vShield API < ipAddress > 'any '.

Similar Questions

• Do CPO dynamic media transforming workflow using the API or any other means?

  Do CPO dynamic media transforming workflow using the API or any other means?

  Could we create or update workflows when running?

  There is no workflow WSDL. But I'm not sure of the custom here. Can you describe your use case or what you try to do this will have to change a process/workflow during execution?

• vShield App - access Flow Monitoring via vShield API?

  Hello world!

  We want to get their hands on the information provided by the App Flow vShield"monitor"programmically. We found no detail on how to do this via the API of vShield. Anyone know how or have experience using the Flow' monitor ' in this way?

  See you soon!

  Hi, would like to understand how you want to use data more precisely. Today, vShield Manager collects a large set of data that comes to the microphones, and recovery of the flow bulk can be no optimal via REST... We don't have a way to retrieve the stream via the API for this reason. You are looking for a filtered or a search for style operation to retrieve specific streams or more doing timed calls for periodic flows? If it's the latter, potentially using the Netflow feature in our vSwitch can be an alternative method.

  Do you currently work closely with vShield engineering team? Looks like an interesting use case, we would be delighted to hear from you...

• Cannot add firewall rules using the REST API vShield App

  Hi all

  I get the following error

  "< errors > < error > < code > 100039 < / code > < description > Unmatched rules found in the configuration." "< / description > < / error > < / errors >.

  When you use the App API vSheild:

  POST https:// /API/2.0/app/firewall/dvportgroup-55/config < vsm-ip >

  Paylod XML:

  <? XML version = "1.0" encoding = "UTF-8" standalone = "yes"? >
  < VshieldAppConfiguration >
  < firewallConfiguration = "dvportgroup-55" the contextId >
  < layer3FirewallRule disabled = "false" priority = "none" id = "1021" >
  < action > allow < / action >
  < connected > false < / connected >
  < source >
  < address >
  < ipAddress > 172.30.68.212 < / ipAddress >
  < / address >
  < > 222 portInfo < / portInfo >
  < / source >
  < destination >
  < address >
  < ipAddress > 172.30.68.166 < / ipAddress >
  < / address >
  < application >
  < > 333 portInfo < / portInfo >
  < Protocol > 6 < / Protocol >
  < / application >
  < / destination >
  < / layer3FirewallRule >
  < / firewallConfiguration >
  < / VshieldAppConfiguration >

  Is anyone has seen this before or any idea why this might be happening?

  In addition, create a wall of fire to provide the variable "id"... How do I know which id to use to create a new firewall rule. I'm using id = "1021" I see one last created after quesrying API... but when you call it through automation, what will the process to define an id invalid?

  Thank you

  xar

  ID must be present, for the new rule Id must be '0' while that for others it should kept as what. The reason for this error which I believe is the same. Replacement of 1021 with 0 should solve this problem. http://blogs.VMware.com/security/2011/11/using-the-VShield-API.html should also be useful to start with vShield firewall App REST API.

  -Kone

• vShield Manager, virtual son VXLAN, uplink changes of VDS

  Need input on how to resolve this situation without rebuilding the entire cluster care...

  I have vSM for vCloud Director of VXLAN son/virtual networks. As a part of a host updates - migration of all 1 Gbit/s to 1 / 10 Gbps mixed - I was able to reorganize the network adapters on the host computers and add additional total ascending available on the DVS pass that VXLAN is "horse on.» As part of making these updates, I've renamed also uplinks, where mistakes and the discovery of the problem root.

  The errors were to appear when you try to instantiate a new network VXLAN. The vCloud error was pretty impenetrable (as usual), but trying to manually create a new network in vSM provides useful information: the error was a failure to set the mode of collection for the new port group, and it referred to one of the ancient names of uplink.

  After that I added rising additional "dummy" to the DVS and renamed them so that the old names have been included, the virtual wires could be built very well. However, by examining the exchange of news, it was clear that vShield were built using the original, pre-reconfiguration uplink names, ignoring all new uplink: the new rising have been defined as "unused" in the group properties and the 'active' were fake uplinks that had no physical associated cards!

  I restarted vSM, re-entered the credentials of vCenter to try to get it to re - sync with the configuration of the network, but nothing helped.

  I need a way to force vSM list again this DVS who uses VXLAN so that it will end up with the correct uplinks. So far, my Google-fu has failed me, so I hope someone on the Forum might have a clue. Heck, as far as I know, it is a defect that I just discovered...

  Assuming you are using "failover command" set up for your VXLAN, you can try to use the REST API to change the name of uplink in POSSIBLE Manager (almost similar to what you see in KB 2093324).

  Note : I recommend backup or snapshot Manager first! Just in case...

  Headers required such as:

  Accept: application/xml

  Content-Type: application/xml

  Basic authentication

  1 /

  Use GET on the following points for the VDS loan ':
  http:// /api/2.0/vdn/switches

  (of course replace the with the name or the IP address of your vShield/POSSIBLE Manager)

  You will get something like this (this is just a part of it, if you have several vDS):

  DVS-18

  VmwareDistributedVirtualSwitch

  DSwitch

  16

  VmwareDistributedVirtualSwitch

  Datacenter-2

  Data Center

  Cloud

  1600

  FAILOVER_ORDER

  Uplink 2

  Uplink 1

  fake

  2 /

  Modify the parts of that you need. For example:

  ...

  NewLink1

  NewLink2

  ...
  Leave the rest as what.

  3. /

  Then use to execute a 'PUT' to the URL below in the REST client containing the above (in step / 2) change of body (and once again: assuming you are using the failover command).
  http:// /api/2.0/vdn/switches/dvs-18

  Note: Replace "dvs-18" by the id between and to what you in the GET request (in bold and red).

  You should get a HTTP 200 code if everything is OK. See: vShield API Guide around page 154, but personally I think that the part "Edit Group Policy" is not correct.

  It won't change any existing in vCenter port group. You have to change them manually. This change is only for any other creation of sons v VXLAN.

  HTH

  Roland

  PS: I did my best to test and try the example above, but no warranty and no support provided. For support, please open a service request with VMware.

• PUSH API - openPushListener high utilization of the processor and the poor performance of the app.

  Hello

  I have a request that I tested on a real phone and I noticed that when I call the method openPushListener on the push API that the CPU of the phone shoots up to 80-100% and stays there. When I do that on the Simulator there little CPU usage at all. I made sure this isn't the rest of my application by creating an application to Subscriber very simple push that, once compiled and put on a tourch or "BOLD" takes the CPU at 100%. When I do not call this method our application runs quickly, but when I listen to the messages of push splash screens taking much time to load before have been instant and it must be down to the CPU of the stuff to push.

  Here's my basic application, when running I went to device management application options and found it my app and could see the CPU usage. before you click the link in the application below cpu is at<1% and="" after="" it's="" at="" 80-100%="" while="" the="" application="" is="" open.="" this="" is="" affecting="" both="" os5="" and="">

  !DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
  
      
          
          
          
      
  
      
          Listen For Pushes
      
  
  

  What continues? If this is the case, we cannot use it and months of development is endangered...

  Ok... The thrust of new API that is to come (in the next two weeks) do not have this problem.  We were able to get to the root of the problem.

  This CPU use is caused by the opening of several ports push.  We the have not seen happen when using only one port to push.  Although we have seen occur when more than one application uses the API to push.

  The new API is standard capabilites Push which does not allow you to open several ports by request of data push.  Several applications can use this API without any degradation.

  In short... If you only use a port with the API to push, you minimize your chances of a question.

• Download Images in Eloqua via the REST API (via an API?)

  Hello community!

  We are interfacing content between a site CMS and Eloqua for custom content, so that we can deliver such content in emails and the landing pages effectively.

  We have an obligation to affix an image (such as an icon of great white game) overlay, a bit like this: http://u3.uicdn.net/372/cc7727211f2a7907850d2f844e707/diy-business-us/vi_video_content.jpg

  Unfortunately the CMS system he can not provide, we for some reason any.  And trying to superimpose the image in e-mails of Eloqua using CSS will result in inconsistent results between email clients, particularly mobile and so on...

  Our plan is so - to superimpose the image in our middleware software and then download the image to Eloqua, then use newly uploaded in the system.

  Is there a way we can download a picture of Eloqua via the REST API or any other API?

  Thank you

  Mark

  Hi Mark,

  Yes, you can use the Rest API to upload images to your installation of Eloqua. We will aim to provide documentation in the near future, but for now, we have an example of project available on Github to show how load images: Image of assistance

  Hope this helps and please let me know if you need more information.

  Thank you

  Fred

• NSX API: 404 error - possible bug or documentation error?

  I get an error 404 for both the URL below... Can anyone else confirm this?

  I had other issues with the documentation in this area, and maybe it's just a documentation error.

  Apply the layout Configuration
  Sets the portal layout. Example 8-156. Apply the layout configuration Request: PUT https:// < vsm - ip > /api/4.0/edges/ < edgeId > / sslvpn/config/setting in page/images /

  Request portal layout
  Gets the configuration of the portal layout. vShield API Programming Guide 222 of VMware, Inc. Example 8-157. The queries page setup Request: GET https:// < vsm - ip > /api/4.0/edges/ < edgeId > / sslvpn/config/layout /

  To do this:

  GET https:///api/4.0/edges//sslvpn/config/layout.

  PUT https:///api/4.0/edges//sslvpn/config/layout.

  Use this:

  GET https:///api/4.0/edges//sslvpn/config/layout page/portal /.

  PUT https:///api/4.0/edges//sslvpn/config/layout page/portal /.

  A documentation issue that needs to be filed.

• Change the Port Group Namespace for autonomy through the API?

  Work with vShield / POSSIBLE 5.5.0a.

  Take a group of ports which, out of the box will have a default namespace. As a result, you see the following menu items and information:

  

  By clicking on the Stand-alone namespace change link is there for that. We now have a group of ports with the stand-alone namespace and the additional menu tabs, firewall App and SpoofGuard.

  

  I can of course change for autonomy through the user interface, but can not find the equivalent API calls in the vShield API Programming Guide to do it programmatically. Can someone please advise on how to do this via the API?

  Thought that I would realize, since I figured this out in the end - a case of RTFM! Namespaces to appear in the Guide of programming on page 186, but there is no explicit mention of the way to make a group of independent ports. However, after revisiting the guide the penny dropped that adding a space of names to the data center is the equivalent of the evolution of a group of ports to a stand-alone namespace. Once you enter that (may be more obvious to you, it was for me), the examples in the guide can be followed.

  So to change ports for the autonomy group namespace, you must do the following:

  Https:///api/2.0/namespace/datacenter/ POST

  dvPortGroup-xxxxx

  Make sure that the content type is set to application/xml, text/xml (which has worked for me in the document) and not in the contrary case, it fails with a complaint about content type.

• VShield service Manager installation and vShield app to the same host ESXi

  Hello, I'm planning on vCloud Director assessment in a laboratory with only a single ESXi host.  When I try to install the app vShield service I get the following warning: do not install on a host or a cluster where the VC or the vShield Manager resides. This can cause network problems. The following IP address must be a unique IP address assigned to this unit of App vShield. Please do not use an IP address that is assigned to another machine, including the VC, vShield Manager or any ESX host. Using an incorrect IP address you will need to uninstall and reinstall App vShield on this host. My question is: is it is absolutely impossible to install vShield manager on the same host ESXi as the vShield Manager resides?  Or is it just a bad practice?  What are the ramifications of installing?

  It is a general practice to separate management and resources. What you see is just a warning. When there are very fewer resources available you can do. Make sure that you exclude from the required VM by referring to this post

  http://www.yellow-bricks.com/2012/03/17/excluding-your-vCenter-server-from-VShield-app-protection/

• List to get the task awaiting the user through IOM API - 11 G R2

  Hello
  
  IOM user page, we can access tasks pending for approval. Can I get this data using the IOM fubctions APIs? Any help is greatly appreciated...
  
  BR,
  Aliye

  Link below can be used as an example of code
  http://Srini-bellamkonda.blogspot.in/2012/11/approve-pending-requests-using-API-in.html

• Can we recover data from Ethernet using VShield App package?

  Hello

  I read the Vshield App flow analysis feature gives you the following ability: "ability to observe between the virtual machines network activity to help."

  define and refine firewall strategies, identify Botnets and secure

  business process through detailed reports of application traffic. »

  My question is whether it has also some API that can really give me the data in packets sent on the network? (Something that VSafe-Net API used to give)

  Thanks in advance.

  The feature is designed to display header/debit information, not the information payload.

  The vShield API are designed to feature parity with access based on the interface (vshield Manager, vCenter plugin). The flow control feature offers for each stream header information - sessions, packets, bytes. The content of the application is displayed and categoried (UDP, TCP inbound/outbound; name app/protocol;) IP address). I have attached a screenshot from a screen of laboratory test to give you an idea, but this isn't an exhaustive list.

  Does that answer your question? If this isn't the case, please provide details and I can get you more information.

• What is the good vShield produced for this scenario?

  Currently we are trying to design a solution for the creation of segmentation of traffic within the analogue of the virtual environment how it is segmented by VLANS on the same physical network.

  (see previous dissusion)

  http://communities.VMware.com/thread/284130?TSTART=0

  I just understand that vShield app provides this feature through "security groups", which can be used to create logical groupings of VMS in the sphere that cannot communicate with other virtual machines in their own group.  Indeed, security groups define the boundaries of a broadcast in the same way that one domain VLAN on the physical layer, but in a solution that is much more flexible and configurable.

  As one of the objectives was not to have to use NAT or a virtual firewall, we did not use the vShield Edge method to create these groups that would require the VM must have IP addresses internal used inside the virtual firewall and external IP addresses used outside-each VM should have only a single IP address.

  Therefore analyze the three different products more vShield that I came to this agreement given the above requirements

  -vShield App - would work

  -vShield Edge - does not work

  -vShield Zones - don't think that will work

  So now the question that remains is - App vShield does not come with the vmware license even more complete but must be purchased separately.  vShield Zones comes with our version of the license (Enterprise version).

  VShield Zones or any other free product is possible to operate in a manner similar to App vShield to meet these requirements without additional cost?  In addition, we want to continue to continue to use HA and FT without the solution we deploy inhibiting FT or HA.

  Thanks again for your contribution.

  Hello

  You must understand how each of these products...

  App vShield uses VMsafe to implement a FW just before each vNIC (on the penetration of the VM) and by consequence just after the vNIC on the virtual machine outgress. This FW is located between the vNIC and the vSwitch Portgroup to which it is attached. VMsafe devices (if App, Altor Networks, Checkpoint, reflex Systems, IBM VSS or TrendMicro Deep Security) require a driver must be installed in the vmkernel (hypervisor). So there are NO free versions of this feature. VMware controls which can be placed within the hypervisor, etc.. Indeed, VMsafe-net provides a vNIC of packet filtering firewall.

  vShield Zones, vShield Edge provide a firewall between two exchanges on the same vSwitch or between two different vSwitches of packet filtering. Areas and Edge are based on firewall mechanisms online m0n0wall, Smoothwall, ipcop, etc..

  If you design with these two points in mind. VMsafe-net applications as App vShield are firewall vNIC while vShield Zones/Edge are by Portgroup firewalls that include a certain vNIC.

  So, if you had several areas of trust and I wanted to use vShield App, you define the font by vNIC (and therefore your virtual machines within a Zone of confidence could live almost anywhere, you depend on VMsafe-net to do most of the work).

  However, with vShield Zones you define the strategy by combination portgroup/vSwitch. Their own vSwitch/portgroup would live in effect in each zone of confidence. When you configure this type of zone of confidence, in fact, I prefer vSwitch. Essentially, each host would have a vSwitch for each zone of confidence, and each zone of confidence would be protected by vShield Zones.

  You must decide at what granularity you want to define a strategy for the areas of your confidence. The vSwitch or the vNIC.

  Best regards
  Edward L. Haletky VMware communities user moderator, VMware vExpert 2009, 2010

  Now available: url = http://www.astroarch.com/wiki/index.php/VMware_Virtual_Infrastructure_Security'VMware vSphere (TM) and Virtual Infrastructure Security' [/ URL]

  Also available url = http://www.astroarch.com/wiki/index.php/VMWare_ESX_Server_in_the_Enterprise"VMWare ESX Server in the enterprise" [url]

  Blogs: url = http://www.virtualizationpractice.comvirtualization practice [/ URL] | URL = http://www.astroarch.com/blog Blue Gears [url] | URL = http://itknowledgeexchange.techtarget.com/virtualization-pro/ TechTarget [url] | URL = http://www.networkworld.com/community/haletky Global network [url]

  Podcast: url = http://www.astroarch.com/wiki/index.php/Virtualization_Security_Round_Table_Podcastvirtualization security Table round Podcast [url] | Twitter: url = http://www.twitter.com/TexiwillTexiwll [/ URL]

• Using the API to convert Microsoft Word doc in PDF/A?

  I have a Delphi application in which I generate a PDF from a MS-Word document.

  To create a PDF file, I use an API. Here is the part of the code (only what is interesting for now).

  This API is Adobe Acrobat Professional 9.

  What I want is to create a document using this API or any other PDF/A that should be here.

  Any ideas?

  Thank you.

  Israel

  Environment:

  Delphi 7

  Adobe Acrobat Professional 9

  --------------------------------------------------------

  var

  AVDoc: Variant;

  PDDoc: Variant;

  ArqDOC, ArqPDF: OleVariant;

  County: integer;

  Start

  ArqDOC: = "c:\temp\test.doc"

  ArqPDF: = 'c:\temp\test.pdf ';

  Try

  AVDoc: = CreateOleObject ('AcroExch.AVDoc');

  AVDoc.Open(ArqDOC, '');

  Application.ProcessMessages;

  County: = 0;

  While (not AVDoc.IsValid) and (count < 15) don't

  Start

  Sleep (1000);

  Inc. (Count);

  end;

  If AVDoc.IsValid then

  Start

  PDDoc: = AVDoc.GetPDDoc;

  PDDoc.SetInfo ("Title", ");

  PDDoc.SetInfo ("Author", ");

  PDDoc.SetInfo ("Subject", ");

  PDDoc.SetInfo ("Key words", ");

  PDDoc.Save (1 or 4 or 32, ArqPDF);

  Application.ProcessMessages;

  PDDoc.Close;

  end;

  AVDoc.Close (False);

  Finally

  VarClear (PDDoc);

  VarClear (AVDoc);

  end;

  end;

  -------------------------------------------------

  The use of AVDoc.Open () on any other than PDF format is not supported.

• When will it be compatible with Denon Heos music Apple?

  Currently, I am a subscriber to Spotify, listen through my Denon Heos system. My subscription is to be renewed and I would use music Apple and iTunes still once, however Apple music is not compatible with the Denon system.

  I sent Denon, and they are interested in the implementation, however, they expect that the requirements of the API available. How unlikely soon there will be a form any compatibility between the two?

  This is the email I received from Denon:

  "We consider music Apple to be a new player in the music business and as a result, we are certainly interested in the service."

  Apple partnered initially Sonos to bring the music service Apple materialized with the 3rd party hardware, but to this day, they still have not released any API for any other party to evaluate or work with 3rd.

  In the meantime, we do not know the technical requirements of the API, and while we are interested in the service, it may transpire that our products may not be not, we simply do not know at this stage.

  Please do not hesitate to check from time to time with us.  Once an API is available for other 3rd parties and we looked at it we will be able to give a more specific answer, I hope you understand. »

  I understand the answer is probably "we don't know", but it's also a position supporting this idea for the future (if I do)!

  Hello

  You're right, we cannot speculate on whether or when Apple will support this. I can only suggest that you provide feedback to Apple.

  http://www.Apple.com/feedback/itunesapp.html

  Jim