Manualshelf

Setup guide

ManualsBrandsVMware ManualsOtherVSHIELD MANAGER 4.1 - API
12345678910
n
vShield Edge on page 9
vShield Edge provides network edge security and gateway services to isolate the virtual machines in a
port group, vDS port group, or Cisco Nexus 1000V. The vShield Edge connects isolated, stub networks
to shared (uplink) networks by providing common gateway services such as DHCP, VPN, NAT, and
Load Balancing. Common deployments of vShield Edge include in the DMZ, VPN Extranets, and multi-
tenant Cloud environments where the vShield Edge provides perimeter security for Virtual Datacenters
(VDCs).
n
vShield Endpoint on page 10
vShield Endpoint offloads antivirus and anti-malware agent processing to a dedicated secure virtual
appliance delivered by VMware partners. Since the secure virtual appliance (unlike a guest virtual
machine) doesn't go offline, it can continuously update antivirus signatures thereby giving uninterrupted
protection to the virtual machines on the host. Also, new virtual machines (or existing virtual machines
that went offline) are immediately protected with the most current antivirus signatures when they come
online.
n
vShield Data Security on page 10
vShield Data Security provides visibility into sensitive data stored within your organization's virtualized
and cloud environments. Based on the violations reported by vShield Data Security, you can ensure that
sensitive data is adequately protected and assess compliance with regulations around the world.
vShield Manager
The vShield Manager is the centralized network management component of vShield, and is installed as a virtual
appliance on any ESX™ host in your vCenter Server environment. A vShield Manager can run on a different
ESX host from your vShield agents.
Using the vShield Manager user interface or vSphere Client plug-in, administrators install, configure, and
maintain vShield components. The vShield Manager user interface leverages the VMware Infrastructure SDK
to display a copy of the vSphere Client inventory panel, and includes the Hosts & Clusters and Networks
views.
vShield App
vShield App is a hypervisor-based firewall that protects applications in the virtual datacenter from network
based attacks. Organizations gain visibility and control over network communications between virtual
machines. You can create access control policies based on logical constructs such as VMware vCenter™
containers and vShield security groups—not just physical constructs such as IP addresses. In addition, flexible
IP addressing offers the ability to use the same IP address in multiple tenant zones to simplify provisioning.
You should install vShield App on each ESX host within a cluster so that VMware vMotion operations work
and virtual machines remain protected as they migrate between ESX hosts. By default, a vShield App virtual
appliance cannot be moved by using vMotion.
The Flow Monitoring feature displays network activity between virtual machines at the application protocol
level. You can use this information to audit network traffic, define and refine firewall policies, and identify
botnets.
vShield Quick Start Guide
8 VMware, Inc.