Setting Default VDSwitch security for vCloud with PowerCLI
Working as a public vCloud provider periodically gives me the opportunity to help clients that are running their own private vCloud. It's a great side benefit to working with an experienced public vCloud provider in case you need some advanced help, or custom code/scripting!
In this case, my client needed to set default security permissions for all new VDPortgroups that were created by vCloud Director. This is different than setting security on a single portgroup. This sets the defaults for ALL portgroups created after the setting change! This is very handy when the network creation is out of our hands. :D
############################################
# Configuration Settings #
############################################
$switchName="dvSwitch"
$promiscuous=$true
$forgedTransmits=$false
$macChanges=$false
###################################################
# Shouldn't need to edit anything below this line #
###################################################
$dvSwitch = Get-VDSwitch $switchname
$spec = New-Object VMware.Vim.VMwareDVSConfigSpec
$spec.configVersion = $dvswitch.ExtensionData.Config.ConfigVersion
$spec.DefaultPortConfig = New-Object VMware.Vim.VMwareDVSPortSetting
$spec.DefaultPortConfig.SecurityPolicy = New-Object VMware.Vim.DVSSecurityPolicy
$spec.DefaultPortConfig.SecurityPolicy.AllowPromiscuous = New-Object VMware.Vim.BoolPolicy
$spec.DefaultPortConfig.SecurityPolicy.AllowPromiscuous.Value = $promiscuous
$spec.DefaultPortConfig.SecurityPolicy.MacChanges = New-ObjectVMware.Vim.BoolPolicy
$spec.DefaultPortConfig.SecurityPolicy.MacChanges.Value = $macChanges
$spec.DefaultPortConfig.SecurityPolicy.ForgedTransmits = New-Object VMware.Vim.BoolPolicy
$spec.DefaultPortConfig.SecurityPolicy.ForgedTransmits.Value = $forgedTransmits
$dvswitch.ExtensionData.ReconfigureDvs_Task($spec)I've written about getting around the missing dvPortgroup inheritance in the past, and there are also a couple good posts from Luc Dekens and Alan Renouf:
http://geekafterfive.com/2011/04/04/dvportgroup-inheritance/ http://www.lucd.info/2009/10/12/dvswitch-scripting-part-2-dvportgroup/ http://blogs.vmware.com/PowerCLI/2011/11/vsphere-distributed-switch-powercli-cmdlets.htmlLast but not least, special thanks to William Lam for pointing me to the right spot in the API. :)