VMware vShield 1.0 User guide

vShield Zones Administration Guide

vShield Zones 1.0 Update 1

EN-000167-00

VMware, Inc.

3401 Hillview Ave.

Palo Alto, CA 94304

www.vmware.com

2 VMware, Inc.

vShield Zones Administration Guide

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

intellectual property laws. VMware products are covered by one or more patents listed at

http://www.vmware.com/go/patents.

VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks

and names mentioned herein may be trademarks of their respective companies.

VMware, Inc. 3

Contents

AboutThisBook 9

1 OverviewofvShieldZones 11

vShieldZonesComponents 11

vShieldManager 11

vShieldAgent 11

2 vShieldManagerUserInterfaceBasics 13

LoggingintothevShieldManager 13

AccessingtheOnlineHelp 13

vShieldManagerUserInterface 13

vShieldManagerInventoryPanel 14

RefreshingtheInventoryPanel 14

SearchingtheInventoryPanel 14

vShieldManagerConfigurationPanel 14

3 ManagementSystemSettings 15

IdentifyingYourvCenterServer 15

IdentifyingDNSServices 16

SettingthevShieldManagerDateandTime 16

IdentifyingaProxyServer 16

DownloadingaTechnicalSupportLogfromaComponent 17

BackingUpvShieldManagerData 17

ViewingvShieldManagerSystemStatus 17

InstallingavShieldAgentManually 17

RegisteringthevShieldManagerasavSphereClientPlug‐in 17

4 BackingUpvShieldManagerData 19

BackingUpYourvShieldManagerDataonDemand 19

SchedulingaBackupofvShieldManagerData 20

RestoringaBackup 20

5 UpdatingtheSystemSoftware 21

ViewingCurrentSystemSoftware 21

UploadinganUpdate 21

ReviewingtheUpdateHistory 22

6 UserManagement 23

ManagingUserRights 23

ManagingtheDefaultUserAccount 24

AddingaUser 24

AssigningaRoleandRightstoaUser 24

EditingaUserAccount 24

DeletingaUserAccount 25

vShield Zones Administration Guide

4 VMware, Inc.

7 SystemEvents 27

ViewingtheSystemEventReport 27

SystemEventNotifications 27

vShieldManagerVirtualApplianceEvents 27

vShieldAgentVirtualApplianceEvents 28

SyslogFormat 28

8 ViewingtheAuditLog 29

9 vShieldAgentInstallation 31

InstallingvShieldAgents 31

InstallavShieldAgentbyUsingthevShieldAgentTemplate 31

InstallingavShieldAgentManuallyonavSwitch 33

CreateaSecondvSwitch 33

CreatetheProtectedPortGroupontheFirstvSwitch 33

CreatetheUnprotectedPortGroupontheSecondvSwitch 33

AddthevShieldAgenttotheESXHost 34

AssignthevShieldAgentInterfacestoPo

rtGroups 34

SetUpthevShieldAgent 34

AddthevShieldAgenttothevShieldManager 36

MovetheVirtualMachinesfromFirstvSwitchtotheSecondvSwitch 36

InstallingavShieldAgentManuallyonavNetworkDistributedSwitch 36

CreateaSecondvNetworkDistributedSwitch 37

CreatetheProtecteddvPortGroupontheFirstvNetworkDistrib

utedSwitch 37

CreatetheUnprotecteddvPortGrouponSecondvNetworkDistributedSwitch 37

InstallthevShieldAgent 38

AssignthevShieldAgentInterfacestothedvPortGroups 38

SetUpthevShieldAgent 39

AddthevShieldAgenttothevShieldManager 40

PowerOffthevShieldAgentVirtualMachine 40

MovethePhysicalNICsfromvNDS‐1tovNDS‐24

0

PowerOnthevShieldAgentVirtualMachine 41

UninstallingavShieldAgent 41

UninstallaTemplate‐BasedvShieldAgent 41

UninstallaManuallyInstalledvShieldAgentfromavSwitch 41

UninstallaManuallyInstalledvShieldAgentfromavNDS 41

PoweringOffvShieldZonesVirtualMachines 42

10 vShieldAgentManagement 43

SendingvShieldAgentSystemEventstoaSyslogServer 43

BackingUptheRunningCLIConfigurationofavShieldAgent 43

ViewingtheCurrentSystemStatusofavShieldAgent 44

ForcingavShieldAgenttoSynchronizewiththevShieldManager 44

RestartingavShieldAgent 44

ViewingTrafficStatisticsbyvShieldAgentInterface 44

DownloadingtheFirewallLogsofavS

hieldAgent 45

11 FirewallManagement 47

UsingVMWall 47

DefaultRules 47

Layer4RulesandLayer2/Layer3Rules 47

HierarchyofVMWallRules 48

PlanningVMWallRuleEnforcement 48

CreatingaLayer4FirewallRule 48

VMware, Inc. 5

Contents

CreatingaLayer2/Layer3FirewallRule 49

RevertingtoaPreviousVMWallConfiguration 50

DeletingaVMWallRule 50

12 TrafficAnalysis 51

UsingVMFlow 51

ViewingaSpecificApplicationintheVMFlowCharts 52

ChangingtheDateRangeoftheVMFlowCharts 52

ViewingtheVMFlowReport 52

AddingVMWallRulesfromtheVMFlowReport 53

DeletingAllRecordedFlows 54

EditingPortMappings 54

AddinganApplication‐PortPairMapping 54

DeletinganApplication‐PortPairMapping 55

HidingthePortMappingsTa

ble 55

13 VirtualMachineDiscoveryandInventory 57

ReadingtheDiscoveryResultsTable 57

EnablingContinuousDiscovery 58

RunninganOn‐DemandDiscoveryofVirtualMachines 58

SchedulingPeriodicDiscoveryofVirtualMachines 59

TerminatinganIn‐ProgressDiscovery 59

StoppingaScheduledDiscoveryScan 60

UsingVMInventorytoViewVirtualMachineDetails 60

A CommandLineInterface 61

LoggingInandOutoftheCLI 61

CLICommandModes 61

CLISyntax 62

MovingAroundintheCLI 62

GettingHelpwithintheCLI 62

SecuringCLIUserAccountsandthePrivilegedModePassword 63

AddingaCLIUserAccount 63

DeletetheadminUserAccountfromtheCLI 63

ChangetheCLIPrivilegedModePassword 64

CommandReference 64

AdministrativeCommands 65

list 65

reboot 65

shutdown 65

CLIModeCommand

s 66

configureterminal 66

disable 66

enable 66

end 67

exit 67

interface 67

quit 68

ConfigurationCommands 68

clearvmwallrules 68

copyrunning‐configstartup‐config 69

databaseerase 69

enablepassword 69

vShield Zones Administration Guide

6 VMware, Inc.

hostname 70

ipaddress 70

ipnameserver 71

iproute 71

managerkey 72

setclock 72

ntpserver 73

setup 73

syslog 74

write 74

writeerase 75

writememory 75

DebugCommands 75

debugcopy 75

debugpacketcapture 76

debugpacketdisplayinterface 76

debugremove 77

debugservice 77

debugserviceflowsrc 78

debugshowfiles 79

ShowCommands 79

showalerts 79

showarp 80

showclock 80

showdebug 80

showethernet 81

showfilesystem 81

showgatewayrules 81

showhardware 82

showinterface 82

showip

route 83

sh

owlog 83

showlogalerts 84

showlogevents 84

showloglast 84

showmanagerlog 85

showmanagerloglast 85

showntp 86

showrunning‐config 86

showservices 86

showsession‐managercounters 87

showsession‐managersessions 87

showslots 88

showstacktrace 88

showstartup‐config 88

showsyslog 89

showsystemmemory 89

showsystemuptime 89

showversion 90

showvmwalllog 90

showvmwallrules 90

DiagnosticsandTroubleshootingCommands 91

exporttech‐supportsc

p 91

VMware, Inc. 7

Contents

link‐detect 91

ping 91

showtechsupport 92

ssh 92

telnet 92

traceroute 93

UserAdministrationCommands 93

defaultweb‐managerpassword 93

user 93

web‐manager 94

TerminalCommands 94

clearvty 94

reset 95

terminallength 95

terminalnolength 95

DeprecatedCommands 96

B UsingvMotionwithvShieldZones 97

PreventingvMotionfromMovingvShieldZonesVirtualAppliances 97

PermittingvMotiontoMoveProtectedVirtualMachines 98

C UsingvShieldZoneswithCiscoNexus1000VSeriesSwitches 99

AbouttheCiscoNexus1000V 99

Prerequisites 100

DeployingvShieldZones 100

ConfiguretheManagementPortProfile 100

ConfigureVSDPortProfiles 100

ConfigureVSDMemberVirtualMachinePortProfiles 101

DeploythevShieldManagerOVF 101

DeploythevShieldAgentfromOVF 102

AssignthevShieldAgentInterfacestoPortProfiles 102

SetUpthevShieldAgent 103

AddthevShieldAgenttothevShieldManager 104

D Troubleshooting 105

TroubleshootingInstallationIssues 105

vShieldZonesOVFFilesExtractedtoaPCWherevSphereClientIsNotInstalled 105

vShieldZonesOVFFileCannotBeInstalledinvSphereClient 105

vShieldAgentVirtualMachineDoesNotPowerOnAfterOVFIsInstalled 105

CannotLogIntoCLIAfterthevShieldManagerVirtualMachineStarts 106

CannotLogIntoth

evShieldManagerUserInterface 106

CannotSeethevShieldAgentTemplatefromthevShieldManagerUserInterface 106

vShieldAgentInstallationfromvShieldManagerUserInterfaceFails 106

vShieldManagerCannotCommunicatewithavShieldAgent 106

TroubleshootingOperationIssues 107

CannotConfigureavShieldAgent 107

FirewallBlockRuleNotBlockingMatchingTraffic 107

NoFlowDataDisplayinginVMFlow

107

Index 109

vShield Zones Administration Guide

8 VMware, Inc.

VMware, Inc. 9

Thismanual,thevShieldZonesAdministrationGuide,describeshowtoinstall,configure,monitor,andmaintain

theVMwarevShieldZonessystembyusingthevShieldManageruserinterfaceandcommandlineinterface

(CLI).Theinformationincludesstep‐by‐stepconfigurationinstructions,andsuggestedbestpractices.

Intended Audience

ThismanualisintendedforanyonewhowantstoinstallorusevShieldZonesinaVMwarevCenter

environment.Theinformationinthismanualiswrittenforexperiencedsystemadministratorswhoare

familiarwithvirtualmachinetechnologyandvirtualdatacenteroperations.Thismanualassumesfamiliarity

withVMwareInfrastructure,includingVMwareESX4.

0,vCenterServer,andthevSphereClient.

Document Feedback

VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhavecomments,sendyour

feedbacktodocfeedback@vmware.com.

vShield Zones Documentation

ThefollowingdocumentscomprisethevShieldZonesdocumentationset:

 vShieldZonesAdministrationGuide

 vShieldZonesQuickStartGuide

 IntroductiontovShieldZones

Technical Support and Education Resources

Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Toaccessthecurrentversion

ofthisbookandotherbooks,gotohttp://www.vmware.com/support/pubs.

Online and Telephone Support

Touseonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and

registeryourproducts,gotohttp://www.vmware.com/support.

Customerswithappropriatesupportcontractsshouldusetelephonesupportforthefastestresponseon

priority1issues.Gotohttp://www.vmware.com/support/phone_support.

Support Offerings

TofindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds,goto

http://www.vmware.com/support/services.

About This Book

vShield Zones Administration Guide

10 VMware, Inc.

VMware Professional Services

VMwareEducationServicescoursesofferextensivehands‐onlabs,casestudyexamples,andcoursematerials

designedtobeusedason‐the‐jobreferencetools.Coursesareavailableonsite,intheclassroom,andlive

online.Foronsitepilotprograms andimplementationbestpractices,VMwareConsultingServicesprovides

offeringsto helpyouassess,plan,build,andmanageyo

urvirtualenvironment.Toaccessinformationabout

educationclasses,certificationprograms,andconsultingservices,gotohttp://www.vmware.com/services.

VMware, Inc. 11

1

vShieldZonesisanapplication‐awarefirewallbuiltforVMware

®

vCenterServerintegration.vShieldZones

inspectsclient‐servercommunicationsandinter‐virtual‐machinecommunicationtoprovidedetailedtraffic

analyticsandapplication‐awarefirewallprotection.vShieldZonesisacriticalsecuritycomponentfor

protectingvirtualizeddatacentersfromattacksandmisusehelpingyouachieveyourcompliance‐mandated

goals.

Thisguideassumesyouhaveadministrato

raccesstotheentirevShieldZonessystem.Theviewableresources

inthevShieldManageruserinterfacecandifferbasedontheassignedroleandrightsofauser.Ifyouare

unabletoaccessascreenorperformaparticulartask,consultyourvShieldZonesadministrator.

vShield Zones Components

vShieldZonesincludescomponentsandservicesessentialforprotectingvirtualmachines.vShieldZonescan

beconfiguredthroughaweb‐baseduserinterfaceandacommandlineinterface(CLI).

TorunvShieldZones,youneedonevShieldManagervirtualmachineandatleastonevShieldagentvirtual

machine.

vShield Manager

ThevShieldManageristhecentralizednetworkmanagementcomponentofvShieldZonesandisinstalledas

avirtualmachinebyusingthevSphereClient.UsingthevShieldManageruserinterface,administrators

install,configure,andmaintainvShieldagents.AvShieldManagercanrunonadifferentESXhostfromyour

vShieldagentsandsti

llcontrolmanyvShieldagentsacrossotherESXhosts.

ThevShieldManagerleveragestheVMwareInfrastructureSDKtodisplayacopyofthevSphereClient

inventorypanel.

YoucanconnecttothevShieldManagerusingoneofthefollowingsupportedWebbrowsers:

 InternetExplorer5.xandlater

 MozillaFirefox1.xandlater

 Safari1.xor2.x

FormoreontheusingthevShieldManageruserinterface,seeChapter 2,“vShieldManagerUserInterface

Basics,”onpage 13.

vShield Agent

ThevShieldagentistheactivesecuritycomponent,inspectingtrafficandprovidingfirewallprotection.You

caninstallavShieldagentonavSwitchthathomesaphysicalNIC.AsanESXhostcanhavemultiple

vSwitchesandphysicalNICs,youcaninstallmultiplevShieldagentsonasingleESXhost.Eachinstalled

vS

hieldagentmonitorsallincomingandoutgoingtrafficonthehostvSwitch.Astrafficpassesthrougha

vShieldagent,aprocesscalleddiscoveryinspectssessionheaderstocatalogthedata.Discoverycreatesa

Overview of vShield Zones

1

vShield Zones Administration Guide

12 VMware, Inc.

profileforeachvirtualmachinedetailingtheoperatingsystem,applications,ports,andprotocolsusedin

networkcommunication.Basedonthisinformation,thevShieldagentallowsephemeralportusageby

permittingdynamicprotocolssuchasFTPandRPCtopassthroughwhilemaintaininglockdownonports

1024andhigher.

EachvShieldagentprovidesrichtrafficstati

stics,whichyoucanusetocreatefirewallallowanddenyrulesto

regulateaccessinandoutofyourvirtualnetwork.Trafficstatisticscanalsobeusedfornetwork

troubleshooting,suchasdetectinghighorlowtrafficusagebyanapplication,server,orclient.

UsingthevSphereClient,yo

uinstallthevShieldagentasatemplate.Thetemplateallowsyoutoinstall

multiplevShieldagentsfromthevShieldManagerintoyourvCenterenvironment.

VMware, Inc. 13

2

ThevShieldManageruserinterfaceoffersconfigurationanddataviewingoptionsspecifictovShieldZones

use.ByutilizingtheVMwareInfrastructureSDK,thevShieldManagerdisplaysyourvSphereClientinventory

panelforacompleteviewofyourvCenterenvironment.

Thechapterincludesthefollowingtopics:

 “LoggingintothevShieldManager”onpage 13

 “A c c e s s i n g theOnlineHelp”onpage 13

 “vShieldManagerUserInterface”onpage 13

Logging in to the vShield Manager

YouaccessthevShieldManagermanagementinterfacebyusingaWebbrowser.

To log in to the vShield Manager user interface

1OpenaWebbrowserwindowandtypetheIPaddressassignedtothevShieldManager.

YoumustprependtheIPaddresswithhttps.

2Acceptthesecuritycertificate.

ThevShieldManagerloginscreenappears.

3LogintothevShieldManageruserinterfacebyus

ingtheusernameadminandthepassworddefault.

Youshouldchangethedefaultpasswordasoneofyourfirsttaskstopreventunauthorizeduse.See

“EditingaUserAccount”onpage 24.

4ClickLogIn.

Accessing the Online Help

TheOnlineHelpcanbeaccessedbyclickingintheupperrightofthevShieldManager.

vShield Manager User Interface

ThevShieldManageruserinterfaceisdividedintotwopanels:theinventorypanelandtheconfiguration

panel.Youselectaresourcefromtheinventorypaneltoopentheavailabledetailsandconfigurationoptions

intheconfigurationpanel.

vShield Manager User Interface

Basics

2

vShield Zones Administration Guide

14 VMware, Inc.

vShield Manager Inventory Panel

ThevShieldManagerinventorypanelhierarchymimicsthevSphereClientinventoryhierarchy.Resources

includetherootfolder,datacenters,clusters,portgroups,ESXhosts,andvirtualmachines,includingyour

installedvShieldagents.Asaresult,thevShieldManagermaintainssolidaritywithyourvCenterServer

inventorytopresentacompleteviewofyourvi

rtualdeployment.ThevShieldManageristheonlyvirtual

machinethatdoesnotappearinthevShieldManagerinventorypanel.vShieldManagersettingsare

configuredfromtheSettings&Reportsresourceatoptheinventorypanel.

Theinventorypanelofferstwoviews:Hosts&ClustersandNetworks.TheHosts&Clustersviewdi

splays

theclusters,resourcepools,andESXhostsinyourinventory.TheNetworksviewdisplaystheVLANnetworks

andportgroupsinyourinventory.TheseviewsareconsistentwiththesameviewsinthevSphereClient.

Whenclicked,eachinventoryobjecthasaspecificsetoftabsthatappearintheconfiguratio

npanel.

TherearedifferencesintheiconsforvirtualmachinesandvShieldagentsbetweenthevShieldManagerand

thevSphereClientinventorypanels.CustomiconsareusedtoshowthedifferencebetweenvShieldagents

andvirtualmachines,andthedifferencebetweenprotectedandunprotectedvirtualmachines.

Refreshing the Inventory Panel

Torefreshthelistofresourcesintheinventorypanel,click .Therefreshactionrequeststhelatestresource

informationfromthevCenterServer. Bydefault,thevShieldManagerrequestsresourceinformationfromthe

vCenterServereveryfiveminutes.

Searching the Inventory Panel

Tosearchtheinventorypanelforaspecificresource,typeastringinthefieldatopthevShieldManager

inventorypanelandclick .

vShield Manager Configuration Panel

ThevShieldManagerconfigurationpanelpresentsthesettingsthatcanbeconfiguredbasedontheselected

inventoryresourceandtheoutputofvShieldZonesoperation.Eachresourceoffersmultipletabs,eachtab

presentinginformationorconfigurationformscorrespondingtotheresource.

Becauseeachresourcehasadifferent purpose,sometabsarespecifictocertainresourc

es.Also,sometabshave

asecondlevelofoptions.

Table 2-1. vShield Agent and Virtual Machine Icons in the Inventory Panel

Icon Description

ApoweredonvShieldagentinactiveprotectionstate.

ApoweredoffvShieldagent.

ApoweredonvirtualmachinethatisprotectedbyavShieldagent.

ApoweredonvirtualmachinethatisnotprotectedbyavShieldagent.

Avirtualmachinethatispoweredoff.

VMware, Inc. 15

3

ThevShieldManagerrequirescommunicationwithyourvCenterServerandservicessuchasDNSandNTP

toprovidedetailsonyourVMwareInfrastructureinventory.

Thechapterincludesthefollowingtopics:

 “IdentifyingYourvCenterServer”onpage 15

 “IdentifyingDNSServices”onpage 16

 “SettingthevShieldManagerDateandTime”onpage 16

 “IdentifyingaProxyServer”onpage 16

 “DownloadingaTechnicalSupportLogfromaComponent”onpage 17

 “ViewingvShieldManagerSystemStatus”onpage 17

 “InstallingavShieldAgentManually”onpage 17

 “RegisteringthevShieldManagerasavSphereClientPlug‐in”onpage 17

Identifying Your vCenter Server

AfterinstallingthevShieldManagerasavirtualmachine,logintothevShieldManageruserinterfaceto

connecttoyourvCenterServer.ThisenablesthevShieldManagertodisplayyourVMwareInfrastructure

inventory.

To identify your vCenter Server from the vShield Manager

1LogintothevShieldManager .

Uponinitiallogin,thevShieldManageropenstotheConfiguration>vCentertab.Ifyo

uhavepreviously

configuredthevCentertabform,performthefollowingsteps:

aClicktheSettings&ReportsfromthevShieldManagerinventorypanel.

bClicktheConfigurationtab.

ThevCenterscreenappears.

2TypetheIPaddressofyourvCenterServerintheIPaddress/Namefield.

3TypeyourvSphereClientloginuserna

meintheUserNamefield.

Thisuseraccountmusthaveadministratoraccess.

4TypethepasswordassociatedwiththeusernameinthePasswordfield.

5ClickCommit.

Management System Settings

3

vShield Zones Administration Guide

16 VMware, Inc.

ThevShieldManagerconnectstothevCenterServer,logson,andutilizestheVMwareInfrastructureSDK

topopulatethevShieldManagerinventorypanel.Theinventorypanelispresentedontheleftsideofthe

screen.ThisresourcetreeshouldmatchyourVMwareInfrastructureinventorypanel.ThevShield

ManagerdoesnotappearinthevS

hieldManagerinventorypanel.

Identifying DNS Services

YoucanspecifyuptothreeDNSserversthatthevShieldManagercanuseforIPaddressandhostname

resolution.AsalloftheIPaddressesandhostnamesaregenerallynotavailableononeDNSserver,identifying

asecondorthirdDNSserverprovidesthebestcoverage.

To identify a DNS server

1ClickSettings&Re

portsfromthevShieldManagerinventorypanel.

2ClicktheConfigurationtab.

3ClickDNS.

4TypeanIPaddressinPrimaryDNSIPAddresstoidentifytheprimaryDNSserver.

Thisserverischeckedfirstforallresolutionrequests.

5 (Optional)TypeanIPaddressintheSecondaryDNSIPAddressfield.

6 (Optional)TypeanIPaddressintheTertiaryDNSIPAddressfield.

7ClickSave.

Setting the vShield Manager Date and Time

Youcansetthedate,time,andtimezoneofthevShieldManager.YoucanalsospecifyaconnectiontoanNTP

servertoestablishacommonnetworktime.Dateandtimevaluesareusedinthesystemtostampeventsas

theyoccur.

To set the date and time configuration of the vShield Manager

1ClickSettings&ReportsfromthevShieldManagerin

ventorypanel.

2ClicktheConfigurationtab.

3ClickDate/Time.

4IntheDateandClockfield,typethedateandtimeintheformatYYYY‐MM‐DDHH:MM:SS.

5IntheNTPServerfield,typetheIPaddressofyourNTPserver.

6FromtheTimeZonedrop‐downmenu,selecttheappropriatetimezone.

7ClickSave.

Identifying a Proxy Server

Ifyouuseaproxyserverfornetworkconnectivity,youcanconfigurethevShieldManagertousetheproxy

server.ThevShieldManagersupportsapplication‐levelHTTP/HTTPSproxiessuchasCacheFlowand

MicrosoftISAServer.

To identify a proxy server

1ClickSettings&ReportsfromthevShieldManagerinventorypanel.

2ClicktheConfigurationtab.

3ClickHTTPProxy.

4F

romtheUseProxydrop‐downmenu,selectYes.

5 (Optional)TypethehostnameoftheproxyserverintheProxyHostNamefield.

VMware, Inc. 17

Chapter 3 Management System Settings

6TypetheIPaddressoftheproxyserverintheProxyIPAddressfield.

7TypetheconnectingportnumberonyourproxyserverintheProxyPortfield.

8TypetheUserNamerequiredtologintotheproxyserver.

9TypethePasswordassociatedwiththeusernameforproxyserverlogin.

10 ClickSave.

Downloading a Technical Support Log from a Component

YoucanusetheSupportoptiontodownloadthesystemlogfromavShieldZonescomponenttoyourPC.

Asystemlogcanbeusedtotroubleshootoperationalissues.

To download a vShield Zones component system log

1ClickSettings&ReportsfromthevShieldManagerinventorypanel.

2ClicktheConfigurationtab.

3ClickSupport.

4UnderTechSupportLogDownload,clickInitiatenexttotheappropriatecom

ponent.

Onceinitiated,thelogisgeneratedanduploadedtothevShieldManager.Thismighttakeseveral

seconds.

5Afterthelogisready,clicktheDownloadlinktodownloadthelogtoyourPC.

Thelogiscompressedandhastheproprietaryfileextension.blsl.Youcanopenth

elogusinga

decompressionutilitybybrowsingforAllFilesinthedirectorywhereyousavedthefile.

Backing Up vShield Manager Data

YoucanusetheBackupsoptiontobackupvShieldManagerdata.See“BackingUpvShieldManagerData”

onpage 19.

Viewing vShield Manager System Status

TheStatustabdisplaysthestatusofvShieldManagersystemresourceutilization,andincludesthesoftware

versiondetails,licensestatus,andserialnumber.Theserialnumbermustberegisteredwithtechnicalsupport

forupdateandsupportpurposes.

To view the system status of the vShield Manager

1ClickSettings&ReportsfromthevShieldManagerinventorypanel.

2ClicktheConfigurationtab.

3ClickStatu

s.

4 (Optional)ClickVersio n StatustoreviewthecurrentversionofsystemsoftwarerunningonyourvShield

Zonescomponents.

TheUpdateStatustabappears.See“ViewingCurrentSystemSoftware”onpage 21.

Installing a vShield Agent Manually

YoucanusetheManualInstalloptiontoinstallavShieldagent.See “InstallingvShieldAgents”onpage 31.

Registering the vShield Manager as a vSphere Client Plug-in

ThevSpherePlug‐inoptionletsyouregisterthevShieldManagerasavSphereClientplug‐in.Afterthe

plug‐inisregistered,youcanopenthevShieldManageruserinterfacefromthevSphereClient.

vShield Zones Administration Guide

18 VMware, Inc.

To register the vShield Manager as a vSphere Client plug-in

1IfyouareloggedintothevSphereClient,logout.

2LogintothevShieldManager .

3ClickSettings&ReportsfromthevShieldManagerinventorypanel.

4ClicktheConfigurationtab.

5ClickvSpherePlug‐in.

6ClickRegister.

7LogintothevSphereClient.

VerifythatvShieldappearsasavSphereClientoption.

8ClickvShieldtoconnecttothevShieldManager.

ThevShieldManagerloginscreenappearsinthevSphereClientwindow.

VMware, Inc. 19

4

YoucanbackupandrestoreyourvShieldManagerdata,whichcanincludesystemconfiguration,events,and

auditlogtables.Configurationtablesareincludedineverybackup.Youcan,however,excludesystemand

auditlogevents.BackupsaresavedtoaremotelocationthatmustbeaccessiblebythevShieldManager.

Bac

kupscanbeexecutedaccordingtoascheduleorondemand.

Thischapterincludesthefollowingtopics:

 “BackingUpYourvShieldManagerDataonDemand”onpage 19

 “SchedulingaBackupofvShieldManagerData”onpage 20

 “RestoringaBackup”onpage 20

Backing Up Your vShield Manager Data on Demand

YoucanbackupvShieldManagerdataatanytimebyperforminganon‐demandbackup.

To back up the vShield Manager database

1ClickSettings&ReportsfromthevShieldManagerinventorypanel.

2ClicktheConfigurationtab.

3ClickBackups.

4 (Optional)SelecttheExcludeSystemEventscheckboxifyoudonotwanttobackupsystemeventtables.

5 (Optional)SelecttheExcludeA

uditLogscheckboxifyoudonotwanttobackupauditlogtables.

6TypetheHostIPAddressofthesystemwherethebackupwillbesaved.

7 (Optional)TypetheHostNameofthebackupsystem.

8TypetheUserNamerequiredtologintothebackupsystem.

9TypethePasswordassociatedwiththeusernameforthebackupsystem.

10 IntheBackupDirectoryfield,typetheabsolutepathwherebackupsaretobestored.

11 TypeatextstringinFilenamePrefix.

Thistextisprependedtothebackupfilenameforeasyrecognitiononthebackupsystem.Forexample,if

youtypeppdb,theresultingbackupisnamedasppdbHH_MM_SS_DayDDMonYYYY.

12 FromtheTransferProtocoldrop‐downmenu,selecteitherSFTPorFTP .

13 ClickBackup.

Oncecomplete,thebackupappearsinatablebelowthisform.

14 ClickSaveSettingstosavetheconfiguration.

Backing Up vShield Manager Data

4

vShield Zones Administration Guide

20 VMware, Inc.

Scheduling a Backup of vShield Manager Data

Youcanonlyscheduletheparametersforonetypeofbackupatanygiventime.Youcannotschedulea

configuration‐onlybackupandacompletedatabackuptorunsimultaneously.

To schedule periodic backups of your vShield Manager data

1ClickSettings&ReportsfromthevShieldManagerinventorypanel.

2ClicktheConfigurationtab.

3ClickBackups.

4FromtheScheduledBackupsdrop‐downmenu,sel

ectOn.

5FromtheBackupFrequencydrop‐downmenu,selectHourly,Daily,orWeekly.

TheDayofWeek,HourofDay,andMinutedrop‐downmenusaredisabledbasedontheselected

frequency.Forexample,ifyouselectDaily,theDayofWeekdrop‐downmenuisdi

sabledasthisfieldis

notapplicabletoadailyfrequency.

6 (Optional)SelecttheExcludeSystemEventscheckboxifyoudonotwanttobackupsystemeventtables.

7 (Optional)SelecttheExcludeAuditLogcheckboxifyoudonotwanttobackupauditlogtables.

8TypetheHostIPAddressofthesy

stemwherethebackupwillbesaved.

9 (Optional)TypetheHostNameofthebackupsystem.

10 TypetheUserNamerequiredtologintothebackupsystem.

11 TypethePasswordassociatedwiththeusernameforthebackupsystem.

12 IntheBackupDirectoryfield,typetheabsolutepathwherebackupswillbestored.

13 TypeatextstringinFilenamePrefix.

Thistextisprependedtoeachbackupfilenameforeasyrecognitiononthebackupsystem.Forexample,

ifyoutypeppdb,theresultingbackupisnamedasppdbHH_MM_SS_DayDDMonYYYY.

14 FromtheTransferProtocoldrop‐downmenu,selecteitherSFTPorFT

P ,basedonwhatthedestination

supports.

15 ClickSaveSettings.

Restoring a Backup

Torestoreanavailablebackup,theHostIPAddress,UserName,Password,andBackupDirectoryfieldsin

theBackupsscreenmusthavevaluesthatidentifythelocationofthebackuptoberestored.Whenyourestore

abackup,thecurrentconfigurationisoverridden.Ifthebackupfilecontainssystemeventan

dauditlogdata,

thatdataisalsorestored.

To restore an available vShield Manager backup

1ClickSettings&ReportsfromthevShieldManagerinventorypanel.

2ClicktheConfigurationtab.

3ClickBackups.

4ClickViewBackupstoviewallavailablebackupssavedtothebackupserver.

5 Selectthecheckboxforthebackuptorestore.

6ClickRestore.

7ClickOKtoco

nfirm.

I

MPORTANTBackupyourcurrentdatabeforerestoringabackupfile.

Page is loading ...

VMware vShield 1.0 User guide

VMware vShield 1.0 User guide

Related papers

Other documents