5.5
Table Of Contents
- vCloud API Programming Guide
- Contents
- vCloud API Programming Guide
- About the VMware vCloud API
- Hello vCloud: A Simplified RESTful Workflow
- Exploring a Cloud
- Summary of vCloud API Browsing Requests
- Retrieve the Login URL and List of Supported API Versions
- Create a Login Session Using the Integrated Identity Provider
- Retrieve a List of Organizations Accessible to You
- Retrieve an Administrative View of a Cloud
- Retrieve a List of vSphere Platform Operations and Objects for a Cloud
- Provisioning an Organization
- Summary of vCloud API Provisioning Requests
- Upload an OVF Package to Create a vApp Template
- Download a vApp or vApp Template as OVF
- Upload a Media Image
- Download a Media Image
- Capturing and Importing vApps
- Managing Catalog Items
- Creating and Using Independent Disks
- View or Change the Owner of an Object
- Controlling Access to vApps and Catalogs
- Deploying and Operating vApps
- Summary of vCloud API vApp and Virtual Machine Operations Requests
- Create a vApp From a Template
- Create a vApp From an OVF Package
- Compose a vApp From Existing Virtual Machines
- Recompose a vApp to Add or Remove Virtual Machines
- Clone a vApp
- Capture a vApp as a Template
- Update vApp Access Controls
- Provide User Input Requested by a Virtual Machine
- Attach or Detach an Independent Disk
- Creating and Using vApp Snapshots
- Operate a vApp
- Configuring vApps and Virtual Machines
- Retrieve the Configuration Links for a vApp
- Retrieve the Configuration Links for a Virtual Machine
- Update Multiple Sections of a Virtual Machine
- Retrieve or Update a Modifiable Section
- Update a vApp Network Configuration
- Update the NetworkConnectionSection of a Virtual Machine
- Retrieve or Modify the CPU Configuration of a Virtual Machine
- Retrieve or Modify the GuestCustomizationSection of a Virtual Machine
- Retrieve or Modify ProductSection Elements
- Retrieve or Modify Groups of Related Sections in a Virtual Machine
- Retrieve or Modify the Hard Disk Configuration of a Virtual Machine
- Update the Storage Profile for a Virtual Machine
- Creating and Managing Organizations
- Summary of Administrative Requests
- Administrator Credentials and Privileges
- Organization Administration
- VDC Administration
- Network Administration
- Catalog Administration
- User and Group Administration
- Working With Roles and Rights
- Managing and Monitoring a Cloud
- Summary of System Administration Requests
- Retrieve or Update System Settings
- Attach a vCenter Server
- Finding Available vCenter Resources
- Create a Provider VDC
- Create an External Network
- Create a Network Pool
- Import a Virtual Machine from vCenter
- Relocate a Virtual Machine to a Different Datastore
- Truststore and Keytab Maintenance
- Retrieve the vSphere URL of an Object
- Working With Object Metadata
- Using the Query Service
- Configuring and Using Blocking Tasks and Notifications
- vCloud Director Extension Services
- XML Representations in the vCloud API
- Index
<SourceIp>External</SourceIp>
<EnableLogging>false</EnableLogging>
</FirewallRule>
</FirewallService>
You can see this fragment in the context of an Edge Gateway configuration in “Example: Configure Services
on an Edge Gateway,” on page 178.
NAT Service Configurations
An Edge Gateway configuration can define a NAT (Network Address Translation) service that translates
source or destination IP addresses and port numbers. In the most common case, you associate a NAT service
with an uplink interface on an Edge Gateway so that addresses on organization VDC networks are not
exposed on the external network.
A NAT service in an EdgeGatewayServiceConfiguration can include one or more rules, each of which is
expressed in a GatewayNatRule element. Each rule translates the original IP address, port, or both, and
applies to a network connected to the Edge Gateway. If the network is an uplink (to an external network),
the network must include an IP sub-allocation pool.
There are two kinds of rules, as expressed in the value of the RuleType element:
SNAT
Source network address translation. This kind of rule translates the packet's
source address and, optionally, source IP port to the values you specify.
DNAT
Destination network address translation. This kind of rule translates the
packet's destination address and, optionally, destination IP port to the values
you specify.
Example: NAT Service
The following fragment of an EdgeGatewayServiceConfiguration defines and enables a NatService that
applies one destination NAT rule and one source NAT rule to the uplink interface defined in
“Example: Create an Edge Gateway,” on page 174. In the DNAT rule, the OriginalIp and OriginalPort
apply to the destination IP address and port of the packet being inspected. In the SNAT rule, the OriginalIp
and OriginalPort apply to the source IP address and port of the packet being inspected. When you create an
SNAT rule, you do not need to specify values for TranslatedPort and OriginalPort, which default to any.
NOTE The system assigns an Id value to each rule you create and uses these values when logging rule
actions.
<?xml version="1.0" encoding="UTF-8"?>
<NatService>
<IsEnabled>true</IsEnabled>
<NatRule>
<RuleType>DNAT</RuleType>
<IsEnabled>true</IsEnabled>
<GatewayNatRule>
<Interface
href="https://vcloud.example.com/api/admin/network/297" />
<OriginalIp>10.147.115.155</OriginalIp>
<OriginalPort>any</OriginalPort>
<TranslatedIp>192.168.0.10</TranslatedIp>
<TranslatedPort>any</TranslatedPort>
<Protocol>any</Protocol>
<IcmpSubType>any</IcmpSubType>
</GatewayNatRule>
</NatRule>
Chapter 6 Creating and Managing Organizations
VMware, Inc. 181