Basics – Finding Unprotected Virtual Machines with NetWorker

Most environments these days have a high percentage of virtualisation. It’s not uncommon to see 90% or more of all systems within an environment virtualised, so confirming all those resources are protected is critical.

Within the NetWorker GUI, it’s quite simple to see which virtual machines are protected. Using the HTML5 GUI for instance, you can manually scan through the resources for a vCenter server to see their protected status:

Manually reviewing protection status list

The steps shown above are:

  1. Click “Protection” in the left-hand pane.
  2. Click “VMware vCenters” under Protection.
  3. Select the vCenter server you want to view the inventory for.

You can then scroll through the inventory and visually see the virtual machines that are protected or not – a virtual machine shown in blue, bold text, with a dot, is protected. A grey virtual machine is not a member of a protection policy.

You can also get the NetWorker GUI to only show you the protected, or unprotected guests:

Manually listing only the unprocted clients

The steps shown above are:

  1. Click “Protection” in the left-hand pane.
  2. Click “VMware vCenters” under Protection.
  3. Select the vCenter server you want to view the inventory for.
  4. Click the filter option, and change it from “All” to “Unprotected”.

By applying the “Unprotected” filter, the only virtual machines listed in the inventory are the unprotected ones.

But what about doing it from the command line? Well, for that, you’ll have to leverage the NetWorker REST API.

To check that out, I’ve written a Perl script that you can use to poll a NetWorker server to retrieve a list of unprotected virtual machines. (This assumes you’ve got the “curl” utility on your system, and also requires the JSON Perl module installed.) Since you need to authenticate against a NetWorker server to retrieve configuration details from the REST API, this prompts you for the server, username and password. If running this in a production environment, you might want to reconfigure that process for greater security, but as a proof of concept, you’ll get the idea.

Here’s an example output from the script:

[Sun Mar 29 15:29:28]
 [•  ~/projects/util-Perl  •]
 pmdg@hala 
 $ ./list-unprotected-vms.pl 
 Find Unprotected Virtual Machines
 Server? orilla.turbamentis.int
 Username? pmdg
 Password? SuperSecretPassword
 39 Unprotected Virtual Machines:
     oaktier.turbamentis.int:2kpro
     oaktier.turbamentis.int:2kpro_recovery
     oaktier.turbamentis.int:aal
     oaktier.turbamentis.int:aal_Backup
     oaktier.turbamentis.int:adamantium
     oaktier.turbamentis.int:binar
     oaktier.turbamentis.int:cent38
     oaktier.turbamentis.int:centaur

(Since you can have multiple vCenter servers protected by NetWorker, the script provides output in the format vCenterServer:VMName.)

The script used can be downloaded from here. You’ll need an appropriately configured Perl environment to run in, but it should give you an idea of how simply you can pull this data out of NetWorker.

3 thoughts on “Basics – Finding Unprotected Virtual Machines with NetWorker”

  1. Hi Preston,

    have you tested your script and the GUI output with VMware-Rules?
    The last time I tried the protected and unprotected Lists in the NMC it wasn’t working if the “rules” Feature was used.

    kind regards
    Uwe

    1. Hi Uwe,

      Good point – I think that because the rules aren’t evaluated until run-time that VMs added via dynamic policies may not show up this way. I’ll have to do some digging on that front.

      Cheers,
      Preston.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.