Knowledge
- Identify vShield Zones components
- Identify the four CLI command modes
Skills and Abilities
- Configure vShield Zones
- Backup and restore vShield Manager Data
- Backup CLI Configuration
- Create/Delete Layer 2/3/4 firewall rules using VM Wall
- Install/Uninstall a vShield manually and from template
- Configure vShield Manager plug-in capability
- Configure VM Flow charts
- Update vShield Zones
- Add/Edit/Delete User Accounts
- Assign rights to a user
- Add/Delete Application-Port Pair mapping
- Execute/Schedule Execution of virtual machine discovery
- Utilize vShield Zones CLI commands to configure and monitor vShield Zones
- Analyze traffic using VM Flow to determine root cause of network related issues
Tools
- vShield Zones QuickStart Guide
- vShield Zones Administration Guide
- Introduction to vShield Zones
- Product Documentation
- vShield Manager
- vShield CLI
- vSphere Client
Notes
Identify vShield Zones components
VShield Zones consist of two main components
- vShield manager-management center for all distributed vShield instances. Provides monitoring, configuration, and software updating for your vShields.
- vShield-The active security component of vShield zones. A vShield is installed on each ESX host you want to protect. It will monitor traffic between hosts as well as between virtual machines on the host.
Identify the four CLI command modes
From the vShield Zones Administration Guide
- Basic: Basic mode is a read-only mode. To have access to all commands, you must enter Privileged mode.
- Privileged: Privileged mode commands allow support-level options such as debugging and system diagnostics. Privileged mode configurations are not saved upon reboot. You must run the write memory command to save Privileged mode configurations.
- Configuration: Configuration mode commands allow you to change the current configuration of utilities on a vShield Zones virtual machine. You can access Configuration mode from Privileged mode. From Configuration mode, you can enter Interface configuration mode.
- Interface Configuration: Interface Configuration mode commands allow you to change the configuration of virtual machine interfaces. For example, you can change the IP address and IP route for the management port of the vShield Manager.
Backup and restore vShield Manager Data
pg 19-21
Backup CLI Configuration
pg 43-44
Create/Delete Layer 2/3/4 firewall rules using VM Wall
pg 48-50
Install/Uninstall a vShield manually and from template
pg 41
Configure vShield Manager plug-in capability
page 18
Configure VM Flow charts
pg 52-54
Update vShield Zones
pg 21-22
Add/Edit/Delete User Accounts
pg 23-25
Assign rights to a user
pg 24
Add/Delete Application-Port Pair mapping
pg 54-56
Execute/Schedule Execution of virtual machine discovery
pg 58-59
Utilize vShield Zones CLI commands to configure and monitor vShield Zones
pg 65
Analyze traffic using VM Flow to determine root cause of network related issues
pg 51
Other Relevant Reading Related To This Section
- http://kendrickcoleman.com/index.php?/Tech-Blog/testing-out-vshield-zones.html
- http://searchvmware.techtarget.com/tip/0,289483,sid179_gci1363051_mem1,00.html
- http://kb.vmware.com/kb/1022536
- VCAP-DCA Objective 3.5 – Utilize Advanced vSphere Performance Monitoring Tools
- VCAP-DCA Objective 3.4 – Perform Capacity Planning in a vSphere Environment