VMware VSHIELD APP 1.0.0 UPDATE 1 Admin Manual page 134

vShield Administration Guide
4 Verify that the kernel module is loaded: vmkload_mod –l | grep vshd -ni
5 Verify that the mirror virtual machine is powered on.
On the ESX host, look for a powered on virtual machine with nahe vshield-infra-ni-<string>.
6 Verify that the Port Group Isolation virtual machine is connected to the correct port group.
7 Verify that the VMX files for the protected virtual machines contain the filter entries.
Open the VMX file and search for filter15. There should be three entries. Make sure these entries are
present on the correct Ethernet card. Each VMX file should have only three entries per vNIC related to the
fence module (filter15). If the entries are repeated, that means that the VMX file had isolation entries
from a previous configuration that was not cleaned up and later duplicate entries were added.
8 Verify that all virtual machines belonging to the port group have identical filter settings in the VMX files.
9 Verify that the vshd configuration is intact.
a Go to /etc/opt/vmware/vslad/config.
b Review the files in this directory. Ensure all files contain some data. They should not be empty.
If all of the above is correct, the ESX host is set up properly for Port Group Isolation.
Verify Install or Uninstall Script
The installation script creates the following entities.

Creates a user named vslauser and sets a default password.
To see if the user was added: vi /etc/passwd

Adds the role vslauser and associates the user vslauser to the role.

Adds entries to start vshd and the script svm-autostart across every reboot.
You can verify this on ESXi by looking for entries related to vshd and svm-autostart in the file
/etc/chkConfig.db. On ESX, you can verify this by doing find / -name *vsh* and confirming that
there are scripts named S<value>vslad and svm-autostart.

Adds an entry to the services list on ESX to expose VSHD services. You can verify this entry by opening
the file /etc/vmware/hostd/proxy.xml and searching for word vsh.
The removal script removes all of the operations created by the installation script.

Removes user vslauser.

Removes the role vslauser.

Removes the init entries for vshd and svm-autostart.

Removes the vshd entry from proxy.xml.
Validate the Data Path
To troubleshoot packet drops, such as a ping between virtual machines in the same isolated port
group
1 Make sure that addresses, routes, netmasks, and gateways are configured correctly.
2 Install tcpdump on a virtual machine in the isolated port group.
3 Run a packet capture inside that virtual machine.
4 Ping from the problematic virtual machine to the virtual machine where captures are running.
If an ARP packet is received, that means that broadcast packets are received. If you do not receive an ARP
packet, that means none of the packets were received.
134 VMware, Inc.