How to Enable or Disable Copy and Paste to Remote VM Console?

In my previous post, I introduced how to change a virtual machine’s vmx file programmatically and promised to post a full sample in my presentation at VMware Parter Exchange 2011. Now that the conference is over, it’s time to post it.

The sample is based on guideline VMX03 in vSphere security hardening guide: disable copy/paste to remote console. To me, allowing copy and paste to remote console like vSphere Client is a nice feature which can save you a lot of time. When security is a concern, however, you may want to disable it.

Lost VMs or Containers? Too Many Consoles? Too Slow GUI? Time to learn how to "Google" and manage your VMware and clouds in a fast and secure HTML5 App.

I will not discuss when you should disable/enable it because it really depends on your requirements. In most cases, security and convenience contradict with each other. I leave it for you to decide the right balance, but show you how you can check the setting and change it here.

Like most samples I write, the sample code leverages the open source VI Java API which allows much clean and shorter code than using Apache AXIS. The program checks the vmx settings for copy/paste, and then reverses the settings – if you can copy/paste, then disable it; otherwise, enable it.

As I am a true believer in that code should be self-explanatory, I hope you find my code speaks for itself. If it’s your first time to try vSphere API, you may want to check out the VI Java API tutorial which shows you how to run your first sample in 5 minutes. When you run the following sample, you need to change the server URL, username/password, and the inventory path to a virtual machine you want to change.

package com.vmware.vim25.mo.samples;

import java.net.URL;
import java.util.*;

import com.vmware.vim25.*;
import com.vmware.vim25.mo.*;

public class VmxOps
{
  private static final String SETGUIOPTIONS_ENABLE = "isolation.tools.setGUIOptions.enable";
  private static final String PASTE_DISABLE = "isolation.tools.paste.disable";
  private static final String COPY_DISABLE = "isolation.tools.copy.disable";

  static final OptionValue[] disableCopyPaste = new OptionValue[]
     { newOptionValue(SETGUIOPTIONS_ENABLE, "false"),
       newOptionValue(PASTE_DISABLE, "true"),
       newOptionValue(COPY_DISABLE, "true") };
  static final OptionValue[] allowCopyPaste = new OptionValue[]
     { newOptionValue(SETGUIOPTIONS_ENABLE, "true"),
       newOptionValue(PASTE_DISABLE, "false"),
       newOptionValue(COPY_DISABLE, "false") };

 public static void main(String[] args) throws Exception
  {
    ServiceInstance si = new ServiceInstance(new URL("https://10.129.132.51/sdk"), "sjin", "vmware", true);
    SearchIndex searchIndex = si.getSearchIndex();

    ManagedEntity me = searchIndex.findByInventoryPath("teardown-dc/vm/SteveJinTestVMX");
    VirtualMachine vm = (VirtualMachine) me;

    OptionValue[] ovs = (OptionValue[]) vm.getPropertyByPath("config.extraConfig");
    Map<String, String> ovm = convert2Map(ovs);

    VirtualMachineConfigSpec vms = new VirtualMachineConfigSpec();
    if("true".equalsIgnoreCase(ovm.get(COPY_DISABLE)))
    {
      System.out.println("This VM does not allow copy/paste to remote console. We will enable it.");
      vms.extraConfig = allowCopyPaste;
    }
    else
    {
      System.out.println("This VM allows copy/paste to remote console. We will disable it.");
      vms.extraConfig = disableCopyPaste;
    }
    vm.reconfigVM_Task(vms);

    si.getServerConnection().logout();
  }

 private static OptionValue newOptionValue(String key, String value)
  {
    OptionValue ov = new OptionValue();
    ov.setKey(key);
    ov.setValue(value);
    return ov;
  }

  private static Map<String, String> convert2Map(OptionValue[] ovs)
  {
    HashMap<String, String> hm = new HashMap<String, String>();
    for(OptionValue ov : ovs)
    {
      hm.put(ov.key, (String) ov.value);
    }
    return hm;
  }
}

This entry was posted in vSphere API and tagged , , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

One Trackback

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  • NEED HELP?


    My company has created products like vSearch ("Super vCenter"), vijavaNG APIs, EAM APIs, ICE tool. We also help clients with virtualization and cloud computing on customized development, training. Should you, or someone you know, need these products and services, please feel free to contact me: steve __AT__ doublecloud.org.

    Me: Steve Jin, VMware vExpert who authored the VMware VI and vSphere SDK by Prentice Hall, and created the de factor open source vSphere Java API while working at VMware engineering. Companies like Cisco, EMC, NetApp, HP, Dell, VMware, are among the users of the API and other tools I developed for their products, internal IT orchestration, and test automation.