2. Computers & electronics
  3. Software
  4. Computer utilities
  5. System management software
  6. VMware
  7. vShield 1.0

VMware vShield 1.0 User guide

  • Hello! I am an AI chatbot trained to assist you with the VMware vShield 1.0 User guide. I’ve already reviewed the document and can help you find the information you need or explain it in simple terms. Just ask your questions, and providing more details will help me assist you more effectively!
vShield Zones Administration Guide
vShield Zones 1.0 Update 1
EN-000167-00
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
vShield Zones Administration Guide
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2009 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and
intellectual property laws. VMware products are covered by one or more patents listed at
http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks
and names mentioned herein may be trademarks of their respective companies.
VMware, Inc. 3
Contents
AboutThisBook 9
1 OverviewofvShieldZones 11
vShieldZonesComponents 11
vShieldManager 11
vShieldAgent 11
2 vShieldManagerUserInterfaceBasics 13
LoggingintothevShieldManager 13
AccessingtheOnlineHelp 13
vShieldManagerUserInterface 13
vShieldManagerInventoryPanel 14
RefreshingtheInventoryPanel 14
SearchingtheInventoryPanel 14
vShieldManagerConfigurationPanel 14
3 ManagementSystemSettings 15
IdentifyingYourvCenterServer 15
IdentifyingDNSServices 16
SettingthevShieldManagerDateandTime 16
IdentifyingaProxyServer 16
DownloadingaTechnicalSupportLogfromaComponent 17
BackingUpvShieldManagerData 17
ViewingvShieldManagerSystemStatus 17
InstallingavShieldAgentManually 17
RegisteringthevShieldManagerasavSphereClientPlugin 17
4 BackingUpvShieldManagerData 19
BackingUpYourvShieldManagerDataonDemand 19
SchedulingaBackupofvShieldManagerData 20
RestoringaBackup 20
5 UpdatingtheSystemSoftware 21
ViewingCurrentSystemSoftware 21
UploadinganUpdate 21
ReviewingtheUpdateHistory 22
6 UserManagement 23
ManagingUserRights 23
ManagingtheDefaultUserAccount 24
AddingaUser 24
AssigningaRoleandRightstoaUser 24
EditingaUserAccount 24
DeletingaUserAccount 25
vShield Zones Administration Guide
4 VMware, Inc.
7 SystemEvents 27
ViewingtheSystemEventReport 27
SystemEventNotifications 27
vShieldManagerVirtualApplianceEvents 27
vShieldAgentVirtualApplianceEvents 28
SyslogFormat 28
8 ViewingtheAuditLog 29
9 vShieldAgentInstallation 31
InstallingvShieldAgents 31
InstallavShieldAgentbyUsingthevShieldAgentTemplate 31
InstallingavShieldAgentManuallyonavSwitch 33
CreateaSecondvSwitch 33
CreatetheProtectedPortGroupontheFirstvSwitch 33
CreatetheUnprotectedPortGroupontheSecondvSwitch 33
AddthevShieldAgenttotheESXHost 34
AssignthevShieldAgentInterfacestoPo
rtGroups 34
SetUpthevShieldAgent 34
AddthevShieldAgenttothevShieldManager 36
MovetheVirtualMachinesfromFirstvSwitchtotheSecondvSwitch 36
InstallingavShieldAgentManuallyonavNetworkDistributedSwitch 36
CreateaSecondvNetworkDistributedSwitch 37
CreatetheProtecteddvPortGroupontheFirstvNetworkDistrib
utedSwitch 37
CreatetheUnprotecteddvPortGrouponSecondvNetworkDistributedSwitch 37
InstallthevShieldAgent 38
AssignthevShieldAgentInterfacestothedvPortGroups 38
SetUpthevShieldAgent 39
AddthevShieldAgenttothevShieldManager 40
PowerOffthevShieldAgentVirtualMachine 40
MovethePhysicalNICsfromvNDS1tovNDS24
0
PowerOnthevShieldAgentVirtualMachine 41
UninstallingavShieldAgent 41
UninstallaTemplateBasedvShieldAgent 41
UninstallaManuallyInstalledvShieldAgentfromavSwitch 41
UninstallaManuallyInstalledvShieldAgentfromavNDS 41
PoweringOffvShieldZonesVirtualMachines 42
10 vShieldAgentManagement 43
SendingvShieldAgentSystemEventstoaSyslogServer 43
BackingUptheRunningCLIConfigurationofavShieldAgent 43
ViewingtheCurrentSystemStatusofavShieldAgent 44
ForcingavShieldAgenttoSynchronizewiththevShieldManager 44
RestartingavShieldAgent 44
ViewingTrafficStatisticsbyvShieldAgentInterface 44
DownloadingtheFirewallLogsofavS
hieldAgent 45
11 FirewallManagement 47
UsingVMWall 47
DefaultRules 47
Layer4RulesandLayer2/Layer3Rules 47
HierarchyofVMWallRules 48
PlanningVMWallRuleEnforcement 48
CreatingaLayer4FirewallRule 48
VMware, Inc. 5
Contents
CreatingaLayer2/Layer3FirewallRule 49
RevertingtoaPreviousVMWallConfiguration 50
DeletingaVMWallRule 50
12 TrafficAnalysis 51
UsingVMFlow 51
ViewingaSpecificApplicationintheVMFlowCharts 52
ChangingtheDateRangeoftheVMFlowCharts 52
ViewingtheVMFlowReport 52
AddingVMWallRulesfromtheVMFlowReport 53
DeletingAllRecordedFlows 54
EditingPortMappings 54
AddinganApplicationPortPairMapping 54
DeletinganApplicationPortPairMapping 55
HidingthePortMappingsTa
ble 55
13 VirtualMachineDiscoveryandInventory 57
ReadingtheDiscoveryResultsTable 57
EnablingContinuousDiscovery 58
RunninganOnDemandDiscoveryofVirtualMachines 58
SchedulingPeriodicDiscoveryofVirtualMachines 59
TerminatinganInProgressDiscovery 59
StoppingaScheduledDiscoveryScan 60
UsingVMInventorytoViewVirtualMachineDetails 60
A CommandLineInterface 61
LoggingInandOutoftheCLI 61
CLICommandModes 61
CLISyntax 62
MovingAroundintheCLI 62
GettingHelpwithintheCLI 62
SecuringCLIUserAccountsandthePrivilegedModePassword 63
AddingaCLIUserAccount 63
DeletetheadminUserAccountfromtheCLI 63
ChangetheCLIPrivilegedModePassword 64
CommandReference 64
AdministrativeCommands 65
list 65
reboot 65
shutdown 65
CLIModeCommand
s 66
configureterminal 66
disable 66
enable 66
end 67
exit 67
interface 67
quit 68
ConfigurationCommands 68
clearvmwallrules 68
copyrunningconfigstartupconfig 69
databaseerase 69
enablepassword 69
vShield Zones Administration Guide
6 VMware, Inc.
hostname 70
ipaddress 70
ipnameserver 71
iproute 71
managerkey 72
setclock 72
ntpserver 73
setup 73
syslog 74
write 74
writeerase 75
writememory 75
DebugCommands 75
debugcopy 75
debugpacketcapture 76
debugpacketdisplayinterface 76
debugremove 77
debugservice 77
debugserviceflowsrc 78
debugshowfiles 79
ShowCommands 79
showalerts 79
showarp 80
showclock 80
showdebug 80
showethernet 81
showfilesystem 81
showgatewayrules 81
showhardware 82
showinterface 82
showip
route 83
sh
owlog 83
showlogalerts 84
showlogevents 84
showloglast 84
showmanagerlog 85
showmanagerloglast 85
showntp 86
showrunningconfig 86
showservices 86
showsessionmanagercounters 87
showsessionmanagersessions 87
showslots 88
showstacktrace 88
showstartupconfig 88
showsyslog 89
showsystemmemory 89
showsystemuptime 89
showversion 90
showvmwalllog 90
showvmwallrules 90
DiagnosticsandTroubleshootingCommands 91
exporttechsupportsc
p 91
VMware, Inc. 7
Contents
linkdetect 91
ping 91
showtechsupport 92
ssh 92
telnet 92
traceroute 93
UserAdministrationCommands 93
defaultwebmanagerpassword 93
user 93
webmanager 94
TerminalCommands 94
clearvty 94
reset 95
terminallength 95
terminalnolength 95
DeprecatedCommands 96
B UsingvMotionwithvShieldZones 97
PreventingvMotionfromMovingvShieldZonesVirtualAppliances 97
PermittingvMotiontoMoveProtectedVirtualMachines 98
C UsingvShieldZoneswithCiscoNexus1000VSeriesSwitches 99
AbouttheCiscoNexus1000V 99
Prerequisites 100
DeployingvShieldZones 100
ConfiguretheManagementPortProfile 100
ConfigureVSDPortProfiles 100
ConfigureVSDMemberVirtualMachinePortProfiles 101
DeploythevShieldManagerOVF 101
DeploythevShieldAgentfromOVF 102
AssignthevShieldAgentInterfacestoPortProfiles 102
SetUpthevShieldAgent 103
AddthevShieldAgenttothevShieldManager 104
D Troubleshooting 105
TroubleshootingInstallationIssues 105
vShieldZonesOVFFilesExtractedtoaPCWherevSphereClientIsNotInstalled 105
vShieldZonesOVFFileCannotBeInstalledinvSphereClient 105
vShieldAgentVirtualMachineDoesNotPowerOnAfterOVFIsInstalled 105
CannotLogIntoCLIAfterthevShieldManagerVirtualMachineStarts 106
CannotLogIntoth
evShieldManagerUserInterface 106
CannotSeethevShieldAgentTemplatefromthevShieldManagerUserInterface 106
vShieldAgentInstallationfromvShieldManagerUserInterfaceFails 106
vShieldManagerCannotCommunicatewithavShieldAgent 106
TroubleshootingOperationIssues 107
CannotConfigureavShieldAgent 107
FirewallBlockRuleNotBlockingMatchingTraffic 107
NoFlowDataDisplayinginVMFlow
107
Index 109
vShield Zones Administration Guide
8 VMware, Inc.
VMware, Inc. 9
Thismanual,thevShieldZonesAdministrationGuide,describeshowtoinstall,configure,monitor,andmaintain
theVMwarevShieldZonessystembyusingthevShieldManageruserinterfaceandcommandlineinterface
(CLI).Theinformationincludesstepbystepconfigurationinstructions,andsuggestedbestpractices.
Intended Audience
ThismanualisintendedforanyonewhowantstoinstallorusevShieldZonesinaVMwarevCenter
environment.Theinformationinthismanualiswrittenforexperiencedsystemadministratorswhoare
familiarwithvirtualmachinetechnologyandvirtualdatacenteroperations.Thismanualassumesfamiliarity
withVMwareInfrastructure,includingVMwareESX4.
0,vCenterServer,andthevSphereClient.
Document Feedback
VMwarewelcomesyoursuggestionsforimprovingourdocumentation.Ifyouhavecomments,sendyour
feedbacktodocfeedback@vmware.com.
vShield Zones Documentation
ThefollowingdocumentscomprisethevShieldZonesdocumentationset:
vShieldZonesAdministrationGuide
vShieldZonesQuickStartGuide
IntroductiontovShieldZones
Technical Support and Education Resources
Thefollowingsectionsdescribethetechnicalsupportresourcesavailabletoyou.Toaccessthecurrentversion
ofthisbookandotherbooks,gotohttp://www.vmware.com/support/pubs.
Online and Telephone Support
Touseonlinesupporttosubmittechnicalsupportrequests,viewyourproductandcontractinformation,and
registeryourproducts,gotohttp://www.vmware.com/support.
Customerswithappropriatesupportcontractsshouldusetelephonesupportforthefastestresponseon
priority1issues.Gotohttp://www.vmware.com/support/phone_support.
Support Offerings
TofindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds,goto
http://www.vmware.com/support/services.
About This Book
vShield Zones Administration Guide
10 VMware, Inc.
VMware Professional Services
VMwareEducationServicescoursesofferextensivehandsonlabs,casestudyexamples,andcoursematerials
designedtobeusedasonthejobreferencetools.Coursesareavailableonsite,intheclassroom,andlive
online.Foronsitepilotprograms andimplementationbestpractices,VMwareConsultingServicesprovides
offeringsto helpyouassess,plan,build,andmanageyo
urvirtualenvironment.Toaccessinformationabout
educationclasses,certificationprograms,andconsultingservices,gotohttp://www.vmware.com/services.
VMware, Inc. 11
1
vShieldZonesisanapplicationawarefirewallbuiltforVMware
®
vCenterServerintegration.vShieldZones
inspectsclientservercommunicationsandintervirtualmachinecommunicationtoprovidedetailedtraffic
analyticsandapplicationawarefirewallprotection.vShieldZonesisacriticalsecuritycomponentfor
protectingvirtualizeddatacentersfromattacksandmisusehelpingyouachieveyourcompliancemandated
goals.
Thisguideassumesyouhaveadministrato
raccesstotheentirevShieldZonessystem.Theviewableresources
inthevShieldManageruserinterfacecandifferbasedontheassignedroleandrightsofauser.Ifyouare
unabletoaccessascreenorperformaparticulartask,consultyourvShieldZonesadministrator.
vShield Zones Components
vShieldZonesincludescomponentsandservicesessentialforprotectingvirtualmachines.vShieldZonescan
beconfiguredthroughawebbaseduserinterfaceandacommandlineinterface(CLI).
TorunvShieldZones,youneedonevShieldManagervirtualmachineandatleastonevShieldagentvirtual
machine.
vShield Manager
ThevShieldManageristhecentralizednetworkmanagementcomponentofvShieldZonesandisinstalledas
avirtualmachinebyusingthevSphereClient.UsingthevShieldManageruserinterface,administrators
install,configure,andmaintainvShieldagents.AvShieldManagercanrunonadifferentESXhostfromyour
vShieldagentsandsti
llcontrolmanyvShieldagentsacrossotherESXhosts.
ThevShieldManagerleveragestheVMwareInfrastructureSDKtodisplayacopyofthevSphereClient
inventorypanel.
YoucanconnecttothevShieldManagerusingoneofthefollowingsupportedWebbrowsers:
InternetExplorer5.xandlater
MozillaFirefox1.xandlater
Safari1.xor2.x
FormoreontheusingthevShieldManageruserinterface,seeChapter 2,“vShieldManagerUserInterface
Basics,”onpage 13.
vShield Agent
ThevShieldagentistheactivesecuritycomponent,inspectingtrafficandprovidingfirewallprotection.You
caninstallavShieldagentonavSwitchthathomesaphysicalNIC.AsanESXhostcanhavemultiple
vSwitchesandphysicalNICs,youcaninstallmultiplevShieldagentsonasingleESXhost.Eachinstalled
vS
hieldagentmonitorsallincomingandoutgoingtrafficonthehostvSwitch.Astrafficpassesthrougha
vShieldagent,aprocesscalleddiscoveryinspectssessionheaderstocatalogthedata.Discoverycreatesa
Overview of vShield Zones
1
vShield Zones Administration Guide
12 VMware, Inc.
profileforeachvirtualmachinedetailingtheoperatingsystem,applications,ports,andprotocolsusedin
networkcommunication.Basedonthisinformation,thevShieldagentallowsephemeralportusageby
permittingdynamicprotocolssuchasFTPandRPCtopassthroughwhilemaintaininglockdownonports
1024andhigher.
EachvShieldagentprovidesrichtrafficstati
stics,whichyoucanusetocreatefirewallallowanddenyrulesto
regulateaccessinandoutofyourvirtualnetwork.Trafficstatisticscanalsobeusedfornetwork
troubleshooting,suchasdetectinghighorlowtrafficusagebyanapplication,server,orclient.
UsingthevSphereClient,yo
uinstallthevShieldagentasatemplate.Thetemplateallowsyoutoinstall
multiplevShieldagentsfromthevShieldManagerintoyourvCenterenvironment.
VMware, Inc. 13
2
ThevShieldManageruserinterfaceoffersconfigurationanddataviewingoptionsspecifictovShieldZones
use.ByutilizingtheVMwareInfrastructureSDK,thevShieldManagerdisplaysyourvSphereClientinventory
panelforacompleteviewofyourvCenterenvironment.
Thechapterincludesthefollowingtopics:
“LoggingintothevShieldManageronpage 13
“A c c e s s i n g theOnlineHelp”onpage 13
“vShieldManagerUserInterface”onpage 13
Logging in to the vShield Manager
YouaccessthevShieldManagermanagementinterfacebyusingaWebbrowser.
To log in to the vShield Manager user interface
1OpenaWebbrowserwindowandtypetheIPaddressassignedtothevShieldManager.
YoumustprependtheIPaddresswithhttps.
2Acceptthesecuritycertificate.
ThevShieldManagerloginscreenappears.
3LogintothevShieldManageruserinterfacebyus
ingtheusernameadminandthepassworddefault.
Youshouldchangethedefaultpasswordasoneofyourfirsttaskstopreventunauthorizeduse.See
“EditingaUserAccount”onpage 24.
4ClickLogIn.
Accessing the Online Help
TheOnlineHelpcanbeaccessedbyclickingintheupperrightofthevShieldManager.
vShield Manager User Interface
ThevShieldManageruserinterfaceisdividedintotwopanels:theinventorypanelandtheconfiguration
panel.Youselectaresourcefromtheinventorypaneltoopentheavailabledetailsandconfigurationoptions
intheconfigurationpanel.
vShield Manager User Interface
Basics
2
vShield Zones Administration Guide
14 VMware, Inc.
vShield Manager Inventory Panel
ThevShieldManagerinventorypanelhierarchymimicsthevSphereClientinventoryhierarchy.Resources
includetherootfolder,datacenters,clusters,portgroups,ESXhosts,andvirtualmachines,includingyour
installedvShieldagents.Asaresult,thevShieldManagermaintainssolidaritywithyourvCenterServer
inventorytopresentacompleteviewofyourvi
rtualdeployment.ThevShieldManageristheonlyvirtual
machinethatdoesnotappearinthevShieldManagerinventorypanel.vShieldManagersettingsare
configuredfromtheSettings&Reportsresourceatoptheinventorypanel.
Theinventorypanelofferstwoviews:Hosts&ClustersandNetworks.TheHosts&Clustersviewdi
splays
theclusters,resourcepools,andESXhostsinyourinventory.TheNetworksviewdisplaystheVLANnetworks
andportgroupsinyourinventory.TheseviewsareconsistentwiththesameviewsinthevSphereClient.
Whenclicked,eachinventoryobjecthasaspecificsetoftabsthatappearintheconfiguratio
npanel.
TherearedifferencesintheiconsforvirtualmachinesandvShieldagentsbetweenthevShieldManagerand
thevSphereClientinventorypanels.CustomiconsareusedtoshowthedifferencebetweenvShieldagents
andvirtualmachines,andthedifferencebetweenprotectedandunprotectedvirtualmachines.
Refreshing the Inventory Panel
Torefreshthelistofresourcesintheinventorypanel,click .Therefreshactionrequeststhelatestresource
informationfromthevCenterServer. Bydefault,thevShieldManagerrequestsresourceinformationfromthe
vCenterServereveryfiveminutes.
Searching the Inventory Panel
Tosearchtheinventorypanelforaspecificresource,typeastringinthefieldatopthevShieldManager
inventorypanelandclick .
vShield Manager Configuration Panel
ThevShieldManagerconfigurationpanelpresentsthesettingsthatcanbeconfiguredbasedontheselected
inventoryresourceandtheoutputofvShieldZonesoperation.Eachresourceoffersmultipletabs,eachtab
presentinginformationorconfigurationformscorrespondingtotheresource.
Becauseeachresourcehasadifferent purpose,sometabsarespecifictocertainresourc
es.Also,sometabshave
asecondlevelofoptions.
Table 2-1. vShield Agent and Virtual Machine Icons in the Inventory Panel
Icon Description
ApoweredonvShieldagentinactiveprotectionstate.
ApoweredoffvShieldagent.
ApoweredonvirtualmachinethatisprotectedbyavShieldagent.
ApoweredonvirtualmachinethatisnotprotectedbyavShieldagent.
Avirtualmachinethatispoweredoff.
VMware, Inc. 15
3
ThevShieldManagerrequirescommunicationwithyourvCenterServerandservicessuchasDNSandNTP
toprovidedetailsonyourVMwareInfrastructureinventory.
Thechapterincludesthefollowingtopics:
“IdentifyingYourvCenterServeronpage 15
“IdentifyingDNSServices”onpage 16
“SettingthevShieldManagerDateandTime”onpage 16
“IdentifyingaProxyServeronpage 16
“DownloadingaTechnicalSupportLogfromaComponent”onpage 17
“ViewingvShieldManagerSystemStatus”onpage 17
“InstallingavShieldAgentManually”onpage 17
“RegisteringthevShieldManagerasavSphereClientPlugin”onpage 17
Identifying Your vCenter Server
AfterinstallingthevShieldManagerasavirtualmachine,logintothevShieldManageruserinterfaceto
connecttoyourvCenterServer.ThisenablesthevShieldManagertodisplayyourVMwareInfrastructure
inventory.
To identify your vCenter Server from the vShield Manager
1LogintothevShieldManager .
Uponinitiallogin,thevShieldManageropenstotheConfiguration>vCentertab.Ifyo
uhavepreviously
configuredthevCentertabform,performthefollowingsteps:
aClicktheSettings&ReportsfromthevShieldManagerinventorypanel.
bClicktheConfigurationtab.
ThevCenterscreenappears.
2TypetheIPaddressofyourvCenterServerintheIPaddress/Namefield.
3TypeyourvSphereClientloginuserna
meintheUserNamefield.
Thisuseraccountmusthaveadministratoraccess.
4TypethepasswordassociatedwiththeusernameinthePasswordfield.
5ClickCommit.
Management System Settings
3
vShield Zones Administration Guide
16 VMware, Inc.
ThevShieldManagerconnectstothevCenterServer,logson,andutilizestheVMwareInfrastructureSDK
topopulatethevShieldManagerinventorypanel.Theinventorypanelispresentedontheleftsideofthe
screen.ThisresourcetreeshouldmatchyourVMwareInfrastructureinventorypanel.ThevShield
ManagerdoesnotappearinthevS
hieldManagerinventorypanel.
Identifying DNS Services
YoucanspecifyuptothreeDNSserversthatthevShieldManagercanuseforIPaddressandhostname
resolution.AsalloftheIPaddressesandhostnamesaregenerallynotavailableononeDNSserver,identifying
asecondorthirdDNSserverprovidesthebestcoverage.
To identify a DNS server
1ClickSettings&Re
portsfromthevShieldManagerinventorypanel.
2ClicktheConfigurationtab.
3ClickDNS.
4TypeanIPaddressinPrimaryDNSIPAddresstoidentifytheprimaryDNSserver.
Thisserverischeckedfirstforallresolutionrequests.
5 (Optional)TypeanIPaddressintheSecondaryDNSIPAddressfield.
6 (Optional)TypeanIPaddressintheTertiaryDNSIPAddressfield.
7ClickSave.
Setting the vShield Manager Date and Time
Youcansetthedate,time,andtimezoneofthevShieldManager.YoucanalsospecifyaconnectiontoanNTP
servertoestablishacommonnetworktime.Dateandtimevaluesareusedinthesystemtostampeventsas
theyoccur.
To set the date and time configuration of the vShield Manager
1ClickSettings&ReportsfromthevShieldManagerin
ventorypanel.
2ClicktheConfigurationtab.
3ClickDate/Time.
4IntheDateandClockfield,typethedateandtimeintheformatYYYYMMDDHH:MM:SS.
5IntheNTPServerfield,typetheIPaddressofyourNTPserver.
6FromtheTimeZonedropdownmenu,selecttheappropriatetimezone.
7ClickSave.
Identifying a Proxy Server
Ifyouuseaproxyserverfornetworkconnectivity,youcanconfigurethevShieldManagertousetheproxy
server.ThevShieldManagersupportsapplicationlevelHTTP/HTTPSproxiessuchasCacheFlowand
MicrosoftISAServer.
To identify a proxy server
1ClickSettings&ReportsfromthevShieldManagerinventorypanel.
2ClicktheConfigurationtab.
3ClickHTTPProxy.
4F
romtheUseProxydropdownmenu,selectYes.
5 (Optional)TypethehostnameoftheproxyserverintheProxyHostNamefield.
VMware, Inc. 17
Chapter 3 Management System Settings
6TypetheIPaddressoftheproxyserverintheProxyIPAddressfield.
7TypetheconnectingportnumberonyourproxyserverintheProxyPortfield.
8TypetheUserNamerequiredtologintotheproxyserver.
9TypethePasswordassociatedwiththeusernameforproxyserverlogin.
10 ClickSave.
Downloading a Technical Support Log from a Component
YoucanusetheSupportoptiontodownloadthesystemlogfromavShieldZonescomponenttoyourPC.
Asystemlogcanbeusedtotroubleshootoperationalissues.
To download a vShield Zones component system log
1ClickSettings&ReportsfromthevShieldManagerinventorypanel.
2ClicktheConfigurationtab.
3ClickSupport.
4UnderTechSupportLogDownload,clickInitiatenexttotheappropriatecom
ponent.
Onceinitiated,thelogisgeneratedanduploadedtothevShieldManager.Thismighttakeseveral
seconds.
5Afterthelogisready,clicktheDownloadlinktodownloadthelogtoyourPC.
Thelogiscompressedandhastheproprietaryfileextension.blsl.Youcanopenth
elogusinga
decompressionutilitybybrowsingforAllFilesinthedirectorywhereyousavedthefile.
Backing Up vShield Manager Data
YoucanusetheBackupsoptiontobackupvShieldManagerdata.See“BackingUpvShieldManagerData
onpage 19.
Viewing vShield Manager System Status
TheStatustabdisplaysthestatusofvShieldManagersystemresourceutilization,andincludesthesoftware
versiondetails,licensestatus,andserialnumber.Theserialnumbermustberegisteredwithtechnicalsupport
forupdateandsupportpurposes.
To view the system status of the vShield Manager
1ClickSettings&ReportsfromthevShieldManagerinventorypanel.
2ClicktheConfigurationtab.
3ClickStatu
s.
4 (Optional)ClickVersio n StatustoreviewthecurrentversionofsystemsoftwarerunningonyourvShield
Zonescomponents.
TheUpdateStatustabappears.See“ViewingCurrentSystemSoftware”onpage 21.
Installing a vShield Agent Manually
YoucanusetheManualInstalloptiontoinstallavShieldagent.See “InstallingvShieldAgents”onpage 31.
Registering the vShield Manager as a vSphere Client Plug-in
ThevSpherePluginoptionletsyouregisterthevShieldManagerasavSphereClientplugin.Afterthe
pluginisregistered,youcanopenthevShieldManageruserinterfacefromthevSphereClient.
vShield Zones Administration Guide
18 VMware, Inc.
To register the vShield Manager as a vSphere Client plug-in
1IfyouareloggedintothevSphereClient,logout.
2LogintothevShieldManager .
3ClickSettings&ReportsfromthevShieldManagerinventorypanel.
4ClicktheConfigurationtab.
5ClickvSpherePlugin.
6ClickRegister.
7LogintothevSphereClient.
VerifythatvShieldappearsasavSphereClientoption.
8ClickvShieldtoconnecttothevShieldManager.
ThevShieldManagerloginscreenappearsinthevSphereClientwindow.
VMware, Inc. 19
4
YoucanbackupandrestoreyourvShieldManagerdata,whichcanincludesystemconfiguration,events,and
auditlogtables.Configurationtablesareincludedineverybackup.Youcan,however,excludesystemand
auditlogevents.BackupsaresavedtoaremotelocationthatmustbeaccessiblebythevShieldManager.
Bac
kupscanbeexecutedaccordingtoascheduleorondemand.
Thischapterincludesthefollowingtopics:
“BackingUpYourvShieldManagerDataonDemand”onpage 19
“SchedulingaBackupofvShieldManagerData”onpage 20
“RestoringaBackup”onpage 20
Backing Up Your vShield Manager Data on Demand
YoucanbackupvShieldManagerdataatanytimebyperforminganondemandbackup.
To back up the vShield Manager database
1ClickSettings&ReportsfromthevShieldManagerinventorypanel.
2ClicktheConfigurationtab.
3ClickBackups.
4 (Optional)SelecttheExcludeSystemEventscheckboxifyoudonotwanttobackupsystemeventtables.
5 (Optional)SelecttheExcludeA
uditLogscheckboxifyoudonotwanttobackupauditlogtables.
6TypetheHostIPAddressofthesystemwherethebackupwillbesaved.
7 (Optional)TypetheHostNameofthebackupsystem.
8TypetheUserNamerequiredtologintothebackupsystem.
9TypethePasswordassociatedwiththeusernameforthebackupsystem.
10 IntheBackupDirectoryfield,typetheabsolutepathwherebackupsaretobestored.
11 TypeatextstringinFilenamePrefix.
Thistextisprependedtothebackupfilenameforeasyrecognitiononthebackupsystem.Forexample,if
youtypeppdb,theresultingbackupisnamedasppdbHH_MM_SS_DayDDMonYYYY.
12 FromtheTransferProtocoldropdownmenu,selecteitherSFTPorFTP .
13 ClickBackup.
Oncecomplete,thebackupappearsinatablebelowthisform.
14 ClickSaveSettingstosavetheconfiguration.
Backing Up vShield Manager Data
4
vShield Zones Administration Guide
20 VMware, Inc.
Scheduling a Backup of vShield Manager Data
Youcanonlyscheduletheparametersforonetypeofbackupatanygiventime.Youcannotschedulea
configurationonlybackupandacompletedatabackuptorunsimultaneously.
To schedule periodic backups of your vShield Manager data
1ClickSettings&ReportsfromthevShieldManagerinventorypanel.
2ClicktheConfigurationtab.
3ClickBackups.
4FromtheScheduledBackupsdropdownmenu,sel
ectOn.
5FromtheBackupFrequencydropdownmenu,selectHourly,Daily,orWeekly.
TheDayofWeek,HourofDay,andMinutedropdownmenusaredisabledbasedontheselected
frequency.Forexample,ifyouselectDaily,theDayofWeekdropdownmenuisdi
sabledasthisfieldis
notapplicabletoadailyfrequency.
6 (Optional)SelecttheExcludeSystemEventscheckboxifyoudonotwanttobackupsystemeventtables.
7 (Optional)SelecttheExcludeAuditLogcheckboxifyoudonotwanttobackupauditlogtables.
8TypetheHostIPAddressofthesy
stemwherethebackupwillbesaved.
9 (Optional)TypetheHostNameofthebackupsystem.
10 TypetheUserNamerequiredtologintothebackupsystem.
11 TypethePasswordassociatedwiththeusernameforthebackupsystem.
12 IntheBackupDirectoryfield,typetheabsolutepathwherebackupswillbestored.
13 TypeatextstringinFilenamePrefix.
Thistextisprependedtoeachbackupfilenameforeasyrecognitiononthebackupsystem.Forexample,
ifyoutypeppdb,theresultingbackupisnamedasppdbHH_MM_SS_DayDDMonYYYY.
14 FromtheTransferProtocoldropdownmenu,selecteitherSFTPorFT
P ,basedonwhatthedestination
supports.
15 ClickSaveSettings.
Restoring a Backup
Torestoreanavailablebackup,theHostIPAddress,UserName,Password,andBackupDirectoryfieldsin
theBackupsscreenmusthavevaluesthatidentifythelocationofthebackuptoberestored.Whenyourestore
abackup,thecurrentconfigurationisoverridden.Ifthebackupfilecontainssystemeventan
dauditlogdata,
thatdataisalsorestored.
To restore an available vShield Manager backup
1ClickSettings&ReportsfromthevShieldManagerinventorypanel.
2ClicktheConfigurationtab.
3ClickBackups.
4ClickViewBackupstoviewallavailablebackupssavedtothebackupserver.
5 Selectthecheckboxforthebackuptorestore.
6ClickRestore.
7ClickOKtoco
nfirm.
I
MPORTANTBackupyourcurrentdatabeforerestoringabackupfile.
/