Prepare A Vnetwork For Port Group Isolation; Install A Vshield Edge - VMware VSHIELD APP 1.0.0 UPDATE 1 Quick Start Manual

10 Click Install at the top of the form.
You can follow the vShield App installation steps from the Recent Tasks pane of the vSphere Client screen.
11 After installation of all components is complete, do the following:

vShield App: At this point, vShield App installation is complete. Go to the vShield App > App
Firewall tab at the datacenter, cluster, or port group container level to configure firewall rules. Each
vShield App inherits global firewall rules set in the vShield Manager. The default firewall rule set
allows all traffic to pass. You must configure blocking rules to explicitly block traffic. To configure
App Firewall rules, see the vShield Administration Guide.

Port Group Isolation: You must enable the Port Group Isolation feature on each vDS. After
enablement is complete, install a vShield Edge on each vDS port group. See
Port Group Isolation"

vShield Endpoint: To complete installation, see

Prepare a vNetwork for Port Group Isolation

Port Group Isolation creates a barrier between the virtual machines protected by a vShield Edge and the
external network. When you enable Port Group Isolation and install a vShield Edge on a vDS port group, you
isolate each secured vDS port group from the external network. When Port Group Isolation is enabled, traffic
is not allowed access to the virtual machines in the secured port group unless NAT rules or VLAN tags are
configured.
N Port Group Isolation is an optional feature that is not required for vShield Edge operation. Port Group
OTE
Isolation is available for vDS-based vShield Edge installations only.
To utilize Port Group Isolation
1 Install Port Group Isolation on each ESX host.
2 Enable Port Group Isolation on each vDS.
3 Install a vShield Edge on each vDS port group you plan to secure.
4 Move virtual machines to secured vDS port groups.
Enabling Port Group Isolation on each vDS where you will install a vShield Edge allows the Port Group
Isolation service to be used on any port group in a vDS.
To enable Port Group Isolation on a vDS
1 Log in to the vSphere Client.
2 Go to View > Inventory > Networking.
3 Right-click a vDS.
4 Select vShield > Enable Isolation.
A browser window opens to confirm that Port Group Isolation has been enabled.
After Port Group Isolation installation is complete, install a vShield Edge instance on each vDS port group.

Install a vShield Edge

Each vShield Edge virtual appliance has External and Internal network interfaces. The Internal interface
connects to the secured port group and acts as the gateway for all protected virtual machines in the port group.
The subnet assigned to the Internal interface can be RFC 1918 private space. The External interface of the
vShield Edge connects to an uplink port group that has access to a shared corporate network or a service that
provides access layer networking.
VMware, Inc.
Chapter 4 Installing vShield Edge, vShield App, and vShield Endpoint
on page 25.
"Installing vShield Endpoint"
"Prepare a vNetwork for
on page 27.
25