Manualshelf

Setup guide

ManualsBrandsVMware ManualsOtherVSHIELD MANAGER 4.1 - API
21222324252627282930
c Check that a DVFilter entry appears in the Incoming Connections under the Firewall panel. If no
DVFilter entry appears, click Refresh.
n
Create a host profile. For more information, see the vSphere Installation and Setup Guide.
Procedure
1 Edit the host profile.
a In the vCenter client, select Home > Management > Host Profiles.
b Select the profile to edit.
c Click Edit Host Profile.
d Select Networking Configuration > Host Port Group > vmservice-vmknic-pg > IP address
settings > How is IPv4 address determined.
e Type the IP address as 169.254.1.1 and Subnet mask as 255.255.255.0.
f Select Networking Configuration > Host Port Group > vmservice-vmknic-pg > Determine how
MAC address for vmknic should be decided.
g Select User must explicitly choose the policy option.
2 Save the host profile.
3 In a web browser, type https://vsm-ip/bin/offline-bundles/VMware-vShield-fastpath-
esx5x-5.0.1-556798.zip and download the zip file.
4 Use the host profile you created in step 1 and the offline bundle you downloaded in Step 3 to update the
stateless ESX configuration.
Install a vShield Edge
Each vShield Edge virtual appliance has External and Internal network interfaces. The Internal interface
connects to the secured port group and acts as the gateway for all protected virtual machines in the port group.
The subnet assigned to the Internal interface can be RFC 1918 private space. The External interface of the vShield
Edge connects to an uplink port group that has access to a shared corporate network or a service that provides
access layer networking.
Each vShield Edge requires at least one IP address to number the External interface. Multiple external IP
addresses can be configured for Load Balancer, Site-to-Site VPN, and NAT services. The Internal interface can
have a private IP address block that overlaps with other vShield Edge secured port groups.
You can install one vShield Edge per port group, vDS port group, or Cisco
®
Nexus 1000V.
If DRS and HA are enabled, a vShield Edge will be migrated dynamically.
Procedure
1 Log in to the vSphere Client.
2 Go to View > Inventory > Networking.
3 On a vDS, create a port group.
This port group is the Internal port group.
4 Move a tenant’s guest virtual machines to the Internal port group.
5 Select the new Internal port group.
6 Click the Edge tab.
vShield Quick Start Guide
26 VMware, Inc.