VMware vShield REST的API

CHSHJ

　　我的一个同事问我有关的vShieldAPI，并指出我到vShieldAPI编程指南。当然，我已经听说过的vShield很多次，但都没有尝试过了，更不用说它的API。但是，这并不意味着我不能阅读需求。事实上，这样的问题促使我去学习更多超越vSphereAPI的。因此，保持您的问题，如果你有一个。
　　Here is what I found out after reading the programming guide. I have to admit I haven’t written any code connecting to a vShield test-bed, so I just share some basics of the API. Overall I found it’s similar to the vCloud API that I had worked with before in format and protocol.
　　Somehow the API does not, but I think should, have an explicit version number. Reading further, I found the URL like the following and am convinced that API version is 1.0.
POST <vshield_manager-uri>/api/1.0/global/config　　What Products It Manages?
　　According to the guide, the API manages four products: vShield manager 4.1, vShield App 1.0, vShield Edge 1.0, and vShield Endpoint 1.0. All of them are in the vShield security product family.
　　If you have been reading my blog, you should be getting tired of me saying that an API is just a “view” of the product it interfaces with the MVC (Model-View-Controller) metaphor. The corollary is that you’d better know a product before trying its API. Here are vShield Administrative Guide and vShield Quick Start Guide if you are not yet familiar with the products.
　　On the other hand, you can deepen your understand of a product by reading its APIs. The GUI of a product does not nearly reveal as much as its API does.
　　What You Can Do?
　　The vShield API is based REST with about 100 URLs defined. Each URL represents an operation with a vShield server. By saying operation, I don’t necessarily mean changing things on server side. It can be just retrieving information from a server.
　　As with a typical REST API, you will need to login the system with HTTP basic authorization. After that you can issue any URL with or without additional information. Although you can manage 4 different products with the API, the URL you connect to is always the vShield Manager.
　　Because the vShield closely relates to vSphere, quite some of the operations especially provisioning part requires MOR values of managed objects like datastore, network group, etc. You can grab them using VI Java API.
　　While reading the API guide, you may be buried with these URLs and in particular XML schemas, which seems to me a big drawback of using REST by developers. Next section is a high level overview of things you can do with the API. While browsing them, I was a little surprised to know vShield Edge supports load balancer feature.
　　List of Operations With the API
　　vShield Manager Management (4)

• 　　Synchronize the vShield Manager with vCenter Server and DNS
  
• 　　Retrieving Tech Support Logs
  
• 　　Get the vShield Manager Technical Support Log File Path
  
• 　　Get the vShield Edge Technical Support Log File Path
  

　　ESX Host Preparation for vShield App, Endpoint, and Isolation (4)

• 　　Install the Licenses for vShield Edge, vShield App, and vShield Endpoint
  
• 　　Install vShield App, vShield Endpoint, and Port Group Isolation Services on an ESX Host
  
• 　　Get the Installation Status of vShield Services on an ESX Host
  
• 　　Uninstalling vShield Services from an ESX Host
  

　　vNetwork Preparation and vShield Edge Installation (7)

• 　　Enabling Port Group Isolation
  
• 　　Enable Port Group Isolation on a vDS
  
• 　　Get the Port Group Isolation Debug Statistics from an ESX Host
  
• 　　Disable Port Group Isolation on a vDS
  
• 　　Installing a vShield Edge
  
• 　　Get the Install Parameters of a vShield Edge
  
• 　　Uninstall a vShield Edge
  

　　vShield Edge Management (64)

• 　　Force a vShield Edge to Synchronize with the vShield Manager
  
• 　　Manage CLI Credentials on a vShield Edge
  
• 　　Managing DHCP (8)
  
• 　　Get the DHCP Server Status
  
• 　　Start, Stop, or Restart the DHCP Service
  
• 　　Post a DHCP Configuration
  
• 　　Get the Configuration for All DHCP Hosts and Pools
  
• 　　Get Timestamps of Last 10 DHCP Configurations
  
• 　　Get a DHCP Configuration by Timestamp
    Revert to a DHCP Configuration by Timestamp
    Delete the DHCP Configuration on a vShield Edge 29
  
• 　　Managing NAT (12)
  
• 　　Managing SNAT Rules (6)
  
• 　　Get the SNAT Rule Set
  
• 　　Post an SNAT Rule Set
  
• 　　Get Timestamps of Last 10 SNAT Rule Configurations for a vShield Edge
  
• 　　Get SNAT Configuration by Snapshot Timestamp
  
• 　　Revert to an SNAT Configuration by Snapshot Timestamp
  
• 　　Delete All SNAT Rules on a vShield Edge
  
• 　　Managing DNAT Rules (6)
  
• 　　Get the DNAT Rule Set
  
• 　　Post a DNAT Rule Set
  
• 　　Get Timestamps of Last 10 DNAT Rule Configurations for a vShield Edge
  
• 　　Get DNAT Configuration by Snapshot Timestamp
  
• 　　Revert to an DNAT Configuration by Snapshot Timestamp
  
• 　　Delete All DNAT Rules
  
• 　　Configuring the vShield Edge Firewall (9)
  
• 　　Get the Firewall Rule Set for a vShield Edge
  
• 　　Post a Firewall Rule Set
  
• 　　Get the Status of the Default Policy for a vShield Edge
  
• 　　Change the Default Firewall Policy Action
  
• 　　Get Details of a Specific Firewall Rule
  
• 　　Get Timestamps of Last 10 Firewall Rule Sets for a vShield Edge
  
• 　　Get Firewall Rule Set by Timestamp
  
• 　　Revert to a Firewall Rule Set by Timestamp
  
• 　　Delete All Firewall Rules on a vShield Edge
  
• 　　Configuring ***s (15)
  
• 　　Get the Status of *** Service
  
• 　　Start or Stop the *** Service on a vShield Edge
  
• 　　Configure *** Parameters on a vShield Edge
  
• 　　Add a Remote Site
  
• 　　Add Tunnels for a *** Site
  
• 　　Get the Detailed IPSec Configurations for a Network
  
• 　　Get the Detailed Configuration for a *** Site
  
• 　　Get the Detailed Tunnel Configuration
  
• 　　Delete a Tunnel for a *** Site
  
• 　　Delete a Remote Site
  
• 　　Get the Current *** Configuration on a vShield Edge
  
• 　　Get Timestamps of Last 10 *** Configurations
  
• 　　Get a *** Configuration by Timestamp
  
• 　　Revert to a *** Configuration by Timestamp
  
• 　　Delete the *** Configuration on a vShield Edge
  
• 　　Load Balancer (9)
  
• 　　Get the Status of Load Balancer Service on a vShield Edge
    Start or Stop the Load Balancer Service on a vShield Edge
    Add a Listener for Load Balancing Service
    Get the Current Load Balancer Configuration on a vShield Edge
    Get the Configuration of a Specific Load Balancing Server
    Get Timestamps of Last 10 Load Balancer Configurations
    Get a Load Balancer Configuration by Timestamp
    Revert to a Load Balancer Configuration by Timestamp
    Delete the Load Balancer Configuration on a vShield Edge
    Managing the MTU Threshold for a vShield Edge
    View Traffic Statistics
    Debug vShield Edge Services Using Service Statistics
  

　　Managing the Connection to a Syslog Server (6)

• 　　Post a Syslog Server Configuration
  
• 　　Get the Current Syslog Server Configuration
  
• 　　Get Timestamps of Last 10 Syslog Server Configurations
  
• 　　Get a Syslog Server Configuration by Timestamp
  
• 　　Revert to a Syslog Server Configuration by Timestamp
  
• 　　Delete the Current Syslog Server Configuration
  

　　vShield App Management (16)

• 　　Configuring Firewall Rules for a vCenter Container
  
• 　　View All Firewall Rules for a Container
  
• 　　Post an App Firewall Rule Set for a Container
  
• 　　View a List of Timestamps Identifying App Firewall Rule Set Changes
  
• 　　View a Previous Firewall Rule Set by Timestamp
  
• 　　Revert to a Previous Firewall Rule Set
  
• 　　Delete All Firewall Rules under a Container
  
• 　　Managing Security Groups
  
• 　　Add a Security Group
  
• 　　Add a Virtual Machine to a Security Group
  
• 　　Get the List of All Security Groups under a Base Node
  
• 　　Get the Details for a Single Security Group under a Base Node
  
• 　　Get IP Addresses for the Virtual Machines in a Security Group
  
• 　　Get the Properties from a Virtual Machine
  
• 　　Delete a Virtual Machine from a Security Group
  
• 　　Delete a Single Security Group
  
• 　　Delete All Security Groups under a Base Node
  
• 　　Configuring Syslog Service for a vShield App
  

　　vShield Endpoint Management (5)

• 　　Register an SVM with the vShield Endpoint Service on an ESX Host
  
• 　　Retrieve SVM‐Specific Network Information
  
• 　　Retrieve vShield Endpoint Service Status on an ESX Host
  
• 　　Uninstalling the vShield Endpoint Service from an ESX Host
  
• 　　Unregister an SVM from vShield Endpoint
  
• 　　Uninstall vShield Endpoint from the vShield Manager