我的一個同事問我有關的vShieldAPI,並指出我到vShieldAPI編程指南。當然,我已經聽說過的vShield很多次,但都沒有嘗試過了,更不用說它的API。但是,這並不意味着我不能閱讀需求。事實上,這樣的問題促使我去學習更多超越vSphereAPI的。因此,保持您的問題,如果你有一個。
Here is what I found out after reading the programming guide. I have to admit I haven’t written any code connecting to a vShield test-bed, so I just share some basics of the API. Overall I found it’s similar to the vCloud API that I had worked with before in format and protocol.
Somehow the API does not, but I think should, have an explicit version number. Reading further, I found the URL like the following and am convinced that API version is 1.0.
POST <vshield_manager-uri>/api/1.0/global/config
What Products It Manages?
According to the guide, the API manages four products: vShield manager 4.1, vShield App 1.0, vShield Edge 1.0, and vShield Endpoint 1.0. All of them are in the vShield security product family.
If you have been reading my blog, you should be getting tired of me saying that an API is just a “view” of the product it interfaces with the MVC (Model-View-Controller) metaphor. The corollary is that you’d better know a product before trying its API. Here are vShield Administrative Guide and vShield Quick Start Guide if you are not yet familiar with the products.
On the other hand, you can deepen your understand of a product by reading its APIs. The GUI of a product does not nearly reveal as much as its API does.
What You Can Do?
The vShield API is based REST with about 100 URLs defined. Each URL represents an operation with a vShield server. By saying operation, I don’t necessarily mean changing things on server side. It can be just retrieving information from a server.
As with a typical REST API, you will need to login the system with HTTP basic authorization. After that you can issue any URL with or without additional information. Although you can manage 4 different products with the API, the URL you connect to is always the vShield Manager.
Because the vShield closely relates to vSphere, quite some of the operations especially provisioning part requires MOR values of managed objects like datastore, network group, etc. You can grab them using VI Java API.
While reading the API guide, you may be buried with these URLs and in particular XML schemas, which seems to me a big drawback of using REST by developers. Next section is a high level overview of things you can do with the API. While browsing them, I was a little surprised to know vShield Edge supports load balancer feature.
List of Operations With the API
vShield Manager Management (4)
Synchronize the vShield Manager with vCenter Server and DNS
Retrieving Tech Support Logs
Get the vShield Manager Technical Support Log File Path
Get the vShield Edge Technical Support Log File Path
ESX Host Preparation for vShield App, Endpoint, and Isolation (4)
Install the Licenses for vShield Edge, vShield App, and vShield Endpoint
Install vShield App, vShield Endpoint, and Port Group Isolation Services on an ESX Host
Get the Installation Status of vShield Services on an ESX Host
Uninstalling vShield Services from an ESX Host
vNetwork Preparation and vShield Edge Installation (7)
Enabling Port Group Isolation
Enable Port Group Isolation on a vDS
Get the Port Group Isolation Debug Statistics from an ESX Host
Disable Port Group Isolation on a vDS
Installing a vShield Edge
Get the Install Parameters of a vShield Edge
Uninstall a vShield Edge
vShield Edge Management (64)
Force a vShield Edge to Synchronize with the vShield Manager
Manage CLI Credentials on a vShield Edge
Managing DHCP (8)
Get the DHCP Server Status
Start, Stop, or Restart the DHCP Service
Post a DHCP Configuration
Get the Configuration for All DHCP Hosts and Pools
Get Timestamps of Last 10 DHCP Configurations
Get a DHCP Configuration by Timestamp
Revert to a DHCP Configuration by Timestamp
Delete the DHCP Configuration on a vShield Edge 29Managing NAT (12)
Managing SNAT Rules (6)
Get the SNAT Rule Set
Post an SNAT Rule Set
Get Timestamps of Last 10 SNAT Rule Configurations for a vShield Edge
Get SNAT Configuration by Snapshot Timestamp
Revert to an SNAT Configuration by Snapshot Timestamp
Delete All SNAT Rules on a vShield Edge
Managing DNAT Rules (6)
Get the DNAT Rule Set
Post a DNAT Rule Set
Get Timestamps of Last 10 DNAT Rule Configurations for a vShield Edge
Get DNAT Configuration by Snapshot Timestamp
Revert to an DNAT Configuration by Snapshot Timestamp
Delete All DNAT Rules
Configuring the vShield Edge Firewall (9)
Get the Firewall Rule Set for a vShield Edge
Post a Firewall Rule Set
Get the Status of the Default Policy for a vShield Edge
Change the Default Firewall Policy Action
Get Details of a Specific Firewall Rule
Get Timestamps of Last 10 Firewall Rule Sets for a vShield Edge
Get Firewall Rule Set by Timestamp
Revert to a Firewall Rule Set by Timestamp
Delete All Firewall Rules on a vShield Edge
Configuring ×××s (15)
Get the Status of ××× Service
Start or Stop the ××× Service on a vShield Edge
Configure ××× Parameters on a vShield Edge
Add a Remote Site
Add Tunnels for a ××× Site
Get the Detailed IPSec Configurations for a Network
Get the Detailed Configuration for a ××× Site
Get the Detailed Tunnel Configuration
Delete a Tunnel for a ××× Site
Delete a Remote Site
Get the Current ××× Configuration on a vShield Edge
Get Timestamps of Last 10 ××× Configurations
Get a ××× Configuration by Timestamp
Revert to a ××× Configuration by Timestamp
Delete the ××× Configuration on a vShield Edge
Load Balancer (9)
Get the Status of Load Balancer Service on a vShield Edge
Start or Stop the Load Balancer Service on a vShield Edge
Add a Listener for Load Balancing Service
Get the Current Load Balancer Configuration on a vShield Edge
Get the Configuration of a Specific Load Balancing Server
Get Timestamps of Last 10 Load Balancer Configurations
Get a Load Balancer Configuration by Timestamp
Revert to a Load Balancer Configuration by Timestamp
Delete the Load Balancer Configuration on a vShield Edge
Managing the MTU Threshold for a vShield Edge
View Traffic Statistics
Debug vShield Edge Services Using Service Statistics
Managing the Connection to a Syslog Server (6)
Post a Syslog Server Configuration
Get the Current Syslog Server Configuration
Get Timestamps of Last 10 Syslog Server Configurations
Get a Syslog Server Configuration by Timestamp
Revert to a Syslog Server Configuration by Timestamp
Delete the Current Syslog Server Configuration
vShield App Management (16)
Configuring Firewall Rules for a vCenter Container
View All Firewall Rules for a Container
Post an App Firewall Rule Set for a Container
View a List of Timestamps Identifying App Firewall Rule Set Changes
View a Previous Firewall Rule Set by Timestamp
Revert to a Previous Firewall Rule Set
Delete All Firewall Rules under a Container
Managing Security Groups
Add a Security Group
Add a Virtual Machine to a Security Group
Get the List of All Security Groups under a Base Node
Get the Details for a Single Security Group under a Base Node
Get IP Addresses for the Virtual Machines in a Security Group
Get the Properties from a Virtual Machine
Delete a Virtual Machine from a Security Group
Delete a Single Security Group
Delete All Security Groups under a Base Node
Configuring Syslog Service for a vShield App
vShield Endpoint Management (5)
Register an SVM with the vShield Endpoint Service on an ESX Host
Retrieve SVM‐Specific Network Information
Retrieve vShield Endpoint Service Status on an ESX Host
Uninstalling the vShield Endpoint Service from an ESX Host
Unregister an SVM from vShield Endpoint
Uninstall vShield Endpoint from the vShield Manager