VMware Cloud Director

Visualize VMware Cloud Director organizations, VDCs, VDC groups, edge gateways, networks, firewall rules, virtual machines, users, and roles, and monitor changes through queries and alerts.

Installation

Installation

info

The integration authenticates against the VMware Cloud Director CloudAPI as a tenant-scoped user. System (provider/sysadmin) login is not currently supported, so the configured user only sees the organization it logs in to.

Configuration in VMware Cloud Director

You will need a VMware Cloud Director user with read access to the resources you want to ingest (organizations, users, roles, VDCs, VDC groups, edge gateways, networks, firewall rules, and virtual machines).

Collect the following information for use when configuring the integration in JupiterOne:

• The API host of your VMware Cloud Director instance, e.g. vcd.example.com.
• The username of the tenant user the integration will sign in as. The value must not contain @ or : characters — VMware Cloud Director uses both as delimiters in the basic-auth credential it accepts at POST /cloudapi/1.0.0/sessions.
• The password for that user.
• The organization name the user belongs to. As with the username, the value must not contain @ or : characters.

The integration uses these credentials to obtain a bearer JWT from POST /cloudapi/1.0.0/sessions (returned via the X-VMWARE-VCLOUD-ACCESS-TOKEN response header) and re-mints the token automatically on 401 responses, so long collection runs survive the token's lifetime.

Configuration in JupiterOne

To install the VMware Cloud Director integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select VMware Cloud Director. Click New Instance to begin configuring your integration.

Creating a VMware Cloud Director instance requires the following:

• The Account Name used to identify the VMware Cloud Director account in JupiterOne. Ingested entities will have this value stored in tag.AccountName when the AccountName toggle is enabled.

• Description to assist in identifying the integration instance, if desired.

• Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as DISABLED and manually execute the integration.

• The API Host, Username, Password, and Organization Name collected in the previous section.

Click Create once all values are provided to finalize the integration.

Next steps

Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.

Authorization

Data Model

Entities

The following entities are created:

Resources	Entity _type	Entity _class
Account	vmware_cloud_director_account	Account
EdgeGateway	vmware_cloud_director_edge_gateway	Gateway
FirewallRule	vmware_cloud_director_firewall_rule	Rule
Network	vmware_cloud_director_network	Network
Organization	vmware_cloud_director_org	Organization
Role	vmware_cloud_director_role	AccessRole
Service	vmware_cloud_director_service	Service
User	vmware_cloud_director_user	User
Vdc	vmware_cloud_director_vdc	Group
VdcGroup	vmware_cloud_director_vdc_group	Group
VirtualMachine	vmware_cloud_director_virtual_machine	Workload

Relationships

The following relationships are created:

Source Entity _type	Relationship _class	Target Entity _type
vmware_cloud_director_account	HAS	vmware_cloud_director_service
vmware_cloud_director_account	HAS	vmware_cloud_director_org
vmware_cloud_director_account	HAS	vmware_cloud_director_role
vmware_cloud_director_edge_gateway	CONNECTS	vmware_cloud_director_network
vmware_cloud_director_edge_gateway	HAS	vmware_cloud_director_firewall_rule
vmware_cloud_director_org	HAS	vmware_cloud_director_user
vmware_cloud_director_org	HAS	vmware_cloud_director_vdc
vmware_cloud_director_org	HAS	vmware_cloud_director_vdc_group
vmware_cloud_director_user	ASSIGNED	vmware_cloud_director_role
vmware_cloud_director_vdc	HAS	vmware_cloud_director_edge_gateway
vmware_cloud_director_vdc	CONTAINS	vmware_cloud_director_network
vmware_cloud_director_vdc	CONTAINS	vmware_cloud_director_virtual_machine
vmware_cloud_director_vdc_group	CONTAINS	vmware_cloud_director_vdc
vmware_cloud_director_vdc_group	HAS	vmware_cloud_director_edge_gateway

Types

Vmware Cloud Director Account

vmware_cloud_director_account inherits from Account

Property	Type	Description	Specifications
apiHost *	string	The hostname of the VMware Cloud Director API endpoint.

---

Vmware Cloud Director Edge Gateway

vmware_cloud_director_edge_gateway inherits from Gateway

Property	Type	Description	Specifications
backingId *	string | null	The identifier of the underlying NSX backing object for the gateway.
deploymentMode *	string | null	The deployment topology of the edge gateway (e.g. STANDARD, ACTIVE_STANDBY).
gatewayType *	string | null	The backing gateway type reported by VCD (e.g. NSXT_BACKED, NSXV_BACKED).
isDistributedRoutingEnabled *	boolean | null	Whether distributed routing is enabled on the edge gateway.
isUniversalVdcGroupEdge *	boolean | null	Whether the edge gateway belongs to a universal VDC group.
orgVdcNetworkCount *	number | null	The number of org VDC networks attached to the edge gateway.

---

Vmware Cloud Director Firewall Rule

vmware_cloud_director_firewall_rule inherits from Rule

Property	Type	Description	Specifications
action *	string | null	The action taken when the rule matches (ALLOW, DROP, REJECT). Sourced from actionValue with a fallback to the deprecated action field on older VCD versions.
direction *	string | null	The traffic direction the rule applies to (IN, OUT, IN_OUT).
ipProtocol *	string | null	The IP protocol family the rule applies to (IPV4, IPV6, IPV4_IPV6).
isLoggingEnabled *	boolean | null	Whether matches against the rule are logged.
ruleCategory *	string	Whether the rule is system-managed, a tenant default, or user-defined (SYSTEM, DEFAULT, USER).

---

Vmware Cloud Director Network

vmware_cloud_director_network inherits from Network

Property	Type	Description	Specifications
connectionType *	string | null	How the network connects to its upstream router (INTERNAL, DISTRIBUTED, NON_DISTRIBUTED).
dnsServer1 *	string | null	The primary DNS server distributed to clients on the network.
dnsServer2 *	string | null	The secondary DNS server distributed to clients on the network.
gateway *	string | null	The IP address of the primary subnet gateway.
isRouteAdvertised *	boolean | null	Whether routes for the network are advertised to upstream gateways.
isShared *	boolean | null	Whether the network is shared with other VDCs.
networkType *	string | null	The type of org VDC network (NAT_ROUTED, ISOLATED, DIRECT, CROSS_VDC, OPAQUE).
prefixLength *	number | null	The CIDR prefix length of the primary subnet.
totalIpCount *	number | null	The total number of IP addresses available in the network.
usedIpCount *	number | null	The number of IP addresses currently allocated from the network.

---

Vmware Cloud Director Org

vmware_cloud_director_org inherits from Organization

Property	Type	Description	Specifications
catalogCount *	number | null	The number of catalogs in the organization.
isManageOrgsAllowed *	boolean | null	Whether this organization can manage other organizations.
isPublishAllowed *	boolean | null	Whether this organization can publish catalogs.
orgVdcCount *	number | null	The number of VDCs that belong to the organization.
runningVMCount *	number | null	The number of currently running VMs in the organization.
userCount *	number | null	The number of users in the organization.
vappCount *	number | null	The number of vApps in the organization.

---

Vmware Cloud Director Role

vmware_cloud_director_role inherits from AccessRole

Property	Type	Description	Specifications
bundleKey *	string | null	The localization bundle key used by the VCD UI to display the role name.

---

Vmware Cloud Director Service

vmware_cloud_director_service inherits from Service

---

Vmware Cloud Director User

vmware_cloud_director_user inherits from User

Property	Type	Description	Specifications
deployedVmQuota *	number | null	The maximum number of VMs the user is allowed to keep deployed concurrently.
isGroupRole *	boolean | null	Whether the user inherits its role assignments from a group rather than directly.
isLocked *	boolean | null	Whether the user account is locked out, typically after failed sign-in attempts.
isStranded *	boolean | null	Whether the user is in a stranded state (no longer linked to its identity provider).
providerType *	string | null	The identity provider type for the user (e.g. INTEGRATED, SAML, LDAP).
storedVmQuota *	number | null	The maximum number of VMs the user is allowed to keep stored.

---

Vmware Cloud Director Vdc

vmware_cloud_director_vdc inherits from Group

Property	Type	Description	Specifications
allocationType *	string | null	The allocation model for the VDC (AllocationVApp, AllocationPool, ReservationPool, Flex).
isNetworkingTenancyEnabled *	boolean | null	Whether NSX-T multi-tenant networking is enabled for the VDC.

---

Vmware Cloud Director Vdc Group

vmware_cloud_director_vdc_group inherits from Group

Property	Type	Description	Specifications
groupType *	string | null	The scope of the VDC group (LOCAL or UNIVERSAL).
isDfwEnabled *	boolean | null	Whether the NSX-T Distributed Firewall is enabled on the group.
isUniversalNetworkingEnabled *	boolean | null	Whether universal (cross-site) networking is enabled on the group.
networkProviderType *	string | null	The network provider type backing the group (NSX_T, NSXV).
participatingVdcCount *	number | null	The number of organization VDCs that participate in the group.

---

Vmware Cloud Director Virtual Machine

vmware_cloud_director_virtual_machine inherits from Workload

Property	Type	Description	Specifications
moref *	string | null	The vCenter managed object reference (moref) for the underlying VM.

---

Release Notes