I was wondering if someone could please help with the following query. We are using the following script to enable Virtualization Based Security on a per VM level.
The script is running from within VMware Realize Automation / Orchestration in order to enable VBS as part of an specific workflow. The modified script for vRA/vRO is below.
The issue that I am having is that VBS can only be enabled when the VM is powered off, in some cases the workflow takes a little longer to run and by then the VM is running already which will make the task (script) to fail.
That being said, I was looking for some way to improve the script a little bit perhaps by adding something to power off the VM if it's running then execute the code in the script and then bring the VM back on. I feel that with something like this hopefully we will make sure that VBS is enabled when the VM is not running and once VBS is enabled it will turn on the VM to proceed. I have unsuccessfully tried to modify the code but I can't find a way to stop and start the VM successfully. Can someone please help?
Thank you
// Input: inputProperties from vRA
var enableVBS = inputProperties.customProperties.enableVBS
if (enableVBS == "true") {
var name = inputProperties.resourceNames[0]
var vms = VcPlugin.getAllVirtualMachines(null, name)
vm = vms[0]
var bootOpts = new VcVirtualMachineBootOptions()
var flags = new VcVirtualMachineFlagInfo()
var spec = new VcVirtualMachineConfigSpec()
bootOpts.efiSecureBootEnabled = true;
flags.vbsEnabled = true;
flags.vvtdEnabled = true;
spec.firmware = VcGuestOsDescriptorFirmwareType.efi;
spec.nestedHVEnabled = true;
spec.bootOptions = bootOpts;
spec.flags = flags;
vm.reconfigVM_Task(spec)
}
