5.1
Table Of Contents
- vCloud API Programming Guide
- Contents
- vCloud API Programming Guide
- About the VMware vCloud API
- Hello vCloud: A Simplified RESTful Workflow
- Exploring a Cloud
- Summary of vCloud API Browsing Requests
- Retrieve the Login URL and List of Supported API Versions
- Create a Login Session Using the Integrated Identity Provider
- Retrieve a List of Organizations Accessible to You
- Retrieve an Administrative View of a Cloud
- Retrieve a List of vSphere Platform Operations and Objects for a Cloud
- Provisioning an Organization
- Summary of vCloud API Provisioning Requests
- Upload an OVF Package to Create a vApp Template
- Download a vApp Template as OVF
- Upload a Media Image
- Copying and Moving with the vCloud API
- Capturing and Importing vApps
- Cataloging vApp Templates and Media Images
- Creating and Using Independent Disks
- View or Change the Owner of an Object
- Deploying and Operating vApps
- Summary of vCloud API vApp and Virtual Machine Operations Requests
- Create a vApp From a Template
- Compose a vApp From Existing Virtual Machines
- Recompose a vApp to Add or Remove Virtual Machines
- Provide User Input Requested by a Virtual Machine
- Attach or Detach an Independent Disk
- Creating and Using vApp Snapshots
- Operate a vApp
- Configuring vApps and Virtual Machines
- Retrieve the Configuration Links for a vApp
- Retrieve the Configuration Links for a Virtual Machine
- Update Multiple Sections of a Virtual Machine
- Retrieve or Update a Modifiable Section
- Update a vApp Network Configuration
- Update the NetworkConnectionSection of a Virtual Machine
- Retrieve or Modify the CPU Configuration of a Virtual Machine
- Retrieve or Modify the GuestCustomizationSection of a Virtual Machine
- Retrieve or Modify ProductSection Elements
- Retrieve or Modify Groups of Related Sections in a Virtual Machine
- Retrieve or Modify the Hard Disk Configuration of a Virtual Machine
- Update the Storage Profile for a Virtual Machine
- Creating and Managing Organizations
- Summary of Administrative Requests
- Administrator Credentials and Privileges
- Organization Administration
- vDC Administration
- Network Administration
- Catalog Administration
- User and Group Administration
- Working With Roles and Rights
- Controlling Access to vApps and Catalogs
- Managing and Monitoring a Cloud
- Summary of vSphere Platform Extension Requests
- Retrieve or Update System Settings
- Attach a vCenter Server
- Finding Available vCenter Resources
- Create a Provider vDC
- Create an External Network
- Create a Network Pool
- Import a Virtual Machine from vCenter
- Relocate a Virtual Machine to a Different Datastore
- Truststore and Keytab Maintenance
- Retrieve the vSphere URL of an Object
- Working With Object Metadata
- Using the Query Service
- Configuring and Using Blocking Tasks and Notifications
- vCloud Director Extension Services
- XML Representations in the vCloud API
- Index
<SourceIp>External</SourceIp>
<EnableLogging>false</EnableLogging>
</FirewallRule>
</FirewallService>
You can see this fragment in the context of an Edge Gateway configuration in “Example: Configure Services
on an Edge Gateway,” on page 157.
NAT Service Configurations
An Edge Gateway configuration can define a NAT (Network Address Translation) service that translates
source or destination IP addresses and port numbers. In the most common case, you associate a NAT service
with an uplink interface on an Edge Gateway so that addresses on organization vDC networks are not exposed
on the external network.
A NAT service in an EdgeGatewayServiceConfiguration can include one or more rules, each of which is
expressed in a GatewayNatRule element. Each rule translates the original IP address, port, or both, and applies
to a network connected to the Edge Gateway. If the network is an uplink (to an external network), the network
must include an IP sub-allocation pool.
There are two kinds of rules, as expressed in the value of the RuleType element:
SNAT
Source network address translation. This kind of rule translates the packet's
source address and, optionally, source IP port to the values you specify.
DNAT
Destination network address translation. This kind of rule translates the
packet's destination address and, optionally, destination IP port to the values
you specify.
Example: NAT Service
The following fragment of an EdgeGatewayServiceConfiguration defines and enables a NatService that applies
one destination NAT rule and one source NAT rule to the uplink interface defined in “Example: Create an
Edge Gateway,” on page 153. In the DNAT rule, the OriginalIp and OriginalPort apply to the destination IP
address and port of the packet being inspected. In the SNAT rule, the OriginalIp and OriginalPort apply to
the source IP address and port of the packet being inspected. When you create an SNAT rule, you do not need
to specify values for TranslatedPort and OriginalPort, which default to any.
NOTE The system assigns an Id value to each rule you create and uses these values when logging rule actions.
<?xml version="1.0" encoding="UTF-8"?>
<NatService>
<IsEnabled>true</IsEnabled>
<NatRule>
<RuleType>DNAT</RuleType>
<IsEnabled>true</IsEnabled>
<GatewayNatRule>
<Interface
href="https://vcloud.example.com/api/admin/network/297" />
<OriginalIp>10.147.115.155</OriginalIp>
<OriginalPort>any</OriginalPort>
<TranslatedIp>192.168.0.100-192.168.0.199</TranslatedIp>
<TranslatedPort>any</TranslatedPort>
<Protocol>any</Protocol>
<IcmpSubType>any</IcmpSubType>
</GatewayNatRule>
</NatRule>
<NatRule>
vCloud API Programming Guide
160 VMware, Inc.