Install VMware vShield Manager for VMware vCloud Director

I decided to write a short article about installing VMware vShield Manager for VMware vCloud Director.

VMware vShield Manager is a server that manages other servers in the vShield family. The vShield family of servers is essential for securing virtual infrastructure.
“Other servers” means vShield App, vShield Edge, vShield Endpoint, vShield Zones:

Since vSphere 5.1, the vShield product family is called VMware vCloud Networking and Security.
Scheme of changes from vSphere 5.0 to 5.1:

Briefly about products:

vShield Edge - a product to protect the perimeter of the data center. It contains FireWall, can distribute DHCP, can build VPN tunnels, translate NAT addresses, and supports load balancing.
It is an integral part of the vCloud infrastructure, in fact, traffic from all tenants goes through vShields in vCloud Director.
It is installed from the OVF template, some Linux machine is used inside.

vShield Endpoint- a security product running on top of the VMsafe API - integrates with third-party antivirus products (Symantec, TrendMicro, Kaspersky, McAfee, and possibly others have such products) and allows antiviruses to work with machines without installing agents on them.
Installed on hosts through vShield Manager.
The vShield App (and its included vShield Zone) is a distributed switch that works through VMsafe to control traffic at the hypervisor level.
It is also installed on hosts through vShield Manager.
Now directly to the installation.
We have a virtual infrastructure vSphere 5.1 - with vCenter 5.1 and vCloud Director 5.1 servers already installed.
The server with vCloud Director is up, but not configured - I used the vCloud Director Appliance for the server, but connected it to an external SQL server. The use of external SQL servers for application is available from version 5.1 - in earlier versions 1.5, only internal database is used in aplain - Oracle Express, which has strong limitations (1 processor, the maximum database size is 2GB, etc.).

First you need to download the template, it can be found at this link in the package "vCloud Networking and Security 5.1.2" (the latest version at the moment).
Next, set the template:

Half the steps are skipped, because everything is by default.

We press the finish line and wait until the template is installed:

After installation, we start the machine, wait for the download and log in to it.
The default username / password is administrator / defaul t (for security reasons, it is advisable to change all passwords).

To manage it, you must go into enable mode, the password to enter enable mode is also default ...
In order to configure vShield Manager, you must run the setup command from enable mode and enter the necessary settings:

The server will ask you to reboot to apply the settings - we agree.
To connect the server to vCenter, use the web, go to the address that you specified when setting up the server:

Connect vShield Manager to our vCenter server, specifying the server data.
To connect, it is recommended to have a separate KM with administrator rights to vCenter.

In the vSphere console, we will see how the hosts are reconfigured and a new tab is added on each host:

And the vShield section appears in the main menu:

Now we go on the web to the vCloud Director server and select the connection to vCenter.
We specify the IP and details of access to the vCenter server - for this it is also advisable to use a separate KM.

In the next step, we will specify the settings for connecting to vShield Manager:

Go to the Manage & Monitor tab and see if vCenter is connected:

Next, you will need to understand how much Provider vDC will be. And if only one is needed, then give the entire cluster to the director, creating a new provider vDC, if you need several, then you need to create a pool (or pools) resource inside the cluster and give it to vCloud Director. This can be seen in the following picture:

After, you will need to add hosts and storages to vCloud Director (those added to the cluster will be available), configure networks and other director settings.

If necessary, the next time I can describe the installation and configuration of Nexus 1000V in vSphere 5.1.

Also popular now: