Hi LucD,

Thank you for your reply.

Would you like a Get-View of the VMs I have on the prototype? (There are only 5 running)

The only issue we may have with running scripts is that once a VM is deployed, there is no internet access allowed to VMs on the research lab range. We had initially thought the using templates will provide a workaround for this. We are happy to create the Vulnerable VMs, test them, snapshot and template prior to adding to the data set. Would this work?

If that contains the information needed to create the VMs, yes.
If you don't use a template, how do you get the guest OS installed on the VMs?

The Invoke-VMScript cmdlet doesn't need network access, it communicates through the ESXi node on which the VM runs.

I have been creating all vulnerable VMs in workstation and uploading directly to the vCenter server.

"Clean" guest OS (like pfSense, ubuntu), I've just added the ISO to the ESXI host datastore and built in the web client. Once I have a clean, unconfigured instance of it in vCenter I clone and reconfigure (mostly pfSense) if needed to build.

So far I am just using portgroups and VLANs to seperate the network segments from the rest of the range.

I thought if I use templates it may be easier to automate deployment, having a large set of all vulnerable VMs and a single version of "Clean" VMs to pull from.

Essentially I'd like to build a PowerCLI script that can build this virtual network from scratch on any vSphere server I connect to and then remove it once finished testing.

Are you in fact using a vCenter, or a stand-alone ESXi node.

Without a vCenter you will not be able to create a VM from a template.

Still not too sure what you actually want to do in a script.

Creating the VMs? From a Template? And how will the template be created?
How will you install the guest OS in the template? Do you have an unattended deployment infra in place?

And what about the network, is that recreated every time?

In what format are the network specs available?

Sorry Lucd, I am very new at using all of the vSphere software, so my wording for what I will do in vSphere may be incorrect. Most of my experience was only within VMware Workstation up until a month ago.

The idea is to build a network of virtual machines to simulate a vulnerable 'corporate network' with some forward-facing servers (same network design as first post pic). I have created the 'corporate network' originally in vSphere using a single ESXi host with a dSwitch, Portgroups (w/ VLANS), and multiple VMS. All built using the web client.

The script is to automate the deployment of the VMs in the same network structure from scratch, with the main goal of the script to use a random generation of vulnerable VMs for both the work station VMs and the forward facing servers. I also want to create a teardown script that removes everything to start again for the next iteration of the random network.

I honestly am not sure where to start with this. Especially installing the guest OS. Templates, OVF... I'm open to any suggestions on where to start there.

So if I understand this correctly, you installed the guest OS on the VM (in VMware Workstation) manually.

Worst case, you can do the same to create a Template on the vCenter.

Once you have the Template, you can create new VMs with the New-VM cmdlet.

For the network, you will need to know the minimal characteristics of these networks (name, VlanId)

Then you can create these networks on a switch (and I assume that a standard switch VSS is sufficient) with the New-VirtualPortgroup cmdlet.

The cleanup script is in principal the same, you just need to use the Remove-VM and Remove-VirtualSwitch cmdlets.