New-Shielding
Syntax
New-ShieldingDataFile
[-ShieldingDataFilePath] <String>
[-Owner] <Guardian>
[-VolumeIDQualifier] <VolumeIDQualifier[]>
[-AnswerFile] <NamedFileContent>
[[-OtherFile] <NamedFileContent[]>]
[[-Guardian] <Guardian[]>]
[-Policy <FabricPolicyValue>]
[-WhatIf]
[-Confirm]New-ShieldingDataFile
[-ShieldingDataFilePath] <String>
[-Owner] <Guardian>
[[-OtherFile] <NamedFileContent[]>]
[[-Guardian] <Guardian[]>]
[-Policy <FabricPolicyValue>]
[-WhatIf]
[-Confirm]Description
The New-ShieldingDataFile cmdlet creates a shielding data file for use in provisioning a shielded virtual machine. The shielding data file contains information about which fabrics the VM can run on, which template disks can be used, the security policy, and files such as the specialization answer file.
The specialization answer file and any additional files you add to the shielding data file will be encrypted until a shielded VM is provisioned.
Examples
Example 1
PS C:\> $owner = Get-HgsGuardian -Name Owner
PS C:\> $hoster = Get-HgsGuardian -Name MyHostingProvider
PS C:\> $viq = New-VolumeIDQualifier -VolumeSignatureCatalogFilePath 'C:\temp\trustedtemplate.vsc' -VersionRule Equals
PS C:\> New-ShieldingDataFile -ShieldingDataFilePath 'C:\temp\shieldingdata.pdk' -Owner $owner -Guardian $hoster -VolumeIDQualifier $viq -AnswerFile 'C:\temp\unattend.xml'Creates a shielding data file using the "Owner" and "MyHostingProvider" guardians and a single volume ID qualifier representing the trusted template disk.
Required Parameters
Path to an XML file containing specialization information needed to automatically set up the OS in a shielded VM. For Windows VMs, this file is typically the unattend.xml file. The file varies for Linux distributions based on the specialization agent installed in the template disk.
| Type: | NamedFileContent |
| Aliases: | WindowsUnattendFile |
| Position: | 3 |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
The guardian object containing the certificates of the VM owner. Only the VM owner can modify the shielding data file in the future.
| Type: | Guardian |
| Position: | 1 |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
Specifies the path where the newly created shielding data file should be saved.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
One or more VolumeIDQualifier objects representing template disks trusted for shielded VM deployment.
| Type: | VolumeIDQualifier[] |
| Position: | 2 |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
Optional Parameters
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
One or more HGS guardian objects representing fabrics trusted to run your virtual machine.
| Type: | Guardian[] |
| Position: | 5 |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
Additional files (limited to 384KB) that should be encrypted at rest and copied to a provisioned virtual machine.
| Type: | NamedFileContent[] |
| Position: | 4 |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
Specifies the security policy for the resulting VM. The EncryptionSupported policy allows all normal VM devices, while the shielded policy adds additional protections to the VM, prevents basic console access and requires live migration traffic to be encrypted.
| Type: | FabricPolicyValue |
| Parameter Sets: | Shielded, EncryptionSupported |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Windows.HardenedFabric.Cmdlets.Common.Guardian
Microsoft.Windows.HardenedFabric.Cmdlets.Common.VolumeIDQualifier[] Microsoft.Windows.HardenedFabric.Cmdlets.Common.NamedFileContent Microsoft.Windows.HardenedFabric.Cmdlets.Common.NamedFileContent[] Microsoft.Windows.HardenedFabric.Cmdlets.Common.Guardian[] Microsoft.Windows.HardenedFabric.Cmdlets.Common.FabricPolicyValue
Outputs
System.Object