Bluelock Blog

Setting Default VDSwitch security for vCloud with PowerCLI

March 18, 2013 by Jake Robinson

Working as a public vCloud provider periodically gives me the opportunity to help clients that are running their own private vCloud. It’s a great side benefit to working with an experienced public vCloud provider in case you need some advanced help, or custom code/scripting!

In this case, my client needed to set default security permissions for all new VDPortgroups that were created by vCloud Director. This is different than setting security on a single portgroup. This sets the defaults for ALL portgroups created after the setting change! This is very handy when the network creation is out of our hands.

############################################

# Configuration Settings                   #

############################################

$switchName=“dvSwitch”

$promiscuous=$true

$forgedTransmits=$false

$macChanges=$false

 

###################################################

# Shouldn’t need to edit anything below this line #

###################################################

$dvSwitch Get-VDSwitch $switchname

$spec New-Object VMware.Vim.VMwareDVSConfigSpec

$spec.configVersion $dvswitch.ExtensionData.Config.ConfigVersion

$spec.DefaultPortConfig New-Object VMware.Vim.VMwareDVSPortSetting

$spec.DefaultPortConfig.SecurityPolicy New-Object VMware.Vim.DVSSecurityPolicy

$spec.DefaultPortConfig.SecurityPolicy.AllowPromiscuous New-Object VMware.Vim.BoolPolicy

$spec.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value $promiscuous

 

$spec.DefaultPortConfig.SecurityPolicy.MacChanges New-ObjectVMware.Vim.BoolPolicy

$spec.DefaultPortConfig.SecurityPolicy.MacChanges.Value $macChanges

 

$spec.DefaultPortConfig.SecurityPolicy.ForgedTransmits New-Object VMware.Vim.BoolPolicy

$spec.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value $forgedTransmits

 

$dvswitch.ExtensionData.ReconfigureDvs_Task($spec)

 

 

I’ve written about getting around the missing dvPortgroup inheritance in the past, and there are also a couple good posts from Luc Dekens and Alan Renouf:

http://geekafterfive.com/2011/04/04/dvportgroup-inheritance/

http://www.lucd.info/2009/10/12/dvswitch-scripting-part-2-dvportgroup/

http://blogs.vmware.com/vipowershell/2011/11/vsphere-distributed-switch-powercli-cmdlets.html

Last but not least, special thanks to William Lam for pointing me to the right spot in the API.

 

This blog post was originally posted on Geekafterfive.com.

Comments for Setting Default VDSwitch security for vCloud with PowerCLI

blog comments powered by Disqus