Vshield Edge - VMware VSHIELD APP 1.0.0 UPDATE 1 Quick Start Manual

vShield Quick Start Guide

vShield Edge

vShield Edge provides network edge security and gateway services to isolate the virtual machines in a port
group, vDS port group, or Cisco
(uplink) networks by providing common gateway services such as DHCP, VPN, NAT, and Load Balancing.
Common deployments of vShield Edge include in the DMZ, VPN Extranets, and multi-tenant Cloud
environments where the vShield Edge provides perimeter security for Virtual Datacenters (VDCs).
Standard vShield Edge Services (Including Cloud Director)

Firewall: Supported rules include IP 5-tuple configuration with IP and port ranges for stateful inspection
for TCP, UDP, and ICMP.

Network Address Translation: Separate controls for Source and Destination IP addresses, as well as TCP
and UDP port translation.

Dynamic Host Configuration Protocol (DHCP): Configuration of IP pools, gateways, DNS servers, and
search domains.
Advanced vShield Edge Services

Site-to-Site Virtual Private Network (VPN): Uses standardized IPsec protocol settings to interoperate with
all major firewall vendors.

Load Balancing: Simple and dynamically configurable virtual IP addresses and server groups.
vShield Edge supports syslog export for all services to remote servers.
Figure 1-1. vShield Edge Installed to Secure a vDS Port Group
8
®
Nexus 1000V. The vShield Edge connects isolated, stub networks to shared
VMware, Inc.