
# Helper
function Invoke-ArchiveServerSshHostKeyDiscovery

    $ErrorActionPreference = "Stop"

    Write-Host "Discovering SSH host key..."
    $local:SshHostKey = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core `
                       POST "ArchiveServers/$($ArchiveServer.Id)/DiscoverSshHostKey")
    $ArchiveServer.SshHostKey = $local:SshHostKey.SshHostKey
    if ($AcceptSshHostKey)
        Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core `
            PUT "ArchiveServers/$($ArchiveServer.Id)" -Body $ArchiveServer
        if (Show-SshHostKeyPrompt $local:SshHostKey.SshHostKey $local:SshHostKey.Fingerprint)
            Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core `
                PUT "ArchiveServers/$($ArchiveServer.Id)" -Body $ArchiveServer
            throw "SSH host key not accepted"

Get archive servers defined in Safeguard via the Web API.

Get the archive servers defined in Safeguard that can be used for archiving
backups and session recordings.

.PARAMETER Appliance
IP address or hostname of a Safeguard appliance.

.PARAMETER AccessToken
A string containing the bearer token to be used with Safeguard Web API.

Ignore verification of Safeguard appliance SSL certificate.

.PARAMETER ArchiveServerId
An integer containing ID of the archive server to return.


JSON response from Safeguard Web API.

Get-SafeguardArchiveServer -AccessToken $token -Appliance -Insecure


function Get-SafeguardArchiveServer

    $ErrorActionPreference = "Stop"

    if (-not $PSBoundParameters.ContainsKey("ArchiveServerId"))
        Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET ArchiveServers
        Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core GET "ArchiveServers/$ArchiveServerId"

Create a new archive server in Safeguard via the Web API.

Create an archive server in Safeguard that can be used for archiving
backups and session recordings.

.PARAMETER Appliance
IP address or hostname of a Safeguard appliance.

.PARAMETER AccessToken
A string containing the bearer token to be used with Safeguard Web API.

Ignore verification of Safeguard appliance SSL certificate.

.PARAMETER DisplayName
A string containing the display name for this archive server. Optional, unless
NetworkAddress is an IP address rather than a DNS name.

.PARAMETER Description
A string containing a description for this archive server.

.PARAMETER NetworkAddress
A string containing the network address for this archive server.

.PARAMETER TransferProtocol
A string containing the protocol (options: Smb, Scp, Sftp)

An integer containing the port for this archive server (defaults: Smb=445, Scp=22, Sftp=22)

.PARAMETER StoragePath
A string containing the path on the archive server to use for storage.

.PARAMETER ServiceAccountDomainName
A string containing the service account domain name if it has one.

.PARAMETER ServiceAccountName
A string containing the service account name.

.PARAMETER ServiceAccountPassword
A SecureString containing the password to use for the service account

.PARAMETER AcceptSshHostKey
Whether or not to auto-accept SSH host key for Scp and Sftp.


JSON response from Safeguard Web API.

New-SafeguardArchiveServer -AccessToken $token -Appliance -Insecure

New-SafeguardArchiveServer smb1.domain.corp Smb -Domain domain.corp archie -StoragePath archives

function New-SafeguardArchiveServer
        [switch]$AcceptSshHostKey = $false

    $ErrorActionPreference = "Stop"
    Import-Module -Name "$PSScriptRoot\ps-utilities.psm1" -Scope Local
    Import-Module -Name "$PSScriptRoot\datatypes.psm1" -Scope Local

    if (-not $PSBoundParameters.ContainsKey("ServiceAccountCredentialType"))
        $ServiceAccountCredentialType = (Resolve-SafeguardServiceAccountCredentialType)

    if (-not $PSBoundParameters.ContainsKey("ServiceAccountPassword"))
        $ServiceAccountPassword = (Read-Host "ServiceAccountPassword" -AsSecureString)
    if (-not $PSBoundParameters.ContainsKey("Port"))
        switch ($TransferProtocol)
            "Smb" { $Port = 445 }
            "Scp" { $Port = 22 }
            "Sftp" { $Port = 22 }
    if (-not $PSBoundParameters.ContainsKey("DisplayName"))
        if (Test-IpAddress $NetworkAddress)
            $DisplayName = (Read-Host "DisplayName")
            $DisplayName = $NetworkAddress
    if (-not $PSBoundParameters.ContainsKey("StoragePath") -and $TransferProtocol -eq "Smb")
        $StoragePath = (Read-Host "StoragePath")

    $local:ConnectionProperties = @{
        TransferProtocolType = "$TransferProtocol";
        Port = $Port;
        ServiceAccountCredentialType = $ServiceAccountCredentialType;
        ServiceAccountName = "$ServiceAccountName";
        ServiceAccountPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($ServiceAccountPassword))

    if ($PSBoundParameters.ContainsKey("ServiceAccountDomainName"))
        $ConnectionProperties.ServiceAccountDomainName = "$ServiceAccountDomainName"

    $local:Body = @{
        Name = "$DisplayName";
        Description = "$Description";
        NetworkAddress = "$NetworkAddress";
        StoragePath = "$StoragePath";
        ConnectionProperties = $local:ConnectionProperties

    $local:NewArchiveServer = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core `
                             POST ArchiveServers -Body $local:Body)
        if ($TransferProtocol -ieq "Scp" -or $TransferProtocol -ieq "Sftp")
            Invoke-ArchiveServerSshHostKeyDiscovery -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure $local:NewArchiveServer -AcceptSshHostKey:$AcceptSshHostKey
        Write-Host -ForegroundColor Yellow "Error setting up SSH host key, removing archive server..."
        Remove-SafeguardArchiveServer  -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure $local:NewArchiveServer.Id

Test connection to an archive server defined in Safeguard via the Web API.

Test the connection to an archive server by attempting to copy an empty file
to it. This is an asynchronous task in Safeguard.

.PARAMETER Appliance
IP address or hostname of a Safeguard appliance.

.PARAMETER AccessToken
A string containing the bearer token to be used with Safeguard Web API.

Ignore verification of Safeguard appliance SSL certificate.

.PARAMETER ArchiveServerId
An integer containing the ID of the archive server to test connection to.


JSON response from Safeguard Web API.

Test-SafeguardArchiveServer -AccessToken $token -Appliance -Insecure 5

Test-SafeguardArchiveServer 5

function Test-SafeguardArchiveServer

    $ErrorActionPreference = "Stop"

    if (-not $PSBoundParameters.ContainsKey("ArchiveServerId"))
        $local:AllArchiveServers = (Get-SafeguardArchiveServer -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure)
        Write-Host "Archive servers:"
        Write-Host "["
        $local:AllArchiveServers | ForEach-Object {
            Write-Host (" {0,2} - {1}" -f $_.Id,$_.Name)
        Write-Host "]"
        $ArchiveServerId = (Read-Host "ArchiveServerId")

    Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core `
        POST "ArchiveServers/$ArchiveServerId/TestConnection" -LongRunningTask

Remove an archive server from Safeguard via the Web API.

Remove an archive server from Safeguard. Archive servers are used to
archive backups and session recordings. Make sure it is not in use before
you remove it.

.PARAMETER Appliance
IP address or hostname of a Safeguard appliance.

.PARAMETER AccessToken
A string containing the bearer token to be used with Safeguard Web API.

Ignore verification of Safeguard appliance SSL certificate.

.PARAMETER ArchiveServerId
An integer containing the ID of archive server to remove.


JSON response from Safeguard Web API.

Remove-SafeguardArchiveServer -AccessToken $token -Appliance -Insecure 5

Remove-SafeguardArchiveServer 5

function Remove-SafeguardArchiveServer

    $ErrorActionPreference = "Stop"

    if (-not $PSBoundParameters.ContainsKey("ArchiveServerId"))
        $local:AllArchiveServers = (Get-SafeguardArchiveServer -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure)
        Write-Host "Archive servers:"
        Write-Host "["
        $local:AllArchiveServers | ForEach-Object {
            Write-Host (" {0,2} - {1}" -f $_.Id,$_.Name)
        Write-Host "]"
        $ArchiveServerId = (Read-Host "ArchiveServerId")

    Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core `
        DELETE "ArchiveServers/$ArchiveServerId"

Edit an archive server that has been added to Safeguard via the Web API.

Edit an archive server to change properties. Accept as parameters either an object that as
been modified or an ID and the properties to change.

.PARAMETER Appliance
IP address or hostname of a Safeguard appliance.

.PARAMETER AccessToken
A string containing the bearer token to be used with Safeguard Web API.

Ignore verification of Safeguard appliance SSL certificate.

.PARAMETER DisplayName
A string containing the display name for this archive server. Optional, unless
NetworkAddress is an IP address rather than a DNS name.

.PARAMETER Description
A string containing a description for this archive server.

.PARAMETER NetworkAddress
A string containing the network address for this archive server.

.PARAMETER TransferProtocol
A string containing the protocol (options: Smb, Scp, Sftp).

An integer containing the port for this archive server (defaults: Smb=445, Scp=22, Sftp=22).

.PARAMETER StoragePath
A string containing the path on the archive server to use for storage.

.PARAMETER ServiceAccountDomainName
A string containing the service account domain name if it has one.

.PARAMETER ServiceAccountName
A string containing the service account name.

.PARAMETER ServiceAccountPassword
A SecureString containing the password to use for the service account.

.PARAMETER AcceptSshHostKey
Whether or not to auto-accept SSH host key for Scp and Sftp.

.PARAMETER ArchiveServerObject
An object containing the existing archive server with desired properties set.


JSON response from Safeguard Web API.

Edit-SafeguardArchiveServer -AccessToken $token -Appliance -Insecure 10 -TransferProtocol Sftp

Edit-SafeguardArchiveServer 10 -DisplayName "linux-ubuntu" -Description "My Linux Archive Server"

function Edit-SafeguardArchiveServer
        [switch]$AcceptSshHostKey = $false,

    $ErrorActionPreference = "Stop"
    Import-Module -Name "$PSScriptRoot\ps-utilities.psm1" -Scope Local

    if ($PsCmdlet.ParameterSetName -eq "Object" -and -not $ArchiveServerObject)
        throw "ArchiveServerObject must not be null"

    if ($PsCmdlet.ParameterSetName -eq "Attributes" -and -not $PSBoundParameters.ContainsKey("ArchiveServerId"))
        $local:AllArchiveServers = (Get-SafeguardArchiveServer -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure)
        Write-Host "Archive servers:"
        Write-Host "["
        $local:AllArchiveServers | ForEach-Object {
            Write-Host (" {0,2} - {1}" -f $_.Id,$_.Name)
        Write-Host "]"
        $ArchiveServerId = (Read-Host "ArchiveServerId")

    if (-not ($PsCmdlet.ParameterSetName -eq "Object"))
        $ArchiveServerObject = (Get-SafeguardArchiveServer -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure $ArchiveServerId)

        # ConnectionProperties
        if (-not $ArchiveServerObject.ConnectionProperties) { $ArchiveServerObject.ConnectionProperties = @{} }
        if ($PSBoundParameters.ContainsKey("TransferProtocol"))
            $local:OldTransferProtocol = $ArchiveServerObject.ConnectionProperties.TransferProtocolType
            if ($TransferProtocol -ieq "Scp" -or $TransferProtocol -ieq "Sftp")
                if (-not ($local:OldTransferProtocol -ieq "Scp" -or $local:OldTransferProtocol -ieq "Sftp"))
                    $local:DoSshHostKeyDiscovery = $true
                $ArchiveServerObject.SshHostKey = $null
            $ArchiveServerObject.ConnectionProperties.TransferProtocolType = "$TransferProtocol"
        if ($PSBoundParameters.ContainsKey("Port")) { $ArchiveServerObject.ConnectionProperties.Port = $Port }
        if ($PSBoundParameters.ContainsKey("ServiceAccountCredentialType")) { $ArchiveServerObject.ConnectionProperties.ServiceAccountCredentialType = "$ServiceAccountCredentialType" }
        if ($PSBoundParameters.ContainsKey("ServiceAccountDomainName")) { $ArchiveServerObject.ConnectionProperties.ServiceAccountDomainName = "$ServiceAccountDomainName" }
        if ($PSBoundParameters.ContainsKey("ServiceAccountName")) { $ArchiveServerObject.ConnectionProperties.ServiceAccountName = "$ServiceAccountName" }
        if ($PSBoundParameters.ContainsKey("ServiceAccountPassword"))
            $ArchiveServerObject.ConnectionProperties.ServiceAccountName = `
        # Body
        if ($PSBoundParameters.ContainsKey("DisplayName")) { $ArchiveServerObject.Name = "$DisplayName" }
        if ($PSBoundParameters.ContainsKey("Description")) { $ArchiveServerObject.Description = "$Description" }
        if ($PSBoundParameters.ContainsKey("NetworkAddress")) { $ArchiveServerObject.NetworkAddress = "$NetworkAddress" }
        if ($PSBoundParameters.ContainsKey("StoragePath")) { $ArchiveServerObject.StoragePath = "$StoragePath" }
    $ArchiveServerObject = (Invoke-SafeguardMethod -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure Core `
                                PUT "ArchiveServers/$($ArchiveServerObject.Id)" -Body $ArchiveServerObject)
        if ($local:DoSshHostKeyDiscovery)
            Invoke-ArchiveServerSshHostKeyDiscovery -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure $ArchiveServerObject -AcceptSshHostKey:$AcceptSshHostKey
        Write-Host -ForegroundColor Yellow "Error setting up SSH host key, resetting to previous transfer protocol '$($local:OldTransferProtocol)'..."
        $local:DoSshHostKeyDiscovery = $false
        Edit-SafeguardArchiveServer -AccessToken $AccessToken -Appliance $Appliance -Insecure:$Insecure $ArchiveServerObject.Id -TransferProtocol $local:OldTransferProtocol