Setting Default VDSwitch security for vCloud with PowerCLI

March 18, 2013 by Jake Robinson

Working as a public vCloud provider periodically gives me the opportunity to help clients that are running their own private vCloud. It’s a great side benefit to working with an experienced public vCloud provider in case you need some advanced help, or custom code/scripting!

In this case, my client needed to set default security permissions for all new VDPortgroups that were created by vCloud Director. This is different than setting security on a single portgroup. This sets the defaults for ALL portgroups created after the setting change! This is very handy when the network creation is out of our hands.

############################################

# Configuration Settings                   #

############################################

$switchName=“dvSwitch”

$promiscuous=$true

$forgedTransmits=$false

$macChanges=$false

 

###################################################

# Shouldn’t need to edit anything below this line #

###################################################

$dvSwitch Get-VDSwitch $switchname

$spec New-Object VMware.Vim.VMwareDVSConfigSpec

$spec.configVersion $dvswitch.ExtensionData.Config.ConfigVersion

$spec.DefaultPortConfig New-Object VMware.Vim.VMwareDVSPortSetting

$spec.DefaultPortConfig.SecurityPolicy New-Object VMware.Vim.DVSSecurityPolicy

$spec.DefaultPortConfig.SecurityPolicy.AllowPromiscuous New-Object VMware.Vim.BoolPolicy

$spec.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value $promiscuous

 

$spec.DefaultPortConfig.SecurityPolicy.MacChanges New-ObjectVMware.Vim.BoolPolicy

$spec.DefaultPortConfig.SecurityPolicy.MacChanges.Value $macChanges

 

$spec.DefaultPortConfig.SecurityPolicy.ForgedTransmits New-Object VMware.Vim.BoolPolicy

$spec.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value $forgedTransmits

 

$dvswitch.ExtensionData.ReconfigureDvs_Task($spec)

 

 

I’ve written about getting around the missing dvPortgroup inheritance in the past, and there are also a couple good posts from Luc Dekens and Alan Renouf:

http://geekafterfive.com/2011/04/04/dvportgroup-inheritance/

http://www.lucd.info/2009/10/12/dvswitch-scripting-part-2-dvportgroup/

http://blogs.vmware.com/vipowershell/2011/11/vsphere-distributed-switch-powercli-cmdlets.html

Last but not least, special thanks to William Lam for pointing me to the right spot in the API.

 

This blog post was originally posted on Geekafterfive.com.