Jan 152009
 

While
we all eagerly await CTP3 of PowerShell Version 2 I wanted to mention
that I’m a big fan of PowerShell Version 2’s modules and script cmdlets
because combining these technologies makes it possible to build large,
cohesive and really useful management modules even if you’re not a
developer.

Glenn Sizemore has written just such a script cmdlet that lets you
set the security properties of virtual switches. With his cmdlet you
can configure whether virtual switches allow virtual machines on the
switch to see traffic to and from other virtual machines using the
-AllowPromiscuous flag. With the -ForgedTransmits flag you can
configure whether VMs are allowed to send packets using a different
source MAC address from the VM’s real MAC address, and with the
-MacChanges flag set, VMs on the switch can change their MAC addresses.

These options can be useful for enabling security-related
applications, for instance if you want to run an intrusion detection
virtual appliance on a virtual switch you’ll need to set
-AllowPromiscuous on the switch. The default is to have
AllowPromiscuous disabled while ForgedTransmits and MacChanges are
enabled, which is pretty much what you get with a real unmanaged switch.

Glenn’s cmdlet makes changing things really easy. You can see Glenn’s original cmdlet,
but note that the name and parameters are changed a bit in the
community extensions, to make it fit a bit more with other aspects of
the extensions. Here’s a quick example of the new cmdlets in action:

1 # List all my virtual switches and their security properties.
2 Get-VMHost | Get-TkeVSwitchSecurity
3 # Enable Promiscuous Mode on vSwitch1 on all ESX hosts in cluster SQL
4 Get-Cluster SQL | Get-VMHost | Set-TkeVSwitchSecurity vswitch1 -AllowPromiscuous

The VI Toolkit Extensions is now up to 30cmdlets that cover a wide
range of really useful stuff. If you’re looking to get started with the
VI Toolkit Community Extensions, Eric Sloof has a great writeup on how to do just that.
As PowerShell v2 nears official release, we’ve got some things planned
to make the VI Toolkit Extensions amazingly easy to use, for now it’s a
bit primitive but gets the job done.

Via: http://blogs.vmware.com/vipowershell/2008/12/new-in-the-vi-toolkit-community-extensions-set-virtual-switch-security.html

, , ,

Be Sociable, Share!
 Posted by at 10:17

Sorry, the comment form is closed at this time.