Create an Encryption Storage Policy
Before any virtual machines can be encrypted, vCenter Server must contain an encryption storage policy. The policy only needs to be created once; it can be assigned to any virtual machines that you want to encrypt.
Java program to set storage policy for encryption
package com.vmware.spbm.samples;
import java.util.ArrayList;
import java.util.List;
import com.vmware.common.annotations.Action;
import com.vmware.common.annotations.Option;
import com.vmware.common.annotations.Sample;
import com.vmware.pbm.InvalidArgumentFaultMsg;
import com.vmware.pbm.PbmCapabilityConstraintInstance;
import com.vmware.pbm.PbmCapabilityInstance;
import com.vmware.pbm.PbmCapabilityMetadata;
import com.vmware.pbm.PbmCapabilityMetadataPerCategory;
import com.vmware.pbm.PbmCapabilityProfileCreateSpec;
import com.vmware.pbm.PbmCapabilityPropertyInstance;
import com.vmware.pbm.PbmCapabilityPropertyMetadata;
import com.vmware.pbm.PbmCapabilitySubProfile;
import com.vmware.pbm.PbmCapabilitySubProfileConstraints;
import com.vmware.pbm.PbmCapabilityVendorNamespaceInfo;
import com.vmware.pbm.PbmCapabilityVendorResourceTypeInfo;
import com.vmware.pbm.PbmDuplicateNameFaultMsg;
import com.vmware.pbm.PbmFaultProfileStorageFaultFaultMsg;
import com.vmware.pbm.PbmProfileId;
import com.vmware.pbm.PbmServiceInstanceContent;
import com.vmware.spbm.connection.ConnectedServiceBase;
import com.vmware.spbm.connection.helpers.PbmUtil;
import com.vmware.vim25.ManagedObjectReference;
import com.vmware.vim25.RuntimeFaultFaultMsg;
/**
* CreateVMEncryptionProfile
* Create new Storage Profile with one rule-set based on vmwarevmcrypt capabilities.
* Parameters:
* vcurl [required] : web service url, for example https://10.9.8.7/sdk
* username [required] : username for the authentication
* password [required] : corresponding password
* profilename [required] : name of the storage profile
* Command Line:
* run.bat com.vmware.spbm.samples.CreateVMEncryptionProfile --vcurl [webserviceurl] ^
* --username [username] --password [password] --profilename [Storage Profile Name]
*/
@Sample(name = "CreateVMEncryptionProfile",
description = "Create a new storage profile with "
+ "one rule-set based on vmwarevmcrypt capabilities.")
public class CreateVMEncryptionProfile extends ConnectedServiceBase {
private PbmServiceInstanceContent spbmsc;
private String profileName;
// Build capability instance based on capability name associated with vmwarevmcrypt provider
PbmCapabilityInstance buildCapability(String capabilityName,
List<PbmCapabilityMetadataPerCategory> metadata)
throws InvalidArgumentFaultMsg {
// Create Property Instance with capability vmwarevmcrypt
PbmCapabilityMetadata capabilityMeta =
PbmUtil.getCapabilityMeta(capabilityName,metadata);
if (capabilityMeta == null)
throw new InvalidArgumentFaultMsg("Specified Capability does not exist", null);
// Create and associate Property Instances with a Rule
PbmCapabilityConstraintInstance rule = new PbmCapabilityConstraintInstance();
for (PbmCapabilityPropertyMetadata propMeta : capabilityMeta.getPropertyMetadata()) {
PbmCapabilityPropertyInstance prop = new PbmCapabilityPropertyInstance();
prop.setId(propMeta.getId());
prop.setValue(propMeta.getDefaultValue());
rule.getPropertyInstance().add(prop);
}
// Associate Rule with a Capability Instance
PbmCapabilityInstance capability = new PbmCapabilityInstance();
capability.setId(capabilityMeta.getId());
capability.getConstraint().add(rule);
return capability;
}
@Action
public void createProfile() throws RuntimeFaultFaultMsg,
com.vmware.pbm.RuntimeFaultFaultMsg, InvalidArgumentFaultMsg,
PbmDuplicateNameFaultMsg, PbmFaultProfileStorageFaultFaultMsg {
// Get PBM Profile Manager & Associated Capability Metadata
spbmsc = connection.getPbmServiceContent();
ManagedObjectReference profileMgr = spbmsc.getProfileManager();
// Step 1: Check if there is a vmwarevmcrypt Provider
Boolean encryptionCapable = false;
List<PbmCapabilityVendorResourceTypeInfo> vendorInfo =
connection.getPbmPort().pbmFetchVendorInfo(profileMgr, null);
for (PbmCapabilityVendorResourceTypeInfo vendor : vendorInfo)
for (PbmCapabilityVendorNamespaceInfo vnsi : vendor .getVendorNamespaceInfo())
if (vnsi.getNamespaceInfo().getNamespace().equals("vmwarevmcrypt")) {
encryptionCapable = true;
break;
}
if (!encryptionCapable)
throw new RuntimeFaultFaultMsg(
"Cannot create storage profile. 'vmwarevmcrypt' Provider not found.", null);
// Step 2: Get PBM Supported Capability Metadata
List<PbmCapabilityMetadataPerCategory> metadata =
connection .getPbmPort().pbmFetchCapabilityMetadata(profileMgr,
PbmUtil.getStorageResourceType(),
"com.vmware.iofilters");
// Step 3: Add Provider Specific Capabilities
List<PbmCapabilityInstance> capabilities = new ArrayList<PbmCapabilityInstance>();
capabilities.add(buildCapability("vmwarevmcrypt@ENCRYPTION", metadata));
// Step 4: Add Capabilities to a RuleSet
PbmCapabilitySubProfile ruleSet = new PbmCapabilitySubProfile();
ruleSet.getCapability().addAll(capabilities);
// Step 5: Add Rule-Set to Capability Constraints
PbmCapabilitySubProfileConstraints constraints = new PbmCapabilitySubProfileConstraints();
ruleSet.setName("Rule-Set " + (constraints.getSubProfiles().size() + 1));
constraints.getSubProfiles().add(ruleSet);
// Step 6: Build Capability-Based Profile
PbmCapabilityProfileCreateSpec spec = new PbmCapabilityProfileCreateSpec();
spec.setName(profileName);
spec.setDescription("Storage Profile in SDK. Rule based on Encryption capability");
spec.setResourceType(PbmUtil.getStorageResourceType());
spec.setConstraints(constraints);
// Step 7: Create Storage Profile
PbmProfileId profile = connection.getPbmPort().pbmCreate(profileMgr, spec);
System.out.println("Profile " + profileName + " with ID: " + profile.getUniqueId());
}
@Option(name = "profilename", description = "Name of the storage profile", required = true)
public void setProfileName(String profileName) {
this.profileName = profileName;
}
}