Data Payload

This is an information message

Please Note:

This part of the documentation is under construction and will continuously be extended. Not all available catalog items are currently documented.

Get cNAT ID

GET

Get Tenant cNAT ID

It provides the option to retrieve the cNAT ID for the tenant. The returned ID is needed for a tenant in order to give access to nated resources outside of the tenant's network, such as S3 Instances provisioned on a different ESC tenant. Example: by providing this ID as "Shared With Others" when provisioning a Object Storage S3, the instance will be accessible from the tenant.

Virtual Machine

POST

Swisscom RHEL 8

Deployment of a configurable virtual machine with a pre-installed RHEL 8 Operating System. The guest OS can be configured as self-managed or Swisscom managed. Operation and maintenance of the deployed virtual machine will be in the responsibility of the customer for the self-managed mode or managed by Swisscom for enabled managed OS. The chosen configuration will be billed hourly. When the virtual machine is stopped, no charges incur for vCPU, memory or OS licenses.

Example Data (JSON)

Base structure of the Blueprint request. There are more fields available which can be retrieved by getting the template first as described in Step 1 of the Introduction.

Details for Patching Window, Backup Policy, Service Level and Location can be checked in Enums.

{
  "type": "com.vmware.vcac.catalog.domain.request.CatalogItemProvisioningRequest",
  "catalogItemId": "{{consumer-catalog-item-guid}}",
  "businessGroupId": "{{consumer-business-group-guid}}",
  "data": {
    "RHEL8": {
      "data": {
        "Scc.Mms.ExtensionsActivated": true,
        "Scc.Mms.OsCoreEnabled": true,
        "Scc.Mms.PatchingEnabled": true,
        "Scc.Mms.PatchingWindow": "1st Week Saturday 02:00 - 04:00",
        "Scc.Mms.MalwareEnabled": true,
        "Scc.Mms.CisEnabled": true,

        "cpu": 1,
        "memory": 1024,
        "Scc.Vm.Orch.BackupPolicy": "Enable",
        "Scc.Vm.Orch.Backup.backupReplication": false,
        "Scc.Vm.Orch.Backup.s3Archive": false,

        "Scc.Vm.Orch.ServiceLevel": "Advanced",
        "Vrm.DataCenter.Location": "Stretched - Gold Datacenter",
        "Scc.Vm.Orch.Placement.VmGroup": "DC Olten",

        "Scc.Vm.Orch.Linux.RootPassword": "test1234$",

        "Scc.Vm.Orch.ManageStorages": "false",
        "Scc.Vm.Orch.Storage0.DriveLetter": "",
        "Scc.Vm.Orch.Storage0.Label": "",
        "Scc.Vm.Orch.Storage0.MountPoint": "",
        "Scc.Vm.Orch.Storage0.Policy": "",
        "Scc.Vm.Orch.Storage0.Size": "35",

        "VMware.Network.Type": "VMXNET3",
        "VirtualMachine.Network0.Address": "",
        "VirtualMachine.Network0.Name": "vxw-dvs-85-virtualwire-970-sid-12345-tenant-123-networkname",
        "Scc.Vm.Orch.Network0.EnableDHCP": "false"
      }
    },
    "Scc.Ms.technicalContactEmail": "no-reply@swisscom.com",
    "Scc.Ms.technicalContactPhone": "0041791234567"
  }
}

POST

Swisscom Windows 2019

Deployment of a configurable virtual machine with a pre-installed Windows 2019 Operating System. The guest OS can be configured as self-managed or Swisscom managed. Operation and maintenance of the deployed virtual machine will be in the responsibility of the customer for the self-managed mode or managed by Swisscom for enabled managed OS. The chosen configuration will be billed hourly. When the virtual machine is stopped, no charges incur for vCPU, memory or OS licenses.

Example Data (JSON)

Base structure of the Blueprint request. There are more fields available which can be retrieved by getting the template first as described in Step 1 of the Introduction.

Details for Patching Window, Backup Policy, Service Level and Location can be checked in Enums.

{
  "type": "com.vmware.vcac.catalog.domain.request.CatalogItemProvisioningRequest",
  "catalogItemId": "{{consumer-catalog-item-guid}}",
  "businessGroupId": "{{consumer-business-group-guid}}",
  "data": {
    "WINSRV2019-STD": {
      "data": {
        "Scc.Mms.ExtensionsActivated": false,
        "Scc.Mms.OsCoreEnabled": false,
        "Scc.Mms.PatchingEnabled": false,
        "Scc.Mms.PatchingWindow": "",
        "Scc.Mms.MalwareEnabled": false,
        "Scc.Mms.CisEnabled": false,

        "cpu": 2,
        "memory": 2048,
        "Scc.Vm.Orch.BackupPolicy": "Disable",
        "Scc.Vm.Orch.Backup.backupReplication": false,
        "Scc.Vm.Orch.Backup.s3Archive": false,

        "Scc.Vm.Orch.ServiceLevel": "Advanced",
        "Vrm.DataCenter.Location": "Stretched - Gold Datacenter",
        "Scc.Vm.Orch.Placement.VmGroup": "DC Olten",

        "SysPrep.GuiUnattended.AdminPassword": "test1234$",
        "SysPrep.UserData.ComputerName": "",

        "Sysprep.Identification.DomainAdmin": "",
        "Sysprep.Identification.DomainAdminPassword": "",
        "Sysprep.Identification.JoinDomain": "",

        "Scc.Vm.Orch.ManageStorages": "false",
        "Scc.Vm.Orch.Storage0.DriveLetter": "",
        "Scc.Vm.Orch.Storage0.Label": "",
        "Scc.Vm.Orch.Storage0.MountPoint": "",
        "Scc.Vm.Orch.Storage0.Policy": "",
        "Scc.Vm.Orch.Storage0.Size": "35",

        "VMware.Network.Type": "VMXNET3",
        "VirtualMachine.Network0.Address": "",
        "VirtualMachine.Network0.Name": "vxw-dvs-85-virtualwire-970-sid-12345-tenant-123-networkname",
        "Scc.Vm.Orch.Network0.EnableDHCP": "false"
      }
    },
    "Scc.Ms.technicalContactEmail": "no-reply@swisscom.com",
    "Scc.Ms.technicalContactPhone": "0041791234567"
  }
}

File Service Premium

POST

File Service Premium

Creates a File Service instance with several storage container services (e.g. NFS) and corresponding shares. Please choose the appropriate business group.

Parameter	Type	Required	Possible Values
instanceNameFriendly name for this File Service. With this name, the instance can be identified on the bill	string	true
networkNameChoose the network (uplink topology or service group) to which the File Service networks will be interconnected	string	true
availabilityZoneThe availability zone defines the certified datacenter-tier in which the service is produced.	string	true	See List gold platinum
aggregateThe Aggregate Network the subranges can be selected from	string	true
network1Network 1	string	true
network2Network 2	string	true
dnsServerDefine the nameservers which are used to resolve hostnames. Multiple servers can be separated by a colon. e.g: "192.168.1.1,192.168.10.1,192.168.100.50" (Note: no whitespaces are allowed)	string	false
dnsDomainNameDefines the default domain to be used for DNS resolution. e.g "storage.local"	string	false
nfsv4DomainNameSets the NFSv4 domain name to be used. In many cases, this is equal to the DNS domain.	string	false

Example Data Payload:

{
  "instanceName": "TestFileService",
  "networkName": "ut-002",
  "availabilityZone": "gold",
  "aggregate": "192.168.26.0/24 - fileservice-aggregate | 1235357",
  "network1": "10.0.3.64/27",
  "network2": "10.0.3.96/27",
  "dnsServer": "192.168.1.1,192.168.10.1",
  "dnsDomainName": "storage.local",
  "nfsv4DomainName": "storage.local"
}

Kubernetes

POST

Kubernetes Environment

Parameter	Type	Required	Possible Values
aggregate	string	true
description	string	true
dnsServers	string	true
mask	string	true
vipPool	string	true

Example Data Payload:

{
  "aggregate": "10.0.3.192/28 - tenant-001-pks-networkname | 123456",
  "description": "My K8s environment.",
  "dnsServers": "8.8.8.8",
  "mask": "28.0",
  "vipPool": "10.0.3.192/28"
}

POST

Create Cluster

Parameter	Type	Required	Possible Values
parentRefName of the Kubernetes Environment	string	true
planNamePlan	string	true	See List basic advanced
hostnameCluster External Hostname. Max lenght: 63 characters.	string	true
workerNodePoolsWorker Node Pools	array	true	See List { "name": "Only dashes and [0-9A-Za-z],max 12 digits", "cpu": [ 1, 2, 4, 8, 16, 32, 64 ], "memory_gb": [ 4, 8, 16, 32, 64, 128, 256, 512 ], "persistent_disk_gb": [ "min 32gb - max 500gb" ], "count": "No limit yet" }
lbSizeLoad Balancer Size	string	true	See List medium large
insecureRegistriesProvide a comma separated list of insecure registries. E.g. insecure.dontdo.that, insecure.onlyfor.dev	string	false

Example Data Payload:

{
  "parentRef": "Kubernetes Environment - 22e7f853-2242-4858-8ba4-c5a222a04e96",
  "planName": "basic",
  "hostname": "test.test.com",
  "workerNodePools": [
    {
      "name": "profile-1",
      "cpu": 2,
      "memory_gb": 8,
      "persistent_disk_gb": 32,
      "count": 3
    }
  ],
  "lbSize": "medium",
  "insecureRegistries": "insecure.dontdo.that, insecure.onlyfor.dev"
}

Managed Reverse Proxy

POST

Managed Reverse Proxy

Creates a Reverse Proxy instance, based on a public IP address. Access out of the Internet can be disabled. Optional Public Certificate incl. renewal and automated DNS record creation can be requested

Parameter	Type	Required	Possible Values
planNamePlan Name	string	true	See List S S non Prod M L XL
fqdnFully Qualified Domain Name	string	true
fqdnAliasesEnter FQDN aliases. Wildcards not allowed	string	false
dnsIntegrationDNS Integration. If it is selected, a DNS-Record will be created, only If DNS-Zone is managed by Swisscom. In case the DNS-Zone is not managed by Swisscom, the request will fail	boolean	true
description	string	false
desiredCertProviderDesired Ceritifcate Provider. Self signed Cert: default self signed certificate from F5. Public Cert provided by Swisscom: the domain must be pre-registered at SwissSign. Public Cert provided by Consumer: certificate will be provided by consumer later	string	true	See List Self signed Cert Public Cert provided by Swisscom Public Cert provided by Consumer
connectInetInternet Access. If it is selected, the Managed Reverse Proxy is available from the internet	boolean	true
srvProtocolService Protocol	string	true	Fixed Valuehttps
srvPortService Port	number	true
redirectTlsRedirect http to https	boolean	true
ipAddressFamilyIP Address Family	string	true	See List ipv4 ipv6 DualStack
serverAddressesBackend Server IP	string	true
servicePortBackend Server Port	number	true
tlsReencryptBackend Server Re-encryption	boolean	true
aclSrcIpAllowAllow List IP Source based. Enter IP addresses or subnets, with space separation or each element in one separate line. The list can be empty, in this case no IP address or subnet can access the Managed Reverse Proxy	string	false
aclSrcIpDenyDeny List IP Source based. Enter IP addresses or subnets, with space separation or each element in one separate line. The list can be empty, in this case the respective Reverse Proxy instance is controlled purely by the allow list	string	false
tufinFunctionTufin function with security-level DSW or SSW only	string	only if tenant is configured in Tufin

Example Data Payload:

{
  "planName": "M",
  "fqdn": "myrp.local.com",
  "fqdnAliases": "myrp-aliases.local.com",
  "dnsIntegration": true,
  "desiredCertProvider": "Public Cert provided by Swisscom",
  "connectInet": true,
  "srvProtocol": "https",
  "srvPort": 443,
  "redirectTls": true,
  "ipAddressFamily": "ipv4",
  "serverAddresses": "10.10.10.10",
  "servicePort": 443,
  "tlsReencrypt": true,
  "aclSrcIpAllow": "255.255.255.0/28",
  "aclSrcIpDeny": "10.122.1.5",
  "tufinFunction": "myTufinFunction"
}

Managed Forward Proxy

POST

Managed Forward Proxy

Creates a Forward Proxy instance. The instance is connected to the internet. The consumer of the service can modify the allow and deny list of the instance

Parameter	Type	Required	Possible Values
planNamePlan Name	string	true	See List S M L XL
fqdnFully Qualified Domain Name. It is used as Managed Forward Proxy A/AAA DNS-record-name. If the DNS-Zone is not managed by Swisscom, the field can be left empty	string	false
dnsIntegrationDNS Integration. If it is selected, a DNS-Record will be created, only If DNS-Zone is managed by Swisscom. In case the DNS-Zone is not managed by Swisscom, the request will fail. In case FQDN is left empty, please set DNS Integration to FALSE, otherwise the deployment will be rejected	boolean	true
description	string	false
connectInetInternet Access. If it is selected, the Managed Forward Proxy is available from the internet	boolean	true
srvPortService Port	number	false
ipAddressFamilyIP Address Family	string	true	See List ipv4 ipv6 DualStack
allowListIpBasedAllow List IP Destination based. Enter IP addresses or subnets, with space separation or each element in one separate line. The list can be empty, in this case the respective Forward Proxy instance is completely closed, and no IP address or subnet destinations can be reached	string	false
aclSrcIpAllowAllow List IP Source based. Enter IP addresses or subnets, with space separation or each element in one separate line. The list can be empty, in this case no IP address or subnet can access the Managed Forward Proxy	string	false
allowListDomainBasedAllow List Domain Destination based. Enter hostnames or domains (wildcards are also allowed only in form .example.com, not in form *.example.com), with space separation or each element in one separate line. The list can be empty, in this case the respective Forward Proxy instance is completely closed, and no destination hostnames or domains can be reached	string	false
denyListIpBasedDeny List IP Destination based. Enter IP addresses or subnets, with space separation or each element in one separate line. The list can be empty, in this case the respective Forward Proxy instance is controlled purely by the allow list	string	false
aclSrcIpDenyDeny List IP Source based. Enter IP addresses or subnets, with space separation or each element in one separate line. The list can be empty, in this case the respective Forward Proxy instance is controlled purely by the allow list	string	false
denyListDomainBasedDeny List Domain Destination based. Enter hostnames or domains (wildcards are also allowed only in form .example.com, not in form *.example.com), with space separation or each element in one separate line. The list can be empty, in this case the respective Forward Proxy instance is controlled purely by the allow list	string	false
enableSocksEnable Socks. The Socks proxy can forward TCP and UDP connections, helping to bypass network segmentation. It is a dynamic port forwarding technique	boolean	true
tufinFunctionTufin function with security-level DSW or SSW only	string	only if tenant is configured in Tufin

Example Data Payload:

{
  "planName": "M",
  "fqdn": "myfp.th2-z1.local",
  "dnsIntegration": true,
  "connectInet": true,
  "srvPort": 8080,
  "ipAddressFamily": "ipv4",
  "allowListIpBased": "10.10.11.0/25",
  "aclSrcIpAllow": "255.255.255.0/28",
  "allowListDomainBased": ".web.mydomain.com",
  "denyListIpBased": "12.10.11.0/25",
  "aclSrcIpDeny": "10.122.1.5",
  "denyListDomainBased": "*.com.ch",
  "enableSocks": true,
  "tufinFunction": "myTufinFunction"
}

Object Storage S3

POST

Object Storage S3

Parameter	Type	Required	Possible Values
instanceNameFriendly name of the Object Storage S3 instance.	string	true	Regex /^(?:[A-Za-z_][\w-]{0,40})$/ No Match
internetAccessibleIf set to true, the S3 instance will additionally be available from the Internet. This decreases security and is not recommended for sensitive data. Please note: This option might be restricted by your organization on Tenant level.	boolean	true
encryptedIf set to true, namespace encryption will be enabled. This option cannot be changed back later.	boolean	true
archiveSafeFor most use cases, leaving this option disabled is recommended. If 'Archive Safe' is selected, files can be written once and never be updated again. The file will be automatically deleted as soon as the defined retention period is reached.	boolean	true
sharedWithSwisscomThis option allows management access for Swisscom to your S3 instance. This is needed for importing OVA images via this namespace.	boolean	false
sharedWithOthersIf needed, one or multiple IDs must be specified comma separated, no space allowed. Be aware that it enables access for external customers. In order to use the parameter, please open a Support Request.	string	false

Example Data Payload:

{
  "instanceName": "My S3 Service",
  "internetAccessible": false,
  "encrypted": false,
  "archiveSafe": false,
  "sharedWithSwisscom": false,
  "sharedWithOthers": ""
}

MS Managed SQL

POST

Managed MS SQL DBMS 2022

Deployment of a configurable Managed MS SQL DBMS 2022

Example Data (JSON)

Base structure of the Blueprint request. There are more fields available which can be retrieved by getting the template first as described in Step 1 of the Introduction.

Details for Patching Window, Backup Policy, Service Level and Location can be checked in Enums.

{
  "type": "com.vmware.vcac.catalog.domain.request.CatalogItemProvisioningRequest",
  "catalogItemId": "{{consumer-catalog-item-guid}}",
  "businessGroupId": "{{consumer-business-group-guid}}",
  "data": {
    "WINSRV2019-MSQL2022": {
      "componentTypeId": "com.vmware.csp.component.cafe.composition",
      "classId": "Blueprint.Component.Declaration",
      "typeFilter": "ManagedMSSQLDBMS2022*WINSRV2019-MSQL2022",
      "data": {
        "Scc.Ms.AbbProtectionGroup": "P01-FullDaily-TLog15Minutes-Retention30D",
        "Scc.Ms.PatchingWindow": "1st Week Sunday 02:00 - 04:00",
        "Scc.Ms.ResourceDomain": "myTenant-123.myDomain.com",
        "Scc.Ms.SQLCustomerDBAName": "dbUser",
        "Scc.Ms.SQLCustomerDBAPassword": ".!123456Abc",
        "Scc.Ms.Sqlcollations": "Latin1_General_CI_AS",
        "Scc.Ms.Sqleditions": "Std",
        "Scc.Ms.Sqllicense": "Yes",
        "Scc.Ms.technicalContactEmail": "myTechnicalContact@mydomain.com",
        "Scc.Ms.technicalContactPhone": "079 000 00 00",
        "Scc.Vm.Orch.BackupPolicy.Detail": "",
        "Scc.Vm.Orch.Placement.VmGroup": "",
        "Scc.Vm.Orch.ServiceLevel": "Basic",
        "SysPrep.GuiUnattended.TimeZone": "110",
        "SysPrep.UserData.ComputerName": "",
        "VirtualMachine.Network0.Name": "myPreDefinedNetwork",
        "Vrm.DataCenter.Location": "Olten - Gold Datacenter",
        "cpu": 2,
        "disks": [
          "<--diskObjectsFromActionTemplate-->"
        ],
        "memory": 8192
      }
    }
  }
}