From d4f4e64ca33179631e681e80cf5ee5d4dd05127d Mon Sep 17 00:00:00 2001 From: simonfangyingzhang Date: Fri, 27 Apr 2018 04:18:51 +0100 Subject: [PATCH 01/10] Deprecating functions related to KMServer and KMSCluster from VMware.VMEncryption --- Modules/VMware.VMEncryption/README.md | 29 +++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/Modules/VMware.VMEncryption/README.md b/Modules/VMware.VMEncryption/README.md index 9e38900..d01c5fa 100644 --- a/Modules/VMware.VMEncryption/README.md +++ b/Modules/VMware.VMEncryption/README.md @@ -2,6 +2,31 @@ Prerequisites/Steps to use this module: 1. This module only works for vSphere products that support VM Encryption. E.g. vSphere 6.5 and later. 2. All the functions in this module only work for KMIP Servers. -3. Install the latest version of Powershell and PowerCLI(6.5). +3. Install the latest version of Powershell and PowerCLI. 4. Import this module by running: Import-Module -Name "location of this module" -5. Get-Command -Module "This module Name" to list all available functions. \ No newline at end of file +5. Get-Command -Module "This module Name" to list all available functions. + +Note: +Deprecating the below functions related to KMServer and KMSCluster from VMware.VMEncryption and using instead the ones from VMware.VimAutomation.Storage, + +1, VMware.VMEncryption\Get-DefaultKMSCluster, use instead +VMware.VimAutomation.Storage\Get-KmsCluster|where {$_.UseAsDefaultKeyProvider}|foreach {$_.id} + +2, VMware.VMEncryption\Get-KMSCluster, use instead +VMware.VimAutomation.Storage\Get-KmsCluster|select id + +3, VMware.VMEncryption\Get-KMSClusterInfo, use instead +VMware.VimAutomation.Storage\Get-KmsCluster|foreach {$_.extensiondata} + +4, VMware.VMEncryption\Get-KMServerInfo, use instead +VMware.VimAutomation.Storage\Get-KeyManagementServer|foreach {$_.extensiondata} + +5, VMware.VMEncryption\New-KMServer, use instead +VMware.VimAutomation.Storage\Add-KeyManagementServer + +6, VMware.VMEncryption\Remove-KMServer, use instead +VMware.VimAutomation.Storage\Remove-KeyManagementServer + +7, VMware.VMEncryption\Set-DefaultKMSCluster, use instead +VMware.VimAutomation.Storage\Set-KmsCluster -UseAsDefaultKeyProvider + From d70bee9f99ce1475578cf8e5bd6f16dbb15edc0d Mon Sep 17 00:00:00 2001 From: simonfangyingzhang Date: Fri, 27 Apr 2018 04:19:53 +0100 Subject: [PATCH 02/10] Update VMware.VMEncryption.psd1 --- .../VMware.VMEncryption.psd1 | Bin 5090 -> 2621 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 index d3106326576f014d290d1010af53ab6bbfbeac3c..45b17c105a656c9254698dda7cf3c548d6587fc1 100644 GIT binary patch literal 2621 zcmbtW+iu%95PjEI4D1IdMXXq<*NwXU>01r3C09+E2Rl}e}G=k;@+dulpct>oS_1l2QPP%IP%tw5jiDs;{2xPP;0t} zkx&c%qsC$lJVRl4zTSk0K7Auoa?Hnnj8AZQ+8?Fa+x~Do#Qy0xne`Eq0pd7+H%Lw$ z@}xEky5DvtQTR$go;7EBCd-P6HIVrdMfTJy7+kXwZ4Tb`2&N*913Hsa9)c}VsG_44tu$D{ z%^E5tmqegd#uk5F*mR{7T;f+;@UkxH+P-`N@^4NotTf!n6{@cbq-;>kxj@S1N6po9 z@Q=0|Wp+UvZ7(A)B+34Fa6gk_Q-W7!|Ed_f`M*F?e0^~Tmx?s8lIr`O8=OmXji$By zP54xnB^9|~VqUX3F<(mOiir_=~@arf`3j& zM=&X~(QqGZi!s@RXm#W?u1Rr>hD%KaogwhDlFAM#E~vfD0%2ar8M9hiawUaplS*;Q zi_X0@7xOLI-Uhw-0ivn-hgx4V@32W=`^w+FO>)c0+t76?Xm%hJg{XO$Koi z58~6e!_jy+>imoj?f9B#jpeN1xO0U?I~gkEC~|@C))h^M$FL7&L6M~`O}N);ffU}AX_xpe zSoh~(FQp=i{|B%Kcn-R$aw`YgMIdM`QVq%=u`o#dU(gk%Jm*ei8++;4BekSN*AAq? zx3zh0yHat=r02-H3{#Z^Apsw(k|9^J+)`(2bSE#o2{pu<{u{p(%B(=M*Z<6$YS;6dy-WomipA?+w{ocXksqYs~?Mp0^99z;WmVT!pl)=V>AguQ03FF*a(Qkry z3BCwH8onfvZu{RTzNAeG88ggsP|>5r{@N+>%F=fsfSp^cW@3HDqMC|a!nfP$?jxZK z&8a7~??WV2)`(B*T Vzj64swL?UDeb^}edr0SJ^dD9YJ~-Z*?vM42L@cA*ZYR~<-us>jcqmMy$9yVPKfYfz_H@#rUb8p#*X z@i)Vcyag*$BvnxNu`jmw8&H(hN{07J?Q;!Y)HA_%4Aga9O|aIQk>&NFoRIe{CzG@Z zUp))toyY+=j)C0#F@g*}GX}ol+JyeJO9pSzd-Q8dS3-?FijusOk78U+VhcWcf$tXR zw`E5*;Hebcp5tyC>)Tl0!1^wHSjSxxpG{!obr-T;sdsk*%zMB^>E^%NY*LbVuOSL! zjqz!g-v_@g;)L-}jg9+vpy&Z@5m_;Zb8zZ{I+488Cs;iJ-xS`65ey)E2phMdAG41+ zXz@l~w7<{DMIIoISw4ng-kWuxcm%F4i{e}iktVQa2cINB$cSeJVEhb))@npL9q2n& z1a?SzUarLv?_k5kJPY4f%|D_7CQ=)xUMwms6=~m02dfjQTDeE+CivnYDtR%je69_epXYfORS=_Qcpc&-Gud(^^W#3`j9udw)Ksl zZ#+ipoK;8*Yg{;mPz!4L78ZYW(`)zCM@^up16v0A+qI=0HTcD5l+`1ik0*~io+jON zNbKwAdIM;&sd3}|X7jPj3Hpswo%2wtzTt#9#2i3A>>jK3lAAz7^w+39eRQxeXXbh8 z5`XT#K$cY*qMqI2C zKaQqxb^_++NNvBI?0q2fT#CrOg0ESTYg!v!Wn^yMSMNNhBJw%oQ#vR5!MF3TQ&8aalB9eC;l zdB^{c68tAn#gp^xqD-ZXSz1RqD}!ge77*~CD@F~c09=^4%;R&99Y(_$Q)+T09vf>?Gl+eTDj6a4Q%+dBL%Vq+b7dgt72x`g}P Me+=e<-#Tag10n%j>;M1& From df9d71d4e0b80a7d4617cc81020cd88dc79a6e2e Mon Sep 17 00:00:00 2001 From: simonfangyingzhang Date: Fri, 27 Apr 2018 04:22:42 +0100 Subject: [PATCH 03/10] Update VMware.VMEncryption.psm1 1, added new function Set-VMCryptoUnlock 2, deprecating functions related to KMServer and KMSCluster from VMware.VMEncryption --- .../VMware.VMEncryption.psm1 | 216 ++++++------------ 1 file changed, 68 insertions(+), 148 deletions(-) diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 index 023087c..4085365 100644 --- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 +++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 @@ -1,5 +1,5 @@ # Script Module : VMware.VMEncryption -# Version : 1.0 +# Version : 1.1 # Copyright © 2016 VMware, Inc. All Rights Reserved. @@ -56,8 +56,13 @@ New-VIProperty -Name EncryptionKeyId -ObjectType VirtualMachine -Value { New-VIProperty -Name Locked -ObjectType VirtualMachine -Value { Param ($VM) - ($vm.extensiondata.Runtime.ConnectionState -eq "invalid") -and ($vm.extensiondata.Config.KeyId) -} -BasedOnExtensionProperty 'Runtime.ConnectionState','Config.KeyId' -Force | Out-Null + if ($vm.ExtensionData.Runtime.CryptoState) { + $vm.ExtensionData.Runtime.CryptoState -eq "locked" + } + else { + ($vm.extensiondata.Runtime.ConnectionState -eq "invalid") -and ($vm.extensiondata.Config.KeyId) + } +} -BasedOnExtensionProperty 'Runtime.CryptoState', 'Runtime.ConnectionState','Config.KeyId' -Force | Out-Null New-VIProperty -Name vMotionEncryption -ObjectType VirtualMachine -Value { Param ($VM) @@ -83,13 +88,6 @@ New-VIProperty -Name EncryptionKeyId -ObjectType HardDisk -Value { } } -BasedOnExtensionProperty 'Backing.KeyId' -Force | Out-Null -New-VIProperty -Name KMSserver -ObjectType VMHost -Value { - Param ($VMHost) - if ($VMHost.CryptoSafe) { - $VMHost.ExtensionData.Runtime.CryptoKeyId.ProviderId.Id - } -} -BasedOnExtensionProperty 'Runtime.CryptoKeyId.ProviderId.Id' -Force | Out-Null - Function Enable-VMHostCryptoSafe { <# .SYNOPSIS @@ -113,13 +111,6 @@ Function Enable-VMHostCryptoSafe { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -181,13 +172,6 @@ Function Set-VMHostCryptoKey { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -266,13 +250,6 @@ Function Set-vMotionEncryptionConfig { .NOTES Author : Brian Graf, Carrie Yang. Author email : grafb@vmware.com, yangm@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -348,13 +325,6 @@ Function Enable-VMEncryption { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -508,13 +478,6 @@ Function Enable-VMDiskEncryption { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -660,13 +623,6 @@ Function Disable-VMEncryption { .NOTES Author : Carrie Yang. Author email : yangm@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -756,13 +712,6 @@ Function Disable-VMDiskEncryption { .NOTES Author : Carrie Yang. Author email : yangm@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -882,7 +831,7 @@ Function Set-VMEncryptionKey { C:\PS>$VM|Set-VMEncryptionKey -KMSClusterId $KMSCluster.Id -Deep Deep rekeys the VM Home and all its disks using a new key. - The key is generated from the KMS whose clusterId is $KMSCluster.Id. + The key is generted from the KMS whose clusterId is $KMSCluster.Id. .NOTES This cmdlet assumes there is already a KMS in vCenter Server. If VM is not encrypted, the cmdlet quits. @@ -891,13 +840,6 @@ Function Set-VMEncryptionKey { .NOTES Author : Carrie Yang. Author email : yangm@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1034,10 +976,10 @@ Function Set-VMDiskEncryptionKey { C:\PS>$KMSCluster = Get-KMSCluster | select -last 1 C:\PS>$VM = Get-VM -Name win2012 C:\PS>$HardDisk = get-vm $vm|Get-HardDisk - C:\PS>$HardDisk| Set-VMDiskEncryptionKey -VM $VM -KMSClusterId $KMSCluster.Id -Deep + C:\PS>$HardDisk|$Set-VMEncryptionKey -VM $VM -KMSClusterId $KMSCluster.Id -Deep Deep rekeys all the disks of the $VM using a new key. - The key is generated from the KMS whose clusterId is $KMSCluster.Id. + The key is generted from the KMS whose clusterId is $KMSCluster.Id. .NOTES This cmdlet assumes there is already a KMS in vCenter Server. @@ -1047,13 +989,6 @@ Function Set-VMDiskEncryptionKey { .NOTES Author : Carrie Yang. Author email : yangm@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1170,13 +1105,6 @@ Function Get-VMEncryptionInfo { .NOTES Author : Carrie Yang. Author email : yangm@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1269,13 +1197,6 @@ Function Get-EntityByCryptoKey { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1394,13 +1315,6 @@ Function New-KMServer { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1435,6 +1349,7 @@ Function New-KMServer { ) Begin { + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Add-KeyManagementServer instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1553,13 +1468,6 @@ Function Remove-KMServer { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1573,6 +1481,7 @@ Function Remove-KMServer { ) Begin { + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Remove-KeyManagementServer instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1630,15 +1539,9 @@ Function Get-KMSCluster { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KmsCluster instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1668,14 +1571,6 @@ Function Get-KMSClusterInfo { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1686,6 +1581,7 @@ Function Get-KMSClusterInfo { ) Begin { + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KmsCluster instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1721,13 +1617,6 @@ Function Get-KMServerInfo { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1738,6 +1627,7 @@ Function Get-KMServerInfo { ) Begin { + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KeyManagementServer instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1782,13 +1672,6 @@ Function Get-KMServerStatus { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1798,7 +1681,7 @@ Function Get-KMServerStatus { [String] $KMSClusterId ) - Begin { + Begin { # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1853,15 +1736,9 @@ Function Get-DefaultKMSCluster { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Get-KmsCluster instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1890,13 +1767,6 @@ Function Set-DefaultKMSCluster { .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com - Version : 1.0 - - ==========Tested Against Environment========== - VMware vSphere Hypervisor(ESXi) Version : 6.5 - VMware vCenter Server Version : 6.5 - PowerCLI Version : PowerCLI 6.5 - PowerShell Version : 3.0 #> [CmdLetBinding()] @@ -1906,6 +1776,7 @@ Function Set-DefaultKMSCluster { [String] $KMSClusterId ) + write-warning "This cmdlet is deprecated and will be removed in future release. Use VMware.VimAutomation.Storage\Set-KmsCluster instead" # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter @@ -1917,6 +1788,55 @@ Function Set-DefaultKMSCluster { $CM.MarkDefault($ProviderId) } +Function Set-VMCryptoUnlock { + <# + .SYNOPSIS + This cmdlet unlocks a locked vm + + .DESCRIPTION + This cmdlet unlocks a locked vm + + .PARAMETER VM + Specifies the VM you want to unlock + + .EXAMPLE + PS C:\> Get-VM |where {$_.locked}| Set-VMCryptoUnlock + + Unlock all locked vms + + .NOTES + Author : Fangying Zhang + Author email : fzhang@vmware.com + #> + + [CmdLetBinding()] + + param ( + [Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)] + [VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine[]]$VM + ) + + Begin { + # Confirm the connected VIServer is vCenter Server + ConfirmIsVCenter + } + + Process { + foreach ($thisvm in $vm) { + if (!$thisvm.encrypted) { + write-warning "$thisvm is not encrypted, will skip $thisvm" + continue + } + if (!$thisvm.Locked) { + write-warning "$thisvm may not be locked!" + # $thisvm.locked could be false on old 6.5.0 build (bug 1931370), so do not skip $thisvm + } + write-verbose "try to CryptoUnlock $thisvm" + $thisvm.ExtensionData.CryptoUnlock() + } + } +} + Function ConfirmIsVCenter{ <# .SYNOPSIS From 13649b8e3584c2aaf4b954c15a30bbb5c8b8f658 Mon Sep 17 00:00:00 2001 From: simonfangyingzhang Date: Fri, 27 Apr 2018 04:32:55 +0100 Subject: [PATCH 04/10] Update VMware.VMEncryption.psm1 --- Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 index 4085365..57734cf 100644 --- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 +++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 @@ -831,7 +831,7 @@ Function Set-VMEncryptionKey { C:\PS>$VM|Set-VMEncryptionKey -KMSClusterId $KMSCluster.Id -Deep Deep rekeys the VM Home and all its disks using a new key. - The key is generted from the KMS whose clusterId is $KMSCluster.Id. + The key is generated from the KMS whose clusterId is $KMSCluster.Id. .NOTES This cmdlet assumes there is already a KMS in vCenter Server. If VM is not encrypted, the cmdlet quits. @@ -979,7 +979,7 @@ Function Set-VMDiskEncryptionKey { C:\PS>$HardDisk|$Set-VMEncryptionKey -VM $VM -KMSClusterId $KMSCluster.Id -Deep Deep rekeys all the disks of the $VM using a new key. - The key is generted from the KMS whose clusterId is $KMSCluster.Id. + The key is generated from the KMS whose clusterId is $KMSCluster.Id. .NOTES This cmdlet assumes there is already a KMS in vCenter Server. From 29719d6ca7cea9fdb160d44697d518135f6063ca Mon Sep 17 00:00:00 2001 From: simonfangyingzhang Date: Fri, 27 Apr 2018 04:42:18 +0100 Subject: [PATCH 05/10] Update VMware.VMEncryption.psm1 --- Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 index 57734cf..d46d63b 100644 --- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 +++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 @@ -81,6 +81,13 @@ New-VIProperty -Name Encrypted -ObjectType HardDisk -Value { $hardDisk.ExtensionData.Backing.KeyId -ne $null } -BasedOnExtensionProperty 'Backing.KeyId' -Force | Out-Null +New-VIProperty -Name KMSserver -ObjectType VMHost -Value { + Param ($VMHost) + if ($VMHost.CryptoSafe) { + $VMHost.ExtensionData.Runtime.CryptoKeyId.ProviderId.Id + } +} -BasedOnExtensionProperty 'Runtime.CryptoKeyId.ProviderId.Id' -Force | Out-Null + New-VIProperty -Name EncryptionKeyId -ObjectType HardDisk -Value { Param ($Disk) if ($Disk.Encrypted) { @@ -976,7 +983,7 @@ Function Set-VMDiskEncryptionKey { C:\PS>$KMSCluster = Get-KMSCluster | select -last 1 C:\PS>$VM = Get-VM -Name win2012 C:\PS>$HardDisk = get-vm $vm|Get-HardDisk - C:\PS>$HardDisk|$Set-VMEncryptionKey -VM $VM -KMSClusterId $KMSCluster.Id -Deep + C:\PS>$HardDisk|Set-VMDiskEncryptionKey -VM $VM -KMSClusterId $KMSCluster.Id -Deep Deep rekeys all the disks of the $VM using a new key. The key is generated from the KMS whose clusterId is $KMSCluster.Id. @@ -1681,7 +1688,7 @@ Function Get-KMServerStatus { [String] $KMSClusterId ) - Begin { + Begin { # Confirm the connected VIServer is vCenter Server ConfirmIsVCenter From 049e621fb63c3a7d9e0aca87d5a5a46053505ec7 Mon Sep 17 00:00:00 2001 From: simonfangyingzhang Date: Fri, 27 Apr 2018 04:45:44 +0100 Subject: [PATCH 06/10] Update VMware.VMEncryption.psm1 --- .../VMware.VMEncryption.psm1 | 23 +++++++------------ 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 index d46d63b..a7e47c2 100644 --- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 +++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 @@ -69,18 +69,18 @@ New-VIProperty -Name vMotionEncryption -ObjectType VirtualMachine -Value { $VM.ExtensionData.Config.MigrateEncryption } -BasedOnExtensionProperty 'Config.MigrateEncryption' -Force | Out-Null -New-VIProperty -Name KMSserver -ObjectType VirtualMachine -Value { - Param ($VM) - if ($VM.Encrypted) { - $VM.EncryptionKeyId.ProviderId.Id - } -} -BasedOnExtensionProperty 'Config.KeyId' -Force | Out-Null - New-VIProperty -Name Encrypted -ObjectType HardDisk -Value { Param ($hardDisk) $hardDisk.ExtensionData.Backing.KeyId -ne $null } -BasedOnExtensionProperty 'Backing.KeyId' -Force | Out-Null +New-VIProperty -Name EncryptionKeyId -ObjectType HardDisk -Value { + Param ($Disk) + if ($Disk.Encrypted) { + $Disk.ExtensionData.Backing.KeyId + } +} -BasedOnExtensionProperty 'Backing.KeyId' -Force | Out-Null + New-VIProperty -Name KMSserver -ObjectType VMHost -Value { Param ($VMHost) if ($VMHost.CryptoSafe) { @@ -88,13 +88,6 @@ New-VIProperty -Name KMSserver -ObjectType VMHost -Value { } } -BasedOnExtensionProperty 'Runtime.CryptoKeyId.ProviderId.Id' -Force | Out-Null -New-VIProperty -Name EncryptionKeyId -ObjectType HardDisk -Value { - Param ($Disk) - if ($Disk.Encrypted) { - $Disk.ExtensionData.Backing.KeyId - } -} -BasedOnExtensionProperty 'Backing.KeyId' -Force | Out-Null - Function Enable-VMHostCryptoSafe { <# .SYNOPSIS @@ -983,7 +976,7 @@ Function Set-VMDiskEncryptionKey { C:\PS>$KMSCluster = Get-KMSCluster | select -last 1 C:\PS>$VM = Get-VM -Name win2012 C:\PS>$HardDisk = get-vm $vm|Get-HardDisk - C:\PS>$HardDisk|Set-VMDiskEncryptionKey -VM $VM -KMSClusterId $KMSCluster.Id -Deep + C:\PS>$HardDisk| Set-VMDiskEncryptionKey -VM $VM -KMSClusterId $KMSCluster.Id -Deep Deep rekeys all the disks of the $VM using a new key. The key is generated from the KMS whose clusterId is $KMSCluster.Id. From 9bd66f1a66bba48a5185deb81d30127de97ebcaa Mon Sep 17 00:00:00 2001 From: simonfangyingzhang Date: Fri, 27 Apr 2018 04:50:10 +0100 Subject: [PATCH 07/10] Update VMware.VMEncryption.psm1 --- Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 index a7e47c2..7752274 100644 --- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 +++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 @@ -69,6 +69,13 @@ New-VIProperty -Name vMotionEncryption -ObjectType VirtualMachine -Value { $VM.ExtensionData.Config.MigrateEncryption } -BasedOnExtensionProperty 'Config.MigrateEncryption' -Force | Out-Null +New-VIProperty -Name KMSserver -ObjectType VirtualMachine -Value { + Param ($VM) + if ($VM.Encrypted) { + $VM.EncryptionKeyId.ProviderId.Id + } +} -BasedOnExtensionProperty 'Config.KeyId' -Force | Out-Null + New-VIProperty -Name Encrypted -ObjectType HardDisk -Value { Param ($hardDisk) $hardDisk.ExtensionData.Backing.KeyId -ne $null From 3b44fbcf204ab4484471627b6450f63d17492001 Mon Sep 17 00:00:00 2001 From: simonfangyingzhang Date: Fri, 27 Apr 2018 04:53:24 +0100 Subject: [PATCH 08/10] Update VMware.VMEncryption.psd1 --- Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 index 45b17c1..95b678f 100644 --- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 +++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 @@ -68,7 +68,7 @@ RequiredModules = @( NestedModules = @('VMware.VMEncryption.psm1') # Functions to export from this module -FunctionsToExport = '*-*' +FunctionsToExport = '*' # Cmdlets to export from this module CmdletsToExport = '*' @@ -95,3 +95,4 @@ AliasesToExport = '*' # DefaultCommandPrefix = '' } + From 60aafba7ae2e91bb52c8be9704f4ebac65f48e0e Mon Sep 17 00:00:00 2001 From: simonfangyingzhang Date: Fri, 27 Apr 2018 05:03:22 +0100 Subject: [PATCH 09/10] Update VMware.VMEncryption.psd1 --- Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 index 95b678f..1213466 100644 --- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 +++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 @@ -12,7 +12,7 @@ # RootModule = '' # Version number of this module. -ModuleVersion = '1.1' +ModuleVersion = '1.0' # ID used to uniquely identify this module GUID = 'f9592e48-6cd3-494e-891b-ee10ee9f7018' From 95138e128f9bb1d055aee4073e86cf32726b182c Mon Sep 17 00:00:00 2001 From: simonfangyingzhang Date: Fri, 27 Apr 2018 05:10:09 +0100 Subject: [PATCH 10/10] Update VMware.VMEncryption.psd1 --- Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 index 1213466..95b678f 100644 --- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 +++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psd1 @@ -12,7 +12,7 @@ # RootModule = '' # Version number of this module. -ModuleVersion = '1.0' +ModuleVersion = '1.1' # ID used to uniquely identify this module GUID = 'f9592e48-6cd3-494e-891b-ee10ee9f7018'