VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API Manuel d'utilisateur

vShield API Programming GuidevShield Manager 4.1.0 Update 1vShield Zones 4.1.0 Update 1vShield App 1.0.0 Update 1vShield Edge 1.0.0 Update 1vShield E

vShield API Programming Guide10 VMware, Inc. AstrafficpassesthroughavShieldApp,eachsessionheaderisinspectedtocatalogthedata.ThevShiel

VMware, Inc. 11Chapter 1 Overview of VMware vShield Using the vShield REST APIRESTAPIusesHTTPrequests(whichareoftenexecutedbyascriptoroth

vShield API Programming Guide12 VMware, Inc. For More Information About RESTForacomprehensivediscussionofRESTfromboththeclientandserverper

VMware, Inc. 13 2ThevShieldManagerrequirescommunicationwithyourvCenterServerandservicessuchasDNSandNTPtoprovidedetailsonyourVMwar

vShield API Programming Guide14 VMware, Inc. Retrieving Tech Support LogsYoucanretrieveTechnicalSupportlogsfromthevShieldManagerandvShield

VMware, Inc. 15 3YoucanextendthecapabilitiesofvShieldbyaddingthefollowingservices:vShieldApp,vShieldEndpoint,andvShieldEdge.Youmus

vShield API Programming Guide16 VMware, Inc. PortGroupIsolationisaserviceusedbyavShieldEdgetoisolatethevirtualmachinesinavDSportgr

VMware, Inc. 17Chapter 3 ESX Host Preparation for vShield App, Endpoint, and Isolation Afterinstallationofallcomponentsiscomplete,dothefollow

vShield API Programming Guide18 VMware, Inc. Uninstalling vShield Services from an ESX HostYoucanuninstallvShieldApp,vShieldEndpoint,andPortG

VMware, Inc. 19 4AfterESXhostpreparationiscomplete,youcansecureinternalnetworksbyinstallingavShieldEdge.IfyouareinstallingvShield

VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com2 VMware, Inc.vShield API Programming Guide You can find the most up-to-date technical

vShield API Programming Guide20 VMware, Inc. Enable Port Group Isolation on a vDSAfterPortGroupIsolationisinstalledoneachESXhost,youmusten

VMware, Inc. 21Chapter 4 vNetwork Preparation and vShield Edge Installation Installing a vShield EdgeYoucaninstallonevShieldEdgeperportgroup,

vShield API Programming Guide22 VMware, Inc. <?xml version="1.0" encoding="UTF-8" standalone="yes"?><VShieldEdg

VMware, Inc. 23 5YoucanmanagevShieldEdgeservicesandfirewallpoliciesbyusingRESTAPI.ByusingRESTcall,youcanstartorstopservices,pos

vShield API Programming Guide24 VMware, Inc. Upgrading a vShield EdgeYoucanupgradeavShieldEdgeviaRESTAPIwhenanewsoftwareversionisavaila

VMware, Inc. 25Chapter 5 vShield Edge Management Manage CLI Credentials on a vShield EdgeYoucansetandchangelogincredentialsfortheCLIonavSh

vShield API Programming Guide26 VMware, Inc. Example:PUT /api/1.0/network/network-244/dhcp/action/start HTTP/1.1Authorization: Basic YWRtaW46ZGVmYXVsd

VMware, Inc. 27Chapter 5 vShield Edge Management Example:GET /api/1.0/network/network-244/dhcp/config HTTP/1.1Authorization: Basic YWRtaW46ZGVmYXVsdA=

vShield API Programming Guide28 VMware, Inc. Managing NATThevShieldEdgeprovidesnetworkaddresstranslation(NAT)servicetoprotecttheIPaddress

VMware, Inc. 29Chapter 5 vShield Edge Management </internalIpAddress></NATRule></NATConfig></VShieldEdgeConfig>Rules: Youcan

VMware, Inc. 3 ContentsAboutThisBook 71 OverviewofVMwarevShield 9vShieldComponents 9vShieldManager 9vShieldApp 9vShieldEdge 10vShieldEndpoin

vShield API Programming Guide30 VMware, Inc. Get Timestamps of Last 10 SNAT Rule Configurations for a vShield EdgeExample 5-15. Get Last 10 SNAT Rule

VMware, Inc. 31Chapter 5 vShield Edge Management Example:GET /api/1.0/network/network-244/dnat/rules HTTP/1.1Authorization: Basic YWRtaW46ZGVmYXVsdA==

vShield API Programming Guide32 VMware, Inc. Example: MultipleDNATRulesPOST /api/1.0/network/network-244/dnat/rules HTTP/1.1content-type: applicati

VMware, Inc. 33Chapter 5 vShield Edge Management Get Timestamps of Last 10 DNAT Rule Configurations for a vShield EdgeExample 5-21. Get Last 10 DNAT

vShield API Programming Guide34 VMware, Inc. Example:GET /api/1.0/network/network-244/firewall/rules HTTP/1.1Authorization: Basic YWRtaW46ZGVmYXVsdA==

VMware, Inc. 35Chapter 5 vShield Edge Management Example: AllowanyfirewallrulesetPOST /api/1.0/network/network-244/firewall/rules HTTP/1.1content

vShield API Programming Guide36 VMware, Inc. Example:PUT /api/1.0/network/network-244/firewall/default/allow HTTP/1.1Authorization: Basic YWRtaW46ZGVm

VMware, Inc. 37Chapter 5 vShield Edge Management Example:DELETE /api/1.0/network/network-244/firewall/rules HTTP/1.1Authorization: Basic YWRtaW46ZGVmY

vShield API Programming Guide38 VMware, Inc. Get the Status of VPN ServiceYoucandetermineiftheVPNserviceonavShieldEdgeisrunningorstopped

VMware, Inc. 39Chapter 5 vShield Edge Management Example:POST /api/1.0/network/network-244/vpn/ipsec/config HTTP/1.1Content-Type: application/xmlAutho

vShield API Programming Guide4 VMware, Inc. ReverttoaDHCPConfigurationbyTimestamp 27DeletetheDHCPConfigurationonavShieldEdge 27ManagingN

vShield API Programming Guide40 VMware, Inc. <?xml version="1.0" encoding="UTF-8" standalone="yes"?><VShieldEdg

VMware, Inc. 41Chapter 5 vShield Edge Management Get the Detailed Configuration for a VPN SiteYoucanretrieveadetailedVPNconfigurationforasite

vShield API Programming Guide42 VMware, Inc. Example:GET /api/1.0/network/network-244/vpn/ipsec/config HTTP/1.1Authorization: Basic YWRtaW46ZGVmYXVsdA

VMware, Inc. 43Chapter 5 vShield Edge Management Load BalancerThevShieldEdgeprovidesloadbalancingforHTTPtraffic.Loadbalancing(uptoLayer7

vShield API Programming Guide44 VMware, Inc. Start or Stop the Load Balancer Service on a vShield EdgeExample 5-50. Starting or Stopping the Load Bal

VMware, Inc. 45Chapter 5 vShield Edge Management  AddaloadbalancerinIP:PortformatContent-Length: 539<?xml version="1.0" encoding=

vShield API Programming Guide46 VMware, Inc. Get a Load Balancer Configuration by TimestampYoucanretrieveandviewaspecifichistoricalLoadBalanc

VMware, Inc. 47Chapter 5 vShield Edge Management Example:GET /api/1.0/network/network-244/mtu HTTP/1.1Authorization: Basic YWRtaW46ZGVmYXVsdA==Host: l

vShield API Programming Guide48 VMware, Inc. Managing the Connection to a Syslog ServerYoucanconnectavShieldEdgetoasyslogserverforvShieldE

VMware, Inc. 49Chapter 5 vShield Edge Management Get a Syslog Server Configuration by Timestamp Example 5-65. Getting a Syslog Server Configuration b

VMware, Inc. 5 ViewaListofTimestampsIdentifyingAppFirewallRuleSetChanges 55ViewaPreviousFirewallRuleSetbyTimestamp 55ReverttoaPrev

vShield API Programming Guide50 VMware, Inc.

VMware, Inc. 51 6YoucanconfigurevShieldAppfirewallrulesandsyslogservicebyusingRESTAPIcalls.Thischapterincludesthefollowingtopics:

vShield API Programming Guide52 VMware, Inc. Example 6-1. Viewing the Firewall Rule Set for a ContainerRequest:GET <vshield_manager-uri>/api/1.

VMware, Inc. 53Chapter 6 vShield App Management ANY</DestinationPorts><Protocol>UDP</Protocol><Action>ALLOW</Action><

vShield API Programming Guide54 VMware, Inc. exclude="false"/><SourcePorts>ANY</SourcePorts><Application type="UNICAS

VMware, Inc. 55Chapter 6 vShield App Management View a List of Timestamps Identifying App Firewall Rule Set ChangesYoucanviewalistoftimestampsm

vShield API Programming Guide56 VMware, Inc. Example:DELETE /api/1.0/zones/datacenter-4361/firewall/rules HTTP/1.1Host: localhostAuthorization: Basic

VMware, Inc. 57Chapter 6 vShield App Management Youcanaddmultiplesecuritygroupsinonerequest.Example 6-11. Adding Multiple Security GroupsExam

vShield API Programming Guide58 VMware, Inc. Get the Details for a Single Security Group under a Base NodeExample 6-14. Getting the Details of a Sing

VMware, Inc. 59Chapter 6 vShield App Management Delete a Single Security GroupYoucandeleteasingleSecurityGroupunderabasenodebyspecifyingt

VMware, Inc. 6

vShield API Programming Guide60 VMware, Inc. ThisrequestdeletesthesyslogserverconfigurationacrossallvShieldAppinstancesconnectedtothevS

VMware, Inc. 61 7TheVMwareEndpointsystemdeliversanintrospection‐basedantivirussolutionthatusesthehypervisortoscanguestvirtualmachines

vShield API Programming Guide62 VMware, Inc. Example:POST /api/1.0/endpointsecurity/svm HTTP/1.1accept: application/xmlcontent-type: application/xmlho

VMware, Inc. 63Chapter 7 vShield Endpoint Management Retrieve vShield Endpoint Service Status on an ESX HostYoumustspecifythehostIDoftheESXho

vShield API Programming Guide64 VMware, Inc. Uninstall vShield Endpoint from the vShield ManagerAftertheSVMisunregistered,youcanuninstallthev

VMware, Inc. 65 TheRESTAPIconfigurationofthevShieldEdgeandvShieldAppvirtualmachinessupportsschemasforinstallationandservicemanageme

vShield API Programming Guide66 VMware, Inc. </xs:element><xs:element name="password"><xs:simpleType><xs:restriction ba

VMware, Inc. 67Appendix <xs:element name="IPList" type="IPList" minOccurs="0" maxOccurs="1"/>

vShield API Programming Guide68 VMware, Inc. ESX Host Preparation and Uninstallation SchemaThisschemacanbeusedtoinstalloruninstallvShieldApp

VMware, Inc. 69Appendix </xs:restriction></xs:simpleType> <xs:simpleType name="IP"><xs:restriction base="xs:string

VMware, Inc. 7 Thismanual,thevShieldAPIProgrammingGuide,describeshowtoinstall,configure,monitor,andmaintaintheVMware®vShield™system

vShield API Programming Guide70 VMware, Inc. <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" elementFormDefault="qualified&qu

VMware, Inc. 71Appendix </xs:element><xs:element name="Application"><xs:complexType><xs:simpleContent><xs:extensi

vShield API Programming Guide72 VMware, Inc. Base vShield Edge Configuration SchemaThisschemarepresentsthebaseoftheentirevShieldEdgeschema.

VMware, Inc. 73Appendix <xs:element name="subnetMask" type="IP" /><xs:element minOccurs="0" name="defaultG

vShield API Programming Guide74 VMware, Inc. <xs:restriction base="xs:string"><xs:pattern value="((25[0-5]|2[0-4][0-9]|1[0-9][

VMware, Inc. 75Appendix <xs:choice><xs:element name="defaultPolicy"><xs:simpleType><xs:restriction base="xs:string

vShield API Programming Guide76 VMware, Inc. <xs:complexType name="PortInfo"><xs:choice><xs:element name="port" typ

VMware, Inc. 77Appendix <xs:enumeration value="address-mask-reply"/><xs:enumeration value="any"/></xs:restriction&g

vShield API Programming Guide78 VMware, Inc. </xs:complexType><xs:complexType name="PortInfo"><xs:choice><xs:element na

VMware, Inc. 79Appendix <xs:enumeration value="address-mask-request"/><xs:enumeration value="address-mask-reply"/><

vShield API Programming Guide8 VMware, Inc. Support OfferingsTofindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds,gotohttp://

vShield API Programming Guide80 VMware, Inc. <xs:simpleType><xs:restriction base="xs:string"><xs:pattern value="(([A-Za-

VMware, Inc. 81Appendix </xs:complexType><xs:complexType name="IpsecVPNConfig"><xs:choice><xs:element minOccurs="0

vShield API Programming Guide82 VMware, Inc. <xs:element minOccurs="0" name="Status" type="VPNTunnelStatus"/>

VMware, Inc. 83Appendix </xs:sequence></xs:complexType><xs:complexType name="NetworkEndpointsConfig"><xs:sequence>&l

vShield API Programming Guide84 VMware, Inc. <xs:restriction base="xs:string"><xs:pattern value="((round-robin)|(ip-hash))&quo

VMware, Inc. 85Appendix Traffic Stats SchemaThisschemaconfigurestheTrafficStatscollectionserviceforanode.<?xml version="1.0" en

vShield API Programming Guide86 VMware, Inc. </xs:schema>Error Message SchemaThisschemadetailserrormessages.<?xml version="1.0"

VMware, Inc. 87 IndexCCLI, manage vShield Edge credentials 25Ddebug, Port Group Isolation 20debugging a vShield Edge 47DHCPabout 25configuring 26delet

vShield API Programming Guide88 VMware, Inc. PPort Group Isolationdebug statistics 20disable 20enable 19install 15uninstall 18preparing the ESX host 1

VMware, Inc. 89Index get the detailed configuration for a site 41get the detailed configuration for a tunnel 41last 10 configurations 42post configura

VMware, Inc. 9 1VMware®vShield™isasuiteofnetworkedgeandapplication‐awarefirewallsbuiltforVMwarevCenter™Serverintegration.vShieldinsp

vShield API Programming Guide90 VMware, Inc. get the detailed configuration 40get the detailed configuration for a site 41get the detailed configurati