New-Shielding Data File

Creates a shielding data file.

Syntax

New-ShieldingDataFile
   [-ShieldingDataFilePath] <String>
   [-Owner] <Guardian>
   [-VolumeIDQualifier] <VolumeIDQualifier[]>
   [-AnswerFile] <NamedFileContent>
   [[-OtherFile] <NamedFileContent[]>]
   [[-Guardian] <Guardian[]>]
   [-Policy <FabricPolicyValue>]
   [-WhatIf]
   [-Confirm]
New-ShieldingDataFile
   [-ShieldingDataFilePath] <String>
   [-Owner] <Guardian>
   [[-OtherFile] <NamedFileContent[]>]
   [[-Guardian] <Guardian[]>]
   [-Policy <FabricPolicyValue>]
   [-WhatIf]
   [-Confirm]

Description

The New-ShieldingDataFile cmdlet creates a shielding data file for use in provisioning a shielded virtual machine. The shielding data file contains information about which fabrics the VM can run on, which template disks can be used, the security policy, and files such as the specialization answer file.

The specialization answer file and any additional files you add to the shielding data file will be encrypted until a shielded VM is provisioned.

Examples

Example 1

PS C:\> $owner = Get-HgsGuardian -Name Owner
PS C:\> $hoster = Get-HgsGuardian -Name MyHostingProvider
PS C:\> $viq = New-VolumeIDQualifier -VolumeSignatureCatalogFilePath 'C:\temp\trustedtemplate.vsc' -VersionRule Equals
PS C:\> New-ShieldingDataFile -ShieldingDataFilePath 'C:\temp\shieldingdata.pdk' -Owner $owner -Guardian $hoster -VolumeIDQualifier $viq -AnswerFile 'C:\temp\unattend.xml'

Creates a shielding data file using the "Owner" and "MyHostingProvider" guardians and a single volume ID qualifier representing the trusted template disk.

Required Parameters

-AnswerFile

Path to an XML file containing specialization information needed to automatically set up the OS in a shielded VM. For Windows VMs, this file is typically the unattend.xml file. The file varies for Linux distributions based on the specialization agent installed in the template disk.

Type: NamedFileContent
Aliases: WindowsUnattendFile
Position: 3
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Owner

The guardian object containing the certificates of the VM owner. Only the VM owner can modify the shielding data file in the future.

Type: Guardian
Position: 1
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-ShieldingDataFilePath

Specifies the path where the newly created shielding data file should be saved.

Type: String
Position: 0
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-VolumeIDQualifier

One or more VolumeIDQualifier objects representing template disks trusted for shielded VM deployment.

Type: VolumeIDQualifier[]
Position: 2
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Aliases: cf
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False
-Guardian

One or more HGS guardian objects representing fabrics trusted to run your virtual machine.

Type: Guardian[]
Position: 5
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-OtherFile

Additional files (limited to 384KB) that should be encrypted at rest and copied to a provisioned virtual machine.

Type: NamedFileContent[]
Position: 4
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-Policy

Specifies the security policy for the resulting VM. The EncryptionSupported policy allows all normal VM devices, while the shielded policy adds additional protections to the VM, prevents basic console access and requires live migration traffic to be encrypted.

Type: FabricPolicyValue
Parameter Sets: Shielded, EncryptionSupported
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Aliases: wi
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

Inputs

Microsoft.Windows.HardenedFabric.Cmdlets.Common.Guardian

Microsoft.Windows.HardenedFabric.Cmdlets.Common.VolumeIDQualifier[] Microsoft.Windows.HardenedFabric.Cmdlets.Common.NamedFileContent Microsoft.Windows.HardenedFabric.Cmdlets.Common.NamedFileContent[] Microsoft.Windows.HardenedFabric.Cmdlets.Common.Guardian[] Microsoft.Windows.HardenedFabric.Cmdlets.Common.FabricPolicyValue

Outputs

System.Object