vShield API Programming Guide
As traffic passes through a vShield App, each session header is inspected to catalog the data. The vShield App
creates a profile for each virtual machine detailing the operating system, applications, and ports used in
network communication. Based on this information, the vShield App allows ephemeral port usage by
permitting dynamic protocols such as FTP and RPC to pass through, while maintaining lockdown on ports
1024 and higher.
You cannot protect the Service Console or VMkernel with a vShield App because these components are not
virtual machines.
vShield Edge
A vShield Edge provides network edge security to protect the virtual machines in a vCloud tenant's network
from attacks originating from the public network. The vShield Edge connects the isolated, private networks of
cloud tenants to the public side of the service provider network through common edge services such as DHCP,
VPN, NAT, and load balancing.
You install a vShield Edge from the vShield Manager. You can install one vShield Edge instance per tenant port
group on a vNetwork Distributed Switch (vDS).
You configure a vShield Edge by using REST API.
vShield Endpoint
vShield Endpoint delivers an introspection‐based antivirus solution. vShield Endpoint uses the hypervisor to
scan guest virtual machines from the outside without a bulky agent. vShield Endpoint is efficient in avoiding
resource bottlenecks while optimizing memory use.
Ports Required for vShield
The vShield Manager requires ports 80/TCP and 443/TCP for REST API requests.
An Introduction to REST API for vShield Users
REST, an acronym for Representational State Transfer, is a term that has been widely employed to describe an
architectural style characteristic of programs that rely on the inherent properties of hypermedia to create and
modify the state of an object that is accessible at a URL.
How REST Works
Once a URL of such an object is known to a client, the client can use an HTTP GET request to discover the
properties of the object. These properties are typically communicated in a structured document with an HTTP
Content‐Type of XML or JSON, that provides a representation of the state of the object. In a RESTful workflow,
documents (representations of object state) are passed back and forth (transferred) between a client and a
service with the explicit assumption that neither party need know anything about an entity other than what is
presented in a single request or response. The URLs at which these documents are available are often "sticky,"
in that they persist beyond the lifetime of the request or response that includes them. The other content of the
documents is nominally valid until the expiration date noted in the HTTP Expires header.
Using REST
REST API uses HTTP requests (which are often executed by a script or other higher‐level language) as a way
of making what are essentially idempotent remote procedure calls that create, modify, or delete the objects
defined by the API. This REST API (and others) is defined by a collection of XML documents that represent
the objects on which the API operates. The operations themselves (HTTP requests) are generic to all HTTP
clients.
10
VMware, Inc.