diff --git a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 index 8594bf9..5252f96 100644 --- a/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 +++ b/Modules/VMware.VMEncryption/VMware.VMEncryption.psm1 @@ -59,12 +59,17 @@ New-VIProperty -Name Locked -ObjectType VirtualMachine -Value { ($vm.extensiondata.Runtime.ConnectionState -eq "invalid") -and ($vm.extensiondata.Config.KeyId) } -BasedOnExtensionProperty 'Runtime.ConnectionState','Config.KeyId' -Force | Out-Null +New-VIProperty -Name vMotionEncryption -ObjectType VirtualMachine -Value { + Param ($VM) + $VM.ExtensionData.Config.MigrateEncryption +} -BasedOnExtensionProperty 'Config.MigrateEncryption' -Force | Out-Null + New-VIProperty -Name KMSserver -ObjectType VirtualMachine -Value { Param ($VM) if ($VM.Encrypted) { $VM.EncryptionKeyId.ProviderId.Id } - } -BasedOnExtensionProperty 'Config.KeyId' -Force | Out-Null +} -BasedOnExtensionProperty 'Config.KeyId' -Force | Out-Null New-VIProperty -Name Encrypted -ObjectType HardDisk -Value { Param ($hardDisk) @@ -108,7 +113,6 @@ Function Enable-VMHostCryptoSafe { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -177,7 +181,6 @@ Function Set-VMHostCryptoKey { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -231,6 +234,74 @@ Function Set-VMHostCryptoKey { } } +Function Set-vMotionEncryptionConfig { + <# + .SYNOPSIS + This cmdlet sets the vMotionEncryption property of a VM. + + .DESCRIPTION + Use this function to set the vMotionEncryption settings for a VM. + The 'Encryption' parameter is set up with Tab-Complete for the available + options. + + .PARAMETER VM + Specifies the VM you want to set the vMotionEncryption property. + + .PARAMETER Encryption + Specifies the value you want to set to the vMotionEncryption property. + The Encryption options are: disabled, opportunistic, and required. + + .EXAMPLE + PS C:\> Get-VM | Set-vMotionEncryptionConfig -Encryption opportunistic + + Sets the vMotionEncryption of all the VMs + + .NOTES + Author : Brian Graf, Carrie Yang. + Author email : grafb@vmware.com, yangm@vmware.com + Version : 1.0 + + ==========Tested Against Environment========== + VMware vSphere Hypervisor(ESXi) Version : 6.5 + VMware vCenter Server Version : 6.5 + PowerCLI Version : PowerCLI 6.5 + PowerShell Version : 3.0 + #> + + [CmdLetBinding()] + + param ( + [Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)] + [VMware.VimAutomation.ViCore.Types.V1.Inventory.VirtualMachine]$VM, + + [Parameter(Mandatory=$True] + [ValidateSet("disabled", "opportunistic", "required")] + [String]$Encryption + ) + + process{ + if ($VM.vMotionEncryption -eq $Encryption) { + Write-Warning "The encrypted vMotion state is already $Encrypted, no need to change it." + return + } + + if ($VM.Encrypted) { + Write-Error "Cannot change encrypted vMotion state for an encrypted VM." + return + } + + $VMView = $VM | get-view + $Config = New-Object VMware.Vim.VirtualMachineConfigSpec + $Config.MigrateEncryption = New-Object VMware.Vim.VirtualMachineConfigSpecEncryptedVMotionModes + $Config.MigrateEncryption = $Encryption + + $VMView.ReconfigVM($config) + + $VM.ExtensionData.UpdateViewData() + $VM.vMotionEncryption + } +} + Function Enable-VMEncryption { <# .SYNOPSIS @@ -277,7 +348,6 @@ Function Enable-VMEncryption { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -438,7 +508,6 @@ Function Enable-VMDiskEncryption { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -591,7 +660,6 @@ Function Disable-VMEncryption { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -688,7 +756,6 @@ Function Disable-VMDiskEncryption { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -824,7 +891,6 @@ Function Set-VMEncryptionKey { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -981,7 +1047,6 @@ Function Set-VMDiskEncryptionKey { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1094,7 +1159,7 @@ Function Get-VMEncryptionInfo { .NOTES If $HardDisk is specified, then only the encryption information of the disks specified in $HardDisk is obtained. Otherwise, all disks' encryption information of the specified VM is returned. - + .NOTES Author : Carrie Yang. Author email : yangm@vmware.com @@ -1105,7 +1170,6 @@ Function Get-VMEncryptionInfo { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1194,7 +1258,7 @@ Function Get-EntityByCryptoKey { .NOTES At least one of the KeyId and KMSClusterId parameters is required. If the SearchVMHosts, SearchVMs and SearchDisks all not specified, the cmdlet return $null. - + .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com @@ -1205,7 +1269,6 @@ Function Get-EntityByCryptoKey { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1331,7 +1394,6 @@ Function New-KMServer { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1491,7 +1553,6 @@ Function Remove-KMServer { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1569,7 +1630,6 @@ Function Get-KMSCluster { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> # Confirm the connected VIServer is vCenter Server @@ -1661,7 +1721,6 @@ Function Get-KMServerInfo { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1723,7 +1782,6 @@ Function Get-KMServerStatus { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1795,7 +1853,6 @@ Function Get-DefaultKMSCluster { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> # Confirm the connected VIServer is vCenter Server @@ -1822,7 +1879,7 @@ Function Set-DefaultKMSCluster { C:\PS>Set-DefaultKMSCluster -KMSClusterId 'ClusterIdString' Sets the KMS cluster whose cluster ID is 'ClusterIdString' as the default KMS cluster. - + .NOTES Author : Baoyin Qiao. Author email : bqiao@vmware.com @@ -1833,7 +1890,6 @@ Function Set-DefaultKMSCluster { VMware vCenter Server Version : 6.5 PowerCLI Version : PowerCLI 6.5 PowerShell Version : 3.0 - #> [CmdLetBinding()] @@ -1889,7 +1945,6 @@ Function ConfirmHardDiskIsValid { .PARAMETER HardDisk Specifies the hard disks which you want to use to validate. - #> [CmdLetBinding()]