Archive for 2017年3月

Platform Services Controller

Platform Services Controller (PSC) is a component of the VMware Cloud Infrastructure Suite. PSC deals with identity management for administrators and applications that interact with the vSphere platform.

With this new architecture of  vCenter Server 6.0 you learned about the Platform Services Controller, a new functional component of vCenter that moves beyond just Single-Sign On to include additional platform services such as:

  • Licensing Service
  • Certificate Authority (VMCA)
  • Certificate Store (VECS)
  • Lookup Service for Component Registrations

In vCenter Server 6.0 Update 1, we’re excited to introduce the next stage of the administration with the Platform Services Controller Interface, a fully HTML5-based interface to administer and configure many of the services that run on the PSC.

Using the Platform Services Controller Interface you can perform tasks, such as:

  • Adding and Editing Users and Groups for Single Sign-On
  • Adding Single Sign-On Identity Sources
  • Configuring Single Sign-On Policies (e.g Password Policies)
  • Adding Certificate Stores
  • Adding and Revoking Certificates


vCenter Linked Mode

vCenter Enhanced Linked Mode connects multiple vCenter Server systems together by using one or more Platform Services Controllers. 2 PSC can work in HA mode.

Enhanced Linked Mode lets you view and search across all linked vCenter Server systems and replicate roles, permissions, licenses, policies, and tags.

When you install vCenter Server or deploy the vCenter Server Appliance with an external Platform Services Controller, you must first install the Platform Services Controller. During installation of the Platform Services Controller, you can select whether to create a new vCenter Single Sign-On domain or join an existing domain.

Call API of vCenters in Linked Mode

When two or more vCenters are connected to a PSC (i.e. in Linked Mode), we can follow the steps below to retrieve data from each vCenter.

  1. Lookup vCenter Servers IP in PSC. The python script “lookup-vcenters-in-psc.py PSC_IP” can list all vCenter Servers IP in PSC, and this script does not require authentication.
  2. Use the API to login PSC and get a token. This is the same API with the API to login vCenter with embedded PSC.
  3. Use the token to call API of each vCenter. These is not a single API call to get data from both vCenters, so you need to call each vCenter separately.

lookup-vcenters-in-psc.py :

from pyVim import connect
import requests
import sys,ssl
from xml.etree.ElementTree import XML, fromstring, tostring
from requests.packages.urllib3.exceptions import InsecureRequestWarning
url = "%s://%s:%s/%s" % (protocol, server, port, path)
baseVersion = 'lookup'
# Disabling SSL certificate verification
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.verify_mode = ssl.CERT_NONE
versionId = 'urn:lookup/2.0'
headers = {'content-type': 'text/xml; charset=utf-8', 'Accept': 'text/xml,multipart/*,application/soap', 'SOAPAction': versionId}
         <List xmlns='urn:lookup'>
           <_this type='LookupServiceRegistration'>ServiceRegistration</_this>
response=requests.post(url,data=body,headers=headers, verify=False)
soapResponse = fromstring(response.content)
returnvalList = soapResponse.findall('.//{urn:' + baseVersion + '}returnval')
for retVal in returnvalList:
  nodes = retVal.findall('.//{urn:' + baseVersion + '}url')
  for node in nodes:
    if node.text.endswith(':443/sdk'):
print vCenterList

Read Full Post »