Powerful virtual machine software for the technical professional (326 pages)
Summary of Contents for VMware VSHIELD APP 1.0.0 UPDATE 1 - API
Page 1
Endpoint 1.0.0 Update 1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs. EN-000434-01...
Page 2
VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Contents About This Book 7 Overview of VMware vShield 9 vShield Components 9 vShield Manager 9 vShield App 9 vShield Edge 10 vShield Endpoint 10 Ports Required for vShield 10 An Introduction to REST API for vShield Users 10 How REST Works 10...
Page 4
Revert to a Syslog Server Configuration by Timestamp 48 Delete the Current Syslog Server Configuration 49 vShield App Management 51 Configuring Firewall Rules for a vCenter Container 51 View All Firewall Rules for a Container 51 Post an App Firewall Rule Set for a Container 52 VMware, Inc.
Intended Audience This manual is intended for anyone who wants to use REST API to install or use vShield in a VMware vCenter™ environment. The information in this manual is written for experienced system administrators who are familiar with virtual machine technology and virtual datacenter operations. This manual assumes familiarity with vShield.
Page 8
API Programming Guide Support Offerings To find out how VMware support offerings can help meet your business needs, go to http://www.vmware.com/support/services. VMware Professional Services VMware Education Services courses offer extensive hands-on labs, case study examples, and course materials designed to be used as on-the-job reference tools. Courses are available onsite, in the classroom, and live online.
The vShield Manager virtual machine can run on a different ESX host from your vShield App and vShield Edge virtual machines. The vShield Manager user interface leverages the VMware Infrastructure SDK to display a copy of the vSphere Client inventory panel.
The URLs at which these documents are available are often “sticky,” in that they persist beyond the lifetime of the request or response that includes them. The other content of the documents is nominally valid until the expiration date noted in the HTTP Expires header. VMware, Inc.
Chapter 1 Overview of VMware vShield Using the vShield REST API All vShield REST requests require authorization. You can use the following basic authorization: MPORTANT Authorization: Basic YWRtaW46ZGVmYXVsdA== YWRtaW46ZGVmYXVsdA== represents the Base 64 encoding of the vShield Manager default login credentials (admin:default).
For a comprehensive discussion of REST from both the client and server perspectives, see: Richardson, Leonard, and Sam Ruby. RESTful Web Services. North Mankato: O'Reilly Media, Inc., 2007. There are also many sources of information about REST on the Web, including: http://www.infoq.com/articles/rest-introduction http://www.infoq.com/articles/subbu-allamaraju-rest http://www.stucharlton.com/blog/archives/000141.html VMware, Inc.
You can use a single request to synchronize the vShield Manager with the vCenter Server and add DNS servers to the vShield Manager for IP address and hostname resolution. Synchronizing with vCenter Server enables the vShield Manager user interface to display your VMware Infrastructure inventory. Synchronization with vCenter requires the vCenter URL and login credentials.
You can download the diagnostic log from a vShield Edge. You can then send the diagnostic log to technical support for assistance in troubleshooting an issue. Example 2-4. Getting the Tech Support Log File Path for a vShield Edge Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/techSupportLogs VMware, Inc.
To shorten the time to deployment, you can install vShield App, vShield Endpoint, and Port Group Isolation services on an ESX host by using a single REST call. You can do this by including VszInstallParams, PortgroupIsolationInstallParams, and EpsecInstallParams in the POST body. VMware, Inc.
Page 16
IpAddress: IP address to be assigned to the management port of the vShield App. This IP address must be able to communicate with the vShield Manager. NetworkMask: Subnet mask associated with the IP address assigned to the management interface of the vShield App. DefaultGw: IP address of the default gateway. VMware, Inc.
If neither of these operations is in progress, the response includes the list of installed services on the ESX host. Example 3-3. Getting vShield Service Installation Status on an ESX Host Request: GET <vshield_manager-uri>/api/1.0/vshield/<host-id> VMware, Inc.
This request uninstalls a vShield App (zones) and Port Group Isolation (pgi). The vShield Endpoint service is shortened to epsec. DELETE /api/1.0/zones/vshield/<host-id>/vsz-pgi You can uninstall a single service by specifying the service name. Example 3-6. Uninstall a vShield App Only Request: DELETE <vshield_manager-uri>/api/1.0/vshield/<host-id>/vsz VMware, Inc.
Isolation is available for vDS-based vShield Edge installations only. To enable Port Group Isolation on a vDS Enable Port Group Isolation on each vDS. Install a vShield Edge on each vDS port group you plan to secure. Move the virtual machines to secured vDS port groups. VMware, Inc.
InternalInterface: Enter the VC MOID for the internal port group. ExternalInterface: Enter the VC MOID for the external port group. Example: POST /api/1.0/network/network-244/vshieldedge HTTP/1.1 Content-Type: application/xml Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: localhost:9998 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Content-Length: 620 VMware, Inc.
If you did not install and enable Port Group Isolation on an ESX host, you do not have to migrate virtual machines to uninstall a vShield Edge. Example 4-6. Uninstalling a vShield Edge Request: DELETE <vshield_manager-uri>/network/<internal-portgroup-vc-moref-id>/vshieldedge Example: DELETE /api/1.0/network/network-244/vshieldedge HTTP/1.1 Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: localhost:9998 VMware, Inc.
“Managing the MTU Threshold for a vShield Edge” on page 46 “View Traffic Statistics” on page 47 “Debug vShield Edge Services Using Service Statistics” on page 47 “Managing the Connection to a Syslog Server” on page 47 VMware, Inc.
Manager to push the latest configuration to a vShield Edge. Example 5-3. Forcing a vShield Edge to Sync with the vShield Manager Request: PUT <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/action/forcesync Example: PUT /api/1.0/network/network-244/action/forcesync HTTP/1.1 Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: localhost VMware, Inc.
GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/dhcp/service Example: GET /api/1.0/network/network-244/dhcp/service HTTP/1.1 Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: 10.112.196.213 Start, Stop, or Restart the DHCP Service Example 5-6. Starting or Stopping the DHCP Service on a vShield Edge Request: PUT <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/dhcp/action/ {start | stop | restart} VMware, Inc.
Get the Configuration for All DHCP Hosts and Pools You can retrieve the current DHCP configuration for a vShield Edge, including all configured hosts and IP pools. Example 5-8. Getting the Configuration of All DHCP Hosts and Pools Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/dhcp/config VMware, Inc.
Delete the DHCP Configuration on a vShield Edge You can delete the current DHCP configuration a vShield Edge. Example 5-12. Delete the DHCP Configuration on a vShield Edge Request: DELETE <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/dhcp/config Example: DELETE /api/1.0/network/network-244/dhcp/config HTTP/1.1 Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: 10.112.196.213 VMware, Inc.
Edge. The current rule set is replaced with this new set of rules. Example 5-14. Post an SNAT Rule Set on a vShield Edge Request: POST <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/snat/rules <VShieldEdgeConfig> <NATConfig> <NATRule> <externalIpAddress> <ipAddress>IpOrAny</ipAddress> <IpRange> <rangeStart>ip_address</rangeStart> <rangeEnd>ip_address</rangeEnd> </IpRange> </externalIpAddress> <internalIpAddress> <ipAddress>IpOrAny</ipAddress> <IpRange> <rangeStart>ip_address</rangeStart> <rangeEnd>ip_address</rangeEnd> </IpRange> VMware, Inc.
Traffic targeting a specific port of a public address is forwarded to an internal host with the given internal IP address on the specified port. Get the DNAT Rule Set Example 5-19. Get the DNAT Rule Set on a vShield Edge Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/dnat/rules VMware, Inc.
Page 31
The externalIpAddress and internalIpAddress parameters can be entered in either of these formats. <ipAddress>IpOrAny</ipAddress> <IpRange> <rangeStart>low_ip_address</rangeStart> <rangeEnd>high_ip_address</rangeEnd> </IpRange> The externalPort and internalPort parameters can be entered in either of these formats. <port>PortOrAny</port> <PortRange> <rangeStart>low_port</rangeStart> <rangeEnd>high_port</rangeEnd> </PortRange> VMware, Inc.
Page 32
DNAT Rule with Port Range content-length: 518 <?xml version="1.0" encoding="UTF-8" standalone="yes"?><VShieldEdgeConfig><NATConfig><NATRule><protocol>tcp </protocol><internalIpAddress><ipAddress>172.17.1.11</ipAddress> </internalIpAddress><internalPort><PortRange><rangeStart>15</rangeStart> <rangeEnd>19</rangeEnd></PortRange></internalPort><externalIpAddress> <ipAddress>10.112.196.219</ipAddress></externalIpAddress><externalPort> <PortRange><rangeStart>9915</rangeStart><rangeEnd>9919</rangeEnd></PortRange> </externalPort></NATRule></NATConfig></VShieldEdgeConfig> DNAT Rule with IP and Port Range content-length: 627 <?xml version="1.0" encoding="UTF-8" standalone="yes"?><VShieldEdgeConfig><NATConfig><NATRule><protocol>tcp </protocol><internalIpAddress><IpRange><rangeStart>172.17.1.15</rangeStart> <rangeEnd>172.17.1.19</rangeEnd></IpRange></internalIpAddress><internalPort> <PortRange><rangeStart>15</rangeStart><rangeEnd>19</rangeEnd></PortRange> </internalPort><externalIpAddress><IpRange><rangeStart>10.112.196.215 </rangeStart><rangeEnd>10.112.196.219</rangeEnd></IpRange></externalIpAddress> <externalPort><PortRange><rangeStart>9915</rangeStart><rangeEnd>9919 </rangeEnd></PortRange></externalPort></NATRule></NATConfig> </VShieldEdgeConfig> VMware, Inc.
For the vShield Edge firewall schema, see “vShield Edge Firewall Schema” on page 74. Get the Firewall Rule Set for a vShield Edge Example 5-25. Get the Entire Firewall Rule Set on a vShield Edge Request: GET <vShield_Manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/firewall/rules VMware, Inc.
The sourceIpAddress and destinationIpAddress parameters can be entered in either of these formats. <ipAddress>IpOrAny</ipAddress> <IpRange> <rangeStart>low_ip_address</rangeStart> <rangeEnd>high_ip_address</rangeEnd> </IpRange> The sourcePort and destinationPort parameters can be entered in either of the following formats. <port>PortOrAny</port> <PortRange> <rangeStart>low_port</rangeStart> <rangeEnd>high_port</rangeEnd> </PortRange> VMware, Inc.
Change the Default Firewall Policy Action You can change the default firewall policy action to either allow all traffic or deny all traffic. Example 5-28. Change the Action of the Default Firewall Policy on a vShield Edge Request: PUT <vShield_Manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/ firewall/default/{allow|deny} VMware, Inc.
Delete All Firewall Rules on a vShield Edge If you delete all firewall rules on a vShield Edge agent, the agent enforces the default policy on all incoming and outgoing traffic sessions. Example 5-33. Delete All Firewall Rules on a vShield Edge Request: DELETE <vShield_Manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/firewall/rules VMware, Inc.
All VPN settings configured by using REST requests appear under the vShield Edge > VPN tab for the appropriate vShield Edge in the vShield Manager user interface and vSphere Client plug-in. For the VPN schema, see “VPN Schema” on page 80. VMware, Inc.
Logging is disabled by default. To enable logging, add a <log /> element within <VPNServerConfig />. VPN service requires encryption. You must specify the <encryptionAlgorithm /> element as either 3des or aes. The natedPublicIpAddress element under VPNServerConfig is optional. The siteName and tunnelName can contain only alphanumeric characters. VMware, Inc.
You can add a remote VPN site to connect remote users to the virtual machines protected by a vShield Edge. Example 5-37. Adding a Remote VPN Site Request: POST <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/vpn/ipsec/sites Example POST /api/1.0/network/network-244/vpn/ipsec/sites Content-Type: application/xml Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: localhost:9998 Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Content-Length: 576 VMware, Inc.
You can retrieve a detailed VPN configuration for a network that contains the VPN server configurations, site configurations, tunnel configurations, and the detailed configuration of all tunnels in all sites. Example 5-39. Getting the Detailed VPN Configuration for a Network Request: GET <vshield_manager-uri>/api/1.0/network/<vdc-moref-id>/vpn/ipsec/detailedconfig Example: GET /api/1.0/network/dvportgroup-1004/vpn/ipsec/detailedconfig HTTP/1.1 Host: localhost:9998 authorization: Basic YWRtaW46ZGVmYXVsdA== VMware, Inc.
Get the Current VPN Configuration on a vShield Edge You can retrieve the current VPN configuration on a vShield Edge to view settings such as tunnels and sites, as well as entity naming and addressing. Example 5-44. Getting the Current VPN Configuration Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/vpn/ipsec/config VMware, Inc.
You can delete the current VPN configuration to clear VPN settings from the vShield Edge running configuration. The vShield Edge saves the deleted configuration by marking it with a timestamp. Example 5-48. Deleting the VPN Configuration on a vShield Edge Request: DELETE <vShield_Manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/ vpn/ipsec/config Example: DELETE /api/1.0/network/network-244/vpn/ipsec/config HTTP/1.1 Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: localhost:9998 VMware, Inc.
83. Get the Status of Load Balancer Service on a vShield Edge Example 5-49. Getting the Status of Load Balancer Service on a vShield Edge Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/ loadbalancer/service Example: GET /api/1.0/network/network-244/loadbalancer/service HTTP/1.1 Authorization: Basic YWRtaW46ZGVmYXVsdA== Host: localhost:9998 VMware, Inc.
You can retrieve a list of the last 10 Load Balancer configuration changes. You can use the returned timestamps to review the details of past configurations in a separate request. Example 5-54. Getting the Last 10 Load Balancer Configurations by Timestamp Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/ loadbalancer/snapshots VMware, Inc.
Example 5-58. Configuring the MTU Threshold for a vShield Edge Request: PUT <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/mtu You can retrieve the current MTU threshold from a vShield Edge for reference. Example 5-59. Retrieving the MTU Threshold for a vShield Edge Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/mtu VMware, Inc.
You can connect a vShield Edge to a syslog server for vShield Edge log management. For the traffic statistics schema, see “Syslog Schema” on page 85. Post a Syslog Server Configuration Example 5-62. Posting a Syslog Server Configuration Request: POST <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/syslog/config VMware, Inc.
Get a Syslog Server Configuration by Timestamp Example 5-65. Getting a Syslog Server Configuration by Timestamp Request: GET <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/ syslog/snapshot/<snapshot-timestamp> Revert to a Syslog Server Configuration by Timestamp Example 5-66. Reverting to a Syslog Server Configuration by Timestamp Request: PUT <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/ syslog/snapshot/<snapshot-timestamp> VMware, Inc.
Chapter 5 vShield Edge Management Delete the Current Syslog Server Configuration Example 5-67. Deleting a Syslog Server Configuration Request: DELETE <vshield_manager-uri>/api/1.0/network/<internal-portgroup-vc-moref-id>/syslog/config VMware, Inc.
Page 55
If you delete rules at the cluster or port group level, any rules set at the datacenter remain enforced. Example 6-9. Delete a Firewall Rule Set for a Container Request: DELETE <vshield_manager-uri>/api/1.0/zones/<container-moref-id>/firewall/rules VMware, Inc.
Page 56
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <VsmGlobalConfig><SecurityGroups><SecurityGroup><SecurityGroupBaseNode> datacenter-7</SecurityGroupBaseNode><SecurityGroupName>Zone-3 </SecurityGroupName><SecurityGroupNodeList><Node><Id>502888cf-e08c-61dc-4523-a 87e234d821a.000</Id></Node><Node><Id>502a183c-715e-5e37-f413-aea57de1e884.000 </Id></Node></SecurityGroupNodeList></SecurityGroup></SecurityGroups> </VsmGlobalConfig> Adding a single security group with no network adapters POST /api/1.0/global/securityGroups/datacenter-7/groups/ HTTP/1.1 authorization: Basic YWRtaW46ZGVmYXVsdA== host: 10.112.196.127 Content-Type: application/xml Content-Length: 299 <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <VsmGlobalConfig><SecurityGroups><SecurityGroup><SecurityGroupBaseNode> datacenter-7</SecurityGroupBaseNode><SecurityGroupName>Zone-5 </SecurityGroupName></SecurityGroup></SecurityGroups></VsmGlobalConfig> VMware, Inc.
Page 57
<SecurityGroupId>udz-1</SecurityGroupId></SecurityGroupIdList></SecurityGroups> </VsmGlobalConfig> Get the List of All Security Groups under a Base Node Example 6-13. Getting the List of All Security Groups under a Base Node Request: GET <vshield_manager-uri>/api/1.0/global/securityGroups/<base-node-moref-id>/groups Example: GET /api/1.0/global/securityGroups/datacenter-7/groups HTTP/1.1 authorization: Basic YWRtaW46ZGVmYXVsdA== host: 10.112.196.127 VMware, Inc.
Page 58
You can delete a virtual machine from a Security Group by specifying the node in which it resides. Example 6-17. Deleting a Virtual Machine from a Security Group Request: DELETE <vshield_manager-uri>/api/1.0/global/securityGroups/<base-node-moref-id>/ nodes/<nic-id> Example: DELETE /api/1.0/global//securityGroups/datacenter-2/groups/secgroup-6/nodes/ 500e17ca-58bc-25d3-f001-9cf6515d6466.003 HTTP/1.1 authorization: Basic YWRtaW46ZGVmYXVsdA== host: 10.112.196.127 VMware, Inc.
Page 59
Request: GET <vshield_manager-uri>/api/1.0/zones/syslogServers This request configures all vShield App instances connected to the vShield Manager to send events to the specified syslog servers. Example 6-21. Post the Syslog Server Configuration across All vShield App Instances Request: POST <vshield_manager-uri>/api/1.0/zones/syslogServers VMware, Inc.
Page 60
This request deletes a single syslog server by IP address across all vShield App instances connected to the vShield Manager. Example 6-23. Delete a Single Syslog Server by IP Address from All vShield App Instances Request: DELETE <vshield_manager-uri>/api/1.0/zones/syslogServers/<ip_of_syslogServer> VMware, Inc.
Page 61
Endpoint Management The VMware Endpoint system delivers an introspection-based antivirus solution that uses the hypervisor to scan guest virtual machines from the outside with only a thin agent on each guest virtual machine. You installed the vShield Endpoint service as part of ESX host preparation. You must perform the following tasks in sequence to complete EPSec installation.
Page 62
HTTP 400 Bad Request : Internal error codes. Please refer the Error Schema for more details. 40002=Acquiring 1. data from VC failed for <> 40007=SVM with moid: <> not registered 40015=vmId is malformatted or of incorrect length : <> VMware, Inc.
Page 63
HTTP 405 Method Not Allowed: If the vmId is missed in the URI. HTTP 400 Bad Request: Internal error codes. Please refer the Error Schema for more details. 40002=Acquiring data from VC failed for <> 40007=SVM with moid: <> not registered 40015=vmId is malformatted or of incorrect length : <> VMware, Inc.
Page 70
API Programming Guide vShield App Firewall Schema This schema configures the firewall rules enforced by a vShield App. <?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified" targetNamespace="http://www.vmware.com" xmlns:vmw="http://www.vmware.com"> <xs:element name="vshieldZonesFirewallConfiguration"> <xs:complexType> <xs:choice> <xs:sequence> <xs:element name="ContainerAssociation" type="vmw:ContainerAssociation"/> <xs:element name="RuleSet" type="vmw:RuleSet"/> </xs:sequence> <xs:element name ="SnapshotTimeStamps" type="TimeStamps"/>...
Page 71
Port Group Isolation Statistics Schema This schema can be used to retrieve the Port Group Isolation statistics from an ESX host. <?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"> <xs:element name="VShieldPortgroupIsolationConfig"> <xs:complexType> <xs:choice> <xs:element name="StatsLocation" type="xs:string" /> </xs:choice> </xs:complexType> </xs:element> </xs:schema> VMware, Inc.
Page 83
<xs:complexType name="LoadBalancerConfig"> <xs:choice> <xs:element name="LoadBalancerService" type="xs:string" /> <xs:element maxOccurs="unbounded" name="Listener" type="Listener" /> <!-- Request/Response from Client --> <xs:element name="Snapshots" type="Snapshots"/> <!-- Only in Response from Server --> </xs:choice> </xs:complexType> <xs:complexType name="Listener"> <xs:sequence> <xs:element name="externalIPAddress" type="IP" /> <!-- Request/Response --> VMware, Inc.
Page 84
This schema configures the MTU threshold for the External and Internal interfaces of a vShield Edge. <?xml version="1.0" encoding="UTF-8"?> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified"> <xs:element name="VShieldEdgeConfig"> <xs:complexType> <xs:all minOccurs="0"> <xs:element name="MTU" type="MTU"/> </xs:all> </xs:complexType> </xs:element> <xs:complexType name="MTU"> <xs:sequence> <xs:element minOccurs="0" maxOccurs="1" name="internalInterfaceMTU" type="xs:unsignedInt"/> <!-- Request/Response --> <xs:element minOccurs="0" maxOccurs="1" name="externalInterfaceMTU" type="xs:unsignedInt"/> <!-- Request/Response --> VMware, Inc.
Page 85
<xs:all minOccurs="0"> <xs:element name="SyslogServerConfig" type="SyslogServerConfig"/> </xs:all> </xs:complexType> </xs:element> <xs:complexType name="SyslogServerConfig"> <xs:choice> <xs:element minOccurs="1" maxOccurs="2" name="ipAddress" type="IP" /> <xs:element name="Snapshots" type="Snapshots"/> <!-- Only in Response from Server --> </xs:choice> </xs:complexType> <xs:simpleType name="IP"> <xs:restriction base="xs:string"> <xs:pattern value="((25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])\.) {3}(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])"/> </xs:restriction> </xs:simpleType> VMware, Inc.
Page 86
Unexpected error with the server. The response is accompanied by Error Object (XML). 500 Internal Server Error 503 Service Cannot proceed with the request, because some of the services are unavailable. Example: Unavailable vShield Edge is Unreachable. The response is accompanied by Error Object (XML). VMware, Inc.
Page 87
30 delete configuration 36 get rule set 28 get configuration by timestamp 36 last 10 configurations 30 get rule set 33 post rule set 28 last 10 configurations 36 revert to configuration by timestamp 30 VMware, Inc.
Page 88
41 VPN 42 delete a tunnel for a site 41 vShield App firewall 55 delete configuration 42 vShield Edge firewall 36 get configuration by timestamp 42 get current configuration 41 get the detailed configuration 40 VMware, Inc.
Page 89
41 get rule set 30 delete a tunnel for a site 41 last 10 configurations 33 delete configuration 42 post rule set 31 get configuration by timestamp 42 revert to configuration by timestamp 33 get current configuration 41 VMware, Inc.
Page 90
SVM status 63 uninstall 18 uninstalling 63 unregistering an SVM 63 vShield Manager about 9 configure DNS 13 force sync with vShield Edge 24 sync with vCenter 13 tech support log 14 vShield Zones vShield 9 vShield Manager 9 VMware, Inc.