Advice: copy files to/from DMZ

[Mike Leone]

I want to hear from you guys about this. We used to use VMware, and so copying/pasting files (such as certificate requests) was easy, using the VMware powershell cmdlets. (we don't allow RDP into the DMZ, not even from the trusted LAN).

Now, however, we are using Nutanix as a hypervisor. And they have no such cmdlets ... they do have a remote control (just as VMware does), but the Nutanix remote control does not allow you to copy and paste. 

This makes copying files somewhat problematical. Oh, it's easy enough to get files ONTO the VM - we just put'em in an ISO, mount it on the VM, and copy them out. But there's no easy way to copy a file FROM the VM ...

I considered a Powershell remote session, maybe. Establish the remote session into the trusted LAN, do a copy-item -ToSession, that should get the file off there (presuming I know where on the remote VM it is, in the first place, obviously

(I wish we allowed SSH access, I could do a WinSCP. But we don't allow that on all the VMs on the DMZ, only some of them.

So what do you do? Or how would you handle this situtaon? As I said, getting files ONTO the VM is easy. Getting files OFF the VM (unless we change things, like setting up and allowing SSH so I can SCP) seems a lot more difficult. (and yes, I know it's *supposed* to be difficult).

Thanks

--

Mike. Leone, <mailto:tur...@mike-leone.com>

PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>

[Tony Burrows]

If you're using ISOs to get files into the DMZ, why not create a secondary drive / VMDK equivalent then use it like a flash drive? Just need to make sure you disconnect it from the internal VM before connecting it to the DMZ VM. 

Regards,
Tony Burrows

tiger...@gmail.com

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/CAHBr%2B%2Bjh1_gEjWRraKjhVo-EWQ7sE80VFsrLSLjsktyHGZBKpg%40mail.gmail.com.

[Wright, John M]

It looks like Nutanix has something for Powershell, though I’ve never used it.  The link below links in turn to the Cmdlets reference.  That page has links to download/install guide.

 

https://www.nutanixbible.com/19c-powershell.html

 

--

John Wright

IT Support Specialist

1800 Old Bluegrass Avenue, Louisville, KY 40215

502.708.9953

Please submit IT requests to Hazelwoo...@bluegrass.org

24 Hour Helpline 1.800.928.8000

  

CONFIDENTIALITY NOTICE: This message contains confidential information and is intended only for the individual(s) addressed in the message. If you are not the named addressee, you should not disseminate, distribute, or copy this e-mail. If you are not the intended recipient, you are notified that disclosing, distributing, or copying this e-mail is strictly prohibited.

 

From: ntpowe...@googlegroups.com <ntpowe...@googlegroups.com> On Behalf Of Mike Leone
Sent: Wednesday, March 25, 2026 12:54 PM
To: NTSysAdmin <ntsys...@googlegroups.com>; NTPowershell Mailing List <ntpowe...@googlegroups.com>
Subject: [ntpowershell] Advice: copy files to/from DMZ

 

EXTERNAL EMAIL - This email was sent by a person from outside your organization. Exercise caution when clicking links, opening attachments or taking further action, before validating its authenticity.

--
You received this message because you are subscribed to the Google Groups "ntpowershell" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntpowershell...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntpowershell/CAHBr%2B%2Bjh1_gEjWRraKjhVo-EWQ7sE80VFsrLSLjsktyHGZBKpg%40mail.gmail.com.

[Philip Elder]

For restrictive environments we use a .VHDX file called something like “Temp_64GB.VHDX”.

 

We drop what we need in-guest onto it, mount it, copy off, and same back.

 

It works.

 

Cludgey, but it works.

 

Philip Elder MCTS

Senior Technical Architect

Microsoft High Availability MVP

MPECS Inc.

E-mail: Phili...@MPECSInc.Ca

Phone: +1 (780) 458-2028

Web: www.MPECSInc.Com

Blog: Blog.MPECSInc.Com  

Twitter: Twitter.com/MPECSInc

 

Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.

 

 

From: ntpowe...@googlegroups.com <ntpowe...@googlegroups.com> On Behalf Of Mike Leone
Sent: Wednesday, March 25, 2026 10:54
To: NTSysAdmin <ntsys...@googlegroups.com>; NTPowershell Mailing List <ntpowe...@googlegroups.com>
Subject: [ntpowershell] Advice: copy files to/from DMZ

 

I want to hear from you guys about this. We used to use VMware, and so copying/pasting files (such as certificate requests) was easy, using the VMware powershell cmdlets. (we don't allow RDP into the DMZ, not even from the trusted LAN).

--

[Mike Leone]

On Wed, Mar 25, 2026 at 1:20 PM Wright, John M <John....@newvista.org> wrote:

It looks like Nutanix has something for Powershell, though I’ve never used it.  The link below links in turn to the Cmdlets reference.  That page has links to download/install guide.

 

https://www.nutanixbible.com/19c-powershell.html

There are 2 sets of CMDLETs - v1 and v2 (which requires PS v7 ... well, technically it says PS 6, but you get the point).

And there are CMDLETs in v1 that are not in v2, and vice versa. 

And none of them are the equivalent of a copy (VMware PowerCLI has "Copy-VMGeustFile" and you specify "-ToLocal" or "-ToGuest", depending on which direction you're copying).

No such equivalent for Nutanix, unfortunately.

To view this discussion visit https://groups.google.com/d/msgid/ntpowershell/SN7PR12MB671431835B2E396E7DAE457D9149A%40SN7PR12MB6714.namprd12.prod.outlook.com.

[Mike Leone]

On Wed, Mar 25, 2026 at 1:24 PM Philip Elder <Phili...@mpecsinc.ca> wrote:

For restrictive environments we use a .VHDX file called something like “Temp_64GB.VHDX”.

 

We drop what we need in-guest onto it, mount it, copy off, and same back.

 

It works.

 

Cludgey, but it works.

I dunno if that type of thing works in Nutanix, I haven't seen any "attach/detach VHDX disk" in the VM config ...

There is an "Add new disk" (obviously), but the only options are to either allocate as new local disk, or clone iitfrom an image ...

I don't see a way to then take a disk from that VM, and mount it to another VM (unless it's to somehow clone it into their Image Service, which is where we put ISOs ....

 

You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/dd9117814d664efdb90ec8b2572f68b1%40MPECSInc.Ca.

[Mike Leone]

It's easy enough to do, if we open SSH in the firewall between DMZ and trusted LAN (not DMZ and outside world):

scp user@DMZ-Host:/file/on/DMZ/stuff.txt \Local\path\to\stick\DMZ\files\into\stuff.txt

You just gotta know where on the remote host the files is located, but that's easy enough, using VM remote control (like having to copy off a log file for analysis or something).

And the transaction would be encrypted, at least.

(and make sure SSH is installed on the hosts in the DMZ, of course, which isn't that hard to do, either).

On Wed, Mar 25, 2026 at 1:24 PM Philip Elder <Phili...@mpecsinc.ca> wrote:

You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/dd9117814d664efdb90ec8b2572f68b1%40MPECSInc.Ca.

[Jani Suma]

This is something I have used before in a similar situation

https://github.com/wikijm/PowerShell-AdminScripts/blob/master/Miscellaneous/New-IsoFile.ps1

.Suma

[Philip Elder]

I live in a Hyper-V environment so am not familiar with much beyond VMware.

 

https://www.mpecsinc.com/os-guide-slipstream-updates-and-drivers-using-dism-and-oscdimg/

^^^

We use this method to build our images.

 

OSCDImg could be used from the ADK to create the necessary .ISO file.

 

I have an ancient copy of CDBurnerXP that we haven’t used in a long time but it was excellent for parceling up needed software for our various deployments back in the day.

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/65be1954-39e5-4bb2-a2ae-874ffad0b0can%40googlegroups.com.

[Mike Leone]

On Thu, Mar 26, 2026 at 10:32 AM Philip Elder <Phili...@mpecsinc.ca> wrote:

I live in a Hyper-V environment so am not familiar with much beyond VMware.

 

https://www.mpecsinc.com/os-guide-slipstream-updates-and-drivers-using-dism-and-oscdimg/

^^^

We use this method to build our images.

 

OSCDImg could be used from the ADK to create the necessary .ISO file.

 

I have an ancient copy of CDBurnerXP that we haven’t used in a long time but it was excellent for parceling up needed software for our various deployments back in the day.

I'm not looking for deployments, actually. The intent was getting things like logs off DMZ hosts, where we disallow RDP, and there is no Powershell CMDLET (like VMware has) or remote control copy/paste (again, like VMware has) that might let us do this.

I think we've decided to use SSH. We can install it on all the DMZ hosts, and only allow it through the firewall between DMZ and trusted LAN, not DMZ and public. That's probably the easiest and safest way to allow file transfers from a restricted environment like ours.