VCAP-DCA Objective 7.3 : Deploy and Administer vShield Zones

August 30, 2010   Sean Crookston   No comments

This topic is completely covered by going through the vShield Zones Administration Guide. To make this posting a bit cleaner I’ve simply referenced the page number to that guide for each of the objectives. Going forward I will do the same similarly for some of the topics where simply reading the manual is going to meet the objectives.

For a complete list of study objectives for the VCAP-DCA ( VDCA-410) browse to http://www.seancrookston.com/vcap-dca/.

Knowledge

Identify vShield Zones components

VShield Zones consist of two main components

  • vShield manager-management center for all distributed vShield instances. Provides monitoring, configuration, and software updating for your vShields.
  • vShield-The active security component of vShield zones. A vShield is installed on each ESX host you want to protect. It will monitor traffic between hosts as well as between virtual machines on the host.

Identify the four CLI command modes

From the vShield Zones Administration Guide

  • Basic: Basic mode is a read‐only mode. To have access to all commands, you must enter Privileged mode.
  • Privileged: Privileged mode commands allow support‐level options such as debugging and system diagnostics. Privileged mode configurations are not saved upon reboot. You must run the write memory command to save Privileged mode configurations.
  • Configuration: Configuration mode commands allow you to change the current configuration of utilities on a vShield Zones virtual machine. You can access Configuration mode from Privileged mode. From Configuration mode, you can enter Interface configuration mode.
  • Interface Configuration: Interface Configuration mode commands allow you to change the configuration of virtual machine interfaces. For example, you can change the IP address and IP route for the management port of the vShield Manager.

Skills and Abilities

Configure vShield Zones

Backup and restore vShield Manager Data

pg 19-21

Backup CLI Configuration

pg 43-44

Create/Delete Layer 2/3/4 firewall rules using VM Wall

pg 48-50

Install/Uninstall a vShield manually and from template

pg 41

Configure vShield Manager plug-in capability

page 18

Configure VM Flow charts

pg 52-54

Update vShield Zones

pg 21-22

Add/Edit/Delete User Accounts

pg 23-25

Assign rights to a user

pg 24

Add/Delete Application-Port Pair mapping

pg 54-56

Execute/Schedule Execution of virtual machine discovery

pg 58-59

Utilize vShield Zones CLI commands to configure and monitor vShield Zones

pg 65

Analyze traffic using VM Flow to determine root cause of network related issues
pg 51

Tools

vShield Zones QuickStart Guide
vShield Zones Administration Guide
Introduction to vShield Zones
Product Documentation
vShield Manager
vShield CLI
vSphere Client

Other Relevant Reading Related To This Section

http://kendrickcoleman.com/index.php?/Tech-Blog/testing-out-vshield-zones.html

http://searchvmware.techtarget.com/tip/0,289483,sid179_gci1363051_mem1,00.html

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1022536&sliceId=1&docTypeID=DT_KB_1_1&dialogID=112324054&stateId=1%200%20106992832

Posted in: VCAP-DCA, VMware   Tags: , , ,
«
»

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>