ITQ – VRMWARE.NL

Keeping firmware versions consistent across VMware hosts is crucial for stability, performance, and security. Yet, identifying which ESXi hosts are running which network interface firmware versions can quickly become a tedious task, especially in environments with multiple clusters and dozens of servers.

Recently, I faced exactly this challenge. I needed a clear and reliable overview of the installed NIC firmware versions across all hosts in specific VMware clusters. Rather than performing the checks manually (or clicking through countless vSphere UI tabs), I decided to automate the process.

VMware environments often contain a mix of hardware models, driver versions, and firmware levels. These variables play a major role in network reliability and performance. When a firmware update is released or when troubleshooting network issues, it’s important to know:

Which hosts are running outdated firmware?
Which clusters might be at risk due to inconsistent versions?

However, VMware doesn’t provide a quick, consolidated overview of NIC firmware versions per cluster out of the box.

To streamline this task, I wrote a PowerShell script that retrieves the NIC firmware versions for each host in a VMware cluster. Using PowerCLI, the script collects:

vCenter & Cluster name on top of the report
Hostname
Server Model
NIC
NIC Model
Firmware Version

Once the data is gathered, it generates a HTML report that provides a complete overview at a glance.

Below is the script used to build this overview.

#Version 1.0
#2026-03-28
#Check NIC Firmware script with HTML output
#Adds vCenter, Cluster & Server Model to HTML report

# ============================
#  Ask user for vCenter & Cluster
# ============================
$vCenter = Read-Host "Enter vCenter Server name or IP"
$cluster  = Read-Host "Enter Cluster name"

Write-Host "Using vCenter: $vCenter" -ForegroundColor Cyan
Write-Host "Using Cluster: $cluster" -ForegroundColor Cyan

# ============================
#  Function: Check NIC Firmware
# ============================
function CheckNICFirmware {
    Param (
        $ESXi
    )

    $esxcli = Get-EsxCli -V2 -VMHost $ESXi
    $result = ""

    # Get Server Model
    $serverModel = (Get-View -Id $ESXi.ExtensionData.MoRef).Hardware.SystemInfo.Model

    # Get NIC list
    $nicList = $esxcli.network.nic.list.Invoke()

    foreach ($nic in $nicList) {

        $nicName = $nic.Name
        $nicGet  = $esxcli.network.nic.get.Invoke(@{nicname=$nicName})

        $model = $nic.Description
        $firmwareVersion = $nicGet.DriverInfo.FirmwareVersion

        $rowColor = "#e6f0ff"   # Light blue row

        $result += "<tr style='background-color: $rowColor;'>
                        <td>$($ESXi.Name)</td>
                        <td>$serverModel</td>
                        <td>$nicName</td>
                        <td>$model</td>
                        <td>$firmwareVersion</td>
                    </tr>"
    }

    return $result
}

# ============================
#  Connect to vCenter
# ============================
Try {Disconnect-VIServer * -Confirm:$false -ErrorAction SilentlyContinue | Out-Null}
Catch {}

Connect-VIServer $vCenter

$ESXis = Get-Cluster -Name $cluster | Get-VMHost | Sort-Object Name | Where-Object {
    $_.ConnectionState -eq 'Connected' -or $_.ConnectionState -eq 'Maintenance'
}

# ============================
#  HTML: Header
# ============================
$html = @"
<html>
<head>
    <title>NIC Firmware Report - vCenter: $vCenter | Cluster: $cluster</title>
    <style>
        table { width: 100%; border-collapse: collapse; margin-bottom: 30px; }
        th, td { border: 1px solid black; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
        h1 { margin-bottom: 5px; }
        .subheader { color: #555; font-size: 18px; margin-bottom: 20px; }
    </style>
</head>
<body>
    <h1>NIC Firmware Report</h1>
    <div class="subheader">
        vCenter Server: <b>$vCenter</b><br>
        Cluster: <b>$cluster</b>
    </div>

    <table>
        <tr>
            <th>Host</th>
            <th>Server Model</th>
            <th>NIC</th>
            <th>NIC Model</th>
            <th>Firmware Version</th>
        </tr>
"@

# ============================
#  NIC Firmware Section
# ============================
foreach ($ESXi in $ESXis) {
    $html += CheckNICFirmware -ESXi $ESXi
}

$html += "</table>"

# ============================
#  HTML Footer
# ============================
$creationDate = Get-Date -Format "yyyy-MM-dd HH:mm:ss"

$html += @"
<p>Report generated on: $creationDate</p>
</body>
</html>
"@

# ============================
#  Output Report
# ============================
$outputPath = "C:\Scripts\NIC_Firmware_Report.html"
$html | Out-File -FilePath $outputPath

Start-Process "msedge.exe" $outputPath

Write-Host "Disconnecting from $vCenter..."
Disconnect-VIServer -Confirm:$False | Out-Null

Write-Host "Report generated at $outputPath" -ForegroundColor Green

The final output is an automatically generated HTML page containing a complete NIC firmware inventory per VMware cluster.

It provides a quick, accurate, and repeatable way to check firmware versions across an environment, saving time and avoiding configuration drift.

Recently, I have spent a lot of time monitoring Linux servers with the Telegraf agent in VCF Operations. This includes metrics such as /boot, /var, /var/log, etc. This was fairly easy to implement. However, I also wanted to be able to monitor datastores under /mnt. It turned out that these metrics are not available by default after installing the Telegraf agent.

Objective: Raise an alert when a datastore under /mnt exceeds 75% capacity.

After installing the Telegraf agent on a Linux server, the following directory was created: /opt/vmware. In this directory, I created the following bash script: pct_used.sh. Please note that a script is executed from Telegraf using the system account arcuser. The arcuser account must have read and execute permissions for the script. Set the permissions using the following command:

chmod 755 /opt/vmware/pct_used.sh

The script below is a generic script for reading the % used from the datastores under /mnt. By providing the correct arguments you will receive a value (Use%) that you can use as a metric in VCF Operations as input for the alert. In the following examples:

store1 = Linux Server
001 = Datastore 001
002 = Datastore 002

Examples:
root@vrmware001:/opt/vmware# ./pct_used.sh /mnt/store1/001
Result: 70

root@vrmware001:/opt/vmware# ./pct_used.sh /mnt/store1/002
Result: 64

Please note that the system account arcuser also has read + execute permissions on the /mnt and /mnt/server directory. In the examples mentioned above, this means that these rights must be located on /mnt/store1. Here’s how to do it.

chmod 755 /mnt
chmod 755 /mnt/store1

With the next command you can check if the arcuser account have permissions the read the datastores.

sudo -u arcuser df -P /mnt/store1/001 where /mnt/store1/001 should be replaced with your own datastore path.

#!/usr/bin/env bash
# Usage: ./pct_used.sh /mnt/store1/001

set -euo pipefail

MOUNT_PATH="${1:-}"

# Check if argument is provided
if [[ -z "$MOUNT_PATH" ]]; then
  echo "Usage: $0 <mount_path>" >&2
  exit 2
fi

# Check if argument is provided
if [[ ! -d "$MOUNT_PATH" ]]; then
  echo "Path not found: $MOUNT_PATH" >&2
  exit 3
fi

# Get percentage used via df; NR==2 = the data row
# +0 forces numeric output (strips '%')
pct_used="$(df -P "$MOUNT_PATH" 2>/dev/null | awk 'NR==2{print $5+0}')"

# Validate: empty or not numeric?
if [[ -z "$pct_used" || ! "$pct_used" =~ ^[0-9]+$ ]]; then
  echo "Unable to read usage for: $MOUNT_PATH" >&2
  exit 4
fi

# Output only the number to stdout (for Telegraf)
echo "$pct_used"

Now the script must be launched from VCF Operations.

Go to Manage Telegraf Agents section, select your favourite Linux server and add a Custom Script.

If the custom script is configured correctly, the first data should arrive after 5 to 10 minutes. You can see one of the following two statuses at the Telegraf agent.

This means that the data is being received.

This means that the data has not changed since the previous measurement point.

Go to the inventory view of the Linux server and select Custom Script. Check if the status is Normal (green).

If the status is normal, go to the Metrics tab, Metrics, Scripts, Custom Script (store1-001). Double click on the Custom Script and there is the Metric value.

With these metrics, we can now create alerts (Use%) for datastores on Linux servers mounted under /mnt.

I tested it in my lab on both Aria Operations 8.18.5 and VCF Operations 9.0.1. It works on both versions.

Category: ITQ

Automating NIC Firmware Inventory Across VMware Clusters with PowerShell

Monitoring datastores under /mnt in Linux with VCF Operations Telegraf agent