Protecting your Virtual Machines From “That Guy”

OK, so every environment has “That Guy”… if you don’t know what I’m on about, take a look at what floated past on Twitter this evening from @vSeanClark:

RT @techmute: Some people really make me wish vSphere had the option "take a snapshot when this guy logs in as an admin" <- startup idea?

Well… if anyone has some venture capital or Angel funds… I’m your guy. Why? Well with vSphere Alarms and PowerCLI, one can indeed snapshot a VM when a specific user pulls a remote console, here’s how:

Setup the Alarm:

At the vCenter level (after all… “that guy” is sneaky) create an alarm like so:

Under conditions you’ll setup the user you wish to… protect against:

With the following actions:

  • Send a notification email
  • Run a command: C:\WINDOWS\system32\cmd.exe“ “/c echo .|powershell.exe -nologo -noprofile -noninteractive C:\Scripts\OMG-ThatGuy.ps1”

Like so:

* A few notes here: The “Run a command” is all one really long line…

Next the script:

If you copy/paste it from here you’ll want to make sure that everything after Get-VM is on a single line.

# OMG-ThatGuy.ps1
# Add the snapin:
add-pssnapin VMware.VimAutomation.Core

#Take the snapshot!

Connect-VIServer -Server localhost -User something -Password something
$vmId = "VirtualMachine-" + $env:VMWARE_ALARM_TARGET_ID

Get-VM -Id $vmId | New-Snapshot -Name ((Get-Date).ToShortDateString())

The first bit adds the PowerCLI snapin, the second gets the VM that triggered the alarm and creates a snapshot with today’s date. Save this in c:\scripts, or another location of your choosing, and we’re ready to go!

In action:

So I’m not really sure where this script would be all that practical in real use. It is however an example of the power of both PowerCLI and vSphere. Here’s a screenshot of this working, btw:



What good would this post be if I didn’t link back to all the random places I found the info on how to do this on:

5 thoughts on “Protecting your Virtual Machines From “That Guy”

Comments are closed.