October 3

Part 6: My vCloud Journey Journal – Setting up vShield 5.1 for vCloud Director

Screen Shot 2012-09-27 at 16.18.02.png

One of the pre-requisites for vCloud is standing up vShield Manager which is now part of the collective name of “vCloud Networking and Security” range of technologies within the vCloud Suite. I first used vShield in anger when I was writing the VMware View 5.1 book where I used the “Endpoint” component together with BitDefenders “Security Virtual Appliance” – to provide anti-virus protection to the guest operating system without a need of an agent. That was back with the 5.0 edition, and the initial setup of the 5.1 version is very similiar. First you import the appliance:

Screen Shot 2012-09-26 at 14.54.54.png

Screen Shot 2012-09-26 at 14.55.31.png

Screen Shot 2012-09-26 at 14.56.21.png

Screen Shot 2012-09-26 at 14.56.47.png

UPDATE:

I came back to this post some 6 months later. Mainly because I’d forgotten this process. Typically, for a blogger – blogging becomes a self-documentation process – and you often use your own blog to remind yourself of stuff. What I hadn’t documented here at all was how to set a static IP address to the vCNS/vShield Manager. The Manager is “unique” in some respects because it quite different its initial configuration. It doesn’t use the standard 5480 style webpage found on many of our other appliances and the default password isn’t root/vmware but admin/default. It also has a special “enablement” mode that needs to be entered before your able to configure the IP. I assume these difference have good grounds. vShield is a security product after all…

1. Open a Console on the manager

2. Login as “admin” with a password of “default”

3. Type “enable” and enter a password of “default”

4. Type “setup” and complete the questions as shown below – once finished reboot the appliance.

Screen Shot 2013-03-31 at 06.53.47

<END OF UPDATE>

So… no suprises there. What is “new” is the option to configure the “Lookup Service” to provide the SSO Administrator credentials so that vShield Manager can be registered as solution user. In my case as I’m using the vCenter Server Appliance I provided the “root” account and password to allow that configuration to occur.

Screen Shot 2012-09-27 at 16.27.20.png

and then I was able to register my vShield Manager with the vCenter Server Appliance. If you doing this with vCloud Director in mind there’s no need to register vShield with vCenter. vShield gets managed via requests from vCloud Director. It just something I like to do for other reasons such as managing the deployment of the vShield Endpoint Agent to the ESX hosts ready for an Endpoint partner solution such as BitDefender’s Security Virtual Appliance.

Screen Shot 2012-09-27 at 16.28.48.png

You can see this configuration change in the all-new Web Client under the vCenter “Extension Types” like so:

Screen Shot 2012-09-27 at 16.30.37.png

The only task I had to worry about was updating the vShield Endpoint Agent into the ESX hosts. That was relatively easy to do and didn’t require maintanance mode or anything like it. All I had to do is select each host and click an “upgrade” button to take the hosts from the older vShield Endpoint 5.0 Agent to the 5.1 agent.

Screen Shot 2012-09-27 at 16.43.21.png

 

 



Copyright 2018. All rights reserved.

Posted October 3, 2012 by Michelle Laverick in category "Cloud Journal