Deploy vCenter 8.0 using CLI with no DNS in Environment

The vSphere 8 reached GA on 8th November 2022. In this post we shall be taking a look at deploying the VCSA 8 without a DNS in the environment.

The vCenter can be deployed using the GUI deploy method or the CLI deploy method. System administrators may come across a scenario where they would have to deploy the VCSA appliance without an existing Domain Name Server to provide DNS PTR records necessary during deploying the vCenter. This is specifically true for green field deploys, where we are setting up the virtual environment from scratch.

We are quite aware of VCSA's strict requirement of being able to interact with DNS in the environment for address/hostname resolutions. Is there way out for this?

Did you know that the VCSA has a built-in DNS server i.e. the "dnsmasq"?

We can utilize this feature to deploy VCSAs without DNS in the environment. Well, using the GUI deploy method, this is not possible as the GUI simply does not accept the DNS FQDN/IP as ''.

However, we can deploy the VCSA without a DNS and NTP in the environment by using the VCSA CLI deploy method. This method has been outlined by William Lam here:

Let us test this method for deploying the VCSA 8 to our host. Below is the complete template that you can use for deploying VCSA to ESXi host without NTP and DNS in the environment:

  "__version": "2.13.0",
  "__comments": "Sample template to deploy a vCenter Server Appliance on an ESXi host without NTP and DNS in the environment",
  "new_vcsa": {
    "esxi": {
      "hostname": "<hostip>",
      "username": "root",
      "password": "<Enter Your env host password>",
      "deployment_network": "VM Network",
      "datastore": "<host target datastore>"
    "appliance": {
      "__comments": [
        "You must provide the 'deployment_option' key with a value, which will affect the vCenter Server Appliance's configuration parameters, such as the vCenter Server Appliance's number of vCPUs, the memory size, the storage size, and the maximum numbers of ESXi hosts and VMs which can be managed. For a list of acceptable values, run the supported deployment sizes help, i.e. vcsa-deploy --supported-deployment-sizes"
      "thin_disk_mode": true,
      "deployment_option": "tiny",
      "name": "<vcsa_name>"
    "network": {
      "ip_family": "ipv4",
      "mode": "static",
      "system_name": "<in this case, same as VCSA IP>",
      "ip": "<Enter desired VCSA IP>",
      "prefix": "<Your subnet CIDR>",
      "gateway": "<Enter your env GW IP>",
      "dns_servers": [
    "os": {
      "password": "Enter vcsa root pass",
      "time_tools_sync": true,
      "ssh_enable": false
    "sso": {
      "password": "<Enter VCSA sso pass>",
      "domain_name": "vsphere.local"
  "ceip": {
    "description": {
      "__comments": [
        "++++VMware Customer Experience Improvement Program (CEIP)++++",
        "VMware's Customer Experience Improvement Program (CEIP) ",
        "provides VMware with information that enables VMware to ",
        "improve its products and services, to fix problems, ",
        "and to advise you on how best to deploy and use our ",
        "products. As part of CEIP, VMware collects technical ",
        "information about your organization's use of VMware ",
        "products and services on a regular basis in association ",
        "with your organization's VMware license key(s). This ",
        "information does not personally identify any individual. ",
        "Additional information regarding the data collected ",
        "through CEIP and the purposes for which it is used by ",
        "VMware is set forth in the Trust & Assurance Center at ",
        " . If you ",
        "prefer not to participate in VMware's CEIP for this ",
        "product, you should disable CEIP by setting ",
        "'ceip_enabled': false. You may join or leave VMware's ",
        "CEIP for this product at any time. Please confirm your ",
        "acknowledgement by passing in the parameter ",
        "--acknowledge-ceip in the command line.",
    "settings": {
      "ceip_enabled": true

PowerShell script to consume this JSON and deploy:

$iso= "Completepathto\VCSA-all-8.0.0-XXXXXXX.iso"
$clijson= "Completepathto\embedded_vCSA_on_ESXi.json" #above template#
$isomount= Mount-DiskImage -ImagePath $iso -PassThru
$isomountdrive = ($isomount | get-volume).DriveLetter + ':'
$silentinstallpath= "$isomountdrive\vcsa-cli-installer\win32"
cd $silentinstallpath
$cliinstall= ".\vcsa-deploy.exe install --accept-eula --acknowledge-ceip --no-esx-ssl-verify --no-ssl-certificate-verification $clijson"
invoke-expression -Command $cliinstall

Few important points to be noted on the above template (already highlighted):

1- "hostname" parameter, use the target ESXi host IP address and NOT hostname, since there is no DNS

2- "system_name" parameter, enter the target VCSA IP address and NOT FQDN

3- "dns_servers" parameter, enter "" (The real trick!)

Output: [Works on vcsa 8!!]

16 views0 comments