1. Manuals
  2. Brands
  3. VMware Manuals
  4. Software
  5. VSHIELD APP 1.0.0 UPDATE 1 - API
  6. Quick start manual

VMware VSHIELD APP 1.0.0 UPDATE 1 Quick Start Manual

Hide thumbs Also See for VSHIELD APP 1.0.0 UPDATE 1:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Programming Manual, Admin Manual
vShield Quick Start Guide
vShield Manager 4.1.0 Update 1
vShield Zones 4.1.0 Update 1
vShield Edge 1.0.0 Update 1
vShield App 1.0.0 Update 1
vShield Endpoint 1.0.0 Update 1
This document supports the version of each product listed and
supports all subsequent versions until the document is replaced
by a new edition. To check for more recent editions of this
document, see http://www.vmware.com/support/pubs.
EN-000375-01

Advertisement

Table of Contents
loading

Related Manuals for VMware VSHIELD APP 1.0.0 UPDATE 1

Summary of Contents for VMware VSHIELD APP 1.0.0 UPDATE 1

  • Page 1 Endpoint 1.0.0 Update 1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs. EN-000375-01...
  • Page 2 VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

  • Page 3: Table Of Contents

    Running vShield in Evaluation Mode 23 Preparing Your Virtual Infrastructure for vShield App, vShield Edge, and vShield Endpoint 23 Install vShield Component Licenses 24 Prepare All ESX Hosts 24 Prepare a vNetwork for Port Group Isolation 25 Install a vShield Edge 25 VMware, Inc.
  • Page 4 Quick Start Guide Installing vShield Endpoint 27 vShield Endpoint Installation Workflow 27 Install the Thin Agent on the Guest Virtual Machine 27 Where to Go Next 28 Index 29 VMware, Inc.

  • Page 5: About This Book

    Virtual Infrastructure environment. Intended Audience This book is intended for anyone who wants to install or use VMware vShield. The information in this book is written for experienced Windows or Linux system administrators who are familiar with virtual machine technology and datacenter operations. This book also assumes familiarity with VMware Virtual Infrastructure, including vCenter™...
  • Page 6 Quick Start Guide Support Offerings To find out how VMware support offerings can help meet your business needs, go to http://www.vmware.com/support/services. VMware Professional Services VMware Education Services courses offer extensive hands-on labs, case study examples, and course materials designed to be used as on-the-job reference tools. Courses are available onsite, in the classroom, and live online.

  • Page 7: Introduction To Vshield

    10 vShield Components at a Glance VMware vShield is a suite of security virtual appliances built for VMware vCenter™ Server integration. vShield is a critical security component for protecting virtualized datacenters from attacks and misuse helping you achieve your compliance-mandated goals.

  • Page 8: Vshield Edge

     Load Balancing: Simple and dynamically configurable virtual IP addresses and server groups. vShield Edge supports syslog export for all services to remote servers. Figure 1-1. vShield Edge Installed to Secure a vDS Port Group VMware, Inc.

  • Page 9: Vshield App

    You should install vShield App instances on all ESX hosts within a cluster so that VMware vMotion™ operations work and virtual machines remain protected as they migrate between ESX hosts. By default, a vShield App virtual appliance cannot be moved by using vMotion.

  • Page 10: Deployment Scenarios

    Leveraging the Virtual Infrastructure SDK, the vShield Manager inventory panel displays a view of your VLAN networks under the Networks view. You can build access rules for each VLAN network to isolate virtual machines and drop untagged traffic to these machines. VMware, Inc.

  • Page 11: Protecting Virtual Machines In A Cluster

    If you deploy internal stub networks, you can use vShield Edge to secure communication between networks by using LAN-to-LAN encryption via VPN tunnels. vShield Edge can be deployed as a self-service application within VMware Cloud Director. Common Deployments of vShield App You can use vShield App to create security zones within a vDC.
  • Page 12 Quick Start Guide VMware, Inc.

  • Page 13: Preparing For Installation

    NICs 2 gigabit NICs on an ESX host Software  VMware vCenter Server 4.0 Update 1 or later vShield Endpoint requires vCenter Server 4.1 or later. Table 2-2 lists the vCenter versions that are compatible with this version of vShield.

  • Page 14: Client And User Access

    Quick Start Guide  VMware ESX 4.0 Update 1 or later for each server vShield Endpoint requires ESX 4.1 or later. Table 2-3 lists the ESX and ESXi versions that are compatible with this version of vShield. Table 2-3. Supported ESX and ESXi Versions...

  • Page 15: Vshield Manager Uptime

    Client console session. Each virtual appliance uses the same default username ) and password ( ) combination as the vShield Manager user interface. Entering Enabled mode also uses the password For more on hardening the CLI, see the vShield Administration Guide. VMware, Inc.
  • Page 16 You must use a vShield Manager user interface account (username and password) with privileged access to perform requests. For more on authenticating REST API requests, see the vShield API Programming Guide VMware, Inc.

  • Page 17: Installing The Vshield Manager And Vshield Zones

    Manager runs as a virtual appliance on an ESX host. VMware vShield is included with VMware ESX 4.0 and 4.1. The base VMware vShield package includes the vShield Manager and vShield Zones. You can configure the vShield Zones firewall rule set to monitor traffic based on IP address-to-IP address communication.

  • Page 18: Configure The Network Settings Of The Vshield Manager

    Default gateway (A.B.C.D): Primary DNS IP (A.B.C.D): Secondary DNS IP (A.B.C.D): Old configuration will be lost, and system needs to be rebooted Do you want to save new configuration (y/[n]): y Please log out and log back in again. VMware, Inc.

  • Page 19: Log In To The Vshield Manager User Interface

    Click Log In. Synchronize the vShield Manager with the vCenter Server Synchronize with your vCenter Server to display your VMware Infrastructure inventory in the vShield Manager user interface. You must have a vCenter Server user account with administrative access to complete this task.

  • Page 20: Register The Vshield Manager Plug-In With The Vsphere Client

     Local or network storage to place the vShield Zones disk. vShield Zones virtual appliances include VMware Tools. Do not attempt to alter or upgrade the VMware Tools software on a vShield Zones virtual appliance. To install a vShield Zones virtual appliance Log in to the vSphere Client.

  • Page 21: Where To Go Next

    For more, see the vShield Administration Guide. To enhance your network security posture, you can obtain licenses for vShield App, vShield Endpoint, and vShield Edge. For more, see Chapter 4, “Installing vShield Edge, vShield App, and vShield Endpoint,” page 23. VMware, Inc.
  • Page 22 Quick Start Guide VMware, Inc.

  • Page 23: Installing Vshield Edge, Vshield App, And Vshield Endpoint

    Edge virtual machines. If you do not install Port Group Isolation and attempt to enable the feature during vShield Edge installation, Port Group Isolation does not work. See “Prepare All ESX Hosts” on page 24. VMware, Inc.

  • Page 24: Install Vshield Component Licenses

     Local or network storage to place the vShield App and Port Group Isolation disks. vShield virtual appliances include VMware Tools. Do not attempt to alter or upgrade the VMware Tools software on a vShield virtual appliance. To prepare an ESX host for vShield add-on functionality Log in to the vSphere Client.

  • Page 25: Prepare A Vnetwork For Port Group Isolation

    The subnet assigned to the Internal interface can be RFC 1918 private space. The External interface of the vShield Edge connects to an uplink port group that has access to a shared corporate network or a service that provides access layer networking. VMware, Inc.
  • Page 26 Select the datastore on which to store the vShield Edge virtual machine files. 10 Click Install. After installation is complete, configure services and firewall rules to protect the virtual machines in the secured port group. To configure a vShield Edge, see the vShield Administration Guide. VMware, Inc.
  • Page 27 SCSI controllers to a virtual machine, see the vSphere Client help: vSphere Client Help > Managing Virtual Machine Hardware and Devices > Adding Virtual Devices > Add SCSI Controllers BusLogic SCSI controllers are not supported. AUTION VMware, Inc.
  • Page 28 Quick Start Guide To install the Thin Agent The installation package is located at the same VMware customer site where you downloaded vShield Manager. The package name has the following form:  32-bit VMware-vShield-Endpoint-Driver-1.0.0-<build number>.x86-32.msi  64-bit VMware-vShield-Endpoint-Driver-1.0.0-< build number >.x86-64.msi.
  • Page 29 ESX host 24 vShield App 24 vShield App 9 vShield Edge 25, 27 vShield Edge 8 vShield Endpoint 24 vShield Endpoint 9 vShield Endpoint thin agent 27 vShield Manager 7 vShield Manager 17 vShield Zones 7 VMware, Inc.
  • Page 30 GUI password 20 installation 17 logging in to GUI 19 network settings 18 registering plug-in 20 syncing with vCenter 19 uptime 15 vShield Manager GUI 15 vShield Zones about 7 vShield Manager 7 vSphere Client plug-in 20 VMware, Inc.

This manual is also suitable for:

Vshield manager 4.1.0 update 1Vshield zones 4.1.0 update 1Vshield edge 1.0.0 update 1Vshield endpoint 1.0.0 update 1

Table of Contents