSideIndicator
                    }
            $MyView += $Report
    
        }
        #endregion

        $MyView
    }
}

Get the Function

The Function is part of my vSphere-Modules GitHub Repository. Direct Link to the Function: Validate-ESXiPackages.psm1

If my pull request will be accepted, the Function is also available in the VMware PowerCLI-Example-Scripts GitHub Repository.