VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API Uživatelský manuál stáhnout pdf (Strana 14)

vShield Administration Guide

14 VMware, Inc.

vShield Edge

vShieldEdgeprovidesnetworkedgesecurityandgatewayservicestoisolatethevirtualmachinesinaport

group,vDSportgroup,orCisco

Nexus1000V.ThevShieldEdgeconnectsisolated,stubnetworkstoshared

(uplink)networksbyprovidingcommongatewayservicessuchasDHCP,VPN,NAT,andLoadBalancing.

CommondeploymentsofvShieldEdgeincludeintheDMZ,VPNExtranets,andmulti‐tenantCloud

environmentswherethevShieldEdgeprovidesperimetersecurityfor

VirtualDatacenters(VDCs).

Standard vShield Edge Services (Including Cloud Director)

 Firewall:SupportedrulesincludeIP5‐tupleconfigurationwithIPandportrangesforstatefulinspection

forTCP,UDP,andICMP.

 NetworkAddressTranslation:SeparatecontrolsforSourceandDestinationIPaddresses,aswellasTCP

andUDPporttranslation.

 DynamicHostConfigurationProtocol(DHCP):ConfigurationofIPpools,gateways,DNSservers,and

searchdomains.

Advanced vShield Edge Services

 Site‐to‐SiteVirtualPrivateNetwork(VPN):UsesstandardizedIPsecprotocolsettingstointeroperatewith

allmajorfirewallvendors.

 LoadBalancing:SimpleanddynamicallyconfigurablevirtualIPaddressesandservergroups.

vShieldEdgesupportssyslogexportforallservicestoremoteservers.

vShield App

vShieldAppisaninterior,vNIC‐levelfirewallthatallowsyoutocreateaccesscontrolpoliciesregardlessof

networktopology.AvShieldAppmonitorsalltrafficinandoutofanESXhost,includingbetweenvirtual

machinesinthesameportgroup.vShieldAppincludestrafficanalysisandcontainer‐basedpolicy

creation.

vShieldAppinstallsasahypervisormoduleandfirewallservicevirtualappliance.vShieldAppintegrates

withESXhoststhroughVMsafeAPIsandworkswithVMwarevSphereplatformfeaturessuchasDRS,

vMotion,DPM,andmaintenancemode.

vShieldAppprovidesfirewallingbetweenvirtualmachinesbyplacingafirewallfilteronevery

virtual

networkadapter.Thefirewallfilteroperatestransparentlyanddoesnotrequirenetw orkchangesor

modificationofIPaddressestocreatesecurityzones.YoucanwriteaccessrulesbyusingvCentercontainers,

likedatacenters,cluster,resourcepoolsandvApps,ornetworkobjects,likePortGroupsandVLANs,to

reducethenumber

offirewallrulesandmaketheruleseasiertotrack.

YoushouldinstallvShieldAppinstancesonallESXhostswithinaclustersothatVMwarevMotion™

operationsworkandvirtualmachinesremainprotectedastheymigratebetweenESXhosts.Bydefault,a

vShieldAppvirtualappliancecannotbemovedby

usingvMotion.

TheFlowMonitoringfeaturedisplaysallowedandblockednetworkflowsattheapplicationprotocollevel.

Youcanusethisinformationtoauditnetworktrafficandtroubleshootoperational.

OTEYoumustobtainanevaluationorfulllicensetousevShieldEdge.

NOTEYoumustobtainanevaluationorfulllicensetousevShieldApp.

CAUTIONDonotinstallvShieldZones/AppontheESXhostwherevCenterServerisrunning.

1 2 ... 9 10 11 12 13 14 15 16 17 18 19 ... 161 162

Komentáře k této Příručce

Žádné komentáře

VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API Uživatelský manuál Strana 14

Komentáře k této Příručce

Související produkty a manuály pro Software pro správu systému VMware VSHIELD MANAGER 4.1.0 UPDATE 1 - API