Setup guide
For vShield Endpoint and vShield Data Security, you must upgrade your virtual machines to hardware
version 7 or 8 and install VMware Tools 8.6.0 released with ESXi 5.0 Patch 1. For more information, see
“Install VMware Tools on the Guest Virtual Machines,” on page 28.
n
VMware vCloud Director 1.0 or later
n
VMware View 4.5 or later
Client and User Access
n
PC with the VMware vSphere Client
NOTE If you added ESX hosts by name to the vSphere inventory, ensure that DNS names are provided.
Otherwise, vShield Manager cannot resolve the IP addresses.
n
Permissions to add and power on virtual machines
n
Access to the datastore where you store virtual machine files, and the account permissions to copy files
to that datastore
n
Enable cookies on your Web browser to access the vShield Manager user interface
n
vShield Manager port 443 accessible from the ESX host. This port is required to download the OVF file on
the ESX host for deployment.
n
Connect to the vShield Manager using one of the following supported Web browsers:
n
Internet Explorer 6.x and later
n
Mozilla Firefox 1.x and later
n
Safari 1.x or 2.x
Deployment Considerations
Consider the following recommendations and restrictions before you deploy vShield components.
n
Preparing Virtual Machines for vShield Protection on page 15
You must determine how to protect your virtual machines with vShield. As a best practise, you should
prepare all ESX hosts within a resource pool for vShield App, vShield Endpoint, and vShield Data
Security depending on the vShield components you are using. You must also upgrade your virtual
machines to hardware version 7 or 8.
n
vShield Manager Uptime on page 15
The vShield Manager should be run on an ESX host that is not affected by downtime, such as frequent
reboots or maintenance mode operations. You can use HA or DRS to increase the resilience of the vShield
Manager. If the ESX host on which the vShield Manager resides is expected to require downtime, vMotion
the vShield Manager virtual appliance to another ESX host. Thus, more than one ESX host is
recommended.
n
Communication Between vShield Components on page 15
The management interfaces of vShield components should be placed in a common network, such as the
vSphere management network. The vShield Manager requires connectivity to the vCenter Server, vShield
App and vShield Edge instances, vShield Endpoint module, and vShield Data Security virtual machine.
vShield components can communicate over routed connections as well as different LANs.
n
Hardening Your vShield Virtual Machines on page 15
You can access the vShield Manager and other vShield components by using a web-based user interface,
command line interface, and REST API. vShield includes default login credentials for each of these access
options. After installation of each vShield virtual machine, you should harden access by changing the
default login credentials. Note that vShield Data Security does not include default login credentials.
vShield Quick Start Guide
14 VMware, Inc.