VMware VSHIELD MANAGER 4.1 - API Instrukcja Użytkownika Pobierz pdf (Strona 11)

VMware, Inc. 11

Chapter 1 Introduction to vShield

Protecting Virtual Machines in a Cluster

InFigure 1‐3,vShieldAppinstancesareinstalledoneachESXhostinacluster.Virtualmachinesareprotected

whenmovedviavMotion™orDRSbetweenESXhostsinthecluster.EachvAppsharesandmaintainsstate

ofalltransmissions.

Figure 1-3. vShield App Instances Installed on Each ESX Host in a Cluster

Common Deployments of vShield Edge

YoucanuseavShieldEdgewiththePortGroupIsolationfeaturetoisolateastubnetwork,usingNATtoallow

trafficinandoutofthenetwork.Ifyoudeployinternalstubnetworks,youcanusevShieldEdgetosecure

communicationbetweennetworksbyusingLAN‐to‐LANencryptionvia

VPNtunnels.

vShieldEdgecanbedeployedasaself‐serviceapplicationwithinVMwareCloudDirector.

Common Deployments of vShield App

YoucanusevShieldApptocreatesecurityzoneswithinavDC.YoucanimposefirewallpoliciesonvCenter

containersorSecurityGroups,whicharecustomcontainersyoucancreatebyusingthevShieldManageruser

interface.Container‐basedpoliciesenableyoutocreatemixedtrustzonesclusterswithoutrequiring

an

externalphysicalfirewall.

InadeploymentthatdoesnotusevDCs,useavShieldAppwiththeSecurityGroupsfeaturetocreatetrust

zonesandenforceaccesspolicies.

ServiceProviderAdminscanusevShieldApptoimposebroadfirewallpoliciesacrossallguestvirtual

machinesinaninternalnetwork.Forexample,

youcanimposeafirewallpolicyonthesecondvNICofallguest

virtualmachinesthatallowsthevirtualmachinestoconnecttoastorageserver,butblocksthevirtual

machinesfromaddressinganyothervirtualmachines.

Unprotected Cluster

Protected Cluster

1 2 ... 6 7 8 9 10 11 12 13 14 15 16 ... 29 30

Brak uwag

VMware VSHIELD MANAGER 4.1 - API Instrukcja Użytkownika Strona 11