Powershell : Connect to vSphere vCenter and Enable/Disable a Virtual Machine Network Card
Scenario - a windows server virtual machine has two network cards configured, one with a dmz nic/ip, and the other with an internal nic/ip. The secondary internal nic/ip is left disabled in vCenter for security purposes. That way if this server is compromised through the dmz interface the attackers cannot enable the secondary nic from within the virtual machine's operating system and get access to the internal network. If or when an action needs to be run against this virtual machine's internal nic/ip, this script will connect to vCenter and enable/disable the secondary nic.
Note: for instructions on how to use the powershell encrypted authenticated method as seen in this script, refer to "Powershell Security : Authenticate a Script Using an Encrypted Password".
<#
Assumed Demo Environment
Demo Script Name -> myScript.ps1
Script Location -> C:\Scripts\
Script Logs Location -> C:\Scripts\Logs\
Encrypted Password Location -> C:\Scripts\Password\
Auth Example Username -> myLogin@vsphere.local
(can also use a local account)
Auth Password File -> myScriptAuth.txt
Script Authenticating from -> Windows Server #1
Script Authenticating to -> vSphere ESX vCenter (vcsa.mydomain.local)
VM Name -> myVM_Name
VM Secondary Network Interface Name (as seen in vCenter) -> Network adapter 2
#>
# Globals
Start-Transcript -Append "C:\Scripts\Logs\myScript_Log.txt"
$ErrorActionPreference = 1
$currentTime = Get-Date -format "dd-MMM-yyyy HH:mm:ss"
Write-Host ===== Script Start -> $currentTime ============================================
# Authenticate to vCenter using encrypted credentials ...
$authFile = "C:\Scripts\Password\myScriptAuth.txt"
$securePassword = Get-Content $authFile | ConvertTo-SecureString
$credentials = New-Object System.Management.Automation.PSCredential ("myLogin@vsphere.local", $securePassword)
Write-Host("Connecting to vCenter...")
Connect-VIServer -Server vcsa.mydomain.local -Credential $credentials
Write-Host("Successfully connected to vCenter...")
Write-Host "`n"
# Enable vm secondary vlan nic ...
Write-Host("Enabling myVM_Name secondary nic...")
Get-VM -Name 'myVM_Name' | Get-NetworkAdapter -Name 'Network adapter 2' | Set-NetworkAdapter -Connected:$true -Confirm:$false
Write-Host("Successfully enabled secondary server nic...")
Write-Host "`n"
<#
Run whatever commands you need to in this section...
#>
# Task and environment cleanup ...
# Start disable secondary server nic ...
Get-VM -Name 'myVM_Name' | Get-NetworkAdapter -Name 'Network adapter 2' | Set-NetworkAdapter -Connected:$false -Confirm:$false
# ... End disable nic
Disconnect-VIServer -Server * -Force -Confirm:$false
Write-Host ===== Script End -> $currentTime ============================================
# Write Log File and Exit
Stop-Transcript
Get-ChildItem -path "C:\Scripts\Logs\" -recurse -include @("*.txt") | rename-item -newname { $_.name -replace "_Log",($_.CreationTime.toString("yyyyMMdd-hhmmss"))}