Setup guide
6 Under vShield App, provide the following information.
Option Description
Datastore
Select the datastore on which to store the vShield App virtual machine
files.
Management Port Group
Select the port group to host the vShield App management interface. This
port group must be able to reach the vShield Manager’s port group.
IP Address
Type the IP address to assign to the vShield App management interface.
IMPORTANT Ensure that you type the correct IP address. To change the IP
address after installing vShield App, you would need to uninstall vShield
App and reboot the ESX host.
Netmask
Type the IP subnet mask associated with the assigned IP address.
Default Gateway
Type the IP address of the default network gateway.
7 Click Install.
You can follow the progress of the vShield App installation on the Recent Tasks pane of the vSphere
Client screen.
What to do next
Allow vShield App to run during normal operation and then examine the traffic going in and out of your
virtual network. Based on this information, configure firewall rules. Each vShield App inherits global
firewall rules set in the vShield Manager. The default firewall rule set allows all traffic to pass. You must
configure blocking rules to explicitly block traffic. To configure App Firewall rules, see the vShield
Administration Guide.
NOTE If you have installed vShield App on a stateless ESX, you must follow the steps in “Install vShield
App on a Stateless ESX Host,” on page 27 before rebooting the host.
CAUTION Do not modify service virtual machines through the vSphere client. This may break
communication between vShield Manager and vShield App and compromise the security of your network.
Install vShield App on a Stateless ESX Host
If you installed vShield App on a stateless ESX host, you must perform the steps below before rebooting any
of the ESX hosts on which vShield App is installed.
Prerequisites
n
Install vShield App on the stateless ESX host.
n
Ensure that the firewall configuration changes done on the host by the VIB are complete.
a In the vCenter client, select the stateless ESX host from the inventory panel.
b Click the Configuration tab.
c Check that a DVFilter entry appears in the Incoming Connections under the Firewall panel. If no
DVFilter entry appears, click Refresh.
n
Create a host profile. For more information, see the vSphere Installation and Setup Guide.
Procedure
1 Edit the host profile.
a In the vCenter client, select Home > Management > Host Profiles.
b Select the profile to edit.
Chapter 4 Installing vShield Edge, vShield App, vShield Endpoint, and vShield Data Security
VMware, Inc. 27