Data Payload

This is an information message

Please Note:

This part of the documentation is under construction and will continuously be extended. Not all available catalog items are currently documented.

Get cNAT ID

GET

Get Tenant cNAT ID

It provides the option to retrieve the cNAT ID for the tenant. The returned ID is needed for a tenant in order to give access to nated resources outside of the tenant's network, such as S3 Instances provisioned on a different ESC tenant. Example: by providing this ID as "Shared With Others" when provisioning a Object Storage S3, the instance will be accessible from the tenant.

Virtual Machine

POST

Swisscom RHEL 8

Deployment of a configurable virtual machine with a pre-installed RHEL 8 Operating System. The guest OS can be configured as self-managed or Swisscom managed. Operation and maintenance of the deployed virtual machine will be in the responsibility of the customer for the self-managed mode or managed by Swisscom for enabled managed OS. The chosen configuration will be billed hourly. When the virtual machine is stopped, no charges incur for vCPU, memory or OS licenses.

Example Data (JSON)

Base structure of the Blueprint request. There are more fields available which can be retrieved by getting the template first as described in Step 1 of the Introduction.

Details for Patching Window, Backup Policy, Service Level and Location can be checked in Enums.

{
  "type": "com.vmware.vcac.catalog.domain.request.CatalogItemProvisioningRequest",
  "catalogItemId": "{{consumer-catalog-item-guid}}",
  "businessGroupId": "{{consumer-business-group-guid}}",
  "data": {
    "RHEL8": {
      "data": {
        "Scc.Mms.ExtensionsActivated": true,
        "Scc.Mms.OsCoreEnabled": true,
        "Scc.Mms.PatchingEnabled": true,
        "Scc.Mms.PatchingWindow": "1st Week Saturday 02:00 - 04:00",
        "Scc.Mms.MalwareEnabled": true,
        "Scc.Mms.CisEnabled": true,

        "cpu": 1,
        "memory": 1024,
        "Scc.Vm.Orch.BackupPolicy": "Enable",
        "Scc.Vm.Orch.Backup.backupReplication": false,
        "Scc.Vm.Orch.Backup.s3Archive": false,

        "Scc.Vm.Orch.ServiceLevel": "Advanced",
        "Vrm.DataCenter.Location": "Stretched - Gold Datacenter",
        "Scc.Vm.Orch.Placement.VmGroup": "DC Olten",

        "Scc.Vm.Orch.Linux.RootPassword": "test1234$",

        "Scc.Vm.Orch.ManageStorages": "false",
        "Scc.Vm.Orch.Storage0.DriveLetter": "",
        "Scc.Vm.Orch.Storage0.Label": "",
        "Scc.Vm.Orch.Storage0.MountPoint": "",
        "Scc.Vm.Orch.Storage0.Policy": "",
        "Scc.Vm.Orch.Storage0.Size": "35",

        "VMware.Network.Type": "VMXNET3",
        "VirtualMachine.Network0.Address": "",
        "VirtualMachine.Network0.Name": "vxw-dvs-85-virtualwire-970-sid-12345-tenant-123-networkname",
        "Scc.Vm.Orch.Network0.EnableDHCP": "false"
      }
    },
    "Scc.Ms.technicalContactEmail": "no-reply@swisscom.com",
    "Scc.Ms.technicalContactPhone": "0041791234567"
  }
}

POST

Swisscom Windows 2019

Deployment of a configurable virtual machine with a pre-installed Windows 2019 Operating System. The guest OS can be configured as self-managed or Swisscom managed. Operation and maintenance of the deployed virtual machine will be in the responsibility of the customer for the self-managed mode or managed by Swisscom for enabled managed OS. The chosen configuration will be billed hourly. When the virtual machine is stopped, no charges incur for vCPU, memory or OS licenses.

Example Data (JSON)

Base structure of the Blueprint request. There are more fields available which can be retrieved by getting the template first as described in Step 1 of the Introduction.

Details for Patching Window, Backup Policy, Service Level and Location can be checked in Enums.

{
  "type": "com.vmware.vcac.catalog.domain.request.CatalogItemProvisioningRequest",
  "catalogItemId": "{{consumer-catalog-item-guid}}",
  "businessGroupId": "{{consumer-business-group-guid}}",
  "data": {
    "WINSRV2019-STD": {
      "data": {
        "Scc.Mms.ExtensionsActivated": false,
        "Scc.Mms.OsCoreEnabled": false,
        "Scc.Mms.PatchingEnabled": false,
        "Scc.Mms.PatchingWindow": "",
        "Scc.Mms.MalwareEnabled": false,
        "Scc.Mms.CisEnabled": false,

        "cpu": 2,
        "memory": 2048,
        "Scc.Vm.Orch.BackupPolicy": "Disable",
        "Scc.Vm.Orch.Backup.backupReplication": false,
        "Scc.Vm.Orch.Backup.s3Archive": false,

        "Scc.Vm.Orch.ServiceLevel": "Advanced",
        "Vrm.DataCenter.Location": "Stretched - Gold Datacenter",
        "Scc.Vm.Orch.Placement.VmGroup": "DC Olten",

        "SysPrep.GuiUnattended.AdminPassword": "test1234$",
        "SysPrep.UserData.ComputerName": "",

        "Sysprep.Identification.DomainAdmin": "",
        "Sysprep.Identification.DomainAdminPassword": "",
        "Sysprep.Identification.JoinDomain": "",

        "Scc.Vm.Orch.ManageStorages": "false",
        "Scc.Vm.Orch.Storage0.DriveLetter": "",
        "Scc.Vm.Orch.Storage0.Label": "",
        "Scc.Vm.Orch.Storage0.MountPoint": "",
        "Scc.Vm.Orch.Storage0.Policy": "",
        "Scc.Vm.Orch.Storage0.Size": "35",

        "VMware.Network.Type": "VMXNET3",
        "VirtualMachine.Network0.Address": "",
        "VirtualMachine.Network0.Name": "vxw-dvs-85-virtualwire-970-sid-12345-tenant-123-networkname",
        "Scc.Vm.Orch.Network0.EnableDHCP": "false"
      }
    },
    "Scc.Ms.technicalContactEmail": "no-reply@swisscom.com",
    "Scc.Ms.technicalContactPhone": "0041791234567"
  }
}

File Service Premium

POST

File Service Premium

Creates a File Service instance with several storage container services (e.g. NFS) and corresponding shares. Please choose the appropriate business group.

Parameter	Type	Required	Possible Values
instanceNameFriendly name for this File Service. With this name, the instance can be identified on the bill	string	true
networkNameChoose the network (uplink topology or service group) to which the File Service networks will be interconnected	string	true
availabilityZoneThe availability zone defines the certified datacenter-tier in which the service is produced.	string	true	See List gold platinum
aggregateThe Aggregate Network the subranges can be selected from	string	true
network1Network 1	string	true
network2Network 2	string	true
dnsServerDefine the nameservers which are used to resolve hostnames. Multiple servers can be separated by a colon. e.g: "192.168.1.1,192.168.10.1,192.168.100.50" (Note: no whitespaces are allowed)	string	false
dnsDomainNameDefines the default domain to be used for DNS resolution. e.g "storage.local"	string	false
nfsv4DomainNameSets the NFSv4 domain name to be used. In many cases, this is equal to the DNS domain.	string	false

Example Data Payload:

{
  "instanceName": "TestFileService",
  "networkName": "ut-002",
  "availabilityZone": "gold",
  "aggregate": "192.168.26.0/24 - fileservice-aggregate | 1235357",
  "network1": "10.0.3.64/27",
  "network2": "10.0.3.96/27",
  "dnsServer": "192.168.1.1,192.168.10.1",
  "dnsDomainName": "storage.local",
  "nfsv4DomainName": "storage.local"
}

Kubernetes

POST

Kubernetes Environment

Parameter	Type	Required	Possible Values
aggregate	string	true
description	string	true
dnsServers	string	true
mask	string	true
uplinkTopology	string	true
vipPool	string	true

Example Data Payload:

{
  "aggregate": "10.0.3.192/28 - tenant-001-pks-networkname | 123456",
  "description": "My K8s environment.",
  "dnsServers": "8.8.8.8",
  "mask": "28.0",
  "uplinkTopology": "ut-123",
  "vipPool": "10.0.3.192/28"
}

POST

Create Cluster

Parameter	Type	Required	Possible Values
parentRefName of the Kubernetes Environment	string	true
planNamePlan	string	true	See List basic advanced
hostnameCluster External Hostname. Max lenght: 63 characters.	string	true
workerNodePoolsWorker Node Pools	array	true	See List { "name": "Only dashes and [0-9A-Za-z],max 12 digits", "cpu": [ 1, 2, 4, 8, 16, 32, 64 ], "memory_gb": [ 4, 8, 16, 32, 64, 128, 256, 512 ], "persistent_disk_gb": [ "min 32gb - max 500gb" ], "count": "No limit yet" }
lbSizeLoad Balancer Size	string	true	See List medium large
insecureRegistriesProvide a comma separated list of insecure registries. E.g. insecure.dontdo.that, insecure.onlyfor.dev	string	false

Example Data Payload:

{
  "parentRef": "Kubernetes Environment - 22e7f853-2242-4858-8ba4-c5a222a04e96",
  "planName": "basic",
  "hostname": "test.test.com",
  "workerNodePools": [
    {
      "name": "profile-1",
      "cpu": 2,
      "memory_gb": 8,
      "persistent_disk_gb": 32,
      "count": 3
    }
  ],
  "lbSize": "medium",
  "insecureRegistries": "insecure.dontdo.that, insecure.onlyfor.dev"
}

Managed Oracle Database (Regular)

POST

Managed Oracle CDB (Regular)

Parameter	Type	Required	Possible Values
aggregateThe Aggregate Network the subranges can be selected from	string	true
p_enabled_backup_configurationIf this option is selected, a database backup will be set up. It is an Incremental for ever backup with PiT (point in time) restore capabilities. Choosing this option causes additional costs. The amount of storage used on the backup system is charged in GB	boolean	true
p_friendly_nameThe name of the CDB instance	string	true	Regex /^(?:[A-Za-z_][\\w-]{0,40})$/ No Match
p_network_active_aPrimary Network Subnet Range /29	string	true
p_network_active_bSecondary Network Subnet Range /29	string	true
p_oracle_db_version_typeSpecifies the Oracle version for the RDBMS	string	false	See List 19.12.0 19.13.0 19.14.0 19.15.0 19.16.0 19.17.0 19.18.0
p_plan_modeDefines the Data Guard protection mode for the ADVANCED plan: SYNC_FSFO is the default and enables synchronous network transport (MaxAvailability) between the Data Guard primary and the standby database including Fast Start Failover (FSFO). SYNC_NOFSFO enables synchronous network transport (MaxAvailability) without Fast Start Failover (NOFSFO) ASYNC mode uses asynchronous network transport (MaxPerformance) without Fast Start Failover.	string	If planName is 'Advanced'	See List SYNC_FSFO SYNC_NOFSFO ASYNC
p_vm_cpu_countNumber of (net) vCPUs allocated to a VM (1:1 to CDB). 1 vCPU corresponds to a CPU thread, i.e. 0.5 Intel Core. The minimum order size is 4 vCPU (=4*0.5 = 2 Intel x86 Core * 0.5 Corefactor = 1 Oracle EE processor license). The maximum order size = 88 vCPU	decimal	true
planNameChoose a plan, which allows different types of configuration/support levels.	string	true	See List EE Basic EE Advanced
serviceName	string	true	See List MODS Regular CDB (EE)
uplinkTopologyThe configured uplink topology of your Business Group and in your ESC tenant	string	true

Example Data Payload:

{
  "aggregate": "192.168.26.0/24 - correct-dyndb-aggregate | 54986",
  "p_enabled_backup_configuration": false,
  "p_friendly_name": "DatabaseTest",
  "p_network_active_a": "192.168.26.32/29",
  "p_network_active_b": "192.168.26.40/29",
  "p_oracle_db_version_type": "19.18.0",
  "p_plan_mode": "SYNC_FSFO",
  "p_vm_cpu_count": 4,
  "planName": "EE Basic",
  "serviceName": "MODS Regular CDB (EE)",
  "uplinkTopology": "ut-002"
}

Managed Oracle Database (High End)

POST

Managed Oracle PDB (Highend)

Parameter	Type	Required	Possible Values
serviceName	string	true	Fixed ValueOracle Pluggable Database
planName	string	true	See List Default Default Clone
cdbCDB Environment Name - not ID.	string	true
friendly_nameNo special characters!	string	true
resource_prioritization	string	true	See List low medium high
enable_tablespace_encryption	boolean	true
operation_support_type	string	true	See List 7x24h office hours
pdb_character_set_type	string	true	See List AL32UTF8 WE8ISO8859P1 WE8ISO8859P15 WE8MSWIN1252
pdb_lockdown_profile_typeDefines the lockdown profile which should be used for the PDB.	string	true	See List Default Java Next Generation Legacy Restricted Default MODS Regular
pdb_security_shape_typeSecurity shapes revoke a set of package permissions (e.g. UTL_SMTP, UTL_TCP, etc.) from PUBLIC schema in Oracle that can be an issue from security point of view	string	true	See List sc_ora_default sc_cis_recommendations sc_sec_best_practices

Example Data Payload:

{
  "serviceName": "Oracle Pluggable Database",
  "planName": "Default",
  "cdb": "testCdbNameNotId",
  "friendly_name": "TestPdbHighend",
  "resource_prioritization": "medium",
  "enable_tablespace_encryption": false,
  "operation_support_type": "office hours",
  "pdb_character_set_type": "AL32UTF8",
  "pdb_lockdown_profile_type": "Default",
  "pdb_security_shape_type": "sc_ora_default"
}

Managed PostgreSQL Database

POST

Managed PostgreSQL Container

Parameter	Type	Required	Possible Values
planNameDefines the service class. BASIC: All PostgreSQL Instances in this Container are located in one datacenter without geographical redundancy. ADVANCED: All PostgreSQL Instances in this Container are replicated to a second datacenter for geographical data redundancy. Higher costs per vCPU will also be charged as technically twice the amount of vCPU and RAM are produced.	string	true	See List Basic Advanced
friendly_nameFriendly name for this Container for PostgreSQL instances. With this name, the Container can be identified on the bill.	string	true
vm_cpu_countNumber of (net) vCPUs allocated to a Container (VM). 1 vCPU corresponds to a CPU thread, i.e. 0.5 Intel Core. The minimum order size is 2 vCPU (=2*0.5 = 1 Intel x86 Core). The maximum order size = 88 vCPU. Per vCPU are 8GB memory assigned (e.g. 4 vCPU * 8GB = 32GB RAM for the VM)	number	true
initial_storage_sizeThis is the size of the initial storage allocation for this Container in gigabytes. All PostgreSQL Instances within a Container share the same storage and should be considered in terms of initial allocation size. Recommendation: Try to anticipate a reasonable initial size, especially if you plan to load a large amout of initial data or if you do not want to activate the auto extend option. Unit: GB	number	true
enabled_storage_auto_extendEnable or disable the automatic growth of your PostgreSQL data file storage. If set to "on" the storage volume grows automatically when a certain "used space" threshold is reached. The volume is increased based on the following rule: If the current storage size is <100GB the next extent size is 5GB otherwise 5% of the current size.	boolean	true
uplinkTopologyChoose the network (uplink topology) to which the Managed PostgresSQL Database Service will be interconnected.	string	true
aggregateAggregate	string	true
network_active_aDefines the IP-network, which can be used for the Managed PostgreSQL Database Service. The range must be /29 or bigger in CIDR-Notation. Example: 192.168.100.0/29	string	true
network_active_bDefines the IP-network, which can be used for the Managed PostgreSQL Database Service. The range must be /29 or bigger in CIDR-Notation. Example: 192.168.100.8/29	string	true

Example Data Payload:

{
  "planName": "Basic",
  "friendly_name": "mpds-container",
  "vm_cpu_count": 2,
  "initial_storage_size": 5,
  "enabled_storage_auto_extend": false,
  "uplinkTopology": "your-ut",
  "aggregate": "10.93.80.192/26 - mpds-aggregate | 160716",
  "network_active_a": "10.93.80.208/29",
  "network_active_b": "10.93.80.248/29"
}

Managed Reverse Proxy

POST

Managed Reverse Proxy

Creates a Reverse Proxy instance, based on a public IP address. Access out of the Internet can be disabled. Optional Public Certificate incl. renewal and automated DNS record creation can be requested

Parameter	Type	Required	Possible Values
uplinkTopologyUplink Topology	string	true
planNamePlan Name	string	true	See List S S non Prod M L XL
fqdnFully Qualified Domain Name	string	true
fqdnAliasesEnter FQDN aliases. Wildcards not allowed	string	false
dnsIntegrationDNS Integration. If it is selected, a DNS-Record will be created, only If DNS-Zone is managed by Swisscom. In case the DNS-Zone is not managed by Swisscom, the request will fail	boolean	true
description	string	false
desiredCertProviderDesired Ceritifcate Provider. Self signed Cert: default self signed certificate from F5. Public Cert provided by Swisscom: the domain must be pre-registered at SwissSign. Public Cert provided by Consumer: certificate will be provided by consumer later	string	true	See List Self signed Cert Public Cert provided by Swisscom Public Cert provided by Consumer
connectInetInternet Access. If it is selected, the Managed Reverse Proxy is available from the internet	boolean	true
srvProtocolService Protocol	string	true	Fixed Valuehttps
srvPortService Port	number	true
redirectTlsRedirect http to https	boolean	true
ipAddressFamilyIP Address Family	string	true	See List ipv4 ipv6 DualStack
serverAddressesBackend Server IP	string	true
servicePortBackend Server Port	number	true
tlsReencryptBackend Server Re-encryption	boolean	true
aclSrcIpAllowAllow List IP Source based. Enter IP addresses or subnets, with space separation or each element in one separate line. The list can be empty, in this case no IP address or subnet can access the Managed Reverse Proxy	string	false
aclSrcIpDenyDeny List IP Source based. Enter IP addresses or subnets, with space separation or each element in one separate line. The list can be empty, in this case the respective Reverse Proxy instance is controlled purely by the allow list	string	false
tufinFunctionTufin function with security-level DSW or SSW only	string	only if tenant is configured in Tufin

Example Data Payload:

{
  "uplinkTopology": "your-ut",
  "planName": "M",
  "fqdn": "myrp.local.com",
  "fqdnAliases": "myrp-aliases.local.com",
  "dnsIntegration": true,
  "desiredCertProvider": "Public Cert provided by Swisscom",
  "connectInet": true,
  "srvProtocol": "https",
  "srvPort": 443,
  "redirectTls": true,
  "ipAddressFamily": "ipv4",
  "serverAddresses": "10.10.10.10",
  "servicePort": 443,
  "tlsReencrypt": true,
  "aclSrcIpAllow": "255.255.255.0/28",
  "aclSrcIpDeny": "10.122.1.5",
  "tufinFunction": "myTufinFunction"
}

Managed Forward Proxy

POST

Managed Forward Proxy

Creates a Forward Proxy instance. The instance is connected to the internet. The consumer of the service can modify the allow and deny list of the instance

Parameter	Type	Required	Possible Values
uplinkTopologyUplink Topology	string	true
planNamePlan Name	string	true	See List S S non Prod M L XL
fqdnFully Qualified Domain Name. It is used as Managed Forward Proxy A/AAA DNS-record-name. If the DNS-Zone is not managed by Swisscom, the field can be left empty	string	false
dnsIntegrationDNS Integration. If it is selected, a DNS-Record will be created, only If DNS-Zone is managed by Swisscom. In case the DNS-Zone is not managed by Swisscom, the request will fail	boolean	true
description	string	false
connectInetInternet Access. If it is selected, the Managed Forward Proxy is available from the internet	boolean	true
srvPortService Port	number	false
ipAddressFamilyIP Address Family	string	true	See List ipv4 ipv6 DualStack
allowListIpBasedAllow List IP Destination based. Enter IP addresses or subnets, with space separation or each element in one separate line. The list can be empty, in this case the respective Forward Proxy instance is completely closed, and no IP address or subnet destinations can be reached	string	false
aclSrcIpAllowAllow List IP Source based. Enter IP addresses or subnets, with space separation or each element in one separate line. The list can be empty, in this case no IP address or subnet can access the Managed Forward Proxy	string	false
allowListDomainBasedAllow List Domain Destination based. Enter hostnames or domains (wildcards are also allowed only in form .example.com, not in form *.example.com), with space separation or each element in one separate line. The list can be empty, in this case the respective Forward Proxy instance is completely closed, and no destination hostnames or domains can be reached	string	false
denyListIpBasedDeny List IP Destination based. Enter IP addresses or subnets, with space separation or each element in one separate line. The list can be empty, in this case the respective Forward Proxy instance is controlled purely by the allow list	string	false
aclSrcIpDenyDeny List IP Source based. Enter IP addresses or subnets, with space separation or each element in one separate line. The list can be empty, in this case the respective Forward Proxy instance is controlled purely by the allow list	string	false
denyListDomainBasedDeny List Domain Destination based. Enter hostnames or domains (wildcards are also allowed only in form .example.com, not in form *.example.com), with space separation or each element in one separate line. The list can be empty, in this case the respective Forward Proxy instance is controlled purely by the allow list	string	false
enableSocksEnable Socks. The Socks proxy can forward TCP and UDP connections, helping to bypass network segmentation. It is a dynamic port forwarding technique	boolean	true
tufinFunctionTufin function with security-level DSW or SSW only	string	only if tenant is configured in Tufin

Example Data Payload:

{
  "uplinkTopology": "your-ut",
  "planName": "M",
  "fqdn": "myfp.th2-z1.local",
  "dnsIntegration": true,
  "connectInet": true,
  "srvPort": 8080,
  "ipAddressFamily": "ipv4",
  "allowListIpBased": "10.10.11.0/25",
  "aclSrcIpAllow": "255.255.255.0/28",
  "allowListDomainBased": ".web.mydomain.com",
  "denyListIpBased": "12.10.11.0/25",
  "aclSrcIpDeny": "10.122.1.5",
  "denyListDomainBased": "*.com.ch",
  "enableSocks": true,
  "tufinFunction": "myTufinFunction"
}

Object Storage S3

POST

Object Storage S3

Parameter	Type	Required	Possible Values
instanceNameFriendly name of the Object Storage S3 instance.	string	true	Regex /^(?:[A-Za-z_][\w-]{0,40})$/ No Match
internetAccessibleIf set to true, the S3 instance will additionally be available from the Internet. This decreases security and is not recommended for sensitive data. Please note: This option might be restricted by your organization on Tenant level.	boolean	true
encryptedIf set to true, namespace encryption will be enabled. This option cannot be changed back later.	boolean	true
archiveSafeFor most use cases, leaving this option disabled is recommended. If 'Archive Safe' is selected, files can be written once and never be updated again. The file will be automatically deleted as soon as the defined retention period is reached.	boolean	true
uplinkTopologyChoose the network (uplink topology) to which the S3 NAT Network will be interconnected. This option is only available for certain tenants.	string	true
sharedWithSwisscomThis option allows management access for Swisscom to your S3 instance. This is needed for importing OVA images via this namespace.	boolean	false
sharedWithOthersIf needed, one or multiple IDs must be specified comma separated, no space allowed. Be aware that it enables access for external customers. In order to use the parameter, please open a Support Request.	string	false

Example Data Payload:

{
  "instanceName": "My S3 Service",
  "internetAccessible": false,
  "encrypted": false,
  "archiveSafe": false,
  "uplinkTopology": "my-ut",
  "sharedWithSwisscom": false,
  "sharedWithOthers": ""
}