New-ShieldingDataFile
Creates a shielding data file.
Syntax
New-ShieldingDataFile
[-ShieldingDataFilePath] <String>
[-Owner] <Guardian>
[-VolumeIDQualifier] <VolumeIDQualifier[]>
[-AnswerFile] <NamedFileContent>
[[-OtherFile] <NamedFileContent[]>]
[[-Guardian] <Guardian[]>]
[-Policy <FabricPolicyValue>]
[-WhatIf]
[-Confirm] New-ShieldingDataFile
[-ShieldingDataFilePath] <String>
[-Owner] <Guardian>
[[-OtherFile] <NamedFileContent[]>]
[[-Guardian] <Guardian[]>]
[-Policy <FabricPolicyValue>]
[-WhatIf]
[-Confirm] Description
The New-ShieldingDataFile cmdlet creates a shielding data file for use in provisioning a shielded virtual machine. The shielding data file contains information about which fabrics the VM can run on, which template disks can be used, the security policy, and files such as the specialization answer file.
The specialization answer file and any additional files you add to the shielding data file will be encrypted until a shielded VM is provisioned.
Examples
Example 1
PS C:\> $owner = Get-HgsGuardian -Name Owner
PS C:\> $hoster = Get-HgsGuardian -Name MyHostingProvider
PS C:\> $viq = New-VolumeIDQualifier -VolumeSignatureCatalogFilePath 'C:\temp\trustedtemplate.vsc' -VersionRule Equals
PS C:\> New-ShieldingDataFile -ShieldingDataFilePath 'C:\temp\shieldingdata.pdk' -Owner $owner -Guardian $hoster -VolumeIDQualifier $viq -AnswerFile 'C:\temp\unattend.xml'Creates a shielding data file using the "Owner" and "MyHostingProvider" guardians and a single volume ID qualifier representing the trusted template disk.
Parameters
-AnswerFile
Path to an XML file containing specialization information needed to automatically set up the OS in a shielded VM. For Windows VMs, this file is typically the unattend.xml file. The file varies for Linux distributions based on the specialization agent installed in the template disk.
| Type: | NamedFileContent |
| Aliases: | WindowsUnattendFile |
| Position: | 3 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Guardian
One or more HGS guardian objects representing fabrics trusted to run your virtual machine.
| Type: | Guardian[] |
| Position: | 5 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-OtherFile
Additional files (limited to 384KB) that should be encrypted at rest and copied to a provisioned virtual machine.
| Type: | NamedFileContent[] |
| Position: | 4 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Owner
The guardian object containing the certificates of the VM owner. Only the VM owner can modify the shielding data file in the future.
| Type: | Guardian |
| Position: | 1 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Policy
Specifies the security policy for the resulting VM. The EncryptionSupported policy allows all normal VM devices, while the shielded policy adds additional protections to the VM, prevents basic console access and requires live migration traffic to be encrypted.
| Type: | FabricPolicyValue |
| Accepted values: | Shielded, EncryptionSupported |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ShieldingDataFilePath
Specifies the path where the newly created shielding data file should be saved.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-VolumeIDQualifier
One or more VolumeIDQualifier objects representing template disks trusted for shielded VM deployment.
| Type: | VolumeIDQualifier[] |
| Position: | 2 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Windows.HardenedFabric.Cmdlets.Common.Guardian
Microsoft.Windows.HardenedFabric.Cmdlets.Common.VolumeIDQualifier[] Microsoft.Windows.HardenedFabric.Cmdlets.Common.NamedFileContent Microsoft.Windows.HardenedFabric.Cmdlets.Common.NamedFileContent[] Microsoft.Windows.HardenedFabric.Cmdlets.Common.Guardian[] Microsoft.Windows.HardenedFabric.Cmdlets.Common.FabricPolicyValue