Advanced Networking Services Guide
Table Of Contents
- vCloud Air Advanced Networking Services Guide
- Contents
- Preface
- Introducing Advanced Networking Services for vCloud Air
- Advanced Routing for vCloud Air
- Certificate and Security Group Management
- Network Security and Isolation
- Load Balancing
- Secure Access Using Virtual Private Networks
- IP Service Management: NAT and DHCP
- Index
Certificate and Security Group
Management 3
Advanced Networking Services provides functionality to manage certificates for use with SSL VPN-Plus
and IPsec VPN tunnels.
Additionally, Advanced Networking Services enables use of grouping objects for use in creating firewall
rules and load balancer server pools.
This chapter includes the following topics:
n
“Certificate Management in vCloud Air,” on page 23
n
“Security Objects in vCloud Air,” on page 26
Certificate Management in vCloud Air
The edge gateway in vCloud Air supports self-signed certificates, certificates signed by a Certification
Authority (CA), and certificates generated and signed by a CA.
About Using Certificates with vCloud Air
In Advanced Networking Services, you can manage certificates for the following vCloud Air features:
n
IPsec VPN tunnels from your on-premises data center to vCloud Air
n
SSL VPN-Plus connections to private networks and web resources deployed in vCloud Air
n
The virtual servers and pools servers configured for load balancing in vCloud Air
How to Use Client Certificates
You can create a client certificate through a CAI command or REST call. You can then distribute this
certificate to your remote users, who can install the certificate on their web browser.
The main benefit of implementing client certificates is that a reference client certificate for each remote user
can be stored and checked against the client certificate presented by the remote user. To prevent future
connections from a certain user, you can delete the reference certificate from the security server's list of
client certificates. Deleting the certificate denies connections from that user.
Generate a Certificate Signing Request
Before you can order a signed certificate from a CA or create a self-signed certificate, you must generate a
Certificate Signing Request (CSR) for your edge gateway.
A CSR is an encoded file that you need to generate on an edge gateway that needs an SSL certificate. Using a
CSR standardizes the way that companies send their public keys along with information that identifies their
company names and domain names.
VMware, Inc.
23