In my first post on HLM configuration using API, I explained how to configure HLM using API through Cloud VC. If you haven’t still read that post, I would highly recommend you do. In this post I am going to touch upon how to configure HLM using API but from vCenter cloud gateway appliance (VCGA).
Setting up HLM from vCenter cloud gateway is three step process
1. Deploying vCenter cloud gateway appliance using official documentation
2. Making sure prerequisite for linking with Cloud Gateway Appliance are met
3. Configuring HLM from UI or using API. In our case, we would do from API
As I mentioned in my last post, API itself does not change, it is just that API end-point will be vCenter cloud gateway appliance and input parameters we pass will be changed. Lets take a look.
POST: https://<VCG IP>/rest/hvc/links
VCG IP is the IP address of the deployed vCenter cloud gateway appliance
Below is the JSON payload this API takes in . Note thumprint is optional param
{
“spec”: {
“port”: “443”,
“domain_name”: “vmc.local”,
“username”: “cloudadmin@vmc.local”,
“ssl_thumbprint”: “E9:BD:29:9F:D6:15:4F:B7:C8:90:2C:19:03:61:HB:7A:AD:FB:B1:1E”,
“admin_groups”: [
” yourcloudadmingroup@yourdomain.local “
],
“password”: “VMware123!”,
“psc_hostname”: “Cloud PSC IP or FQDN”
}
}
Let us go over each parameter passed
port: 443 is default port for communication between VCG and Cloud VC (can be custom port also)
domain_name: Cloud VC PSC default SSO domain (its vmc.local)
username, password, psc_hostname: Cloud VC PSC credentials (PSC is always embedded in case of VMware cloud on AWS deployment)
ssl_thumbprint : Note that this parameter is optional, it will work fine even if you do not pass this param or if you pass value as blank. If you want to pass, this is Cloud PSC SSL thumbprint, you can get it using one of the ways posted here . I am going to write a post on how to get vCenter/PSC thumbprint using API itself, please stay tuned.
admin_groups: here you specify cloud administrator group(s). Before configuring HLM linking , identity source must be configured on Onprem and cloud admin group(s) must be given global permissions. Note that identity source need not be configured on Cloud VC, refer this KB
Note: Above API can be called from H5C API-explorer or Postman/any REST client or python script as specified below
I used the same python script used for HLM linking with Cloud VC but using VCG IP as end-point & passing inputs as described above. I see it was successful as expected & I was able to see both VCs together when logged in as user from cloudadmin group configured at HLM linking.
Vikas Shitole is a Senior Tech Lead at VMware by Broadcom, VCF division, India, where he leads system test efforts—including scale, stress, and resiliency testing—and drives product quality across VMware Cloud Foundation (VCF), Broadcom’s flagship private cloud platform.
He is an AI and Kubernetes enthusiast, and is passionate about VMware customers and automation around vSphere and VCF. Vikas has been honored as a vExpert for 12 consecutive years (2014–2025) for his sustained technical contributions and community leadership.
He is the author of two VMware Flings, holds multiple industry certifications, and is one of the top contributors to the VMware API Sample Exchange, where his automation scripts have been downloaded over 50,000 times.
Vikas has shared his expertise as a speaker at international conferences such as VMworld Europe and VMworld USA, and was selected as an official VMworld 2018 blogger. He also served as lead technical reviewer for the Packt-published books vSphere Design and VMware Virtual SAN Essentials.
Beyond tech, Vikas is a dedicated cricketer, cycling enthusiast, and a lifelong learner in fitness and nutrition, with the personal goal of completing an Ironman 70.3