VMware VSHIELD APP 1.0 - API Instrukcja Użytkownika

vShield API Programming GuidevShield 5.0vShield App 5.0vShield Edge 5.0vShield Endpoint 5.0This document supports the version of each product listed a

vShield API Programming Guide10 VMware, Inc. vShield EdgeAvShieldEdgevirtualapplianceprovidesnetworkedgesecuritytoprotectthevirtualmachin

vShield API Programming Guide100 VMware, Inc. <xs:maxInclusive value="9000"/></xs:restriction></xs:simpleType><xs:simpl

VMware, Inc. 101Appendix 400 Bad Request Therequestbodycontainsaninvalidrepresentationortherepresentationoftheentityismissinginformatio

vShield API Programming Guide102 VMware, Inc.

VMware, Inc. 103 IndexDData Securityscanning 73EESX host preparation 29FfirewallvShield Appabout 54IinstallationPort Group Isolation 29status 31vShiel

vShield API Programming Guide104 VMware, Inc. vShield ZonesvShield 9vShield Manager 9

VMware, Inc. 11Chapter 1 Overview of VMware vShield Example 1-2. Determine the API version of a vShield AppGET https://<vsm-ip>/api/versions/ap

vShield API Programming Guide12 VMware, Inc. How REST WorksOnceaURLofsuchanobjectisknowntoaclient,theclientcanuseanHTTPGETrequestt

VMware, Inc. 13Chapter 1 Overview of VMware vShield About the REST APIRESTAPIsuseHTTPrequests(oftensentbyscriptorhigh‐levellanguage)asaw

vShield API Programming Guide14 VMware, Inc.

VMware, Inc. 15 2ThevShieldManagerrequirescommunicationwithyourvCenterServerandservicessuchasDNSandNTPtoprovidedetailsonyourVMwar

vShield API Programming Guide16 VMware, Inc. SynchronizationwithvCenterServerrequiresitsIPaddress(orURL)andadministratorlogincredentials.

VMware, Inc. 17Chapter 2 vShield Manager Management GET https://<vsm-ip>/api/2.0/networks/<internal-portgroup-vc-moref-id>/techSupportLogs

vShield API Programming Guide18 VMware, Inc. Update a Local User AccountYoucanupdatealocaluseraccountincludingpassword.Ifapasswordisnotp

VMware, Inc. 19Chapter 2 vShield Manager Management Role ManagementGet Role for a UserYoucanretrieveinformationabouttheroleassignedtothisuse

VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com2 VMware, Inc.vShield API Programming Guide You can find the most up-to-date technical

vShield API Programming Guide20 VMware, Inc. Get a List of Possible RolesYoucanretrievethepossiblerolesinvShieldManager.Example 2-16. Retriev

VMware, Inc. 21Chapter 2 vShield Manager Management <value>10.112.201.8-10.112.201.14</value> </ipset>The<scope-moref>can

vShield API Programming Guide22 VMware, Inc. List MACsets Created on a ScopeYoucanretrievealltheMACsetsthatwerecreatedonthespecifiedscope.

VMware, Inc. 23Chapter 2 vShield Manager Management <macset> <objectId /> <type> <typeName /> </type> <descrip

vShield API Programming Guide24 VMware, Inc. POST https://10.24.128.128/api/2.0/services/securitygroup/datacenter-31<?xml version="1.0" e

VMware, Inc. 25Chapter 2 vShield Manager Management Delete a Security GroupYoucandeleteanexistingsecuritygroup.Theforce=flagindicatesifthe

vShield API Programming Guide26 VMware, Inc. Add Application to a ScopeYoucancreateanewapplicationonthespecifiedscope.Example 2-37. Add an a

VMware, Inc. 27Chapter 2 vShield Manager Management Modify Application DetailsYoucanmodifythename,description,applicationProtocol,orportvalue

vShield API Programming Guide28 VMware, Inc.

VMware, Inc. 29 3YoucanextendthecapabilitiesofvShieldbyaddingthefollowingservices:vShieldApp,vShieldEndpoint,andvShieldEdge.Youmus

VMware, Inc. 3 ContentsAboutThisBook 71 OverviewofVMwarevShield 9vShieldComponents 9vShieldManager 9vShieldApp 9vShieldEdge 10vShieldEndpoin

vShield API Programming Guide30 VMware, Inc. Example 3-1. Install a vShield App and vShield Endpoint on an ESX hostRequest:POST https://<vsm-ip>

VMware, Inc. 31Chapter 3 ESX Host Preparation for vShield App and vShield Endpoint Pragma: no-cacheHost: 10.112.196.244Accept: text/html, image/gif, i

vShield API Programming Guide32 VMware, Inc.

VMware, Inc. 33 4AfterESXhostpreparationiscomplete,youcansecureinternalnetworksbyinstallingavShieldEdge.Thischapterincludesthefollo

vShield API Programming Guide34 VMware, Inc. <mtu>1500</mtu> </interface> <interface> <isUplink>

VMware, Inc. 35Chapter 4 vShield Edge Installation <vshieldEdgeConfig xmlns="vmware.vshield.edge.2.0"> <installParams> <o

vShield API Programming Guide36 VMware, Inc. <action>allow</action> <enableLog>false</enableLog> <disabled&

VMware, Inc. 37 5YoucanmanagevShieldEdgeservicesandfirewallpolicieswiththeRESTAPI.YoucaninstallEdge,postanddeleteconfigurations,a

vShield API Programming Guide38 VMware, Inc. Get Capabilities of a vShield EdgeThiscallreturnscapabilitiesofthevShieldEdgeinstalledonthespe

VMware, Inc. 39Chapter 5 vShield Edge Management Ifaserviceconfigurationtagispresent,itmeansreplacetheconfiguration.Ifaserviceconfigura

vShield API Programming Guide4 VMware, Inc. ModifyanExistingMACset 22DeleteaMACset 23SecurityGroupScopeandMembers 23ListSecurityGroupsCrea

vShield API Programming Guide40 VMware, Inc. vshieldEdgeConfig xmlns="vmware.vshield.edge.2.0"> <dhcpConfig> <binding>

VMware, Inc. 41Chapter 5 vShield Edge Management Example 5-11. Configure firewallPOST https://<vsm-ip>/api/2.0/networks/<internal-portgroup-

vShield API Programming Guide42 VMware, Inc. Example 5-12. Set firewall policy to allow allPOST https://<vsm-ip>/api/2.0/networks/<internal-

VMware, Inc. 43Chapter 5 vShield Edge Management <disabled>false</disabled> </rule> </firewallConfig></vshieldEdg

vShield API Programming Guide44 VMware, Inc. Example 5-18. Configure NAT servicePOST https://<vsm-ip>/api/2.0/networks/<internal-portgroup-v

VMware, Inc. 45Chapter 5 vShield Edge Management Configure Load BalancerThevShieldEdgeprovidesloadbalancingforHTTPtraffic.Loadbalancing(up

vShield API Programming Guide46 VMware, Inc. Delete Load Balancer ConfigurationExample 5-23. Delete load balancer configurationPOST https://<vsm-i

VMware, Inc. 47Chapter 5 vShield Edge Management </vshieldEdgeConfig>Configure VPNvShieldEdgeagentssupportsite‐to‐siteIPsecVPNbetweenan

vShield API Programming Guide48 VMware, Inc.  The<peerIpAddress>canbeany,oranactualIPaddress.Ifany,thenthissidecanbearesponde

VMware, Inc. 49Chapter 5 vShield Edge Management <department>Engg</department> <city>Pune</city> <state>

VMware, Inc. 5Contents DeleteLoadBalancerConfiguration 46Miscellaneous 46ReconfigureEdgeInterfaces 46SetvShieldEdgeCredentials 46ConfigureRem

vShield API Programming Guide50 VMware, Inc. </vshieldEdgeConfig>6Forthedatapathtowork,youneedtochangethedefaultfirewallpolicytoa

VMware, Inc. 51Chapter 5 vShield Edge Management Example 5-37. Get DHCP statisticsRequest:GET https://<vsm-ip>/api/2.0/networks/<internal-po

vShield API Programming Guide52 VMware, Inc. Get Service StatisticsYoucanretrievethevShieldEdgeservicestatistics.Theseareoftenrequiredfor

VMware, Inc. 53 6YoucanconfigurevShieldAppfirewallrulesandsyslogservicebyusingRESTAPIcalls.Thischapterincludesthefollowingtopics:

vShield API Programming Guide54 VMware, Inc. TheXMLresponserepresentstheDatacenterStateobject,containinganenumerationofdatacenterstatus.T

VMware, Inc. 55Chapter 6 vShield App Management  consolidatedforcombinedconfigurationincludingallrulesapplicableinthecontext/ <P>is

vShield API Programming Guide56 VMware, Inc. Revert to Default Firewall ConfigurationYoucanrevertthefirewallconfigurationforthenodetoitsdef

VMware, Inc. 57Chapter 6 vShield App Management Example 6-8. Get SpoofGuard settingsExample:GET https://<vsm-ip>/api/2.0/spoofGuard/<context

vShield API Programming Guide58 VMware, Inc. Intheexamplerequestbody,thenamespaceisdefinedasbeingsynonymouswithobjectnetwork-184.Get Nam

VMware, Inc. 59Chapter 6 vShield App Management YoucanretrievealistofsyslogserversconfiguredonthefirstvShieldAppinstancethatresponds.E

vShield API Programming Guide6 VMware, Inc. GetSolutionRegistration 64GetIPAddressofaSolution 64GetActivationStatusofaSolution 64Unregiste

vShield API Programming Guide60 VMware, Inc.

VMware, Inc. 61 7AvShieldEndpointappliancedeliversanintrospection‐basedantivirussolutionthatusesthehypervisortoscanguestvirtualmachin

vShield API Programming Guide62 VMware, Inc. Example 7-1. Register a vendorRequest:POST https://<vsm-ip>/api/2.0/endpointsecurity/registrationR

VMware, Inc. 63Chapter 7 vShield Endpoint Management IP Address and Port for a SolutionYoucansetasolution’sIPaddressandportonthevNIChost.E

vShield API Programming Guide64 VMware, Inc. Querying Registration Status of vShield EndpointYoucanusethesameURIsshownintheprevioussectionw

VMware, Inc. 65Chapter 7 vShield Endpoint Management Example 7-9. Unregister a vendorRequest:DELETE https://<vsm-ip>/api/2.0/endpointsecurity/r

vShield API Programming Guide66 VMware, Inc.  607Unrecognizedmoid. 608Locationinformationisalreadyset. 609Locationnotset. 612Solutions

VMware, Inc. 67 8vShieldDataSecurityprovidesvisibilityintosensitivedatastoredwithinyourorganization’svirtualizedandcloudenvironments.B

vShield API Programming Guide68 VMware, Inc. Todefineapolicy,youmustspecifythefollowing: RegulationsAregulationisadataprivacylawforpr

VMware, Inc. 69Chapter 8 vShield Data Security Configuration <?xml version="1.0" encoding="UTF-8"?><set><long>66

VMware, Inc. 7 Thismanual,thevShieldAPIProgrammingGuide,describeshowtoinstall,configure,monitor,andmaintaintheVMware®vShield™system

vShield API Programming Guide70 VMware, Inc. <set><EnhancedInfo><objectId>datacenter-2</objectId><name>jdoe</name>

VMware, Inc. 71Chapter 8 vShield Data Security Configuration  lastModifiedBefore–scanonlyfilesmodifiedbeforethespecifieddate.Thedatemust

vShield API Programming Guide72 VMware, Inc. Example 8-10. Retrieve the saved SDD policyRequest:GET https://<vsm-ip>/api/2.0/dlp/policy/savedAu

VMware, Inc. 73Chapter 8 vShield Data Security Configuration Retrieve the Published SDD PolicyYoucanretrievethecurrentlypublishedSDDpolicythat

vShield API Programming Guide74 VMware, Inc. </DlpScanStatus>Start, Pause, Resume, or Stop a Scan OperationYoucanstartorstopascanoperatio

VMware, Inc. 75Chapter 8 vShield Data Security Configuration  startindexisthepagenumberfromwhichtheresultsshouldbedisplayed.View the List

vShield API Programming Guide76 VMware, Inc.

VMware, Inc. 77 TheRESTAPIconfigurationofthevShieldEdgeandvShieldAppvirtualmachinessupportsschemasforinstallationandservicemanageme

vShield API Programming Guide78 VMware, Inc. <xs:element name="buildNumber" type="xs:NMTOKEN" /> <!-- add fields as req

VMware, Inc. 79Appendix </xs:complexType><xs:complexType name="VnicsType"><xs:sequence><xs:element name="vnic"

vShield API Programming Guide8 VMware, Inc. Support OfferingsTofindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds,gotohttp://

vShield API Programming Guide80 VMware, Inc. <xs:minLength value="1"/><xs:maxLength value="256"/></xs:restriction&g

VMware, Inc. 81Appendix <xs:sequence><xs:element name="VszInstalled" type="xs:boolean"/><xs:element name="Epse

vShield API Programming Guide82 VMware, Inc. <!-- Install parameters --><xs:complexType name="VszInstallParamsType"><xs:seque

VMware, Inc. 83Appendix </xs:sequence></xs:complexType> <xs:complexType name="FirewallConfigHistoryInfoDto"><xs:sequenc

vShield API Programming Guide84 VMware, Inc. <xs:complexType name="DestinationDto" abstract="true"><xs:sequence><xs

VMware, Inc. 85Appendix <xs:element name="containerId" type="xs:string"></xs:element></xs:choice><xs:attribut

vShield API Programming Guide86 VMware, Inc. <xs:element name="pagedIpAssignmentDetailsList" type="PagedIpAssignmentDetailsListDto&q

VMware, Inc. 87Appendix </xs:sequence></xs:complexType> <xs:complexType name="VnicInfoDto"><xs:sequence><xs:eleme

vShield API Programming Guide88 VMware, Inc. <xs:attribute name="type" use="required" type="vsns:NamespacesTypeEnum"

VMware, Inc. 89Appendix <xs:element minOccurs="0" name="version"> <!-- Only in Response . Displays the vse appliance vers

VMware, Inc. 9 1VMwarevShield™isasuiteofnetworkedgeandapplication‐awarefirewallsbuiltforVMwarevCenterServerintegration.vShieldinspec

vShield API Programming Guide90 VMware, Inc. </xs:simpleType></xs:element><xs:element minOccurs="0" name="disableInterna

VMware, Inc. 91Appendix <xs:element minOccurs="0" name="internalPort" type="PortInfo" /> <!-- port is valid onl

vShield API Programming Guide92 VMware, Inc. <xs:element minOccurs="0" name="disabled" type="xs:boolean" /> <!

VMware, Inc. 93Appendix <xs:complexType name="Listener"><xs:sequence><xs:element name="externalIpAddress" type=&quo

vShield API Programming Guide94 VMware, Inc. <xs:simpleType><xs:restriction base="xs:string"><xs:pattern value="((psk)|(

VMware, Inc. 95Appendix <xs:element name="localSpi" type="xs:string" minOccurs="0" /><xs:element name="rem

vShield API Programming Guide96 VMware, Inc. </xs:complexType><xs:complexType name="InterfaceStats"><xs:sequence><xs:el

VMware, Inc. 97Appendix <xs:element minOccurs="0" maxOccurs="unbounded" name="ingressVpnFirewallConfig" type="Tr

vShield API Programming Guide98 VMware, Inc. <xs:pattern value="backwordCompatibilityMode|regu

VMware, Inc. 99Appendix </xs:restriction></xs:simpleType><xs:simpleType name="PortOrAny"><xs:restriction base="xs: