Skip to content
CA Privileged Access Manager - 2.8.3
Documentation powered by DocOps

VMware NSX API Proxy Integration

Last update September 2, 2016

VMware NSX API Proxy requires licensing from CA Technologies for a specific number of proxy users. The proxy is available for deployment in VMware OVA file format.


If your CA Privileged Access Manager installation allows or you plan to allow use of both VMware NSX API Proxy and AWS API Proxy, these proxies must be on different subnets.

The use case flow is:

  1. A user sends a REST API request (intended for NSX Manager) to the new CA Technologies VMware NSX API Proxy. The request uses credentials from CA Privileged Access Manager, which are valid only for use with this proxy. (They differ from the credentials used by NSX Manager).
  2. The proxy validates the request, obtains the actual (and persistent) NSX Manager credentials that have been vaulted on CA Privileged Access Manager. It then using those credentials forwards the request to NSX Manager.
  3. The NSX Manager response is passed directly to the user while audit and request syslog entries are stored in vCenter Log Insight. If configured, CA Privileged Access Manager rotates the NSX Manager credential.

A VMware NSX API Proxy User role has the accessAll and manageAll privileges, and a VmwareNsxApiProxy role allows use of the proxy.

Was this helpful?

Please log in to post comments.