5.5
Table Of Contents
- vCloud API Programming Guide
- Contents
- vCloud API Programming Guide
- About the VMware vCloud API
- Hello vCloud: A Simplified RESTful Workflow
- Exploring a Cloud
- Summary of vCloud API Browsing Requests
- Retrieve the Login URL and List of Supported API Versions
- Create a Login Session Using the Integrated Identity Provider
- Retrieve a List of Organizations Accessible to You
- Retrieve an Administrative View of a Cloud
- Retrieve a List of vSphere Platform Operations and Objects for a Cloud
- Provisioning an Organization
- Summary of vCloud API Provisioning Requests
- Upload an OVF Package to Create a vApp Template
- Download a vApp or vApp Template as OVF
- Upload a Media Image
- Download a Media Image
- Capturing and Importing vApps
- Managing Catalog Items
- Creating and Using Independent Disks
- View or Change the Owner of an Object
- Controlling Access to vApps and Catalogs
- Deploying and Operating vApps
- Summary of vCloud API vApp and Virtual Machine Operations Requests
- Create a vApp From a Template
- Create a vApp From an OVF Package
- Compose a vApp From Existing Virtual Machines
- Recompose a vApp to Add or Remove Virtual Machines
- Clone a vApp
- Capture a vApp as a Template
- Update vApp Access Controls
- Provide User Input Requested by a Virtual Machine
- Attach or Detach an Independent Disk
- Creating and Using vApp Snapshots
- Operate a vApp
- Configuring vApps and Virtual Machines
- Retrieve the Configuration Links for a vApp
- Retrieve the Configuration Links for a Virtual Machine
- Update Multiple Sections of a Virtual Machine
- Retrieve or Update a Modifiable Section
- Update a vApp Network Configuration
- Update the NetworkConnectionSection of a Virtual Machine
- Retrieve or Modify the CPU Configuration of a Virtual Machine
- Retrieve or Modify the GuestCustomizationSection of a Virtual Machine
- Retrieve or Modify ProductSection Elements
- Retrieve or Modify Groups of Related Sections in a Virtual Machine
- Retrieve or Modify the Hard Disk Configuration of a Virtual Machine
- Update the Storage Profile for a Virtual Machine
- Creating and Managing Organizations
- Summary of Administrative Requests
- Administrator Credentials and Privileges
- Organization Administration
- VDC Administration
- Network Administration
- Catalog Administration
- User and Group Administration
- Working With Roles and Rights
- Managing and Monitoring a Cloud
- Summary of System Administration Requests
- Retrieve or Update System Settings
- Attach a vCenter Server
- Finding Available vCenter Resources
- Create a Provider VDC
- Create an External Network
- Create a Network Pool
- Import a Virtual Machine from vCenter
- Relocate a Virtual Machine to a Different Datastore
- Truststore and Keytab Maintenance
- Retrieve the vSphere URL of an Object
- Working With Object Metadata
- Using the Query Service
- Configuring and Using Blocking Tasks and Notifications
- vCloud Director Extension Services
- XML Representations in the vCloud API
- Index
Response:
202 Accepted
Content-Type: application/vnd.vmware.vcloud.task+xml
...
<Task
href="https://vcloud.example.com/api/task/2120"
...
status="running"
operation="Updating services EdgeGateway theEdge(2000)"
... >
</Task>
Firewall Service Configurations
The default FirewallService in an EdgeGatewayServiceConfiguration is enabled and configured to block all
incoming traffic. You can modify that FirewallService to allow incoming traffic, block outgoing traffic, or
both.
A firewall service configuration includes several important parameters.
Firewall Rules
Each firewall rule specifies a protocol, IP address, and port. Packets that match the criteria in the rule are
subject to an action defined in the Policy element of the rule. The action can forward the packet to the
destination IP address and port, or drop it and optionally log a message describing the packet that was
dropped. Packets that do not match any rule are subject to the policy contained in the DefaultAction
element of the FirewallService.
Firewall Rule Logging
The Configuration element of an EdgeGateway can include SyslogServerSettings that specify IP addresses to
which syslog messages are sent. When you specify a value of true in the EnableLogging element of a
FirewallRule, all packets that trigger the rule are logged to the configured syslog server. Logging for all
rules is controlled by the value of the LogDefaultAction element of the FirewallService.
Port and Address Ranges
These elements in a FirewallRule specify source and destination IP ports and addresses to which the rule
applies.
Example: Firewall Service Definition with Two Rules
This fragment of an EdgeGatewayServiceConfiguration defines a firewall service with two rules: one that
allows incoming SSH connection, and one that denies incoming Telnet connections. These rules apply to any
virtual machine that connects to a network backed by this Edge Gateway. Each rule is defined in a
FirewallRule element, and can include the following specifications:
Policy
The default policy value, allow, causes the firewall to forward packets that
match the rules. Specify drop to drop packets that match the rules.
Protocols
By default, a rule applies to both UDP and TCP protocols. You can limit the
rule to one protocol or the other by including Tcp and Udp elements in
Protocols and specifying a value of true or false for each.
SourcePortRange
Specify a source IP port or port range, or set to any to match any port.
DestinationPortRange
Specify a destination IP port or port range, or set to any to match any port.
SourceIp
Specify a source IP address, or use one of these strings.
Chapter 6 Creating and Managing Organizations
VMware, Inc. 179