Installing VMware vShield Manager for VMware vCloud Director
I decided to write a short article about installing VMware vShield Manager for VMware vCloud Director.
VMware vShield Manager is a server that manages other servers of the vShield family. The vShield family of servers are essential for securing the virtual infrastructure.
By "other servers" are meant vShield App, vShield Edge, vShield Endpoint, vShield Zones:
')
Since vSphere 5.1, the vShield product family is called VMware vCloud Networking and Security.
Scheme of changes from vSphere 5.0 to 5.1:
Briefly about the products:
vShield Edge - product to protect the perimeter of the data center. It contains FireWall, can distribute DHCP, can build VPN tunnels, translate NAT addresses, supports load balancing.
It is an integral part of the vCloud infrastructure; in fact, the traffic of all tennants goes through vShields in the vCloud Director.
It is installed from the OVF template, inside is used some Linux machine.
vShield Endpoint , a security product that runs on top of the VMsafe API, integrates with third-party anti-virus products (currently Symantec, TrendMicro, Kaspersky, McAfee, and possibly others have such products) and allows anti-virus software to work with machines without installing agents on them.
Installed on hosts via vShield Manager.
The vShield App (and the vShield Zone included in it) is a distributed switch that works on VMsafe to control traffic at the hypervisor level.
It is also installed on hosts via vShield Manager.
Now directly to the installation.
We have a virtual infrastructure vSphere 5.1 - with already installed servers vCenter 5.1 and vCloud Director 5.1.
The server with vCloud Director is raised, but not configured - under the server I used the vCloud Director Appliance, but connected it to an external SQL server. The use of external SQL servers for applains is available from version 5.1 - in earlier versions of 1.5, the application uses only the internal database - Oracle Express, which has strong limitations (1 processor, the maximum database size is 2GB, etc.).
First you need to download the template, it can be found on this link in the package "vCloud Networking and Security 5.1.2" (the latest version at the moment).
Next, set the template:
Half of the steps are missed, because there everything is defaulted.
Click the finish, and wait until the template is set:
After installation, start the car, wait for the download and log in to it.
Standard login / password - administrator / defaul t (due to security reasons, it is desirable to change all passwords).
To control, you need to enter enable mode, the password for entering enable mode is also default ...
In order to configure the vShield Manager, you need to run the setup command from the enable mode and enter the necessary settings:
The server will ask to reboot to apply the settings - we agree.
To connect the server to vCenter, we will use the web, go to the address that you specified when setting up the server:
We connect the vShield Manager to our vCenter server, specifying the server details.
To connect, it is recommended to have a separate UZ with administrative rights to vCenter.
In the vSphere console, we will see how the hosts are reconfigured and a new tab is added on each host:
And the vShield section will appear in the main menu:
Now go to the web server vCloud Director, and select the connection to the vCenter.
We specify the IP and access details of the vCenter server - for this, it is also desirable to use a separate UZ.
In the next step, we will specify the connection parameters for the vShield Manager:
Go to the Manage & Monitor tab and see if vCenter is connected:
Next, you will need to understand how much Provider vDC will need. And if only one is needed - then you should give the entire cluster to the director, creating a new provider vDC, if you need several, then you need to create a pool (or pools) within the cluster and send it to vCloud Director. This is seen in the following image:
After that, you will need to add hosts and storages to vCloud Director (those added to the cluster will be available), configure networks and other director settings.
If need be, I can next describe the process of installing and configuring a Nexus 1000V in a vSphere 5.1 environment.
VMware vShield Manager is a server that manages other servers of the vShield family. The vShield family of servers are essential for securing the virtual infrastructure.
By "other servers" are meant vShield App, vShield Edge, vShield Endpoint, vShield Zones:
')
Since vSphere 5.1, the vShield product family is called VMware vCloud Networking and Security.
Scheme of changes from vSphere 5.0 to 5.1:
Briefly about the products:
vShield Edge - product to protect the perimeter of the data center. It contains FireWall, can distribute DHCP, can build VPN tunnels, translate NAT addresses, supports load balancing.
It is an integral part of the vCloud infrastructure; in fact, the traffic of all tennants goes through vShields in the vCloud Director.
It is installed from the OVF template, inside is used some Linux machine.
vShield Endpoint , a security product that runs on top of the VMsafe API, integrates with third-party anti-virus products (currently Symantec, TrendMicro, Kaspersky, McAfee, and possibly others have such products) and allows anti-virus software to work with machines without installing agents on them.
Installed on hosts via vShield Manager.
The vShield App (and the vShield Zone included in it) is a distributed switch that works on VMsafe to control traffic at the hypervisor level.
It is also installed on hosts via vShield Manager.
Now directly to the installation.
We have a virtual infrastructure vSphere 5.1 - with already installed servers vCenter 5.1 and vCloud Director 5.1.
The server with vCloud Director is raised, but not configured - under the server I used the vCloud Director Appliance, but connected it to an external SQL server. The use of external SQL servers for applains is available from version 5.1 - in earlier versions of 1.5, the application uses only the internal database - Oracle Express, which has strong limitations (1 processor, the maximum database size is 2GB, etc.).
First you need to download the template, it can be found on this link in the package "vCloud Networking and Security 5.1.2" (the latest version at the moment).
Next, set the template:
Half of the steps are missed, because there everything is defaulted.
Click the finish, and wait until the template is set:
After installation, start the car, wait for the download and log in to it.
Standard login / password - administrator / defaul t (due to security reasons, it is desirable to change all passwords).
To control, you need to enter enable mode, the password for entering enable mode is also default ...
In order to configure the vShield Manager, you need to run the setup command from the enable mode and enter the necessary settings:
The server will ask to reboot to apply the settings - we agree.
To connect the server to vCenter, we will use the web, go to the address that you specified when setting up the server:
We connect the vShield Manager to our vCenter server, specifying the server details.
To connect, it is recommended to have a separate UZ with administrative rights to vCenter.
In the vSphere console, we will see how the hosts are reconfigured and a new tab is added on each host:
And the vShield section will appear in the main menu:
Now go to the web server vCloud Director, and select the connection to the vCenter.
We specify the IP and access details of the vCenter server - for this, it is also desirable to use a separate UZ.
In the next step, we will specify the connection parameters for the vShield Manager:
Go to the Manage & Monitor tab and see if vCenter is connected:
Next, you will need to understand how much Provider vDC will need. And if only one is needed - then you should give the entire cluster to the director, creating a new provider vDC, if you need several, then you need to create a pool (or pools) within the cluster and send it to vCloud Director. This is seen in the following image:
After that, you will need to add hosts and storages to vCloud Director (those added to the cluster will be available), configure networks and other director settings.
If need be, I can next describe the process of installing and configuring a Nexus 1000V in a vSphere 5.1 environment.
Source: https://habr.com/ru/post/174723/
All Articles