Cloning a VM using pyVmomi in VMware Cloud on AWS

Task

A customer wants to create a process for cloning a potentially compromised VM to a separate datastore for forensic purposes. They do not typically use PowerCLI and would prefer to use VMware's APIs.

Assumptions

You already have a Python installed on a machine with firewall access to a vCenter Server

Code Repo

The code is published on GitHub.

Prerequisites

Clone the code repo.

Install the Python library requirements.

python -m pip install -r .\requirements.txt

Create environment variables with the vCenter URL, username, and password

$env:vc_url="vcenter.sddc-x-x-x-x.vmwarevmc.com"
$env:vc_username="cloudadmin@vmc.local"
$env:vc_password=""

Create a virtual machine with a snapshot. Here is my TinyCore Linux VM:

Fill in lines 120-125 with of forensic_clone.py with values that fit your environment. For VMC on AWS, the vSAN datastore is called WorkloadDatastore. I have supplemental NFS storage attached to my SDDC, the datastore is named ds01, which is the value I used.

    vm_name = "kremerpt-tc1"
    datacenter_name = "SDDC-Datacenter"
    vm_folder = "Workloads"
    datastore_name = "ds01"
    cluster_name = "Cluster-1"
    resource_pool = "Compute-ResourcePool"

Running the script

The script is designed to let you know the current snapshot, then let you decide if you want to clone the VM in its current state. It automatically names the clone the name of the source VM with -clone appended to it.

PS C:\git\pyvmomi> python .\forensic_clone.py
Virtual machine kremerpt-tc1 current snapshot is:
Name: snap1; Description: snapshot 1 test; CreateTime: 2023-10-27 15:38:49.055778+00:00; State: poweredOff
Cloning kremerpt-tc1 to kremerpt-tc1-clone
Continue with clone? Y/N: Y
VM cloned.

The cloned copy of the source VM is now sitting in my NFS datastore.