Backup-as-a-Service with Cohesity and vRealize Automation

September 7, 2016


Moving a VM into a new Cohesity Protection Job

By Dana Gertsch, Consultant, Kovarus

Kovarus was recently approached by Cohesity to develop some sample vRealize Automation solutions to showcase the new REST API available in version 2.9.

One of the use cases was to move a previously deployed machine to another Protection Job. This blog discusses the steps necessary to create this Day 2 Resource Action in vRealize Automation.

In effect we needed to do the following:

  1. Capture and display the current Projection Job in the Request Form
  2. Provide the requester a dynamic list of available Protection Jobs to choose from
  3. Remove the VM from the original Protection Job
  4. Add the VM to the target (new) Protection Job
  5. Update the VM properties with the new Protection Job information (used to retire or remove the VM when the machine is destroyed)

Our solution used an existing vRealize Orchestrator (vRO) action to populate the drop-down list (to choose the new Protection Job), a new action to get the current Protection Job from the VM properties, and a new workflow to do the heavy lifting.

Our first action extracted the Cohesity Username, Password, and Cohesity RestHost from a vRO Configuration Element. These variables were used to login and get the Authorization Token required by the other REST calls. The following code snippet contains the important parts:

var elements = (Server.getConfigurationElementCategoryWithPath("Cohesity")).configurationElements;
for each (var element in elements) {
     // System.log("Element name " +;

     if ( == "Cohesity User Account") {
          var username = element.getAttributeWithKey("username").value;
          var password = element.getAttributeWithKey("password").value;
          // System.log("Username " + username + " password " + password);
          // Else get the restHost
     } else if ( == "Cohesity REST Host") {
          var restHost = element.getAttributeWithKey("restHost").value;
          // System.log("The restHost is " + restHost);


// Get token

var restOp = new RESTOperation("Get Cohesity Bearer Token"); // Define the name of the new operation
restOp.method = "POST"; // How is data sent to the api when called. POST mean we send data to the api.

restOp.urlTemplate = "/accessTokens";

restOp.defaultContentType = "application/json";

var inParametersValues = [];
operation = restHost.addOperation(restOp); // Add defined operation to rest host defined in "restHost" attribute

// content is not null. This the payload from the rest client
var content = "{\"username\":\"" + username + "\",\"password\":\"" + password + "\"}";
var request = operation.createRequest(inParametersValues, content); // Create request to api

var response = request.execute(); // Execute request and store returndata in "response"
/*Code below is for debugging purposes and will output data in Orchestrator client when run. Output is not persistent.

System.log("Get token returned status code: " + response.statusCode);
var contentAsString = response.contentAsString;

// System.log("Content as string: " + contentAsString);
// System.log("Response: " + response);
statusCode = response.statusCode;
statusCodeAttribute = statusCode;
// System.log("Status code: " + statusCode);
var jsonResponse = JSON.parse(contentAsString);
// Get the token values
var token = jsonResponse.accessToken;
var tokenType = jsonResponse.tokenType;

We are not going to discuss how to get the list of available Protection Jobs, but will show how to figure out what the REST call should look like. Cohesity has a nice development tool available via their GUI. Simply click on Help in the upper right hand corner, and then select REST API.


Click on the ProtectionJobs Tag


Under /public/ProtectionJobs (Should be the first Path listed), click on the “Try this operation” button near the bottom, then “Send Request” near the bottom.

If the response is successful, you should get some very useful information, including the REST URL, and an array containing all of your Protection Jobs.


Here is one of our Protection Jobs from the array in JSON format:

"id": 4554,
"name": "ProtectJob1",
"environment": "kVMware",
"policyId": "TEMPLATE_1889",
"viewBoxId": 1395,
"parentSourceId": 267,
"sourceIds": [
"dailyStartTime": {
"hour": 12,
"minute": 55
"timezone": "America/Los_Angeles",
"globalId": {
"id": 4554,
"clusterId": 3002470924206306,
"clusterIncarnationId": 1468441341100
"policyAppliedTimeMsecs": 1470851972496,
"modificationTimeUsecs": 1470851972496840,
"modifiedByUser": "admin",
"creationTimeUsecs": 1470772921736529,
"isActive": true

Our existing Action simply returns an Array of “name”, which we’ll use later to populate the XaaS form.

The second Action takes a VC:VirtualMachine as input, finds the vCACEntity, then returns the custom property holding the old Protection Job. The code is pretty straightforward.

// Get Cohesity Configuration element values

var elements = (Server.getConfigurationElementCategoryWithPath("Cohesity")).configurationElements;
for each (var element in elements) {
// System.log("Element name " +;

if ( == "Cohesity vCACHost") {
var vCACHost= element.getAttributeWithKey("vCACHost").value;
// get protectionJobNames property
System.log("VM name is " +;
var vraVm = Server.findAllForType("vCAC:VirtualMachine", "VMUniqueID eq '" + vm.config.instanceUuid + "'");
// var vraVm = Server.findAllForType("vCAC:VirtualMachine", "virtualMachineName eq '" + + "'");

// Get the extended properties from the first machine in the array. InstanceUUID should be unique.
var vCACVmExtendedProps = System.getModule("com.vmware.library.vcac").getPropertiesFromVirtualMachine(vCACHost,vraVm[0]);
// grab some properties
var protectionJobName = vCACVmExtendedProps.get("KPSC.Cohesity.protectionJobNames");
return protectionJobName;

The actual workflow that does the heavy lifting looks like this. It’s pretty complex, so we’ll discuss that in another post in the future. The workflow has two Input Parameters newJobName, and vm.


The next step is to setup the XaaS Resource Action in vRA. Create a new Resource Action, Select the Day 2 workflow and then click Next.


Click Next on the Input Resource page. On the Details page, change the Target criteria to match your environment, and then Click Next.


Our finished request form looks like this:


Current Job Name is populated with the action used to get the VM custom property, and New Protection Job is populated with the Get Protection Jobs Action. Now lets see this in action. Find your Cohesity protected Machine, and then click your Move to Protection Job action.


Enter something in the Description Field, and then click Next to get to the Form. Here you see which Protection Job the VM is part of, and a drop down list of the available jobs.


After making sure our vRA request completed successfully, we checked the target Protection Job to make sure the machine was moved.


The new Cohesity REST API coupled with vRealize Automation and vRealize Orchestrator should make day-to-day operations for your users much easier by greatly reducing the number of portals they have to access each day.

If you have any other questions about Cohesity, vRealize, and cloud automation or anything else; please do not hesitate to contact us.