Setup guide
n
80/TCP and 443/TCP for using the vShield Manager user interface and initiating connection to the
vSphere SDK
n
22/TCP for communication between vShield Manager and vShield App and troubleshooting the CLI
Hardening Your vShield Virtual Machines
You can access the vShield Manager and other vShield components by using a web-based user interface,
command line interface, and REST API. vShield includes default login credentials for each of these access
options. After installation of each vShield virtual machine, you should harden access by changing the
default login credentials. Note that vShield Data Security does not include default login credentials.
vShield Manager User Interface
You access the vShield Manager user interface by opening a web browser window and navigating to the IP
address of the vShield Manager’s management port.
The default user account, admin, has global access to the vShield Manager. After initial login, you should
change the default password of the admin user account. See “Change the Password of the vShield Manager
User Interface Default Account,” on page 22.
Command Line Interface
You can access the vShield Manager, vShield App, and vShield Edge virtual appliances by using a
command line interface via vSphere Client console session. To access the vShield Endpoint virtual
appliance, refer to the instructions from the anti-virus solution provider. You cannot access the vShield Data
Security virtual machine by using the command line interface.
Each virtual appliance uses the same default username (admin) and password (default) combination as the
vShield Manager user interface. Entering Enabled mode also uses the password default.
For more on hardening the CLI, see the vShield Command Line Interface Reference .
REST Requests
All REST API requests require authentication with the vShield Manager.
Using Base 64 encoding, you identify a username-password combination in the following format:
username:password. You must use a vShield Manager user interface account (username and password)
with privileged access to perform requests. For more on authenticating REST API requests, see the vShield
API Programming Guide.
Deployment Considerations for vShield App
VMware recommends that you analyze your vCenter Server environment and determine whether your
want to protect the entire environment or certain clusters only.
If you decide to protect specific clusters, you must prepare the entire cluster and install vShield App on all
ESX hosts in those clusters. If you install vShield App only on some hosts in a cluster, there is a chance that
vMotion can move virtual machines from a protected to an unprotected host thus compromising the
security of your network.
Ensure that you install vShield App in your environment during a maintenance window. The total install
time may vary depending on your environment and the number of hosts in each cluster, but you must
complete installing vShield App on all desired clusters before resuming normal operations.
After installation, VMware recommends that you enable vSphere HA and set the cluster feature to VM and
Application Monitoring on the clusters where you installed vShield App. This feature monitors the vShield
App and triggers a restart if it fails, which minimizes the vShield App outage. For more information on this
feature, see vSphere Availability.
vShield Installation and Upgrade Guide
16 VMware, Inc.