Accessing
vSphere
Automation Services
vSphere
Automation
ServicesvSphere
Automation
SDK provides mechanisms for creating remote stubs to
give clients access to
vSphere
Automation
services.
The sequence of tasks you must
follow to create a remote stub starts with creating a
ProtocolFactory
. You
use the protocol factory object to create a
ProtocolConnection
.
Connection objects provide the basis for creating stub interfaces
tovSphere
Automation
services.
When you establish a connection to the
vSphere
Automation
endpoint, you can create a StubFactory
object and a
StubConfiguration
object. With these objects, you can create the remote stub for the vSphere
Automation
service that you want to access. The complete connection sequence
also includes SSL truststore support and a temporary
StubConfiguration
that
you use for SAML token authentication and session creation.
- SSL Handshake
- ThevSphere Automationendpoint (https://host/api) is an SSL‐enabled service that requires client authentication during login. The SSL connection relies on certificate verification supported by the Java security architecture. The Java security architecture defines truststores for SSL connections. A truststore contains vCenter Single Sign-On credentials. You use a truststore to verify credentials from avCenter Serverinstance.ThevSphere Automation SDK for Javaincludes an SSL utility sample code that supports the creation of a truststore for the HTTP connection,com.vmware.vcloud.suite.samples.common.SslUtil.ThevSphere Automation SDK for JavaSSL utility creates an instance of the Java security certificate classX509TrustManager. This instance declares an override client-side method,checkServerTrusted, that accepts all HTTPS certificates. This method is suitable only for development environments. For a production environment, do not use theX509TrustManageroverride methods. Instead, set up a truststore for use by the defaultX509TrustManagerimplementation.
For greater security, use an
external utility to create a certificate store:
keytool -import -noprompt -trustcacerts \ -alias <alias name> \ -file <certificate file> \ -keystore <truststore filename> \ -storepass <truststore password>