1
Overview of VMware vShield
®
VMware
vShield™ is a suite of network edge and application‐aware firewalls built for VMware vCenter™
Server integration. vShield inspects client‐server communications and inter‐virtual‐machine communication
to provide detailed traffic analytics and application‐aware firewall protection. vShield is a critical security
component for protecting virtualized datacenters from attacks and misuse helping you achieve your
compliance‐mandated goals.
This guide assumes you have administrator access to the entire vShield system. If you are unable to access a
screen or perform a particular task, consult your vShield administrator.
This chapter includes the following topics:
"vShield Components" on page 9
"Ports Required for vShield" on page 10
"An Introduction to REST API for vShield Users" on page 10
vShield Components
vShield includes components and services essential for protecting virtual machines. vShield can be configured
through a web‐based user interface, a command line interface (CLI), and REST API.
To run vShield, you need one vShield Manager virtual machine and at least one vShield Zones, vShield App,
or vShield Edge virtual machine.
vShield Manager
The vShield Manager is the centralized management component of vShield and is installed from OVA as a
virtual machine by using the vSphere Client. Using the vShield Manager user interface or vSphere Client
plug‐in, administrators can install, configure, and maintain vShield components.
The vShield Manager virtual machine can run on a different ESX host from your vShield App and vShield
Edge virtual machines.
The vShield Manager user interface leverages the VMware Infrastructure SDK to display a copy of the vSphere
Client inventory panel.
For more on the using the vShield Manager user interface, see the vShield Administration Guide.
vShield App
A vShield App monitors all traffic into and out of an ESX host, and between virtual machines on the host.
vShield App provides application‐aware traffic analysis and stateful firewall protection. vShield App
regulates traffic based on a set of rules, similar to an access control list (ACL).
VMware, Inc.
1
9