vCloud Director API for NSX. Programmers’ Guide

About vCloud Director API для NSX

vCloud Director API для NSX.

vCloud Director API for NSX is a proxy API that allows vCloud API clients to make requests to NSX API. Use this document as an add-on to NSX vSphere API (NSX version 6.2 or later). This document lists a subset of NSX API requests supported by vCloud Director for NSX API and provides information on the differences between these requests as described in the NSX API documentation and how you should use them when API-interface vCloud Director for NSX is applied.

Connection with API NSX.

API-interface vCloud Director for NSX supports a subset of the operations and objects defined in NSX vSphere API Guide (NSX 6.2). API supports NSX 6.2 and 6.3. You can download NSX vSphere API manual from (NSX 6.2) or (NSX 6.3). The queries listed in this document and the related examples described in NSX vSphere API Guide can be used by those who apply to vCloud Director API for NSX with a few modifications and some additional restrictions.

Support for multiple tenants (Multi-tenant)

The NSX API is designed to solve NSX tasks in a global domain such as VMware® vCenter ™ data center. NSX Proxy API is designed to solve NSX tasks within the vCloud Director tenant organization.

If NSX API uses internal edge identifiers such as edge-1 (typically specified as edgeId in the NSX vSphere API Guide) to identify the edge, vCloud Director API for NSX uses the identifier that vCloud Director assigns to the edge. It is a unique identifier in the form of a UUID as defined by RFC 4122. Using this identifier allows API to restrict access to members of the organization that owns the edge. Members' access to the edge is also governed by their role in the organization and the rights associated with that role. vCloud Director API for NSX uses this UUID of this edge only to determine the edge, identify NSX manager responsible for the edge, and get its internal NSX edge ID, which it uses in subsequent NSX API operations on the edge.

Operations on other NSX objects, such as certificates and grouping objects, typically require vCloud Director organization or VUU UUIDs to be enabled in the request to restrict access to tenants with vCloud Director object rights.

VCloud Director system administrators can view or update all edges in the system.

Safety

The HTTP communication between the client and the vCloud API server is secured by SSL. API clients must also fill out a login request to receive an authorization token, which must be included in all subsequent requests.

Request headers

The following HTTP headers are commonly included in requests:

Accept	All requests must include the HTTP Accept header, which designates the vCloud Director API for the NSX version the client is using. Accept: application/+xml;version=api-version For example, the following header indicates that the request is being made from vCloud Director API for NSX client version 29.0. Accept: application/+xml;version=29.0
Accept-Encoding	By default, the system returns the response content as uncompressed XML. Compressing the response can improve performance, especially when the response is large and network bandwidth has a meaning. (Requests cannot be compressed.) To request a response that will be returned as compressed XML, include the following header: Accept-Encoding: gzip The response is encoded using gzip encoding as described in RFC 1952 and includes the following header: Content-Encoding: gzip In the default configuration, responses less than 64KB are never compressed.
Accept-Language	Message strings in ErrorType responses are localized. Use the Accept-Language request header to specify the necesssary language in responses. To request a response with message strings localized in French, use the following header: Accept-Language: fr
Authorization	All requests to create a vCloud API session must include the header of the authorization form prescribed by the identity provider used by your organization. See vCloud API Programming Guide for Service Providers.
Content-Type	Requests, that include a body of the request must include the following HTTP Content-Type header. Content-type: application/xml
x-vcloud-authorization	This header, which is returned with the session response after a successful login, must be included in all subsequent requests from clients that authenticate to the Integrated Identity Provider or SAML Identity Provider. See the vCloud API Programming Guide for Service Providers.
X-VMWARE-VCLOUD-CLIENT-REQUEST-ID	The value of this header is used to construct the request ID that is returned as X-VMWARE-VCLOUD-REQUEST-ID header. The value of this header cannot contain more than 128 characters taken from the set of letters, numbers, and the hyphen (-). Values with invalid characters are ignored. Values with more than 128 characters are truncated.

NSX Edge Gateway Management

Each NSX Edge Gateway provides network security and a gateway to isolate the virtualized network.

Requesting or upgrading the Edge Gateway

Edge DHCP Services

Edge Firewall Services

Edge NAT Services

Edge Routing Services

Edge Load Balancer Services

Edge SSL VPN Services

Edge L2 VPN Services

Edge IPSec VPN Services

Edge interfaces, Logging, Statistics and Remote Access Properties/

NSX distributed firewall services

The distributed NSX firewall can provide firewall functionality directly to the vNIC virtual machine and supports a micro-segmentation security model in which East-West traffic can be inspected while processing at a similar rate.

- https://code.vmware.com/doc/preview?id=5705#/doc/GUID-442E3FDF-47AC-44F2-906B-B37666795970.html

Certificate management

Apps and App Groups

Security groups

Security tags