VMware vShield adds another layer of protection to the already very secure vSphere product. This article shares ten tips to help vShield users avoid some cumbersome and time-consuming failures.
I. Practice makes perfect
VMware's security issues are complex, and the cost of configuration errors is high. It is assumed that violating the vShield related rules will directly cut off all network traffic to the virtual machine. So the best way is to practice on a non-critical business host first.
Second, self-starting
Set vShield Manager, Zones and App Agent to start from the host at the same time. No information exchange takes place on the host-side virtual network until the Zones and App agents are started.
Third, lock vShield agents
Manager, Zones and App virtual machines are critical to virtual machine security and connectivity, so it is best to use the vShield Manager web interface or command line The tool modifies their default passwords. Also, change the password of Enabledmode.
Unfortunately, the default administrator password for the command line interface on vShield Manager and agent virtual machines cannot be modified. We have to delete this user and create a new one -- this will not affect the system, because vShield can perform common operations through other users (such as nobody and vs_comm). Fortunately, the password of Enabledmode can be modified. For more information, please refer to the vShield Administration Guide.
IV. Secure vShield Access
Only authenticated users can interact with vShield Manager and its agents in vCenter. If a special situation occurs, such as a sudden power outage, you will lose contact with the host.
V. Note keywords
There is a strange phenomenon in vShield 4.1 Update 1 version, "any" must appear in uppercase letters in the Zones and App firewall rules. Otherwise, these rules will not work properly. This obvious vulnerability will be fixed in the next release.
Sixth, delete the disk operation to be careful
The vShield Manager virtual machine has an 8GB primary virtual disk, and another 1MB size secondary virtual disk. Never delete a secondary disk, it will be used when configuring a new App and Zones proxy. It also contains many important parameters, such as IP address information. And to boot through the disk when installing vShield App.
VII. Restart after uninstalling
Installing vShield will not affect the host or virtual machine, but you must restart the host after uninstalling vShield. In order to completely uninstall from the host, you need to migrate the virtual machine to another host or shut down. Then put the host into maintenance mode and restart.
A reboot is required to completely remove information such as the kernel that vShield loads into the host's memory. The uninstall process deletes all other information except the vSwitch. Since other modules are also in use, they cannot be deleted automatically and need to be restarted.
VIII. Do not move VMware Tools
The vShield Manager and agent virtual machines are pre-installed with special versions of VMware Tools. Do not attempt to upgrade or remove them.
Virtual applications are pre-installed and customized according to internally running programs. Usually should not violate the normal upgrade process to operate. VMware Tools is actually a set of drivers and terminal tools, and there are already pre-installed software versions that work with vShield applications. We are unable to predict the problems that may arise from the new version without testing.
IX. With Alarm System
vShield automatically installs a new alarm mode to detect vShield-related events and conditions. Take advantage of these features to improve VMware's security monitoring.
X. Checking the availability of resources
It is important to ensure the resources available to the vShield Manager and agent virtual machines. Otherwise, vShield Manager will become sluggish and cause the virtual machine to lose network connectivity.
The vShield virtual machine reserves a certain amount of physical memory space. Do not modify these parameters or reduce the amount of memory allocated. By default, no CPU resources are reserved, but on a resource-constrained host, you should set up one or one set of CPU shared resources to ensure its availability.
Author: Eric Siebert Translator: Li Zhexian
System reloading, Xiao Bian believes that U Master is a recommended software, many friends will have
. 360leakfixer.exe will appear when booting up recently. Many friends dont know 360leakfixer.exe. Se
When I reinstalled the operating system to my friends a few days ago,
The following is attached to the mouth of the 11 G King next to the green head of the May 1 12 F Tus
360 system reload master how to use
Button Wizard Using Tutorials Button Wizard Script
How to change the file batch name Batch file rename tool recommended
The partition where the virtual machine is located can be defragmented
PowerShadow is stronger than Ghost. It is a "shadow split" for the system.
Black-and-green green arrow icon appears in the upper left corner of the screen when typing
Remote Management Tool PsTools Management Computer
EXE format for e-book production methods
Alternative usage: Quickly convert audio files with Nero
Win10 9865 activation tool download, activate key installation key
Win XP Automatic Batch File Clear Machine Dog Virus
Try XP's invincible replacement command
A switch input method is stuck. How is the search for the Sogou input method card?
Win7 resets the password and easily solves the problem of forgetting to log in.
EasyRecovery recovery was accidentally deleted data
Win8.1 resolution change method
Win7 change the desktop background of your computer to introduce several methods
How to change the input method icon of taskbar in Windows7
How to change the read-only or system properties of a folder in Windows 8