When creating a new vSAN File Share, which is powered by vSAN File Services, additional network access controls (no access, allow access from any IP or custom) can be configured.
To view the configured network permissions, users must expand each file share to get the relevant information. For those interesting in automating the retrieval of this information for reporting and/or compliance purposes, you can use the vSAN Management API and specifically the vSAN queryFileShares() API.
The vSAN File Share API can also be consumed through PowerCLI using the Get-VsanFileShare cmdlet, but the network permission configuration is not part of the default output which might lead users to believe this information is not available.
In addition to the default fields from the Get-VsanFileShare cmdlet, we can retrieve the network permissions by looking at the FileShareNetworkPermission property, which will contain one or more entries.
Here is a quick PowerCLI snippet that you can use to retrieve all vSAN File Shares along with their Hard/Soft Quota, Used Capacity and Network Permissions:
$fileShares = Get-VsanFileShare
$results = @()
foreach ($fileShare in $fileShares) {
$fileSharePermissions = $fileShare.FileShareNetworkPermission
$permissions = ""
foreach ($fileSharePermission in $fileSharePermissions) {
$permissions += "$($fileSharePermission.IPSetOrSubnet),$($fileSharePermission.VsanFileShareAccessPermission),$($fileSharePermission.AllowSquashRoot)`n"
}
$tmp = [pscustomobject] [ordered]@{
Name = $fileShare.Name
SoftQuotaGB = $fileShare.SoftQuotaGB
HardQuotaGB = $fileShare.HardQuotaGB
UsedCapacityGB = $fileShare.UsedCapacityGB
Permissions = $permissions
}
$results += $tmp
}
$results
Here is an example output for the three vSAN File Shares I have defined and their respective network permissions.
Thanks for the comment!