1.5
Table Of Contents
- vCloud API Programming Guide
- Contents
- vCloud API Programming Guide
- About the VMware vCloud API
- Hello vCloud: A Simplified RESTful Workflow
- Exploring a Cloud
- Provisioning an Organization with vApps, Templates, and Media
- Deploying and Operating vApps
- Summary of vCloud API vApp and Virtual Machine Operations Requests
- Create a vApp From a Template
- Compose a vApp From Existing Virtual Machines
- Recompose a vApp to Add or Remove Virtual Machines
- Operate a vApp
- Configuring vApps and Virtual Machines
- Retrieve the Configuration Links for a vApp
- Retrieve the Configuration Links for a Virtual Machine
- Retrieve or Update a Modifiable Section
- Update a vApp Network Configuration
- Update the NetworkConnectionSection of a Virtual Machine
- Retrieve or Modify the CPU Configuration of a Virtual Machine
- Retrieve or Modify the GuestCustomizationSection of a Virtual Machine
- Retrieve or Modify ProductSection Elements
- Retrieve or Modify Groups of Related Sections in a Virtual Machine
- Retrieve or Modify the Hard Disk Configuration of a Virtual Machine
- Creating, Provisioning, and Managing Organizations
- Summary of Administrative Requests
- Administrator Credentials and Privileges
- Organization Administration
- Network Administration
- vDC Administration
- Catalog Administration
- User and Group Administration
- Working With Roles and Rights
- Controlling Access to vApps and Catalogs
- Using vCloud API Extensions to Provision and Manage a Cloud
- Working With Object Metadata
- Using the Query Service
- Configuring and Using Blocking Tasks and Notifications
- XML Representations in the vCloud API
- Index
<vmext:ExternalNetworkReference
type="application/vnd.vmware.admin.vmwexternalnet+xml"
name="pnet_vc2"
href="https://vcloud.example.com/api/admin/extension/externalnet/13" />
</vmext:VMWExternalNetworkReferences>
The corresponding element for network pools, VMWNetworkPoolReferences, is similar. In most cases, you can
supply just the href attribute value when you specify an external network or network pool in an organization
network creation request. You can retrieve additional information about the external network or network pool
by making a GET request to its href attribute value.
vCloud Director Firewall Configurations
When you include a FirewallService in a network configuration, it is enabled by default and blocks all
incoming traffic to the network. You can add firewall rules to allow incoming traffic, block outgoing traffic, or
both. Firewall rules can specify source and destination IP addresses and ports for TCP, UDP, or both.
You configure a firewall service in the Features element of a routed organization network or a routed or fenced
vApp network. In addition to the service parameters, you can specify one or more firewall rules to apply to
incoming or outgoing packets.
Firewall Rules
Each firewall rule specifies a packet direction (incoming or outgoing), protocol, IP address, and port. Packets
that match the criteria in the rule are subject to an action that the rule's Policy element defines. The action can
be to forward the packet to the destination IP address and port, or drop it and optionally log a message
describing the packet that was dropped. Packets that do not match any rule are subject to the policy contained
in the DefaultAction element of the FirewallService
Firewall Rule Logging
The Configuration element of a network can include SyslogServerSettings that specify IP addresses to which
syslog messages are sent. When you specify a value of true in the EnableLogging element of a FirewallRule,
all packets that trigger the rule are logged to the configured syslog server. Logging for all rules is controlled
by the value of the LogDefaultAction element of the FirewallService.
Example: Firewall Service Definition with Two Rules
The following fragment of a network Configuration defines a firewall service with two rules. Each rule is
defined in a FirewallRule element, and can include the following specifications.
Policy
The default policy value, allow, causes the firewall to forward packets that
match the rules. Specify drop to drop packets that match the rules.
Protocols
By default, a rule applies to both UDP and TCP protocols. You can limit the
rule to one protocol or the other by including Tcp and Udp elements in
Protocols and specifying a value of true or false for each.
SourcePort
Specify a source IP port, or set to -1 to match any port.
SourceIp
Specify a source IP address, or use Any to match any address.
DestinationIp
Specify a destination IP address, or use Any to match any address.
Direction
Use in to apply the rule to incoming packets, which are sent from an external
network to an organization network, or from an organization network to a
vApp network. Use out to apply the rule to outgoing packets, which are packets
sent from an organization network or vApp network to any other network.
EnableLogging
Set to true to log all packets that trigger this rule. See “Firewall Rule
Logging,” on page 122.
vCloud API Programming Guide
122 VMware, Inc.