A while back I was asked if we could automate some areas of vShield, VMware Security suite of products. I was asked to do this for a demo which was to be used at VMworld, having never touched vShield before I was thrown into the world of security at the deep end. The first thing I found on my quest was the vShield API, there is a great document by VMware which explains the vShield proprietary Web-RPC API (Based on Rest API) and all the calls you would ever need to make to work with the vShield products.
Now I had the API details I knew I could easily write some PowerShell code in the form of an advanced function to work with the API, the first piece of code I wrote was a generic function which allowed me to GET, PUT, DELETE and POST to a proprietary Web-RPC based Restful API. I know PowerShell v3 will include cmdlets for this but I didn’t want to wait or add a dependency on something which wasn’t available as yet.
Following on from my previous post in this series where I showed how we could deploy vShield manager into our virtual infrastructure I thought I would take it one step further and show how we can use the vShield API’s within PowerShell to make some nice PowerShell advanced functions which will install the vShield services on our hosts.
Forgetting about the functions for a moment this really does show the power of PowerShell and how we can simplify everything down into a couple of lines of code which can be used over and over. The last line of this code is all that is now needed to install vShield services on not just 1 host but 100’s of hosts !
I have been learning a little about vShield lately, mainly for some work I had to complete for VMworld Las Vegas but also as I started coming up with some cool stuff when using PowerShell to talk the the REST API of vShield. More on that will come in a following post but I wanted to give just a quick idea of what was possible.
Starting from the beginning, the first thing we will need to do is install vShield 5 into your existing environment, this could be done by downloading the software and installing it manually but why would we do this ? Automation is king !
So the following PowerShell script will show you how to automate the following:
- Install the vShield ova file into vSphere as a new VM
- Start the vShield VM
- Set the IP information
- Restart the vShield VM
- Use the vShield API to connect it to vCenter
Of course once we have done this we will need to install the vShield Agent VMs onto our hosts but that’s a great start and we need to leave some things for me to write about in future blog posts !
I would like to point out at this point that I struggled with setting the IP address on the machine, I knew I could connect to the VM using the great Invoke-VMScript cmdlet but tried several ways until I asked for help from the legend that is Mr William Lam, you can see from this post how he managed to do this. Thanks to William I was also able to follow his method (but with less of that Perl stuff) and enable the last piece of the jigsaw.
A big thanks to Jeff Hicks who also wrote a nice easy to use function to test if your website is available, this came in useful when I was waiting for the management website to come up before I could hook into the API and connect vShield to vCenter. Continue reading