Upgrading everyday security Commpact Guide d'installation

vShield Installation and Upgrade GuidevShield Manager 5.5vShield Edge 5.5vShield Endpoint 5.5This document supports the version of each product listed

Figure 1‑2. vShield Endpoint Installed on an ESX Host!Third-party service virtual appliance deployedon each host to provide endpoint servicesvShield

Isolating and Protecting Internal NetworksYou can use a vShield Edge to isolate an internal network from the external network. A vShield Edgeprovides

Common Deployments of vShield AppYou can use vShield App to create security zones within a vDC. You can impose firewall policies on vCentercontainers

Preparing for Installation 2This chapter provides an overview of the prerequisites for successful vShield installation.This chapter includes the follo

nVMware ESX 5.0 or later for each serverFor VXLAN virtual wires, you need VMware ESX 5.1 or later.nVMware ToolsFor vShield Endpoint and vShield Data S

Deployment ConsiderationsConsider the following recommendations and restrictions before you deploy vShield components.Deployment Considerations for vS

n80/TCP and 443/TCP for using the vShield Manager user interface and initiating connection to thevSphere SDKn22/TCP for communication between vShield

VMware recommends that you let vShield App run during normal operations and use the vShield AppFlow Monitoring tool for baseline knowledge of the traf

vShield Installation and Upgrade Guide18 VMware, Inc.

Installing the vShield Manager 3VMware vShield provides firewall protection, traffic analysis, and network perimeter services to protectyour vCenter S

vShield Installation and Upgrade Guide2 VMware, Inc.You can find the most up-to-date technical documentation on the VMware Web site at:http://www.vm

PrerequisitesYou must have been assigned the Enterprise Administrator or vShield Administrator role .Procedure1 Log in to the vSphere Client.2 Create

PrerequisitesnYou must have a vCenter Server user account with administrative access to synchronize vShieldManager with the vCenter Server . If your v

e Click the Sites button.f Type the IP address of the vShield Manager and click Add.g Click Close.h Click OK.i Close Internet Explorer.The vShield Man

9 (Optional) Type the Host Name of the backup system.10 Type the User Name required to login to the backup system.11 Type the Password associated with

vShield Installation and Upgrade Guide24 VMware, Inc.

Installing vShield Edge, vShield App,vShield Endpoint, and vShield DataSecurity 4After the vShield Manager is installed, you can obtain licenses to ac

Install vShield Component LicensesYou must install a CIS or vCloud Networking and Security (vCNS) license before installing vShield Appand vShield Edg

6 Under vShield App, provide the following information.Option DescriptionDatastoreSelect the datastore on which to store the vShield App virtual machi

c Click Edit Host Profile.d Select Networking Configuration > Host Port Group > vmservice-vmknic-pg > IP addresssettings > How is IPv4 add

7 Configure Firewall Policy and High Availability on page 32You can change the default firewall policy, which blocks all incoming traffic.8 Confirm Se

ContentsAbout this Book 5 1Introduction to vShield 7vShield Components at a Glance 7Deployment Scenarios 10 2Preparing for Installation 13System Requi

2 (Optional) Click Enable SSH access if required.3 Click Next.The Edge Appliances page appears.Add AppliancesYou must add an appliance before you can

Add Internal and Uplink InterfacesYou can add up to ten internal and uplink interfaces to a vShield Edge virtual machine.Procedure1On the Interfaces p

Configure the Default GatewayProvide the IP address for the vShield Edge default gateway.Procedure1 On the Default Gateway page, select Configure Defa

4 If you selected Enable HA on the Name & Description page, complete the Configure HA parameterssection.vShield Edge replicates the configuration

nThe vShield-Endpoint-Mux-Partners rule may be used by partners to install a host component. It isdisabled by default.Install VMware Tools on the Gues

3 Click the vShield tab.4 Click Install next to vShield Data Security.5 Select the vShield Data Security checkbox.6 Under vShield Data Security, enter

vShield Installation and Upgrade Guide36 VMware, Inc.

Uninstalling vShield Components 5This chapter details the steps required to uninstall vShield components from your vCenter inventory.This chapter incl

Procedure1 Log in to the vSphere Client.2 Select a datacenter resource from the inventory tree.3 Click the Network Virtualization tab.4 Click Edges.5C

Upgrading vShield 6To upgrade vShield, you must first upgrade the vShield Manager, then update the other components forwhich you have a license.This c

7Troubleshooting Installation Issues 47vShield App Installation Fails 47vShield Data Security Installation Fails 48Index 49vShield Installation and Up

3 Create Post-Upgrade Backup on page 42Starting from version 5.1, vShield Manager requires an upgrade to its virtual hardware. This virtualhardware up

14 In the CLI, follow the output of the show manager log command. After you see the maintenance-fs-cleanup: Filesystem cleanup successful message, log

Firewall feature in prior version Result of upgrade to version 5.1Firewall rules included High and Lowprecedence rules. Non-namespaceport group rules

5 Configure the vShield Manager Backups page to view the backups currently stored on the ftp/sftpserver.6 Identify the vShield Manager backup created

13 Click Browse and select the file you had downloaded in Step 1114 Follow Step 6 till Step 9.Upgrade vShield Manager to Version 5.5PrerequisitesYou c

7 Click Install.NOTE During vShield App upgrade, the ESXi host is placed into Maintenance Mode and rebooted.Ensure that virtual machines on the ESXi

Upgrade vShield EndpointTo upgrade vShield Endpoint from 5.0 to a later version, you must first upgrade vShield Manager, thenupdate vShield Endpoint o

Troubleshooting Installation Issues 7This section describes installation issues.This chapter includes the following topics:n“vShield App Installation

6 (Optional) Reboot the ESX host if you had seen the following error when installing vShield App:vShield App installation encountered error while inst

IndexBBackups, scheduling 22Cchanging the GUI password 22CLI, hardening 16client requirements 13cluster protection 11communication between compon

About this BookThis manual, the vShield Installation and Upgrade Guide, describes how to install and configure theVMware®vShield™ system by using the

vShieldcomponent communication 15deployment scenarios 10evaluating components 25hardening 16vShield App 8vShield Edge 8vShield Endpoint 9vShiel

Technical Support and Education ResourcesThe following technical support resources are available to you. To access the current version of this bookand

Introduction to vShield 1This chapter introduces the VMware® vShield™ components you install.This chapter includes the following topics:n“vShield Comp

vShield AppvShield App is a hypervisor-based firewall that protects applications in the virtual datacenter from networkbased attacks. Organizations ga

Figure 1‑1. Multi-Interface EdgevShield EdgeMPLS VPNInternetInterface 1Interface 3Interface 2Interface 4Interface 6Interface 5DMZnetworkAccountingnet