Setup guide
vShield Edge
vShield Edge provides network edge security and gateway services to isolate the virtual machines in a port
group, vDS port group, or Cisco Nexus 1000V. The vShield Edge connects isolated, stub networks to shared
(uplink) networks by providing common gateway services such as DHCP, VPN, NAT, and Load Balancing.
Common deployments of vShield Edge include in the DMZ, VPN Extranets, and multi-tenant Cloud
environments where the vShield Edge provides perimeter security for Virtual Datacenters (VDCs).
Standard vShield Edge Services (Including Cloud Director)
Firewall
Supported rules include IP 5-tuple configuration with IP and port ranges for
stateful inspection for TCP, UDP, and ICMP.
Network Address
Translation
Separate controls for Source and Destination IP addresses, as well as TCP and
UDP port translation.
Dynamic Host
Configuration Protocol
(DHCP)
Configuration of IP pools, gateways, DNS servers, and search domains.
Advanced vShield Edge Services
Site-to-Site Virtual
Private Network (VPN)
Uses standardized IPsec protocol settings to interoperate with all major firewall
vendors.
Load Balancing
Simple and dynamically configurable virtual IP addresses and server groups.
vShield Edge supports syslog export for all services to remote servers.
Figure 1-1. vShield Edge Installed to Secure a vDS Port Group
Chapter 1 Introduction to vShield
VMware, Inc. 9