In mid-2010, VMware revamped vShield into a security suite that protects virtual infrastructure. Part one of this series covered vShield Manager, Zones and App; part two focused on vShield Edge and Endpoint and vShield licensing costs. Now part three explains how to install vShield Manager, a virtual security appliance
Implementing VMware vShield begins with the installation of vShield Manager, which can control security for an entire vCenter environment (but not for other vCenter Server instances.)
Installing vShield Manager
VShield Manager is available as a 550 MB download from VMware's website, and it's packaged as a
virtual appliance that contains every vShield component. To start, deploy the Open Virtualization
Appliance (OVA) file by clicking File, then Deploy OVF Template. Select the vShield OVA file and
complete the wizard by providing the following information:
- a name for the virtual machine (VM);
- the host for it to reside on; and
- a data store and network for the virtual network interface card in the vShield Manager to which to map.
Requires Free Membership to View
When you register, my team of editors will also send you alerts covering all areas of VMware, such as implementing VMware-related virtualization technologies for server consolidation, disaster recovery and backup strategies, management and performance, VM migration and more.
Margie Semilof, Editorial Director
The network-mapping part of the wizard displays nonservice/management console and non-VMkernel networks. So if you have only one network on your vSwitches, the wizard will choose it automatically, without offering alternatives.
For maximum security, place vShield Manager on an isolated management network that has connectivity to vCenter Server and every vShield agent VM on the secured hosts. Also, you shouldn't use the same port group as the host's service/management console or VMkernel.
Configuring vShield Manager
Once the virtual security appliance has been deployed, power it on and configure the network
information. The default username is admin, and the password is default. After
logging in, enter Enabled mode (which is a more privileged mode that's similar to su) by typing
enable. The default password for Enabled mode is also default. Type setup and
enter the requested network information, then log out and log back in to make the changes take
effect.
Next, test the network connectivity by pinging the default gateway. Through a Web browser, navigate to the IP address that you entered for vShield Manager and log in to the vShield interface. The login username and password is the same as the command-line interface (admin and default), but note that the vShield interface is a separately maintained account.
Sync vShield Manager with vCenter Server by entering the vCenter Server information on the Configuration tab. This action enables vShield Manager to read the initial inventory (i.e., hosts, VMs, clusters, virtual network interface cards) from the vCenter Server, and it also keeps them synchronized.
Figure 1
(Click image for an enlarged view.)
The last step is to register the vShield Manager plug-in with the vSphere client. You can manage vShield by connecting directly to vShield Manager through the Web user interface (UI), but it's much easier to use the vShield Client.
To enable this capability, click Register on the Configuration tab, then close the vSphere Client. Once you restart it, you will see tabs for vShield on the Datacenter, Cluster, Host and Port Group objects. You can also access the Web user interface within vCenter Server by selecting the homepage and clicking the vShield icon, under Solutions and Applications.
The next section will cover how to install vShield Zones and vShield App.
This was first published in March 2011
Join the conversationComment
Share
Comments
Results
Contribute to the conversation