From 049e621fb63c3a7d9e0aca87d5a5a46053505ec7 Mon Sep 17 00:00:00 2001 From: simonfangyingzhang Date: Fri, 27 Apr 2018 04:45:44 +0100 Subject: [PATCH] Update VMware.VMEncryption.psm1 --- .../VMware.VMEncryption.psm1 | 23 +++++++------------ 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 index d46d63b..a7e47c2 100644 --- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 +++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 @@ -69,18 +69,18 @@ New-VIProperty -Name vMotionEncryption -ObjectType VirtualMachine -Value { $VM.ExtensionData.Config.MigrateEncryption } -BasedOnExtensionProperty 'Config.MigrateEncryption' -Force | Out-Null -New-VIProperty -Name KMSserver -ObjectType VirtualMachine -Value { - Param ($VM) - if ($VM.Encrypted) { - $VM.EncryptionKeyId.ProviderId.Id - } -} -BasedOnExtensionProperty 'Config.KeyId' -Force | Out-Null - New-VIProperty -Name Encrypted -ObjectType HardDisk -Value { Param ($hardDisk) $hardDisk.ExtensionData.Backing.KeyId -ne $null } -BasedOnExtensionProperty 'Backing.KeyId' -Force | Out-Null +New-VIProperty -Name EncryptionKeyId -ObjectType HardDisk -Value { + Param ($Disk) + if ($Disk.Encrypted) { + $Disk.ExtensionData.Backing.KeyId + } +} -BasedOnExtensionProperty 'Backing.KeyId' -Force | Out-Null + New-VIProperty -Name KMSserver -ObjectType VMHost -Value { Param ($VMHost) if ($VMHost.CryptoSafe) { @@ -88,13 +88,6 @@ New-VIProperty -Name KMSserver -ObjectType VMHost -Value { } } -BasedOnExtensionProperty 'Runtime.CryptoKeyId.ProviderId.Id' -Force | Out-Null -New-VIProperty -Name EncryptionKeyId -ObjectType HardDisk -Value { - Param ($Disk) - if ($Disk.Encrypted) { - $Disk.ExtensionData.Backing.KeyId - } -} -BasedOnExtensionProperty 'Backing.KeyId' -Force | Out-Null - Function Enable-VMHostCryptoSafe { <# .SYNOPSIS @@ -983,7 +976,7 @@ Function Set-VMDiskEncryptionKey { C:\PS>$KMSCluster = Get-KMSCluster | select -last 1 C:\PS>$VM = Get-VM -Name win2012 C:\PS>$HardDisk = get-vm $vm|Get-HardDisk - C:\PS>$HardDisk|Set-VMDiskEncryptionKey -VM $VM -KMSClusterId $KMSCluster.Id -Deep + C:\PS>$HardDisk| Set-VMDiskEncryptionKey -VM $VM -KMSClusterId $KMSCluster.Id -Deep Deep rekeys all the disks of the $VM using a new key. The key is generated from the KMS whose clusterId is $KMSCluster.Id.