Tag Archives: VMware Cloud on AWS

Hybrid Linked Mode (HLM) with vCenter Cloud Gateway using REST API

In my first post on HLM configuration using API, I explained how to configure HLM using API through Cloud VC. If you haven’t still read that post, I would highly recommend you do. In this post I am going to touch upon how to configure HLM using API but from vCenter cloud gateway appliance (VCGA).

Setting up HLM from vCenter cloud gateway is three step process


1. Deploying vCenter cloud gateway appliance using official documentation

2. Making sure prerequisite for linking with Cloud Gateway Appliance are met

3. Configuring HLM from UI or using API. In our case, we would do from API

As I mentioned in my last post, API itself does not change, it is just that API end-point will be vCenter cloud gateway appliance and input parameters we pass will be changed. Lets take a look.

POST: https://<VCG IP>/rest/hvc/links

VCG IP is the IP address of the deployed vCenter cloud gateway appliance

Below is the JSON payload this API takes in . Note thumprint is optional param

{
“spec”: {
“port”: “443”,
“domain_name”: “vmc.local”,
“username”: “[email protected]”,
“ssl_thumbprint”: “E9:BD:29:9F:D6:15:4F:B7:C8:90:2C:19:03:61:HB:7A:AD:FB:B1:1E”,
“admin_groups”: [
[email protected]
],
“password”: “VMware123!”,
“psc_hostname”: “Cloud PSC IP or FQDN”
}
}

Let us go over each parameter passed

port: 443 is default  port for communication between VCG and Cloud VC (can be custom port also)

domain_name: Cloud VC PSC default SSO domain (its vmc.local)

username, password, psc_hostname: Cloud VC PSC credentials (PSC is always embedded in case of VMware cloud on AWS deployment)

ssl_thumbprint : Note that this parameter is optional, it will work fine even if you do not pass this param or if you pass value as blank. If you want to pass, this is Cloud PSC SSL thumbprint, you can get it using one of the ways posted here . I am going to write a post on how to get vCenter/PSC thumbprint using API itself, please stay tuned.

admin_groups: here you specify cloud administrator group(s).  Before configuring HLM linking , identity source must be configured on Onprem and cloud admin group(s) must be given global permissions. Note that identity source need not be configured on Cloud VC, refer this KB

Note: Above API can be called from H5C API-explorer or Postman/any REST client or python script as specified below

I used the same python script used for HLM linking with Cloud VC but using VCG IP as end-point & passing inputs as described above. I see it was successful as expected & I was able to see both VCs together when logged in as user from cloudadmin group configured at HLM linking.