Home > vSphere API > How to Enable or Disable Copy and Paste to Remote VM Console?

How to Enable or Disable Copy and Paste to Remote VM Console?

February 14th, 2011 Leave a comment Go to comments

In my previous post, I introduced how to change a virtual machine’s vmx file programmatically and promised to post a full sample in my presentation at VMware Parter Exchange 2011. Now that the conference is over, it’s time to post it.

The sample is based on guideline VMX03 in vSphere security hardening guide: disable copy/paste to remote console. To me, allowing copy and paste to remote console like vSphere Client is a nice feature which can save you a lot of time. When security is a concern, however, you may want to disable it.

Lost VMs or Containers? Too Many Consoles? Too Slow GUI? Time to learn how to "Google" and manage your VMware and clouds in a fast and secure HTML5 App.

I will not discuss when you should disable/enable it because it really depends on your requirements. In most cases, security and convenience contradict with each other. I leave it for you to decide the right balance, but show you how you can check the setting and change it here.

Like most samples I write, the sample code leverages the open source VI Java API which allows much clean and shorter code than using Apache AXIS. The program checks the vmx settings for copy/paste, and then reverses the settings – if you can copy/paste, then disable it; otherwise, enable it.

As I am a true believer in that code should be self-explanatory, I hope you find my code speaks for itself. If it’s your first time to try vSphere API, you may want to check out the VI Java API tutorial which shows you how to run your first sample in 5 minutes. When you run the following sample, you need to change the server URL, username/password, and the inventory path to a virtual machine you want to change.

package com.vmware.vim25.mo.samples;

import java.net.URL;
import java.util.*;

import com.vmware.vim25.*;
import com.vmware.vim25.mo.*;

public class VmxOps
{
  private static final String SETGUIOPTIONS_ENABLE = "isolation.tools.setGUIOptions.enable";
  private static final String PASTE_DISABLE = "isolation.tools.paste.disable";
  private static final String COPY_DISABLE = "isolation.tools.copy.disable";

  static final OptionValue[] disableCopyPaste = new OptionValue[]
     { newOptionValue(SETGUIOPTIONS_ENABLE, "false"),
       newOptionValue(PASTE_DISABLE, "true"),
       newOptionValue(COPY_DISABLE, "true") };
  static final OptionValue[] allowCopyPaste = new OptionValue[]
     { newOptionValue(SETGUIOPTIONS_ENABLE, "true"),
       newOptionValue(PASTE_DISABLE, "false"),
       newOptionValue(COPY_DISABLE, "false") };

 public static void main(String[] args) throws Exception
  {
    ServiceInstance si = new ServiceInstance(new URL("https://10.129.132.51/sdk"), "sjin", "vmware", true);
    SearchIndex searchIndex = si.getSearchIndex();

    ManagedEntity me = searchIndex.findByInventoryPath("teardown-dc/vm/SteveJinTestVMX");
    VirtualMachine vm = (VirtualMachine) me;

    OptionValue[] ovs = (OptionValue[]) vm.getPropertyByPath("config.extraConfig");
    Map<String, String> ovm = convert2Map(ovs);

    VirtualMachineConfigSpec vms = new VirtualMachineConfigSpec();
    if("true".equalsIgnoreCase(ovm.get(COPY_DISABLE)))
    {
      System.out.println("This VM does not allow copy/paste to remote console. We will enable it.");
      vms.extraConfig = allowCopyPaste;
    }
    else
    {
      System.out.println("This VM allows copy/paste to remote console. We will disable it.");
      vms.extraConfig = disableCopyPaste;
    }
    vm.reconfigVM_Task(vms);

    si.getServerConnection().logout();
  }

 private static OptionValue newOptionValue(String key, String value)
  {
    OptionValue ov = new OptionValue();
    ov.setKey(key);
    ov.setValue(value);
    return ov;
  }

  private static Map<String, String> convert2Map(OptionValue[] ovs)
  {
    HashMap<String, String> hm = new HashMap<String, String>();
    for(OptionValue ov : ovs)
    {
      hm.put(ov.key, (String) ov.value);
    }
    return hm;
  }
}