The organization association process is similar to that used to associate sites. Once again, the process requires credentials to be collected from one vCloud Director and passed to the other after which the process is reversed to complete the association. However in this case, the association data cryptographically identifies the Organization rather than the site. The high-level sequence of API calls to establish a unidirectional association in each direction is illustrated in the following figures.

 

 

With this complete, “Org 1” at Site “B” has the credentials it requires to authenticate and decrypt API calls and payload data from “Org 1” at Site “A”, but no way to identify itself to “Org 1” at Site “A” or to encrypt API payload data in a way in which “Org 1” at Site “A” will be able to reciprocate. The association sequence is then repeated in the opposite direction to establish bidirectional authentication and encryption. The following figure shows this process.

 

 

With the second part of the association complete, both member organizations are now aware of each other, have the URLs of the remote organization’s REST API endpoints, and have the credentials to be able to use them securely. The API endpoints in the current version (v29.0 at the time of writing) allow the system or organization administrator to collect the association data from one vCloud Director organization and submit it to another using the following API workflow. The requests and responses show only the relevant elements. See the vCloud Director API guide in the References section for full details. The workflow shows the sequence of steps, the requests (è) and their relevant headers, and the responses (ç) and their relevant content. While the workflow can, as noted, be carried out by a user with Organization Administrator credentials, the following example shows the process carried out by a System Administration user and omits the session login steps illustrated in the site association workflow.