MissionaryLiao
Contributor
Contributor

VM identification on vCloud and passing account/password to VM

Jump to solution

Hi all,

   On vCloud, any VM on it can be identified by querying adminVM via vCloud-REST API.

   However, we need to pass some viewer-like account and its password to that VM for using vCloud-API, that means I need to spread this account information to each VM.

   Anyone can easily get that account/password once I pass them to each VM, and anyone can use it to login to vCloud-Console with that account.

   Although I can lower down the security-concern to use "Console Access Only" account, I still wonder if there are any other unauthenticated way like what EC2 provided(with ec2 instance-metadata).

   Any comment/help is appreciated. Thanks!

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
lamw
Community Manager
Community Manager

If you have a management server which can query VCD for the list of VMs and the the clients would also send it's updates to the same management server, then why would the clients need access directly to VCD? If I understand your question, you're just trying to find a way to link the VM's data with the VM list in VCD? If so, one way is to just assign a unique identifier which maybe internal to your company to each VM using OVF Custom Properties which the VM can also access within the guestOS. Then when it sends it's updates, it can send the unique key and the management server can use this key to link the information to the VM.

Take a look here for more details - http://pubs.vmware.com/vcloud-api-1-5/wwhelp/wwhimpl/js/html/wwhelp.htm#context=vCloudAPI&file=GUID-...

View solution in original post

0 Kudos
6 Replies
cfor
Expert
Expert

I have read over this a few times and I am trying to figure out what it is you are attempting to do.  Could you provide a little detail on what you are attempting to accomplish as the end result - maybe we can look from that point of view and come up with a solution that may work.

ChrisF (VCP4, VCP5, VCP-Cloud) - If you find this or any other answer useful please consider awarding points by marking the answer correct or helpful
MissionaryLiao
Contributor
Contributor

Hi cfor,

   I think I misunderstand the usage of vCloud-API, the response of "query?type=vm" is a list of all VMs in that "organization" or "system".

   What I'm looking for is an identification for us to identify that VM on vCloud web-console, and this identification should be queried from guestOS on that VM directly.

   On EC2, any application in any VM on EC2 can just "GET https://169.254.169.254/latest/metadata/instance-id" to get its "instance-id" directly.

   This is really useful for any server-client application on cloud-environment. I wonder if there are any equivalence on vCloud.

   Thanks for your reading!

Mission.

0 Kudos
lamw
Community Manager
Community Manager

Hi MissionaryLiao,

What exactly are you trying to query from within the guestOS and why? I'm also trying to understand this particular request as it's not very clear on what you're looking for and what you would need it for from within the guestOS

0 Kudos
MissionaryLiao
Contributor
Contributor

Hi all,

   There is a server that can get a list of all VMs from vCD, and every client needs to report its status to server. In an scalable application, communication originated from clients but not server is a common pattern.

   For every reporting-request from clients, server need to match this request to one VM in the VM-list queried from vCD.

   Therefore, client needs to embed some identification info for "where he comes from" in those reporting-requests to help server locate him in the VM-list from vCD.

   Generally, client can report its IP/Hostname/BIOS-UUID/MAC to server for identification.

   However, IP/Hostname are not promised unique in a very large environmnet. MAC is an information that can be easily faked.

   Based on this KB: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=200250...

   BIOS-UUID is not permitted unique on vCloud. So we are still looking for other kind of identification.

   Is this clear? Any discussion is welcome.

0 Kudos
lamw
Community Manager
Community Manager

If you have a management server which can query VCD for the list of VMs and the the clients would also send it's updates to the same management server, then why would the clients need access directly to VCD? If I understand your question, you're just trying to find a way to link the VM's data with the VM list in VCD? If so, one way is to just assign a unique identifier which maybe internal to your company to each VM using OVF Custom Properties which the VM can also access within the guestOS. Then when it sends it's updates, it can send the unique key and the management server can use this key to link the information to the VM.

Take a look here for more details - http://pubs.vmware.com/vcloud-api-1-5/wwhelp/wwhimpl/js/html/wwhelp.htm#context=vCloudAPI&file=GUID-...

0 Kudos
MissionaryLiao
Contributor
Contributor

Great!

I tend to use vCloud-API is just because I misunderstand its usage. I originally expected vCD can return VM-specific information but not whole VM-list.

Thanks for the OVF way. It's really helpful.

0 Kudos