VMware VSHIELD APP 1.0 - API Manuel d'utilisateur

Page | 1 For the complete book please visit: www.eucbook.com

Page | 10 Configure IP Settings Once the appliance has booted you can configure its network settings fit for your environment. After the boot proce

Page | 11 the router/default gateway – or better still confirm you can ping the appliance from your management PC. Register with vCenter; Reset Pass

Page | 12 4. Click Save, will cause vShield to communicate to vCenter – and you should be confronted with an SSL Thumbprint dialog box, if you are

Page | 13 Note: Here the “Service VM” is the vShield Manager appliance itself. 6. Once configured for vCenter – the web-interface should be able

Page | 14 8. By default vShield will run for 60-days in an evaluation mode with some scalability limits imposed (limited to protection 100 VMs). A

Page | 15 vShield is licensed to protect a certain number of VMs, and most of the third-party vendors have followed suit – although some do still li

Page | 16 that will come, and go and then come back again. Do not be alarmed. All is well. And as this happens – you will see events taking plac

Page | 17 You should also see that the vShield has created the vmservice-vswitch in the Standard vSwitches view… This configuration of vShield op

Page | 18 Import Bitdefender Control Center Virtual Appliance WARNING: Currently Internet Explorer mishandles .OVA files. The .OVA format i

Page | 19 3. After configuring options 1 and 2 as befits your network, select option 4, and install the database. Once complete select option 4 ag

Page | 2 Chapter 23: VMware vShield End-point Introduction There are many security technologies available in the market, and not to be ou

Page | 20 have been installed correctly. Under menu item 4 “Install/Modify Roles”, the sub menu 2 option allows you to “Show locally installed roles”

Page | 21 1. Before you begin creating accounts you might find it useful to enable Bitdefender built-in Active Directory support. This can be found

Page | 22 5. Next we need delegate a user account to have control over our VMs, Computers in AD and Mobile Devices. This involves adding an accoun

Page | 23 6. Notice here how the “targets” are in red because they contain no groups that would control this accounts scope of access. You need to

Page | 24 and for “Computers” we see a view of the Active Directory environment:

Page | 25 Once you have selected your service and their respective targets you can add the account into the appliance. In my case I was able to logo

Page | 26 Deploy Bitdefender Security Server to each ESX host Now we have the management console of Bitdefender configured we can set

Page | 27 3. This should pull up the “Security Server Installation Page” – which allows you to control how the service is deployed. There’s quite

Page | 28 Note: Remember there is no bulk option for deploying the Security Server to every ESX host in the cluster. Also although you can control th

Page | 29 At the end of this deployment phase you should have one Control Center (used to deploy the Security Server and manage the solutions) and w

Page | 3 the inventory of vCenter • vShield App with Data Security As above but adds inspection of sensitive data based on violations reported by t

Page | 30 Install the Bitdefender “BDTools” (aka Silent Agent) In the context of virtual desktops we feel the most efficient way to inst

Page | 31 1. Select Network in the main menu, and switch to the Virtual Machines view 2. Navigate to the view that shows the virtual desktops.

Page | 32 Note: Once you click save the deployment will begin and you can monitor the progress under the Network and Tasks menu: Once the installa

Page | 33 Testing vShield and Bitdefender The BDTools installs as .MSI and adds the “B” icon in the taskbar tray. When launched it op

Page | 34 Conclusions As you can see vShield is very easy to setup and configure – and by relocating the functions of AV out of the guest operating

Page | 35 an unprotected state. In the case of Bitdefender the Silent Agent will report the VM is not protected. and this will trigger a custom

Page | 4 Manager assists in installing the “vShield Guest Driver” and VMware Tools includes the “vShield Endpoint Driver” on each VM. One of the job

Page | 5 This new structure allows vShield to run with more than one partner on the same ESX host. This is inline with VMware’s cloud and multi-tenn

Page | 6 times end-user like the reassurance of being able to see their security status, as they would with a conventional AV client that has

Page | 7 Additionally, the vShield Endpoint system requires a driver that’s now installed as part of VMware Tools, if you use complete it wil

Page | 8 Note: fltmc shows that the vsepflt.sys drive has been loaded into the guest operating system. Importing the vShield OVA File The setup of v

Page | 9 6. Next select a cluster and/or a resource pool for the appliance to reside 7. Next select a datastore to hold the appliances virtual