4.6.4 Updated vCloud DR Recovery Process
In the updated vCloud DR recovery process, following the successful recovery of a vCloud Director management cluster, some additional steps must be included during the recovery of resource clusters to facilitate the recovery of vCloud Networking and Security Edge Gateway (Edge Gateway) appliances and vApps. The following is the high-level procedure.
To facilitate the recovery of Edge Gateway appliances and vApps
1. Restart all of the virtual machines (Edge devices) in the systems folders, one at a time.
2. For each vCloud Networking and Security Manager, retrieve the current configurations and apply the site-specific networking mapping updates.
3. Remove the primary interface from the Edge devices to allow all traffic to flow through the recovery interface.
4. Bring up the virtual machines protected by the Edge devices.
NoteConsider using the metadata property of objects to define site-specific configuration information that can be applied during the recovery process. The use of metadata is discussed in the automation examples of the VMware vCloud Director Infrastructure Resiliency Case Study.
The following table provides a high-level overview of the existing vCloud DR recovery process, and an updated vCloud DR process that incorporates the solution described in this example.
Table 12. Existing versus Updated vCloud DR Process
Existing vCloud DR Process | Updated vCloud DR Process |
1. Mount replicated VMFS volumes. 2. Bring recovery ESXi hosts online. 3. Power on vCloud Director workload virtual machines. | 1. Mount replicated VMFS volumes. 2. Bring recovery ESXi hosts online. 3. Bring Edge Gateway device online. a. Power on affected Edge Gateway devices. b. Enable predefined services configurations for recovery site. c. Remove interface connected to production site. 4. Power on vCloud Director workload virtual machines. |
4.6.4.1. Updated vCloud DR Recovery Process – API Example
Automation is required for the updated vCloud DR process. Though this solution offers additional simplicity and reduced configuration it is still necessary to update the configuration of multiple vCloud Networking and Security Edge Gateway (Edge Gateway) devices, which in turn can have multiple NAT or firewall rules.
This example addresses automation of steps
3.b and 3.c.
Step 3.a is
not covered because it is only a case of identifying vCloud Networking and Security
Edge devices (easily identified by their location in the s
ystem virtual datacenter r
esource p
ools) and issuing a Power On request. (T
his was covered previously in the automation examples for the existing vCloud DR solution.)
NoteIn vCloud Director 1.x, network services such as firewall, static routing, DHCP, and so on, were all associated with the organization network. In vCloud Director 5.1 all network services are associated with the Edge Gateway instead of the organization virtual datacenter network.
4.6.4.2. Enable predefined services configurations for recovery site
The following high-level procedure uses the vCloud Director API to get information about the vCloud Networking and Security Edge Gateway (Edge Gateway ) devices, modifies that information, and updates the device configuration.
To use the vCloud Director API to get and modify information for the Edge Gateway devices
1. Authenticate to vCloud Director
(see s
ection 4.6.4.4).
2. Get and return the Edge Gateway
devices
(see s
ection 4.6.4.5).
3. Get and return the specific Edge Gateway device current configuration
(see s
ection 4.6.4.6).
4. Modify the XML to reflect the new configuration
(see s
ection 4.6.4.7).
5. Update the
Edge Gateway device configuration
(see s
ection 4.6.4.8).
The example updates a given Edge Gateway device to change the HA status. In a full recovery scenario, all configuration elements can be updated by editing or adding the correct section in the XML document that represents the Edge Gateway service configuration.
After you have successfully implemented your vCloud DR solution, you can look at how to use and implement this solution using the vCloud API. This section of the document introduces you to the VMware vCloud™ API and, in particular, the Edge Gateway API and Query Service API.
The vCloud API uses HTTP requests (which are often executed by a script or other higher‐level language) as a way of making what are essentially remote procedure calls that create, modify, or delete the objects defined by the API. This vCloud REST API is defined by a collection of XML documents that represent the objects on which the API operates. The operations themselves (HTTP requests) are generic to all HTTP clients.
The vCloud REST API workflows fall into a pattern that includes only two fundamental operations:
Make an HTTP request (typically GET, PUT, POST, or DELETE). The target of this request is either a well
‐known URL (such as the vCloud Director
URL),
or a link obtained from the response to a previous request.Examine the response, which can be an XML document or an HTTP response code. 
If the response is an XML document it can contain links or other information about the state of an object. If the response is an HTTP response code it indicates whether the request succeeded or failed, and can be accompanied by a URL that points to a location from which additional information can be retrieved.
4.6.4.3. Using cURL
Using tools such as cURL, we can consume the vCloud Networking and Security REST API. There is no need for document descriptions because touching each URL with the appropriate method and data causes an immediate response.
cURL, sometimes written as curl, is a set of C-based libraries in PHP that supports HTTP GET. cURL supports the following command line options:
-i (HTTP) Include the HTTP-header in the output. The HTTP-header includes the server-name, date of the document, the HTTP-version, and so on.
-
k Allow connections to SSL sites without certificates.
-H Specify a custom HTTP header to pass to the server. -X Specifies a custom request method to use when communicating with the HTTP server.
The
specified
request
is
used instead of the method that would otherwise be used (which defaults to GET). Read the HTTP 1.1 specification for details and explanations. Common additional HTTP requests include POST and DELETE.
4.6.4.4. Authenticate to vCloud Director
The following example shows how to authenticate to vCloud Director.
Request
$ curl -k -v -c cookie.txt -u "administrator@System:akimbi" -H "Accept:application/*+xml;version=5.1" -d "" https://<VCD-IP>/api/sessions
Response
* About to connect() to <VCD-IP> port 443 (#0)
* Trying <VCD-IP>... connected
* Connected to <VCD-IP> (<VCD-IP>) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: C=US; ST=California; L=Palo Alto; O=VMware, Inc.; CN=*.eng.vmware.com
* start date: 2009-11-17 00:00:00 GMT
* expire date: 2012-11-20 23:59:59 GMT
* common name: *.example.vmware.com (does not match '<VCD-IP>')
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert High Assurance CA-3
* SSL certificate verify ok.
* Server auth using Basic with user 'administrator@System'
> POST /api/sessions HTTP/1.1
> Authorization: Basic YWRtaW5pc3RyYXRvckBTeXN0ZW06YWtpbWJp
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: <VCD-IP>
> Accept:application/*+xml;version=5.1
> Content-Length: 0
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/1.1 200 OK
< Date: Tue, 24 Jul 2012 18:11:38 GMT
< x-vcloud-authorization: +UDXmIeKSZ9QnPpg9OPNEhtC5QgTUzvNmyJ6IZgx6hI=
* Added cookie vcloud-token="+UDXmIeKSZ9QnPpg9OPNEhtC5QgTUzvNmyJ6IZgx6hI=" for domain <VCD-IP>, path /, expire 0
< Set-Cookie: vcloud-token=+UDXmIeKSZ9QnPpg9OPNEhtC5QgTUzvNmyJ6IZgx6hI=; Secure; Path=/
< Content-Type: application/vnd.vmware.vcloud.session+xml;version=5.1
< Date: Tue, 24 Jul 2012 18:11:39 GMT
< Content-Length: 1259
<
<?xml version="1.0" encoding="UTF-8"?>
<Session xmlns="http://www.vmware.com/vcloud/v1.5" user="administrator" org="System" type="application/vnd.vmware.vcloud.session+xml" href="https://10.147.50.34/api/session/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://<VCD-IP> /api/v1.5/schema/master.xsd">
<Link rel="down" type="application/vnd.vmware.vcloud.orgList+xml" href="https://<VCD-IP> /api/org/"/>
<Link rel="down" type="application/vnd.vmware.admin.vcloud+xml" href="https://<VCD-IP> /api/admin/"/>
<Link rel="down" type="application/vnd.vmware.admin.vmwExtension+xml" href="https://<VCD-IP>/api/admin/extension"/>
<Link rel="down" type="application/vnd.vmware.vcloud.org+xml" name="System" href="https://<VCD-IP>/api/org/a93c9db9-7471-3192-8d09-a8f7eeda85f9"/>
<Link rel="down" type="application/vnd.vmware.vcloud.query.queryList+xml" href="https://<VCD-IP>/api/query"/>
<Link rel="entityResolver" type="application/vnd.vmware.vcloud.entity+xml" href="https://<VCD-IP>/api/entity/"/>
<Link rel="down:extensibility" type="application/vnd.vmware.vcloud.apiextensibility+xml" href="https://<VCD-IP>/api/extensibility"/>
</Session>
* Connection #0 to host <VCD-IP> left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
(Optional) Return the vCloud Director metadata.
Request
$ curl -k -v -b cookie.txt -H "Accept:application/*+xml;version=5.1" https://<VCD-IP>/api/query
This presents a list if many elements, such as organization, adminOrgNetwork, providerVdc, externalNetwork, and edgeGateway.
Response (Modified to separate the vCloud Director objects.)
Organization:
<Link rel="down" type="application/vnd.vmware.vcloud.query.records+xml" name="organization" href="https://<VCD-IP>/api/query?type=organization&format=records"/>
adminOrgNetwork:
<Link rel="down" type="application/vnd.vmware.vcloud.query.references+xml" name="adminOrgNetwork" href="https://<VCD-IP>/api/query?type=adminOrgNetwork&format=references"/>
providerVdc:
<Link rel="down" type="application/vnd.vmware.vcloud.query.references+xml" name="providerVdc" href="https://<VCD-IP>/api/query?type=providerVdc&format=references"/>
externalNetwork:
<Link rel="down" type="application/vnd.vmware.vcloud.query.references+xml" name="externalNetwork" href="https://<VCD-IP>/api/query?type=externalNetwork&format=references"/>
edgeGateway:
<Link rel="down" type="application/vnd.vmware.vcloud.query.references+xml" name="edgeGateway" href="https://<VCD-IP>/api/query?type=edgeGateway&format=references"/>
4.6.4.5. Get and Return the vCloud Networking and Security Edge Gateways
The following example shows how to get information about the vCloud Networking and Security Edge Gateway (Edge Gateway).
Request
$ curl -k -v -b cookie.txt -H "Accept:application/*+xml;version=5.1" https://<VCD-IP>/api/query?type=edgeGateway
Response
The following is a condensed format to show one Edge Gateway for this example, in this case Edge-Gateway-01.
<EdgeGatewayRecord vdc="https://<VCD-IP>/api/vdc/1d7f9e91-ef16-48ad-bae8-299bfe56a54c" numberOfOrgNetworks="1" numberOfExtNetworks="1" name="Edge-Gateway-01" isBusy="false" haStatus="UP" gatewayStatus="READY" href="https://<VCD-IP>/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963" isSyslogServerSettingInSync="true" taskStatus="success" taskOperation="networkEdgeGatewayCreate" task="https://<VCD-IP>/api/task/62928cf9-937b-4f06-ba55-01f032a32ace" taskDetails=" "/>
4.6.4.6. Get and Return a Specific vCloud Networking and Security Edge Gateway
The following example shows how to get information about a specific vCloud Networking and Security Edge Gateway.
Request
GET https://<VCD-IP>/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963
$ curl -k -v -b cookie.txt -H "Accept:application/*+xml;version=5.1" https://10.147.50.33/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963
Response
<EdgeGateway xmlns="http://www.vmware.com/vcloud/v1.5" status="1" name="Edge-Gateway-01" id="urn:vcloud:gateway:0cf71e84-fdf6-4fa0-ae85-bdd688a64963" type="application/vnd.vmware.admin.edgeGateway+xml" href="https://<VCD-IP>/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://10.147.50.33/api/v1.5/schema/master.xsd">
<Link rel="edit" type="application/vnd.vmware.admin.edgeGateway+xml" href="https://<VCD-IP>/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963"/>
<Link rel="remove" href="https://<VCD-IP>/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963"/>
<Link rel="up" type="application/vnd.vmware.admin.vdc+xml" href="https://<VCD-IP>/api/admin/vdc/1d7f9e91-ef16-48ad-bae8-299bfe56a54c"/>
<Link rel="edgeGateway:redeploy" href="https://<VCD-IP>/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963/action/redeploy"/>
<Link rel="edgeGateway:configureServices" type="application/vnd.vmware.admin.edgeGatewayServiceConfiguration+xml" href="https://<VCD-IP>/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963/action/configureServices"/>
<Link rel="edgeGateway:reapplyServices" href="https://<VCD-IP>/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963/action/reapplyServices"/>
<Link rel="edgeGateway:syncSyslogSettings" href="https://<VCD-IP>/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963/action/syncSyslogServerSettings"/>
<Link rel="edgeGateway:upgrade" href="https://<VCD-IP>/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963/action/upgradeConfig"/>
<Description/>
<Configuration>
<GatewayBackingConfig>compact</GatewayBackingConfig>
<GatewayInterfaces>
<GatewayInterface>
<Name>TestBed-VC1</Name>
<DisplayName>TestBed-VC1</DisplayName>
<Network type="application/vnd.vmware.admin.network+xml" name="TestBed-VC1" href="https://<VCD-IP>/api/admin/network/3ddab120-7d66-40d3-9536-af94f23e1361"/>
<InterfaceType>uplink</InterfaceType>
<SubnetParticipation>
<Gateway>192.168.1.1</Gateway>
<Netmask>255.255.255.0</Netmask>
<IpAddress>192.168.1.8</IpAddress>
</SubnetParticipation>
<SubnetParticipation>
<Gateway>192.168.2.1</Gateway>
<Netmask>255.255.255.0</Netmask>
<IpAddress>192.168.2.7</IpAddress>
</SubnetParticipation>
<SubnetParticipation>
<Gateway>198.125.2.6</Gateway>
<Netmask>255.255.0.0</Netmask>
<IpAddress>198.125.2.12</IpAddress>
</SubnetParticipation>
<SubnetParticipation>
<Gateway>10.147.80.253</Gateway>
<Netmask>255.255.255.0</Netmask>
<IpAddress>10.147.80.217</IpAddress>
</SubnetParticipation>
<ApplyRateLimit>false</ApplyRateLimit>
<InRateLimit>100.0</InRateLimit>
<OutRateLimit>100.0</OutRateLimit>
<UseForDefaultRoute>true</UseForDefaultRoute>
</GatewayInterface>
<GatewayInterface>
<Name>MAH-VDC-Network</Name>
<DisplayName>MAH-VDC-Network</DisplayName>
<Network type="application/vnd.vmware.admin.network+xml" name="MAH-VDC-Network" href="https://<VCD-IP>/api/admin/network/2d6b1a79-a249-4ba3-b863-e3649661801f"/>
<InterfaceType>internal</InterfaceType>
<SubnetParticipation>
<Gateway>192.176.100.1</Gateway>
<Netmask>255.255.255.0</Netmask>
<IpAddress>192.176.100.1</IpAddress>
</SubnetParticipation>
<ApplyRateLimit>false</ApplyRateLimit>
<UseForDefaultRoute>false</UseForDefaultRoute>
</GatewayInterface>
</GatewayInterfaces>
<EdgeGatewayServiceConfiguration>
<FirewallService>
<IsEnabled>true</IsEnabled>
<DefaultAction>drop</DefaultAction>
<LogDefaultAction>false</LogDefaultAction>
</FirewallService>
</EdgeGatewayServiceConfiguration>
<HaEnabled>false</HaEnabled>
<UseDefaultRouteForDnsRelay>true</UseDefaultRouteForDnsRelay>
</Configuration>
</EdgeGateway>
4.6.4.7. Modify the XML to Reflect the New Configuration
The entire body from the GET response in step 3 in s
ection 4.6.4.1 is used to make the required changes. This example shows the change of <HaEnabled> to true. To automate the reconfiguration of the vCloud Networking and Security Edge Gateway devices
1. Create a file and copy the contents of the <EdgeGateway> ... </EdgeGateway> into this file (for example, EdgeGateway.xml).
2. Change <HaEnabled>false</HaEnabled> to <HaEnabled>true</HaEnabled>.
3. Copy and p
aste the contents of this file into the http PUT or cURL command in step
5.
4.6.4.8. Update the vCloud Networking and Security Edge Gateway Device Configuration
After making the preceding changes, you can update the vCloud Networking and Security Edge Gateway device using the vCloud API as in the following example.
Request
PUT https://<VCD-IP>/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963 (this is the UUID 0cf71e84-fdf6-4fa0-ae85-bdd688a64963)
$ curl -k -v -b cookie.txt -H "Accept:application/*+xml;version=5.1" -X PUT --header "Content-Type:application/vnd.vmware.admin.edgeGateway+xml" --data @EdgeGateway.xml https://<VCD-IP>/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963
Response
* About to connect() to <VCD-IP> port 443 (#0)
* Trying <VCD-IP>... connected
* Connected to <VCD-IP> (<VCD-IP>) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: C=US; ST=California; L=Palo Alto; O=VMware, Inc.; CN=*.eng.vmware.com
* start date: 2009-11-17 00:00:00 GMT
* expire date: 2012-11-20 23:59:59 GMT
* common name: *.eng.vmware.com (does not match <VCD-IP>)
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert High Assurance CA-3
* SSL certificate verify ok.
> PUT /api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963 HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: <VCD-IP>
> Cookie: vcloud-token=1hi8kZ4tNOnSnv3aq6/gSrDHlTPyYrBXQ5a2CdmX8C4=
> Accept:application/*+xml;version=5.1
> Content-Type:application/vnd.vmware.admin.edgeGateway+xml
> Content-Length: 4631
> Expect: 100-continue
>
< HTTP/1.1 100 Continue
< HTTP/1.1 202 Accepted
< Date: Fri, 24 Jul 2012 10:08:13 GMT
< Date: Fri, 24 Jul 2012 10:08:15 GMT
< Location: https://<VCD-IP>/api/task/e0c73c28-2d5b-4e9d-a304-bc6b3667f18a
< Content-Type: application/vnd.vmware.vcloud.task+xml;version=5.1
< Content-Length: 1331
<
<?xml version="1.0" encoding="UTF-8"?>
<Task xmlns="http://www.vmware.com/vcloud/v1.5" status="running" startTime="2012-07-20T03:08:15.571-07:00" serviceNamespace="com.vmware.vcloud" operationName="edgeGatewayUpdate" operation="Updating EdgeGateway (0cf71e84-fdf6-4fa0-ae85-bdd688a64963)" expiryTime="2012-10-18T03:08:15.571-07:00" cancelRequested="false" name="task" id="urn:vcloud:task:e0c73c28-2d5b-4e9d-a304-bc6b3667f18a" type="application/vnd.vmware.vcloud.task+xml" href="https://<VCD-IP>/api/task/e0c73c28-2d5b-4e9d-a304-bc6b3667f18a" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.vmware.com/vcloud/v1.5 http://<VCD-IP>/api/v1.5/schema/master.xsd">
<Link rel="task:cancel" href="https://<VCD-IP>/api/task/e0c73c28-2d5b-4e9d-a304-bc6b3667f18a/action/cancel"/>
<Owner type="application/vnd.vmware.admin.edgeGateway+xml" name="" href="https://<VCD-IP>/api/admin/edgeGateway/0cf71e84-fdf6-4fa0-ae85-bdd688a64963"/>
<User type="application/vnd.vmware.admin.user+xml" name="system" href="https://<VCD-IP>/api/admin/user/55c1d771-b2e2-4255-8387-7f6da1e0e3f1"/>
<Organization type="application/vnd.vmware.vcloud.org+xml" name="MAH" href="https://<VCD-IP>/api/org/60b44eb5-0e98-45bc-b96b-25549ce03033"/>
<Progress>0</Progress>
<Details/>
</Task>
* Connection #0 to host <VCD-IP> left intact
* Closing connection #0
