After site association is complete, organization administrators at any member site can begin associating their organizations.
To create an association between two organizations (we'll call them Org-A and Org-B here), you must be a system administrator at both sites so that you can log in to each site to retrieve the information required to associate the site with another site, then make a POST request to each site supplying the other site's association information.
You cannot associate a System organization with a tenant organization. The System organization at any site can be associated only with the System organization at another site.
The process of associating two organizations can be logically decomposed into two complementary pairing operations. The first operation (in this example) pairs Org-A at Site-A with Org-B at Site-B. You must then go on to pair Org-B at Site-B with Org-A at Site-A. Until both pairings are complete, the association is incomplete. Until both pairings are complete, the heartbeat process reports that the association is incomplete (showing a Status value of ASYMMETRIC).
■
|
The sites occupied by the organizations must be associated. See Associate Two Sites. |
■
|
You must be a system administrator at both sites or an organization administrator of both organizations. |
1 | Log in to Site-A and retrieve the association data from Org-A. Site association data is contained in the OrgAssociations element of the AdminOrg object. GET https://Site-A.example.com/admin/org/30 ... <AdminOrg name="Org-A" ...> ... <Link rel="down" href="https://Site-A.example.com/api/admin/org/30/associations" ... /> ... </AdminOrg> The OrgAssociations element includes a link of the form: <Link rel="down" href="https://Site-A.example.com/api/admin/org/30/associations/localAssociationData"/> Make a GET request to this link to retrieve the OrgAssociationMember element that contains the information required when associating this organization with another with an organization at an associated site. GET https://Site-A.example.com/api/admin/org/30/associations/localAssociationData ... <OrgAssociationMember ...> <Link ...> ... <RestEndpointCertificate>-----BEGIN CERTIFICATE----- MIIDDTCCAfWgAwIBAgI...Ix0eSE= -----END CERTIFICATE----- </RestEndpointCertificate> <SiteId>urn:vcloud:org:94b78377-a3f8-4970-8e44-662d209f35f7</SiteId> <OrgId>urn:vcloud:org:f47c905d-6e7f-4ef2-a7ec-7136660bdc4f</OrgId> <OrgName>Org-A</OrgName> <OrgPublicKey>-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhki...QQIDAQAB -----END PUBLIC KEY----- </OrgPublicKey> </OrgAssociationMember> Save this response. You'll need it in Step 3. |
2 | Log in to Org-B and retrieve its add link for associations. This link is contained in the OrgAssociations element of the AdminOrg object . GET https://Site-B.example.com/admin/org/40 ... <AdminOrg name="Org-B" ...> ... <Link rel="down" href="https://Site-B.example.com/api/admin/org/40/associations" ... /> ... </AdminOrg> Retrieve the OrgAssociations to see this link. GET https://Site-B.example.com/admin/org/40/associations ... <OrgAssociations ... <Link rel="add" href="https://Site-B.example.com/api/admin/org/40/associations" ... /> ... </OrgAssociations> |
3 | POST the OrgAssociationMember response body you retrieved in Step 1 to the orgAssociations link for Site-B. You can include the entire response body. Any Link elements from the response body are ignored in a request. For brevity, this example omits the Link elements. POST https://Site-B.example.com/api/admin/org/40/associations content-type: application/vnd.vmware.admin.organizationAssociation+xml ... <OrgAssociationMember ...> ... <RestEndpointCertificate>-----BEGIN CERTIFICATE----- MIIDDTCCAfWgAwIBAgI...Ix0eSE= -----END CERTIFICATE----- </RestEndpointCertificate> <SiteId>urn:vcloud:org:94b78377-a3f8-4970-8e44-662d209f35f7</SiteId> <OrgId>urn:vcloud:org:f47c905d-6e7f-4ef2-a7ec-7136660bdc4f</OrgId> <OrgName>Org-A</OrgName> <OrgPublicKey>-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhki...QQIDAQAB -----END PUBLIC KEY----- </OrgPublicKey> </OrgAssociationMember> |
Repeat this procedure, modified as needed to retrieve the OrgAssociationMember content from Org-B and POST it to Org-A. This completes the association. The multisite heartbeat process confirms the network connection between the organizations and then sets the Status value of each OrgAssociationMember to ACTIVE.