< Back
Add-NsxDynamicMemberSet
Post
NAME Add-NsxDynamicMemberSet
SYNOPSIS
Adds a new dynamic member set to an existing NSX Security Group.
SYNTAX
Add-NsxDynamicMemberSet [-SecurityGroup] <Object> [-SetOperator <String>] -CriteriaOperator <String>
-DynamicCriteriaSpec <XmlElement[]> [-Connection <PSObject>] [<CommonParameters>]
DESCRIPTION
NSX Security Groups can have 3 types of membership configured, Dynamic
Criteria, Static Members and Exclude Members.
One or more Dynamic Criteria combine to make a Dynamic Member Set, and one
or more Dynamic Member Sets combine to define the Dynamic Membership of a
given security group.
In order to allow the configuration of a security groups Dynamic Membership
with an aritrary number of Dynamic Criteria Member Sets that contain an
arbitrary number of Dynamic Criteria in a flexible way, PowerNSX provides
the following abstractions.
Creation of individual Dynamic Criteria is accomplished with
New-NsxDynamicCriteriaSpec.
One or more Dynamic Criteria can be added to a Dynamic Member Set at creation
time with Add-NsxDynamicMemberSet and specifying the required Dynamic
Criteria Spec objects at creation time.
One or more Dynamic Criteria can be added to an existing Dynamic Member Set
after the fact with Add-NsxDynamicCriteria or removed with
Remove-NsxDynamicCriteria.
One or more Dynamic Member sets can be added to a security groups overall
Dynamic Membership definition using Add-NsxDynamicMemberSet or removed using
Remove-NsxDynamicMemberSet
A Security Groups Dynamic Member definition can include multiple Dynamic
Member Sets in an logical AND/OR arrangement, and for each of the Dynamic
Member Sets, a match operator of ALL or ANY can be specified that determines
how multiple Dynamic Criteria combine within the set to define a match.
The Add-NsxDynamicMemberSet cmdlet is used to create a new Dynamic Member
Set and add it to an existing Security Groups Dynamic Member Definition.
PARAMETERS
-SecurityGroup <Object>
SecurityGroup whose membership is to be modified.
Required? true
Position? 2
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-SetOperator <String>
Dynamic Criteria Set operator BETWEEN sets. In the UI, this is the AND/OR drop down displayed between member
sets.
This value is ignored if the set being added is the first set being added to the Dynamic Member Definition of
a Security Group
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-CriteriaOperator <String>
Dynamic Criteria operator for criteria WITHIN the set being added. In the UI, this is the Match: ANY/ALL drop
down displayed at the top of each Dynamic Member Set.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-DynamicCriteriaSpec <XmlElement[]>
Dynamic criteria spec/s as generated by New-NsxDynamicCriteriaSpec
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$criteria1Spec = New-NsxDynamicCriteriaSpec -key VM.name -condition contains -value "PROD"
$criteria2Spec = New-NsxDynamicCriteriaSpec -key VM.GUEST_OS_FULL_NAME -condition contains -value "Win"
$sg1 = New-NsxSecurityGroup -Name "SG-Production-Windows"
Get-NsxSecurityGroup "SG-Production-Windows" | Add-NsxDynamicMemberSet -SetOperator OR -CriteriaOperator ANY
-DynamicCriteriaSpec $criteria1Spec,$criteria2Spec
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$criteria3Spec = New-NsxDynamicCriteriaSpec -key VM.SECURITY_TAG -condition starts_with -value "ST_PCI"
$criteria4Spec = New-NsxDynamicCriteriaSpec -entity $(Get-Cluster DMZ)
$sg2 = New-NsxSecurityGroup -Name "SG-DMZ-PCI"
Get-NsxSecurityGroup "SG-DMZ-PCI" | Add-NsxDynamicMemberSet -SetOperator AND -CriteriaOperator ALL
-DynamicCriteriaSpec $criteria3Spec,$criteria4Spec
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>$criteria5Spec = New-NsxDynamicCriteriaSpec -key VM.SECURITY_TAG -condition starts_with -value "ST_Backup"
$criteria6Spec = New-NsxDynamicCriteriaSpec -entity $(Get-Cluster Dev-CL-01)
$criteria7Spec = New-NsxDynamicCriteriaSpec -entity $(Get-NsxLogicalSwitch LS-Backup-Net)
$criteria8Spec = New-NsxDynamicCriteriaSpec -key VM.NAME -condition contains -value "PROD"
$sg3 = New-NsxSecurityGroup -Name "SG-Backup-Clients"
$sg3.objectid | Add-NsxDynamicMemberSet -SetOperator OR -CriteriaOperator ANY -DynamicCriteriaSpec
$criteria5Spec,$criteria6Spec
$sg3.objectid | Add-NsxDynamicMemberSet -SetOperator OR -CriteriaOperator ANY -DynamicCriteriaSpec
$criteria7Spec,$criteria8Spec
RELATED LINKS
SYNOPSIS
Adds a new dynamic member set to an existing NSX Security Group.
SYNTAX
Add-NsxDynamicMemberSet [-SecurityGroup] <Object> [-SetOperator <String>] -CriteriaOperator <String>
-DynamicCriteriaSpec <XmlElement[]> [-Connection <PSObject>] [<CommonParameters>]
DESCRIPTION
NSX Security Groups can have 3 types of membership configured, Dynamic
Criteria, Static Members and Exclude Members.
One or more Dynamic Criteria combine to make a Dynamic Member Set, and one
or more Dynamic Member Sets combine to define the Dynamic Membership of a
given security group.
In order to allow the configuration of a security groups Dynamic Membership
with an aritrary number of Dynamic Criteria Member Sets that contain an
arbitrary number of Dynamic Criteria in a flexible way, PowerNSX provides
the following abstractions.
Creation of individual Dynamic Criteria is accomplished with
New-NsxDynamicCriteriaSpec.
One or more Dynamic Criteria can be added to a Dynamic Member Set at creation
time with Add-NsxDynamicMemberSet and specifying the required Dynamic
Criteria Spec objects at creation time.
One or more Dynamic Criteria can be added to an existing Dynamic Member Set
after the fact with Add-NsxDynamicCriteria or removed with
Remove-NsxDynamicCriteria.
One or more Dynamic Member sets can be added to a security groups overall
Dynamic Membership definition using Add-NsxDynamicMemberSet or removed using
Remove-NsxDynamicMemberSet
A Security Groups Dynamic Member definition can include multiple Dynamic
Member Sets in an logical AND/OR arrangement, and for each of the Dynamic
Member Sets, a match operator of ALL or ANY can be specified that determines
how multiple Dynamic Criteria combine within the set to define a match.
The Add-NsxDynamicMemberSet cmdlet is used to create a new Dynamic Member
Set and add it to an existing Security Groups Dynamic Member Definition.
PARAMETERS
-SecurityGroup <Object>
SecurityGroup whose membership is to be modified.
Required? true
Position? 2
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-SetOperator <String>
Dynamic Criteria Set operator BETWEEN sets. In the UI, this is the AND/OR drop down displayed between member
sets.
This value is ignored if the set being added is the first set being added to the Dynamic Member Definition of
a Security Group
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-CriteriaOperator <String>
Dynamic Criteria operator for criteria WITHIN the set being added. In the UI, this is the Match: ANY/ALL drop
down displayed at the top of each Dynamic Member Set.
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-DynamicCriteriaSpec <XmlElement[]>
Dynamic criteria spec/s as generated by New-NsxDynamicCriteriaSpec
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>$criteria1Spec = New-NsxDynamicCriteriaSpec -key VM.name -condition contains -value "PROD"
$criteria2Spec = New-NsxDynamicCriteriaSpec -key VM.GUEST_OS_FULL_NAME -condition contains -value "Win"
$sg1 = New-NsxSecurityGroup -Name "SG-Production-Windows"
Get-NsxSecurityGroup "SG-Production-Windows" | Add-NsxDynamicMemberSet -SetOperator OR -CriteriaOperator ANY
-DynamicCriteriaSpec $criteria1Spec,$criteria2Spec
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>$criteria3Spec = New-NsxDynamicCriteriaSpec -key VM.SECURITY_TAG -condition starts_with -value "ST_PCI"
$criteria4Spec = New-NsxDynamicCriteriaSpec -entity $(Get-Cluster DMZ)
$sg2 = New-NsxSecurityGroup -Name "SG-DMZ-PCI"
Get-NsxSecurityGroup "SG-DMZ-PCI" | Add-NsxDynamicMemberSet -SetOperator AND -CriteriaOperator ALL
-DynamicCriteriaSpec $criteria3Spec,$criteria4Spec
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>$criteria5Spec = New-NsxDynamicCriteriaSpec -key VM.SECURITY_TAG -condition starts_with -value "ST_Backup"
$criteria6Spec = New-NsxDynamicCriteriaSpec -entity $(Get-Cluster Dev-CL-01)
$criteria7Spec = New-NsxDynamicCriteriaSpec -entity $(Get-NsxLogicalSwitch LS-Backup-Net)
$criteria8Spec = New-NsxDynamicCriteriaSpec -key VM.NAME -condition contains -value "PROD"
$sg3 = New-NsxSecurityGroup -Name "SG-Backup-Clients"
$sg3.objectid | Add-NsxDynamicMemberSet -SetOperator OR -CriteriaOperator ANY -DynamicCriteriaSpec
$criteria5Spec,$criteria6Spec
$sg3.objectid | Add-NsxDynamicMemberSet -SetOperator OR -CriteriaOperator ANY -DynamicCriteriaSpec
$criteria7Spec,$criteria8Spec
RELATED LINKS