Protecting Virtual Machines In A Cluster; Common Deployments Of Vshield Edge; Common Deployments Of Vshield App - VMware VSHIELD APP 1.0.0 UPDATE 1 Quick Start Manual

Protecting Virtual Machines in a Cluster

In Figure 1-3, vShield App instances are installed on each ESX host in a cluster. Virtual machines are protected
when moved via vMotion™ or DRS between ESX hosts in the cluster. Each vApp shares and maintains state
of all transmissions.
Figure 1-3. vShield App Instances Installed on Each ESX Host in a Cluster

Common Deployments of vShield Edge

You can use a vShield Edge with the Port Group Isolation feature to isolate a stub network, using NAT to allow
traffic in and out of the network. If you deploy internal stub networks, you can use vShield Edge to secure
communication between networks by using LAN-to-LAN encryption via VPN tunnels.
vShield Edge can be deployed as a self-service application within VMware Cloud Director.

Common Deployments of vShield App

You can use vShield App to create security zones within a vDC. You can impose firewall policies on vCenter
containers or Security Groups, which are custom containers you can create by using the vShield Manager user
interface. Container-based policies enable you to create mixed trust zones clusters without requiring an
external physical firewall.
In a deployment that does not use vDCs, use a vShield App with the Security Groups feature to create trust
zones and enforce access policies.
Service Provider Admins can use vShield App to impose broad firewall policies across all guest virtual
machines in an internal network. For example, you can impose a firewall policy on the second vNIC of all guest
virtual machines that allows the virtual machines to connect to a storage server, but blocks the virtual
machines from addressing any other virtual machines.
VMware, Inc.
Unprotected Cluster
Protected Cluster
Chapter 1 Introduction to vShield
11