< Back
Get-NsxSecurityGroupEffectiveMember
Post
NAME Get-NsxSecurityGroupEffectiveMember
SYNOPSIS
Determines the effective memebership of a security group.
SYNTAX
Get-NsxSecurityGroupEffectiveMember -SecurityGroup <XmlElement> [-ReturnTypes <String[]>] [-Connection <PSObject>]
[<CommonParameters>]
Get-NsxSecurityGroupEffectiveMember [-SecurityGroupId] <String> [-ReturnTypes <String[]>] [-Connection <PSObject>]
[<CommonParameters>]
DESCRIPTION
An NSX SecurityGroup can contain members (VMs, IP Addresses, MAC Addresses
or interfaces) by virtue of direct, or indirect membership (nested security
groups), and either by static or dynamic inclusion.
In addition, direct or indirect exclusions can also
modify membership.
This cmdlet uses the NSX 'Translation APIs' to determine the
'Effective Membership' of a given security group. The membership output
by Get-NsxSecurityGroupEffectiveMember is determined by NSX itself.
Note: In order for IPAddress membership to be accurate, IP Discovery
of virtual machines must be operational (as it must for the dataplane to
function as well.)
If IPAddress membership is not accurately represented here, verify that
an appropriate IP discovery mechanism is operational, and NSX 'detects'
the ip addresses you are expecting. Using the Get-NsxSpoofguardNic cmdlet
will allow visibility of the detection state of a given nic or VM.
Note: Previous versions of this cmdlet included direct static inclusions
(only) which is not useful in the context of determining 'effective
membership' and has been removed.
If you wish to know how a given SG is configured with respect to
inclusions/exclusions, use the Get-NsxSecurityGroup cmdlet.
Return properties have also been renamed to make their function clearer, and
the cmdlet renamed to be consistent with PowerShell naming convention
(singular).
Note: In addition to this cmdlet, four individual wrapper cmdlets exist
that allow a translation query for a specific object type (ie vms only)
to be executed, and whose output is easier to parse for intelligent monkeys.
Review Get-NsxSecurityGroupEffectiveVirtualMachine,
Get-NsxSecurityGroupEffectiveIpAddress,
Get-NsxSecurityGroupEffectiveMacAddress,
Get-NsxSecurityGroupEffectiveVnic for more information.
PARAMETERS
-SecurityGroup <XmlElement>
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-SecurityGroupId <String>
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ReturnTypes <String[]>
Required? false
Position? named
Default value All
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-NsxSecurityGroup TestSG | Get-NsxSecurityGroupEffectiveMembers
Retrieve the effective membership of the securitygroup testsg by passing
the securitygroup object on the pipline.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-NsxSecurityGroupEffectiveMembers -SecurityGroupId securitygroup-1234
Retrieve the effective membership of a securitygroup by passing
the securitygroup objectid.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>$testSG | Get-NsxSecurityGroupEffectiveMembers -ReturnTypes -ReturnTypes VirtualMachine, Vnic
Retrieve just the VM and VNIC effective membership of the SecurityGroup stored
in $testSG
RELATED LINKS
SYNOPSIS
Determines the effective memebership of a security group.
SYNTAX
Get-NsxSecurityGroupEffectiveMember -SecurityGroup <XmlElement> [-ReturnTypes <String[]>] [-Connection <PSObject>]
[<CommonParameters>]
Get-NsxSecurityGroupEffectiveMember [-SecurityGroupId] <String> [-ReturnTypes <String[]>] [-Connection <PSObject>]
[<CommonParameters>]
DESCRIPTION
An NSX SecurityGroup can contain members (VMs, IP Addresses, MAC Addresses
or interfaces) by virtue of direct, or indirect membership (nested security
groups), and either by static or dynamic inclusion.
In addition, direct or indirect exclusions can also
modify membership.
This cmdlet uses the NSX 'Translation APIs' to determine the
'Effective Membership' of a given security group. The membership output
by Get-NsxSecurityGroupEffectiveMember is determined by NSX itself.
Note: In order for IPAddress membership to be accurate, IP Discovery
of virtual machines must be operational (as it must for the dataplane to
function as well.)
If IPAddress membership is not accurately represented here, verify that
an appropriate IP discovery mechanism is operational, and NSX 'detects'
the ip addresses you are expecting. Using the Get-NsxSpoofguardNic cmdlet
will allow visibility of the detection state of a given nic or VM.
Note: Previous versions of this cmdlet included direct static inclusions
(only) which is not useful in the context of determining 'effective
membership' and has been removed.
If you wish to know how a given SG is configured with respect to
inclusions/exclusions, use the Get-NsxSecurityGroup cmdlet.
Return properties have also been renamed to make their function clearer, and
the cmdlet renamed to be consistent with PowerShell naming convention
(singular).
Note: In addition to this cmdlet, four individual wrapper cmdlets exist
that allow a translation query for a specific object type (ie vms only)
to be executed, and whose output is easier to parse for intelligent monkeys.
Review Get-NsxSecurityGroupEffectiveVirtualMachine,
Get-NsxSecurityGroupEffectiveIpAddress,
Get-NsxSecurityGroupEffectiveMacAddress,
Get-NsxSecurityGroupEffectiveVnic for more information.
PARAMETERS
-SecurityGroup <XmlElement>
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-SecurityGroupId <String>
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-ReturnTypes <String[]>
Required? false
Position? named
Default value All
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>Get-NsxSecurityGroup TestSG | Get-NsxSecurityGroupEffectiveMembers
Retrieve the effective membership of the securitygroup testsg by passing
the securitygroup object on the pipline.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>Get-NsxSecurityGroupEffectiveMembers -SecurityGroupId securitygroup-1234
Retrieve the effective membership of a securitygroup by passing
the securitygroup objectid.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>$testSG | Get-NsxSecurityGroupEffectiveMembers -ReturnTypes -ReturnTypes VirtualMachine, Vnic
Retrieve just the VM and VNIC effective membership of the SecurityGroup stored
in $testSG
RELATED LINKS