Installing the vShield App

Como ya vimos en el documento anterior, desplegamos nuestro vShield Manager para poder gestionar nuestro entorno vShield, en este documento desplegaremos el appliance firewall vShield App para proteger mediante reglas de red el acceso entre nuestras máquinas virtuales, desplegaremos un vShield App por cada host.

 

vShield App is a hypervisor firewall appliance that protects our applications inside our virtual data center from potential network attacks, gaining greater visibility and control in your communications (at the Datacenter level, Cluster or Port Group). It will allow us to create access rules regardless of the network topology. Flow Monitoring will show network activity between VMs (Protocol/Application Level), being able to create firewall rules or identify bottlenecks. We will monitor all incoming and outgoing traffic per host, including internal traffic between virtual machines in the same port group.

 

From the vShield Manager administration console, we will deploy the appliance to each host from the 'Hosts' view & Clusters’ > Datacenter > Cluster > Host, from the 'Summary' tab’ in vShield App “Install”,

 

We select where we will store the VM, its management network and configure its IP address, Netmask & Gateway, “Install”,

 

 

OK,

 

GOOD, from each network adapter of each VM, we will be able to observe the network traffic generated from “Flow Monitoring”, we can filter by dates and/or applications; We will see the active sessions & KBytes sent/received.

 

If we click on “Show Report” the list of incoming and outgoing network connections of that adapter will appear, where we can create firewall rules to allow/block such accesses. En este ejemplo es una MV que tiene o ha tenido una conexión FTP y no nos apetece que vuelva a conectarse, Click on “Add Rule”,

 

“Accept”,

 

Si queremos crear la regla a nivel de ‘Cluster’ Press “Accept”, si no será a nivel de ‘Datacenter’ with “Cancel”,

 

Nos prerellenará los campos y configuraremos lo que nos interese, en mi caso bloquearé dicha conexión & “OK”,

 

Pulsamos finalmente en “Publish changes” para aplicar la regla en todas las instancias vShield App que dispongamos. A partir de este momento aquella máquina no podrá volver a conectarse con un servidor FTP :'(

Recommended Posts

Author

nheobug@bujarra.com
Autor del blog Bujarra.com Cualquier necesidad que tengas, Do not hesitate to contact me, I will try to help you whenever I can, Sharing is living ;) . Enjoy documents!!!

Installing vShield Manager

11 de April de 2012