[Tutorial] Deploying VMware vCloud Networking and Security 5.5

Here is a tutorial on deploying VMware vCloud Networking and Security 5.5 (formerlly called vShield).  Unlike other VMware products, this product must be installed as an appliance.  VMware provides you an OVA file that contains the entire virtual appliance, so minimal configuration is needed.  Here is a good overview of the product and how it works: http://vmwarelearning.com/vcloud_net_sec/

Before beginning, here are the following hardware prerequisites.  These prerequisites can be found from the official VMware deployment guide: http://www.vmware.com/pdf/vshield_51_quickstart.pdf

  • Memory
    • vShield Manager: 8GB allocated, 3GB reserved
    • vShield App: 1GB allocated, 1 GB reserved
    • vShield Edge compact: 256 MB, large: 1 GB, x-large: 8 GB
    • vShield Data Security: 512 MB
  • Disk Space
    • vShield Manager: 60 GB
    • vShield App: 5 GB per vShield App per ESX host
    • vShield Edge compact and large: 320 MB, lx-Large: 4.4 GB (with 4 GB swap file)
    • vShield Data Security: 6GB per ESX host
  • vCPU
    • vShield Manager: 2
    • vShield App: 2
    • vShield Edge compact: 1, large and x-Large: 2
    • vShield Data Security: 1

Installing VMware vCloud Networking and Security 5.5 Appliance

  1. Download the VMware vCloud Networking and Security 5.5 OVA file from myvmware.com
  2. Login to vCenter
  3. Select File->Deploy OVF Template…
    Deploy OVF Template...
  4. Click Browse…
    Deploy OVF Template - Browse
  5. Select the VMware-vShield-Manager-5.5.x-xxxxxxx.ova file you downloaded and click OK
    Deploy OVF Template - VMware vShield Manager Appliance
  6. Select Next >
    Deploy OVF Template - Browse - vShield Appliance
  7. Select Next >
    Deploy OVF Template - vShield Manager
  8. Select Accept and then click Next >
    Deploy OVF Template - vShield Manager - Accept EULA
  9. Enter a name for the VM and click Next >
    Deploy OVF Template - vShield Manager - Name and Location
  10. Select a datastore to place the VM on storage and click Next >
    Deploy OVF Template - vShield Manager - Deploy OVF Template
  11. Select how you want to provision the VM and click Next >
    Deploy OVF Template - vShield Manager - Disk Format
  12. Select the destination network and click Next >
    Deploy OVF Template - vShield Manager - Network Mapping
  13. Enter in a password for the default admin user and for privileged CLI access and click Next >
    Deploy OVF Template - vShield Manager - Properties - User Accounts
  14. Click Finish
    Deploy OVF Template - vShield Manager - Finish Deployment
  15. Power on the VM
    Power On vShield Appliance
  16. Open up a console the VM
  17. Login to the VM using the username admin and the “user password” you specified in step 13.
    Login vShield Appliance - CLI
  18. Type enable and hit enter (use the “privileged user password” you specified in step 13).
    Login vShield Appliance - CLI - Privileged
  19. Type setup and hit enter to launch the network configuration wizard
    Enter in the static IP Address you wish to assign to the appliance and hit enter
    Enter in the Subnet Mask for your network and hit enter
    Enter in the Default gateway for your network and hit enter
    Enter in your Primary DNS server’s IP address and hit enter
    Enter in your Secondary DNS server’s IP addres and hit enter
    Enter in your domain search list (DNS Suffix if you host your own internal DNS) and hit enter
    Login vShield Appliance - CLI - Network Setup
  20. Type y to confirm your changes and hit enter
    Login vShield Appliance - CLI - Network Setup - Confirm
  21. Press control+alt+insert to send the control+alt+delete command to the VM to restart the guest.
    Note: Logging out like the wizard tells you didn’t work for me.  Had to do the reboot.
    Login vShield Appliance - CLI - Network Setup - Logout
  22. Open up your webbrowser and head over to the static IP address you gave your appliance
    VMware vShield Manager - Login
  23. Enter in the username admin and the password default to login
    VMware vShield Manager - Login - Default Credentials

Configuring VMware vCloud Networking and Security 5.5 for vCenter

  1. Click on the Edit button next to Lookup Service
    vShield Manager
  2. Check Configure Lookup Service and enter in the information to your vCenter’s Lookup Service instance:
    Lookup Service Host
    Lookup Service Port
    SSO Administrator Username (should be [email protected] or [email protected] if you used the default installation options)
    SSO Administrator Password.
    Click OK once configured.
    vShield Manager - Edit - Lookup Service
  3. Click Yes to trust the server’s SSL certificate
    vShield Manager - Edit - Lookup Service - Verify SSL
  4. Click Edit next to vCenter Server
    vShield Manager - vCenter Server
  5. Enter in your vCenter info and click OK
    vCenter Server
    Administrator Username
    Administrator Password
    vShield Manager - Edit - vCenter Server
  6. Select Yes to trust the vCenter SSL certificate
    vShield Manager - Edit - vCenter Server - Verify SSL
  7. Check Install this certificate and do not display any security warnings and then click the Ignore button when prompted
    VMware Security Warning - SSL Certificate
  8. Click the Edit button next to NTP Server
    vShield Manager - NTP Server
  9. Specify the IP address of the NTP server you wish to sync to and click OK
    vShield Manager - Edit - NTP Server
  10. Click the Change Password link at the top to change the default admin password.  Click OK when you are done.
    vShield Manager - Edit - Admin Password

At this point, you can begin to install the vShield App, vShield Endpoint, and vShield Data Security services by selecting one of your hosts and clicking the Install links.  However, configuration of these options is outside the scope of this tutorial.

vShield Manager - vShield Host Prepartion Status

Note: One thing that I did notice that is different from vShield 5.1 is that once vShield Manager 5.5 is synchronized with vCenter, the management plugin will automatically be registered to vCenter and you can access vShield Manager from the vSphere Client.

2 thoughts on “[Tutorial] Deploying VMware vCloud Networking and Security 5.5

  1. Pingback: [Tutorial] Deploying VMware vCloud Director 5.5 | Jack Stromberg

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.