VMware VSHIELD MANAGER 4.1 - API Manual de usuario descargar pdf (Pagina 25)

VMware, Inc. 25

Chapter 4 Installing vShield Edge, vShield App, and vShield Endpoint

10 ClickInstallatthetopoftheform.

YoucanfollowthevShieldAppinstallationstepsfromtheRecentTaskspaneofthevSphereClientscreen.

11 Afterinstallationofallcomponentsiscomplete,dothefollowing:

 vShieldApp:Atthispoint,vShieldAppinstallationiscomplete.GotothevShieldApp>App

Firewalltabatthedatacenter,cluster,orportgroupcontainerleveltoconfigurefirewallrules.Each

vShieldAppinheritsglobalfirewallrulessetinthevShieldManager.Thedefaultfirewallruleset

allows

alltraffictopass.Youmustconfigureblockingrulestoexplicitlyblocktraffic.Toconfigure

AppFirewallrules,seethevShieldAdministrationGuide.

 PortGroupIsolation:YoumustenablethePortGroupIsolationfeatureoneachvDS.After

enablementiscomplete,installavShieldEdgeoneachvDSportgroup.See“PrepareavNetworkfor

PortGroupIsolation”onpage 25.

 vShieldEndpoint:Tocompleteinstallation,see“InstallingvShieldEndpoint”onpage 27.

Prepare a vNetwork for Port Group Isolation

PortGroupIsolationcreatesabarrierbetweenthevirtualmachinesprotectedbyavShieldEdgeandthe

externalnetwork.WhenyouenablePortGroupIsolationandinstallavShieldEdgeonavDSportgroup,you

isolateeachsecuredvDSportgroupfromtheexternalnetwork.WhenPortGroupIsolationis

enabled,traffic

isnotallowedaccesstothevirtualmachinesinthesecuredportgroupunlessNATrulesorVLANtagsare

configured.

TousePortGroupIsolation,youmustenablethisfeatureoneachvDSonwhichyouwillinstallavShieldEdge.

1EnablePortGroupIsolationoneachvDS.

2Install

avShieldEdgeoneachvDSportgroupyouplantosecure.

3MovethevirtualmachinestosecuredvDSportgroups.

AfterPortGroupIsolationisinstalledoneachESXhost,youmustenablePortGroupIsolationoneachvDS

whereyouwillinstallavShieldEdge.ThisallowsthePort

GroupIsolationservicetobeusedonanyport

groupinavDS.

To enable Port Group Isolation on a vDS

1LogintothevSphereClient.

2GotoView>Inventory>Networking.

3Right‐clickavDS.

4 SelectvShield>EnableIsolation.

AbrowserwindowopenstoconfirmthatPortGroupIsolationhasbeenenabled.

AfterPortGroupIsolation

installationiscomplete,installavShieldEdgeinstanceoneachvDSportgroup.

Install a vShield Edge

EachvShieldEdgevirtualappliancehasExternalandInternalnetworkinterfaces.TheInternalinterface

connectstothesecuredportgroupandactsasthegatewayforallprotectedvirtualmachinesintheportgroup.

ThesubnetassignedtotheInternalinterfacecanbeRFC1918private space.TheExternalinterfaceof

the

vShieldEdgeconnectstoanuplinkportgroupthathasaccesstoasharedcorporatenetworkoraservicethat

providesaccesslayernetworking.

EachvShieldEdgerequiresatleastoneIPaddresstonumbertheExternalinterface.MultipleexternalIP

addressescanbeconfiguredforLoadBalancer,Site‐to

‐SiteVPN,andNATservices.TheInternalinterfacecan

haveaprivateIPaddressblockthatoverlapswithothervShieldEdgesecuredportgroups.

OTEPortGroupIsolationisanoptionalfeaturethatisnotrequiredforvShieldEdgeoperation.PortGroup

IsolationisavailableforvDS‐basedvShieldEdgeinstallationsonly.

1 2 ... 20 21 22 23 24 25 26 27 28 29 30

Comentarios a estos manuales

Sin comentarios

VMware VSHIELD MANAGER 4.1 - API Manual de usuario Pagina 25

Comentarios a estos manuales

Relacionado con productos y manuales para Manuales de software VMware VSHIELD MANAGER 4.1 - API