New in the VI Toolkit Community Extensions: Set virtual switch security.

While we all eagerly await CTP3 of PowerShell Version 2 I wanted to mention that I'm a big fan of PowerShell Version 2's modules and script cmdlets because combining these technologies makes it possible to build large, cohesive and really useful management modules even if you're not a developer.

Glenn Sizemore has written just such a script cmdlet that lets you set the security properties of virtual switches. With his cmdlet you can configure whether virtual switches allow virtual machines on the switch to see traffic to and from other virtual machines using the -AllowPromiscuous flag. With the -ForgedTransmits flag you can configure whether VMs are allowed to send packets using a different source MAC address from the VM's real MAC address, and with the -MacChanges flag set, VMs on the switch can change their MAC addresses.

These options can be useful for enabling security-related applications, for instance if you want to run an intrusion detection virtual appliance on a virtual switch you'll need to set -AllowPromiscuous on the switch. The default is to have AllowPromiscuous disabled while ForgedTransmits and MacChanges are enabled, which is pretty much what you get with a real unmanaged switch.

Glenn's cmdlet makes changing things really easy. You can see Glenn's original cmdlet, but note that the name and parameters are changed a bit in the community extensions, to make it fit a bit more with other aspects of the extensions. Here's a quick example of the new cmdlets in action:

The VI Toolkit Extensions is now up to 30cmdlets that cover a wide range of really useful stuff. If you're looking to get started with the VI Toolkit Community Extensions, Eric Sloof has a great writeup on how to do just that. As PowerShell v2 nears official release, we've got some things planned to make the VI Toolkit Extensions amazingly easy to use, for now it's a bit primitive but gets the job done.