Bearbeiten

Freigeben über


Set-NetworkController

Sets network controller application settings.

Syntax

Set-NetworkController
   [-ClientAuthentication <ClientAuthentication>]
   [-ClientCertificateThumbprint <String[]>]
   [-ClientSecurityGroup <String>]
   [-ServerCertificate <X509Certificate2>]
   [-RestIPAddress <String>]
   [-RestName <String>]
   [-PassThru]
   [-ComputerName <String>]
   [-UseSsl]
   [-Credential <PSCredential>]
   [-CertificateThumbprint <String>]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Set-NetworkController cmdlet sets network controller application settings. You can modify the following settings:

  • Client authentication mode.
  • Client security group. If the client authentication mode is Kerberos, you must specify a client security group.
  • Client certificate thumbprints. If the client authentication mode is x509, you must specify certificate thumbprints.
  • The IP address that network controller uses for representational state transfer (REST) communication.
  • Secure Sockets Layer (SSL) certificate that network controller uses for encrypting the communication between the REST clients and the network controller, as well as to secure communication with southbound clients.

Examples

Example 1: Change the authentication mode for clients

PS C:\> Set-NetworkController -ClientAuthentication Kerberos -ClientSecurityGroup "Contoso\RestClients" -PassThru
Node                            : {Node01, Node02, Node03}
ClientAuthentication            : Kerberos
ClientCertificateThumbprint     : 
ClientSecurityGroup             : Contoso\RestClients
ServerCertificate                  : [Subject] 
                                   CN=NCEncryption

                                  [Issuer] 
                                    CN=Contoso

                                  [Serial Number] 
                                    1C00000003786A607D6EFB733F000000000003

                                  [Not Before] 
                                    2/11/2015 6:18:21 AM

                                  [Not After] 
                                    2/10/2017 6:18:21 AM

                                  [Thumbprint] 
                                    D4FDE4F607849083C590466334D66037C0E38001

RestIPAddress                   : 10.0.0.1/24 
Version                         : 10.0.0

This command changes the authentication mechanism between REST clients and network controller to Kerberos. In order to change the authentication mode to Kerberos, you must also specify the ClientSecurityGroup parameter.

Example 2: Change the REST IP address

PS C:\> Set-NetworkController -RestIPAddress 10.0.0.1/24

This command changes the REST IP address to 10.0.0.1. This command requires that the subnet mask be specified in the IP address.

Parameters

-CertificateThumbprint

Specifies the digital public key X.509 certificate of a user account that has permission to perform this action. Specify the certificate thumbprint of the certificate. Specify this parameter only if you run this cmdlet on a computer that is not part of the network controller cluster.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ClientAuthentication

Specifies the type of authentication that network controller uses to communicate with REST clients. The acceptable values for this parameter are:

  • Kerberos
  • X509
  • None

If the clients and network controller computers are domain joined, you should specify Kerberos authentication. Otherwise, specify X509 authentication. We do not recommend a value of None for production environments.

Type:ClientAuthentication
Accepted values:None, Kerberos, X509
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ClientCertificateThumbprint

Specifies an array of thumbprints of the certificates of REST clients that can communicate with the network controller. Specify this parameter only if the value of the ClientAuthentication parameter is X509.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ClientSecurityGroup

Specifies the security group that contains the name of the REST clients that can communicate with the network controller. Specify this parameter only if the value of the ClientAuthentication parameter is Kerberos.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ComputerName

Specifies the name of the network controller node on which this cmdlet operates.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Credential

Specifies a user credential that has permission to perform this action. The default is the current user. Specify this parameter only if you run this cmdlet on a computer that is not part of the network controller cluster.

Type:PSCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RestIPAddress

Specifies the IP address on which network controller nodes communicate with the REST clients. This IP address must not be an existing IP address on any of the network controller nodes.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-RestName

Specifies the DNS name of the Network Controller cluster. This must be specified if the Network Controller nodes are in different subnets. In this case, you must also enable dynamic registration of the RestName on the DNS servers.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ServerCertificate

Specifies the certificate to use to encrypt communication between network controller and REST clients, and also to secure communication between Network Controller and the southbound clients. This certificate must have Server Authentication EKU and should be trusted by the REST clients. Also, the certificate subject name or subject alternative name (SAN) must resolve to the REST IP address in DNS.

Type:X509Certificate2
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-UseSsl

Indicates that the remote computer uses the Secure Sockets Layer (SSL) protocol to establish a connection to the Network Controller node. The default value of this parameter is false. Specify this parameter only if you run this cmdlet on a computer that is not part of the network controller cluster.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

None

Outputs

Object

This cmdlet returns an object that contains the following fields:

  • Names of the network controller nodes
  • Authentication mode used between Network Controller and the REST clients
  • Client security group
  • Client certificate thumbprints
  • SSL certificate that is used for encryption of data between REST clients and network controller
  • REST IP address
  • Application version