LucD
This user hasn't shared any biographical information
Posts by LucD
vSphere permissions: export & import – Part 1
Jun 15th
Short security principles intro
One aspect of your vSphere environment that shouldn’t be ignored is the built-in security feature that allows you to control who can do what with which vSphere entity.
Internally this is controlled from the AuthorizationManager. This object contains all the properties and methods you need to configure and manage the built-in security system.
The principle how vSphere entities are protected is quite straightforward.
At the basis are the so-called privileges. Each privilege describes a basic action that can be performed on one or more of the vSphere entities.
vSphere permissions: export & import – Part 2
Jun 14th
In Part1 of this article we had all the roles and permissions exported to an XML file. It’s now time to import the roles and permissions into a Virtual Center.
The script does in fact the reverse of what the script in Part 1 did.
But there were a few “gotchas“ that had to be solved before arriving at a working solution.
Duplicate Names
The script does not take into account that you can have different objects in your vSphere environment with the same name! Which imho is not a good practice in any case.
Should someone have the need for this functionality let me know and I will try to adapt the scripts.
Principals
The script does not create the principals that are mentioned in the XML file. If these principals do not exists in the environment where you want to import the roles and permissions the script will show errors.
Speed of execution
The permissions are set with an API called SetEntityPermissions.
As can be seen in the API Reference Guide this method requires a Managed Object Reference (MoRef) to a ManagedEntity. A ManagedEntity object is the parent object of most of the managed objects in vSphere.
This way of working avoids that there would have to be a separate method for each of the derived managed objects.
PowerCLI on steroids – Custom attributes
May 29th
PowerCLI is a great tool to manage your vSphere environment. No discussion about that!
The package contains cmdlets for, let’s say 80% of your vSphere day to day tasks, and for the missing 20% you can always fall back on the vSphere APIs (or ask in the PowerCLI community).
The only problem that pops up from time to time is the performance of some of the PowerCLI cmdlets.The Get-Vm cmdlet is one of these infamous cmdlets which, when executed in a decently sized (number of guests) vSphere environment, tends to be quite slow.
But as with the 80%-20% rule above, you can fall back on the vSphere APIs to speed things up a bit.
Add to that some medium to advanced PowerShell features and the time gains you can reach are impressive.
The problem at hand was that we needed a script to update a number of custom attributes on our guests.
A quick method of doing this would be something along these lines:
|
Get-VM | Set-CustomField -Name “MyField” -Value “new-value”
|
Using the VI APIs from PowerShell
Mar 27th
The trigger for this article was a question I got from Alan. He wanted to know how he could get, from within a PowerShell script, a report of all the tasks that were run against a specific virtual machine during the last seven days.
The VI Toolkit (VITK) has a Get-Task cmdlet, but that cmdlet is in the current release of the VITK a bit restricted in it’s use. See the community thread “Determine the “lineage” of a VM | From which Template was a given VM authored?” for a further discussion on this.
Since it became clear that the VITK wouldn’t give me what I wanted, the only possible alternative was to go to the VI APIs.
Every time I need to use the VI APIs I start by looking in the API Reference Documentation.
This document, which is in fact a web-based search tool, has a rather straight-forward layout. In the left pane you find the main menu and in the right pane you will find the details on everything you select in the left pane.
Where you start your search in the API Reference depends a bit on what you have to start with. More >
