Table of Contents HOL-SDC-1415

Size: px
Start display at page:

Download "Table of Contents HOL-SDC-1415"

Transcription

1 Table of Contents Lab Overview - - IT Outcomes Security Controls Native to Infrastructure. 2 Lab Guidance... 3 Module 1 - Policy-Based Compliance... 5 Introduction... 6 Manage vcenter Server Virtual Machines... 7 Run and Enforce Compliance Configure vcenter Operations Manager Integration Check Initial Compliance Status in vcenter Operations Manager Resolve Noncompliant Virtual Machine Template Results Validate Final Compliance Status in vcenter Operations Manager...53 Module 2 - Policy-Based Network Security Introduction Verify Open Communication between Virtual Machines Apply Network Security Policies via NSX Distributed Firewall Test Applied Network and Security Policies Apply a Data Security Policy to Scan for Unprotected and Sensitive Data Module Summary Page 1

2 Lab Overview - HOL- SDC IT Outcomes Security Controls Native to Infrastructure Page 2

3 Lab Guidance Learn how several VMware technologies work together to implement policy-based network control, configuration and compliance management, and intelligent operations management. You will use NSX for vsphere to isolate, protect, and apply security policies across virtual network workloads. Use vcenter Configuration Manager to continuously identify, assess, and remediate out-of-compliance virtual machines. Finally, you will use vcenter Operations Manager for operational insight into the health, risk, and efficiency of the virtual infrastructure. Module 1: Policy-Based Compliance (30 Minutes) Module 2: Policy-Based Network Security (25 Minutes) Physical Lab Topology vsphere Topology: The two vsphere hypervisors in the environment are esx-01a.corp.local and esx-02a.corp.local and are configured as part of are a single Cluster. Network Topology: The Management Network ( /24) is a common network across the vsphere hypervisors, vcenter, NSX Manager, ControlCenter, vcenter Operations Manager (vcops) and vcenter Configuration Manger (vcm) The vmotion Network ( /24) is used for vmotion traffic. The App Network ( /24) is used for all Virtual Machine data traffic. The Storage Network ( /24) is used to connect the Hypervisors to the NFS storage appliance. Storage Topology: The two vsphere hypervisors have NFS attached storage via the stgb-l-01astorage appliance. vcenter, NSX Manager, vcops and vcm vcenter is pre-configured and accessible on the Management Network on NSX Manager pre-configured and accessible on the Management Network on Page 3

4 vcops is pre-configured and accessible on the Management Network on vcm is pre-configured and accessible on the Management Network on Application Virtual Machines: In this lab we are using a simple application with 2 servers (app-l-01a and db-w8-01a) and a test server test-l-01a. app-l-01a.corp.local is connected on db-w8-01a.corp.local is connected on test-l-01a.corp.local is connected on Page 4

5 Module 1 - Policy-Based Compliance Page 5

6 Introduction VMware vcenter Configuration Manager (VCM) delivers capabilities fundamental to ensuring that virtualized and cloud computing environments are properly configured to meet operational, security and compliance requirements. VCM is a full-featured configuration-management solution that automates configuration management across virtual, physical and cloud environments. Enterprises can use VCM to continuously audit the configurations of VMware infrastructure as well as Windows, Linux and UNIX operating systems. Both physical and virtual configuration compliance can be maintained against internal standards, security best practices, vendor hardening guidelines and regulatory mandates. VCM compares your virtual or physical machines running Linux, UNIX, Mac OS X, or Windows operating systems against configuration standards that you download, or that you create, to determine if the machines meet the standards. The results of the compliance run notify you which machines meet configuration settings meet the standards and which ones do not meet the standards. In some cases, you can enforce certain settings on the machines that are not in compliance, initiating the changes from VCM. Preset rules and templates are available that enable you to begin monitoring system compliance to regulatory (Sarbanes-Oxley, HIPAA, GLBA and FISMA) industry and Microsoft standards. You can create and manage rules and rule groups based on Active Directory (AD) objects and configuration data, or on machine data. At a glance, vcenter Configuration Manager 1. Improves operational effectiveness by continuously auditing configurations of the VMware infrastructure and Windows, Linux and UNIX operating systems. 2. Speeds time to service restoration by correlating configuration changes tracked within VCM with performance and capacity issues identified by VMware vcenter Operations Manager. 3. Accelerates the adoption of virtualization and cloud computing for businesscritical applications by addressing security and compliance concerns. 4. Reduces potential security threats through a unified approach to configuration management across physical and virtual infrastructure. 5. Drives down the effort and cost of configuration compliance through the use of an automated solution. Page 6

7 Manage vcenter Server Virtual Machines Add and license the virtual machines identified based on a vcenter Guests collection from your vcenter Servers. If you are managing Windows virtual machines, you can also install the VCM Agent. Using the Manage Guests wizard, you can add the virtual machines to the appropriate Available Machines data grid based on operating system, license the virtual machine based on operating system, or, for Windows machines, license and install the Agent. Run PowerShell Script Procedure: 1. Click on the Command Prompt Icon on the Task Bar. Page 7

8 Reboot the VCM Server using PowerShell **Note** It may take up to 2 minutes while the server reboots and initializes VCM. Procedure: 1. Type powershell in the command window. 2. Press Enter 3. On the next line type Restart-Computer vcm-01a -Force 4. Press Enter to reboot the VCM server. Page 8

9 Open vcenter Configuration Manager Procedure: 1. Once the VCM server comes back online, double-click the VCM icon on the desktop. Log In to vcenter Configuration Manager with Proper Credentials Procedure: Page 9

10 1. Log into VCM with the following credentials: Username: vcmadmin Password: VMware1! 2. Click OK. Page 10

11 Select the Appropriate User Level from the Drop-Down Menu vcenter Configuration Manager users can have multiple roles. In this lab, CORP\ VCADMIN is assigned three different roles in vcenter Configuration Manager: Admin: General administrator with access to all vcenter Configuration Manager functions. Server Manager: Roll with Full access to Servers Dynamic Machine Group. Workstation Manager: Roll with Full access to Workstation Dynamic Machine Group. We will be using the Admin role throughout this lab, however, roles can be created and assigned on a very granular level. Procedure: 1. Select 'Admin' User Role and click Login. Install VCM agents for the selected Windows machines Procedure: Page 11

12 1. Click Console. 2. Select Virtual Environments 3. Select vcenter 4. Select Guests 5. Select Summary 6. Select the Windows virtual machine (base-w7-01a) 7. Click Manage Guests. Page 12

13 Select Default Domain Procedure: 1. On the Default Domain page, select CORP.LOCAL from the Domain Drop- DownList, then click OK. 2. Select the Active Directory radio button for Domain Type. 3. Click Next to continue. Page 13

14 Edit VM Guest Machine Info Procedure: 1. On the Edit VM Guest MachineInfo page, make sure the base-w7-01a Windows virtual machine is selected. 2. Click Next. Page 14

15 License the VM Guests and Install the Windows Agents Procedure: 1. On the License VM Guests page, select License the selected machines. 2. Select Install VCM agents for the selected Windows machines. 3. Click Next. Page 15

16 Confirm your Changes Procedure: 1. On the Confirm Your Changes page, review the changes. 2. Click Finish. Page 16

17 Set the Options for Installation Procedure: 1. Leave the default options and Select Next Page 17

18 Schedule the Agent Installation Procedure: 1. Confirm that the Run Action Now radio button is selected. 2. Select Next. Page 18

19 Installation Confirmation Procedure: 1. Review the notice and Click Finish to deploy the Windows agents. Page 19

20 Watch the Progress of you Agent Installation Procedure: 1. Click on the Jobs icon on the menu bar. Page 20

21 Monitor the Agent Installation Procedure: **Important** The Jobs Running windowdoes notauto-refresh by default. You should set the job to auto-refresh by following the steps below. 1. You can manually refresh the job collection manually by clicking on the Refresh Icon. 2. Or you can set the job to Auto-Refresh for you. Select 30 Seconds from the drop-down menu. 3. You can also Auto-Refresh the individual steps. Select 5 seconds to monitor success or failure. **Notice** It can take several minutes for this process to complete successfully. Page 21

22 Jobs Running Procedure: 1. Once the job is complete, Click Close. Page 22

23 Verify that the Windows Agents have been successfully deployed Procedure: 1. Select Administration. 2. Select Job Manager. 3. Select History. 4. Select Other Jobs. 5. Select Past 24 Hours. 6. You should see both of your Windows virtual machines in the Job History Machine Detail Box with a Status of Succeeded. Page 23

24 Run and Enforce Compliance Compliance templates evaluate the data collected from virtual or physical machines in machine groups to determine if the machines meet the rules in the templates. If the property values on a machine do not meet the rule criteria, and if no exception is defined, then the machine is flagged as noncompliant. When a machine is noncompliant, the template results provide the details of the settings or configurations that do not match the rules. You can use this information to resolve the problem. Run Virtual Environment Compliance Templates Procedure: 1. Click Compliance. 2. Select Machine Group Compliance. 3. Select Templates. 4. Select the Microsoft MSS Windows 7 Hardening Template. 5. Click Run Template. Page 24

25 Select Template Options Procedure: 1. Select the Do not enforce noncompliant results at this time radio button. 2. Check the Check compliance alerts for this machine group check box 3. Click OK Page 25

26 Track Compliance Progress Procedure: 1. When the template is finished running, you should see Your compliance run completed successfully in the progress bar. 2. Click on Close. Page 26

27 Review Compliance Results Report Procedure: 1. Click on the Microsoft MSS Windows 7 Hardening template in the console pane to refresh and review your results. 2. The Compliance Results Report appears. The report includes the number of objects that are compliant and the number that are non-compliant. Notice that the Windows 7 virtual machine is showing up as Non-Compliant. 3. To view the results in the data grid, click View data grid. View Data Grid Results Icon description: Green check mark: Successful compliance rules. Red exclamation mark: Failed compliance rules that are not enforceable directly by vcenter Configuration Manager. Page 27

28 Red exclamation mark with a small yellow sign: Failed compliance rules that are enforceable directly by vcenter Configuration Manager. Page 28

29 Review Rules that are Out of Compliance These policies will be enforced by VCM Page 29

30 Configure vcenter Operations Manager Integration The integration between vcenter Operations Manager and VCM includes using the VCM compliance template results to contribute to the Risk badge score in vcenter Operations Manager. The compliance templates are included in badge mappings that are run in VCM against objects in vcenter Server instances that are managed by both VCM and vcenter Operations Manager. These objects include virtual machines, host systems, clusters, vcenter Server instances, and data stores. The compliance mapping results determine the compliance score. vcenter Operations Manager then pulls the scores into the formulas used to calculate the Risk badge scores. When you review the standards compliance in vcenter Operations Manager, you can navigate back to VCM to view the detailed results and identify any configuration changes that you must make to bring an object that is noncompliant back to compliance. Page 30

31 Run the Compliance Badge Mappings for vcenter Operations Manager Procedure: 1. Click Console. 2. Select Compliance. 3. Select vcenter Operations Manager Badge Mappings. 4. Select Mappings. 5. Select the MicrosoftWindows 7 Hardening mapping. 6. Click Run. Page 31

32 Select Mapping Options Procedure: 1. Select the Check Compliance Alerts for this Machine Group Box. 2. Click OK. Page 32

33 Mapping Run Results Procedure: 1. Validate that the mapping ran correctly. 2. Click Close. Page 33

34 Exit from vcenter Configuration Manager Procedure: 1. Close the vcenter Configuration Manager interface by clicking the red 'x' button on the General Bar. 2. Click OK to confirm you want to close the session. Page 34

35 Check Initial Compliance Status in vcenter Operations Manager The standards compliance score in VCM contributes a compliance score to the Risk badge score in vcenter Operations Manager. If the Risk score indicates distress for the object, you can view the compliance breakdown to determine which of the noncompliant templates are contributing to the score and determine what action to take to resolve the noncompliant results. Open Internet Explorer Procedure: 1. Double-Click the Internet Explorer icon on the Control Center Desktop Page 35

36 Log In to vcenter Operations Manager Procedure: 1. Click vcenter Operations Manager in the favorites bar. 2. Enter vcmadmin as the username. 3. Enter VMware1! as the password. 4. Click Login. Page 36

37 Expand the Virtual Infrastructure Hierarchy Procedure: 1. Click on World. 2. Select vcsa-01a. 3. Select Datacenter Site A. 4. Select Cluster Site A. 5. Select esx-02a.corp.local. 6. Select base-w7-01a. Page 37

38 Check the OS-Level Compliance Status using the Compliance Breakdown Note: It can several minutes for the compliance badge to appear. This is due to possible high workload in the lab environment, Overview: vcenter Operations Manager provides a color-coded badge system, which ranges from a healthy green to a health degradation status depicted in a gradual or instantaneous transition to yellow, orange or red. Inside the badge, vcenter Operations Manager also presents a score, which might reflect the desired healthy state, a potential problem, or an imminent risk, depending on the badge being observed (health, risk, optimization, or compliance). In this example, notice that the Windows 7 virtual machine (base-w7-01a) is reported non-compliant. Five conditions were evaluated and all of them failed. vcenter Operations calculated a score of 0 and set the color to Red to indicate this object needs remediation to become compliant. Procedure: 1. Select the virtual machine base-w7-01a. 2. Select Planning. 3. Select Views. 4. Select Compliance. 5. Observe the compliance information for virtual machine base-w7-01a. Page 38

39 Page 39

40 Return to vcenter Configuration Manager to Resolve Compliance Issues Procedure: 1. Click on View Details in VCM to return to vcenter Operations Manager (VCM) Note: You may have to re-authenticate if you logged out of VCM. Log into VCM with the following credentials: Username: vcmadmin Password: VMware1! Page 40

41 Resolve Noncompliant Virtual Machine Template Results The results for the compliance templates indicate whether the virtual or physical machine are compliant or noncompliant. If the machine is noncompliant, you can enforce noncompliant results manually or using VCM, or you can add an exception for expected noncompliant results. On the virtual machine scan, we found 5 items out of compliance for our base-w7-01a virtual machine. Page 41

42 Remediate Failed Compliance Rules that are Enforceable by vcenter Configuration Manager Procedure: 1. Click Compliance. 2. Select Machine Group Compliance. 3. Select Templates. 4. Select the Microsoft MSS Windows 7 Hardening Template. 5. (Click View Data Grid if necessary) Select the Enforce tab. Page 42

43 Enforcement Selection Procedure: 1. Select All Items in the Current Compliance Run. 2. Click Next. Page 43

44 Review the Enforcement Summary Notice that 5 Items will be enforced by VCM. We will manually address the other noncompliant items later in this lab. Procedure: 1. Review the number of Selected Items and the number of Enforceable Items. 2. Notice that 5 Itemswill be enforced by vcenter Configuration Manager using 4 jobs. 3. Click Finish to kick off the compliance remediation job. Watch the Compliance Job Run **Notice** It can take several minutes for this process to complete successfully. Page 44

45 Procedure: 1. Click on the Jobs tab in the menu bar. 2. You can refresh the job collection by clicking on the Refresh Icon. 3. Or you can set the job to Auto-Refresh for you. 4. Once the job is complete, Click Close. Page 45

46 View the Enforcement Results Procedure: 1. Click on the Windows 7 Template in the left pane. 2. Click on Run Template tab to Refresh the compliance results. Page 46

47 Select Template Options Procedure: 1. Select the Do not enforce noncompliant results at this time radio button. 2. Check the Check compliance alerts for this machine group check box 3. Click OK Page 47

48 Compliance Run Results Procedure: 1. When the template is finished running, you should see Your compliance run completed successfully in the progress bar. 2. Click on Close. Page 48

49 Review Results Procedure: 1. Click on the Microsoft MSS Windows 7 Hardening template in the console pane to refresh and review your results. 2. The Compliance Results Report appears. The report includes the number of objects that are compliant and the number that are non-compliant. Notice that the Windows 7 virtual machine is showing up as Non-Compliant. 3. To view the results in the data grid, click View data grid. Run the Compliance Badge Mappings for vcenter Operations Manager Procedure: 1. Click Compliance. 2. Select vcenter Operations Manager Badge Mappings. 3. Select Mappings Page 49

50 4. Select the MicrosoftWindows 7 Hardening mapping. 5. Click Run. Page 50

51 Select Mapping Options Procedure: 1. Select the Check Compliance Alerts for this Machine Group Box. 2. Click OK Page 51

52 Mapping Run Results Procedure: 1. Validate that the mapping ran correctly. 2. Click Close. Page 52

53 Validate Final Compliance Status in vcenter Operations Manager Finally, we will go back into vcenter Operations Manager to make sure that the compliance badge is now matching the compliance status found in VCM. Open Internet Explorer Procedure: 1. Double-Click the Internet Explorer icon on the Control Center Desktop Log In to vcenter Operations Manager Procedure: Page 53

54 1. Click vcenter Operations Manager in the favorites bar. 2. Enter vcmadmin as the username. 3. Enter VMware1! as the password. 4. Click Login. Page 54

55 Expand the Virtual Infrastructure Hierarchy Procedure: 1. Click on World. 2. Select vcsa-01a. 3. Select Datacenter Site A. 4. Select Cluster Site A. 5. Select esx-02a.corp.local. 6. Select base-w7-01a. Page 55

56 Compliance View Note: It can several minutes for the compliance badge to appear. This is due to possible high workload in the lab environment, Review: vcenter Operations Manager provides a color-coded badge system, which ranges from a healthy green to a health degradation status depicted in a gradual or instantaneous transition to yellow, orange or red. Inside the badge, vcenter Operations Manager also presents a score, which might reflect the desired healthy state, a potential problem, or an imminent risk, depending on the badge being observed (health, risk, optimization, or compliance). After performing remediation, notice that our Windows 7 virtual machine (basew7-01a) is now green and reporting 100% compliance. Procedure: 1. Select the virtual machine base-w7-01a. 2. Select Planning. 3. Select Views. 4. Select Compliance. 5. Observe the compliance information for virtual machine base-w7-01a. Page 56

57 Page 57

58 View Change Events Inside vcenter Operations Manager You can also track events coming from vcenter Configuration Manager. Procedure: 1. Click Events. 2. Click the Compliance shadow badge. 3. Click the bullseye icon (to show self events). 4. Click the small Compliance badge. 5. Narrow the scope to the last hour by clicking on the Calendar icon. 6. Change to Last Hour. 7. Click the small blue arrow to apply the modifications. Page 58

59 Review the Filtered Events Review the status of the virtual machine's compliance over time. Page 59

60 Module 2 - Policy-Based Network Security Page 60

61 Introduction In this Module we will review how the NSX Distributed Firewall and Data Security can provide network security and compliance within the SDDC. You are currently logged on the ControlCenter which can communicate with all of the Application VMs in the lab (db-w8-01a, app-l-01a and test-l-01a virtual machines). The lab virtual machines can communicate with each other because they reside on a single Layer 2 segment which is a violation of security policy at ABC Corporation. We will first verify connectivity between these virtual machines and then apply NSX distributed firewall policies to block specific communication. We will then apply Data Security policies to scan the datacenter for sensitive and unprotected data for PCI compliance check. Page 61

62 Verify Open Communication between Virtual Machines In this section we will verify connectivity between ControlCenter and other Application VMs. Test Remote Desktop Connection to the Production Database Server (db-w8-01a) The first task is to test connectivity from the ControlCenter to our production database machine. Double-click the db-w8-01a.rdp link on the ControlCenter desktop. Page 62

63 Launch a Remote Session to the Database Server (dbw8-01a) Login credentials: User: CORP\Administrator Password: VMware1! Page 63

64 Verify Open Connectivity to the Database Server (dbw8-01a) Confirm that you are properly connected to the db-w8-01a virtual machine by checking the background information. Disconnect the Remote Desktop Connection to db-w8-01a Server Disconnect the Remote Desktop Connection by clicking the upper right X icon. Page 64

65 Test Connectivity to Production Web Server (app-l-01a) 1. Launch Putty from the ControlCenter task bar and select the appl-01a.corp.local saved session. 2. Click Load. 3. Click Open. Page 65

66 Login to app-l-01a server Login credentials: User: root Password: VMware1! Test connectivity from app-l-01a server to db-w8-01a server 1. Run the command "ping db-w8-01a.corp.local -c 3 -q" 2. Verify that there is connectivity. Test connectivity from app-l-01a server to test-l-01a server 1. Run the command "ping test-l-01a.corp.local -c 3 -q" 2. Verify that there is connectivity. Page 66

67 Close the Putty session Test Connectivity to Test Server (test-l-01a) 1. Launch Putty from ControlCenter task bar and select the test-l-01a.corp.local saved session. 2. Click Load. 3. Click Open. Login to test-l-01a server Login credentials Page 67

68 User: root Password: VMware1! Test connectivity from test-l-01a server to db-w8-01a server 1. Run the command "ping db-w8-01a.corp.local -c 3 -q" 2. Verify that there is connectivity. Close the Putty session. Page 68

69 Test Connectivity to the Lab Application Launch the Firefox web browser located on the ControlCenter desktop. Click on the Lab Application bookmark. Verify that the sample web application is accessible via HTTP port 80. The web server is hosted on app-l-01a, while the database server is on db-w8-01a virtual machine. Network Connectivity Test Results We were able to verify that: The ControlCenter can open a remote desktop connection to the db-w8-01a virtual machine. The ControlCenter can open SSH connections to app-l-01a and test-l-01a virtual machines. Application virtual machines db-w8-01a and app-l-01a have IP connectivity to each other. Page 69

70 The test-l-01a virtual machine has IP connectivity to application virtual machines (dbw8-01a and test-l-01a) The sample Lab Application is reachable via ControlCenter. Page 70

71 Apply Network Security Policies via NSX Distributed Firewall. Now that you have tested the reachability of the systems and witnessed the complete lack of security in the environment, we will implement security policies in VMware NSX to block connectivity that is not required. To save time, in this lab we have already created the security policies, we will review these policies and make changes where needed. In this lab we will use the VMware NSX Distributed Firewall, which is a hypervisor kernelembedded firewall that provides visibility and control for virtualized workloads and networks. You can create access control policies based on VMware vcenter objects like datacenters and clusters, virtual machine names and tags, network constructs like IP/ VLAN/VXLAN addresses, as well as user group identity from Active Directory. Firewall rules are enforced at the vnic level of each virtual machine to provide consistent access control even when the virtual machine gets vmotioned. The hypervisor-embedded nature of the firewall delivers close to line rate throughput to enable higher workload consolidation on physical servers. The distributed nature of the firewall provides a scaleout architecture that automatically extends firewall capacity when additional hosts are added to a datacenter. Access NSX Manager. In this section we will access the NSX Manager UI and view the pre-created security policies. Page 71

72 Login to vcenter Web Client Launch the Firefox browser application from the ControlCenter desktop. The browser is configured to launch the vcenter Web Client, if it does not launch then please select it from the bookmark. Login credentials: User: CORP\Administrator Password: VMware1! (Note: Selecting "Use Windows Session Authentication" will also log you in) Page 72

73 Access the Networking and Security Section Click on Networking and Security Page 73

74 Access the Distributed Firewall Rules 1. Click on the Firewall section on the left pane. 2. Expand the firewall policy by clicking on the Lab Application Policy 3. and Default Section Layer3 Page 74

75 Analyse Distributed Firewall Policy - L3 and L4 In this section we will analyse all the firewall policies that have been created. As you can see all the policies have been set to "Allow", we will change the appropriate policy to "Deny". Firewall Rule - Allow HTTP Access to WebServers In this policy we have configured the distributed firewall to permit HTTP connections from any source to servers in the WebServer-SecurityGroup. The security group called WebServer-SecurityGroup has been pre-created in the lab. Click on it and you will see that it contains the server app-l-01a.corp.local. Click on the "x" to close the Security Group pop-up window. Page 75

76 Firewall Rule - Allow Web to Database Access In this policy we have configured the distributed firewall to permit communication between the WebServer-SecurityGroup and the Database-SecurityGroup. The security group Database-SecurityGroup has been pre-created in the lab. Click on it and you will see that it contains the server db-w8-01a.corp.local. Click on the "x" to close the Security Group pop-up window. Firewall Rule - Allow ControlCenter SSH Access In this policy we have configured the distributed firewall to permit SSH communication to app-l-01a.corp.local, db-w8-01a.corp.local and test-l-01a.corp.local servers from the ControlCenter. Click on the ControlCenter link to view the configured IP Click on the "x" to close the pop-up window. Firewall Rule - DNS and AD domain access In this policy we have configured the application servers and the test-l-01a server to communicate with the ControlCenter for DNS and Active Directory Services. Page 76

77 The Microsoft Active Directory Service is pre-defined in NSX, so its easy to select and deploy. Click on the "x" to close the pop-up window. Page 77

78 Firewall Rule - Allow vcm to Test Servers In this policy we have configured the vcenter Configuration Manager ( ) to communicate with the test-l-01a server and the Windows 7 VM base-w7-01a (we will use this virtual machine later in the lab to show how Configuration Manager can be used to patch the operating systems for compliance). Click on the "x" to close the pop-up window. Firewall Rule - Allow Test Servers to vcm In this policy we have configured the Test Servers (test-l-01a and base-w7-01a) to initiate communication to the vcm server. Click on the TestServer-SecurityGroup (which has been pre-created) to view its membership. Click on the "x" to close the Security Group pop-up window. Page 78

79 Firewall Rule - Default Rule We have configured the NSX distributed firewall to Allow all traffic as a default policy, however we will now change this policy to Block all traffic. Click on the small + sign next to Allow. Change the Action to Block. Click OK. Since the security policy has been changed, we will need to Publish these changes. Click on Publish Changes. Page 79

80 Analyse Distributed Firewall Policy - L2 Click on Firewall, then on Ethernet. Expand the rules in the Default Layer 2 Rule Section. Ethernet Rule - Block access from Application servers to Test Servers 1. This the first firewall rule in the list. You will notice that at the moment it has been configured to allow connectivity between the Application servers and Test Servers, which is not the desired state. 2. Click on the small "+" sign next to the "Allow" action to change it to "Block" as shown in the step. 3. Click OK and proceed to the next rule. Page 80

81 Ethernet Rule - Block access from Test Servers to Application Servers 1. You will notice that at the moment it has been configured to allow connectivity between the Test servers and Application Servers, which is not the desired state. 2. Click on the small "+" sign next to the "Allow" action to change it to "Block" as shown in the step. 3. Click OK and proceed to the next rule. Note: The first 2 rules have been explicitly setup to block communication between the App and Test servers because the default L2 policy will be to allow communication between all other end points. Page 81

82 Ethernet Rule - Block communication between database servers in the same tier. In this lab there is only one database server used however in production environments there could be many provisioned and a rule like the one above can be used to block communication between the servers in the same tier. 1. Currently this rule is set to Allow communication, which is not desired. 2. Click on the small "+" sign next to the "Allow" action to change it to "Block" as shown in the step. 3. Click OK and proceed to the next step. Page 82

83 Ethernet Rule - Block communication between Web servers in the same tier. In this lab there is only one web server used however in production environments there could be many provisioned and a rule like the one above can be used to block communication between the servers in the same tier. 1. Currently this rule is set to Allow communication, which is not desired. 2. Click on the small "+" sign next to the "Allow" action to change it to "Block" as shown in the step. 3. Click OK. Notice that all the rule changes have to be Published. Click on Publish Changes as shown Page 83

84 Ethernet Default Rule Note that the default Ethernet Rule is set to Allow all other communication in the virtualized environment. This is the desired state. Page 84

85 Test Applied Network and Security Policies In the previous section we analysed the NSX distributed firewall security policies and made changes so as to only permit certain traffic and block the rest. In this section we will verify how the micro-segmentation security capabilities of NSX distributed firewall can be used to effectively isolate virtual machine traffic even on a shared Layer 2 segment. Verify Connectivity from ControlCenter We will first verify access to db-w8-01a, app-l-01a and test-l-01a virtual machines from the ControlCenter. Launch Remote Desktop Connection to Database Server Locate the launch the remote desktop connection link to db-w8-01a from the ControlCenter desktop. Since the firewall policy only allowed SSH access to the database server the RDP connection was denied. Launch SSH connection to Test server Locate and launch the Putty application from the ControlCenter taskbar. 1. Select test-l-01a.corp.local 2. Click Load 3. Click Open. Page 85

86 Access is granted since the security policy allows SSH access from the ControlCenter. Login Credentials: User: root Password: VMware1! Page 86

87 Test connectivity between Test Server and Application Servers. In the previous section we configured the firewall policy to block communication between the test-l-01a server and the application servers (db-w8-01a and app-l-01a). 1. Ping db-w8-01a.corp.local -c 3 -q. You will notice 100% packet loss. 2. Ping app-l-01a.corp.local -c 3 -q. You will notice 100% packet loss. In both the cases you will notice that DNS resolution is possible via the ControlCenter however all ICMP traffic to database and application servers is blocked. Close the Putty session. Test connectivity between Application Servers and Test Server. In the previous section we configured the firewall policy to allow communication from web server app-l-01a to the database server db-w8-01a while block communication to the test server test-l-01a. Locate and launch the Putty application from the ControlCenter taskbar. Launch a SSH session to app-l-01a.corp.local server. Login Credentials: User: root / Password: VMware1! 1. Ping db-w8-01a.corp.local -c 3 -q. It will report 100% packet loss because in the previous section we only allowed MySql traffic on port 3306 from the web servers to the database server. 2. Ping test-l-01a.corp.local -c 3 -q. You will notice 100% packet loss. Page 87

88 In both the cases you will notice that DNS resolution is possible via the ControlCenter. Page 88

89 Apply a Data Security Policy to Scan for Unprotected and Sensitive Data NSX Data Security provides visibility into sensitive data stored within your organization's virtualized and cloud environments. Based on the violations reported by NSX Data Security, you can ensure that sensitive data is adequately protected and assess compliance with regulations around the world. To begin using NSX Data Security, you create a policy that defines the regulations that apply to data security in your organization and specifies the areas of your environment and files to be scanned. A regulation is composed of content blades, which identify the sensitive content to be detected. NSX supports PCI, PHI, and PII related regulations only. Data Security Policy for Database Servers In this lab, on the database server db-w8-01a.corp.local we have stored some sensitive and unprotected credit card information which makes it non PCI compliant. We will first review the configuration for Data Security in NSX that has been preconfigured to scan for credit card number violations. In the next step we will run the Data Security scan to review these violations. Page 89

90 Access NSX Configuration Launch the Firefox web browser and click on the vcenter Web Client bookmark. Login Credentials: 1. User: CORP\Administrator 2. Password: VMware1! 3. Click OK 4. Click Networking and Security to access NSX configuration. Access Service Composer Security Policy 1. Click Service Composer. 2. Click Security Policies. 3. Select the Database-SecurityGroup Security Policy. 4. Click the number displayed in the Applied To column. Notice that this security policy has been applied to the database server db-w8-01a.corp.local in the Database-SecurityGroup. Click on the x to close this pop-up window. Page 90

91 5. Click on the number displayed in the Endpoint Service column. Notice that the VMware Data Security Service has been applied for PCI Compliance check, also notice that this policy has not been set to automatically enforce since we will be running the scan manually in the next step. Click on the x to close this pop-up window. Page 91

92 Run Data Security Scan 1. Click on the Data Security Section 2. And then Manage. Click Edit. Page 92

93 Select Data Security Regulation and Standards 1. Click Select Regulations 2. Click All. This will list all the available content blades for NSX regulations 3. In the search bar type "Credit" and hit Enter 4. Select the Credit Card Numbers content blade 5. Click Next. 6. Click Finish. Once you select the regulations that you want your company data to comply with, NSX can identify files that contain information which violates these particular regulations. Page 93

94 Page 94

95 Start Data Security Scan Before we start the security scan we will need to Publish the changes. 1. Click Publish Changes. Notice that the scan for Credit Card Number regulation has been enabled and the system has been set to monito various file types. 2. Click Start. 3. Click Monitor. Page 95

96 Monitor Data Security Scan 1. On the Monitor tab, 2. Click Dashboard. The security scan will take approximately 3 minutes to complete. 3. Click the Refresh button on the right to view progress. Once completed, notice that the db-w8-01a server has been reported to have the violation. 4. Click on Reports, to view the violation details. Page 96

97 View Reports from the Data Security Scan Select Reports. Select Violating Files in the View Report menu. Notice that there are 2 files identified on db-w8-01a database server that are noncompliant with Credit Card Number PCI regulation. The data security administrator can now take corrective actions to protect sensitive data so that the application is compliant with related regulations. Page 97

98 Module Summary In this module we showcased how to leverage NSX Distributed Firewall (DFW) services to apply policies to provide for network micro segmentation between workloads, as well as to prevent unauthorized access to controlled machines. We also saw how NSX Data Security provides visibility into sensitive data stored within your organization's virtualized and cloud environments Page 98

99 Conclusion Thank you for participating in the VMware Hands-on Labs. Be sure to visit to continue your lab experience online. Lab SKU: Version: Page 99

Table of Contents HOL-SDC-1315

Table of Contents HOL-SDC-1315 Table of Contents Lab Overview... 2 About this Lab... 3 Module 1 - Secure and Isolate VM Traffic with Different Trust Levels Using vcloud Network and Security... 6 Verify Open (Non Firewalled) Communications...

More information

Table of Contents HOL-SDC-1412

Table of Contents HOL-SDC-1412 Table of Contents Lab Overview... 2 - IT Outcomes Data Center Virtualization and Standardization... 3 Module 1 - Lab Overview (15 Min)... 5 Physical Topology... 6 Application Topology... 8 Access the 3-Tier

More information

Table of Contents HOL-SDC-1317

Table of Contents HOL-SDC-1317 Table of Contents Lab Overview - Components... 2 Business Critical Applications - About this Lab... 3 Infrastructure Components - VMware vcenter... 5 Infrastructure Components - VMware ESXi hosts... 6

More information

Table of Contents HOL-MBL-1661

Table of Contents HOL-MBL-1661 Table of Contents Lab Overview -... 2 Lab Guidance... 3 Module 1 - Just-In-Time Application Deployment (30 minutes)... 4 Module 1 Introduction... 5 Just-In-Time Applications using App Volumes... 6 Module

More information

vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017

vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017 vrealize Suite Lifecycle Manager 1.0 Installation and Management vrealize Suite 2017 vrealize Suite Lifecycle Manager 1.0 Installation and Management You can find the most up-to-date technical documentation

More information

Table of Contents HOL-1701-CHG-5

Table of Contents HOL-1701-CHG-5 Table of Contents Lab Overview: vrealize Operations Application Monitoring: Challenge Lab... 2 Lab Overview... 3 Lab Guidance... 5 Module 1 - Configuring a Custom Application (15 minutes)... 10 Introduction...

More information

Cisco Virtual Application Container Services 2.0 Lab v1

Cisco Virtual Application Container Services 2.0 Lab v1 Cisco Virtual Application Container Services 2.0 Lab v1 Last Updated: 02-SEP-2015 About This Solution Cisco Virtual Application Container Services (VACS) enables simplified deployment of Secure Application

More information

vrealize Suite Lifecycle Manager 1.1 Installation, Upgrade, and Management vrealize Suite 2017

vrealize Suite Lifecycle Manager 1.1 Installation, Upgrade, and Management vrealize Suite 2017 vrealize Suite Lifecycle Manager 1.1 Installation, Upgrade, and Management vrealize Suite 2017 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

ForeScout CounterACT. Configuration Guide. Version 1.1

ForeScout CounterACT. Configuration Guide. Version 1.1 ForeScout CounterACT Hybrid Cloud Module: VMware NSX Plugin Version 1.1 Table of Contents About VMware NSX Integration... 3 Use Cases... 3 Additional VMware Documentation... 3 About this Plugin... 3 Dependency

More information

Table of Contents HOL-PRT-1464

Table of Contents HOL-PRT-1464 Table of Contents Lab Overview - - Applying Data Center Security with Symantec & VMware NSX... 2 Lab Guidance... 3 About Symantec Data Center Security: Server... 4 Module 1 - Configure policies, Test Virtual

More information

Table of Contents HOL-1710-SDC-6

Table of Contents HOL-1710-SDC-6 Table of Contents Lab Overview - - What's New: vsphere with Operations Management.. 2 Lab Guidance... 3 Module 1 - What's New in vsphere (90 minutes)... 9 vcenter Server Appliance (VSCA)... 10 vcenter

More information

ForeScout Extended Module for MobileIron

ForeScout Extended Module for MobileIron Version 1.8 Table of Contents About MobileIron Integration... 4 Additional MobileIron Documentation... 4 About this Module... 4 How it Works... 5 Continuous Query Refresh... 5 Offsite Device Management...

More information

ForeScout Extended Module for IBM BigFix

ForeScout Extended Module for IBM BigFix Version 1.1 Table of Contents About BigFix Integration... 4 Use Cases... 4 Additional BigFix Documentation... 4 About this Module... 4 About Support for Dual Stack Environments... 5 Concepts, Components,

More information

CounterACT VMware vsphere Plugin

CounterACT VMware vsphere Plugin Configuration Guide Version 2.0.1 Table of Contents About VMware vsphere Integration... 4 Use Cases... 4 Additional VMware Documentation... 4 About this Plugin... 5 What to Do... 5 Requirements... 5 CounterACT

More information

ForeScout Extended Module for MaaS360

ForeScout Extended Module for MaaS360 Version 1.8 Table of Contents About MaaS360 Integration... 4 Additional ForeScout MDM Documentation... 4 About this Module... 4 How it Works... 5 Continuous Query Refresh... 5 Offsite Device Management...

More information

ForeScout Extended Module for VMware AirWatch MDM

ForeScout Extended Module for VMware AirWatch MDM ForeScout Extended Module for VMware AirWatch MDM Version 1.7.2 Table of Contents About the AirWatch MDM Integration... 4 Additional AirWatch Documentation... 4 About this Module... 4 How it Works... 5

More information

ForeScout Extended Module for IBM BigFix

ForeScout Extended Module for IBM BigFix ForeScout Extended Module for IBM BigFix Version 1.0.0 Table of Contents About this Integration... 4 Use Cases... 4 Additional BigFix Documentation... 4 About this Module... 4 Concepts, Components, Considerations...

More information

Table of Contents HOL CMP

Table of Contents HOL CMP Table of Contents Lab Overview - - Monitor and Troubleshoot Your Infrastructure and Applications with vrealize Operations and vrealize Log Insight... 2 Lab Guidance... 3 Module 1 - Troubleshoot Infrastructure

More information

CounterACT VMware vsphere Plugin

CounterACT VMware vsphere Plugin CounterACT VMware vsphere Plugin Configuration Guide Version 2.0.0 Table of Contents About VMware vsphere Integration... 4 Use Cases... 4 Additional VMware Documentation... 4 About this Plugin... 5 What

More information

vcenter Operations Manager for Horizon View Administration

vcenter Operations Manager for Horizon View Administration vcenter Operations Manager for Horizon View Administration vcenter Operations Manager for Horizon View 1.5 vcenter Operations Manager for Horizon View 1.5.1 This document supports the version of each product

More information

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3

ForeScout CounterACT. (AWS) Plugin. Configuration Guide. Version 1.3 ForeScout CounterACT Hybrid Cloud Module: Amazon Web Services (AWS) Plugin Version 1.3 Table of Contents Amazon Web Services Plugin Overview... 4 Use Cases... 5 Providing Consolidated Visibility... 5 Dynamic

More information

vshield Administration Guide

vshield Administration Guide vshield Manager 5.1 vshield App 5.1 vshield Edge 5.1 vshield Endpoint 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by

More information

vrealize Operations Management Pack for NSX for vsphere 3.5.0

vrealize Operations Management Pack for NSX for vsphere 3.5.0 vrealize Operations Management Pack for NSX for vsphere 3.5.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.

More information

Azure for On-Premises Administrators Practice Exercises

Azure for On-Premises Administrators Practice Exercises Azure for On-Premises Administrators Practice Exercises Overview This course includes optional practical exercises where you can try out the techniques demonstrated in the course for yourself. This guide

More information

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1

ForeScout CounterACT. Plugin. Configuration Guide. Version 2.1 ForeScout CounterACT Hybrid Cloud Module: VMware vsphere Plugin Version 2.1 Table of Contents About VMware vsphere Integration... 4 Use Cases... 4 Additional VMware Documentation... 4 About this Plugin...

More information

Forescout. Configuration Guide. Version 2.4

Forescout. Configuration Guide. Version 2.4 Forescout Version 2.4 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191

More information

Table of Contents HOL SDC

Table of Contents HOL SDC Table of Contents Lab Overview - - Site Recovery Manager: Data Center Migration and Disaster Recovery... 3 Overview of Site Recovery Manager... 4 Lab Overview... 5 Lab Guidance... 7 Module 1 - Lightning

More information

Table of Contents HOL-SDC-1422

Table of Contents HOL-SDC-1422 Table of Contents - VMware Development Tools and SDKs... 2 Lab Overview... 3 Module 1 - Developer Center, Workbench IS, and the vsphere Management SDK (30 min)... 4 Introduction... 5 Using Workbench IS

More information

IC121-End-to-End Virtual Security Hands-On Lab

IC121-End-to-End Virtual Security Hands-On Lab IC121-End-to-End Virtual Security Hands-On Lab Description Many of us fear zero day exploits especially if they could impact our dynamic virtual systems. Learn how you can leverage CCS VSM to quickly lock

More information

Table of Contents HOL-PRT-1463

Table of Contents HOL-PRT-1463 Table of Contents Lab Overview - - vcenter Operations Manager Management Pack for Oracle Enterprise Manager... 2 Lab Guidance... 3 Module 1 - Oracle Enterprise Manager Management Pack Introduction (15

More information

VMware AirWatch: Directory and Certificate Authority

VMware AirWatch: Directory and Certificate Authority Table of Contents Lab Overview - HOL-1857-06-UEM - VMware AirWatch: Directory and Certificate Authority Integration... 2 Lab Guidance... 3 Module 1 - Advanced AirWatch Configuration, AD Integration/Certificates

More information

Introducing VMware Validated Design Use Cases. Modified on 21 DEC 2017 VMware Validated Design 4.1

Introducing VMware Validated Design Use Cases. Modified on 21 DEC 2017 VMware Validated Design 4.1 Introducing VMware Validated Design Use Cases Modified on 21 DEC 2017 VMware Validated Design 4.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

VMware vcenter Configuration Manager Administration Guide vcenter Configuration Manager 5.7

VMware vcenter Configuration Manager Administration Guide vcenter Configuration Manager 5.7 VMware vcenter Configuration Manager Administration Guide vcenter Configuration Manager 5.7 This document supports the version of each product listed and supports all subsequent versions until the document

More information

vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4

vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4 vrealize Operations Manager Customization and Administration Guide vrealize Operations Manager 6.4 vrealize Operations Manager Customization and Administration Guide You can find the most up-to-date technical

More information

VMware vrealize Operations for Horizon Administration. 20 SEP 2018 VMware vrealize Operations for Horizon 6.6

VMware vrealize Operations for Horizon Administration. 20 SEP 2018 VMware vrealize Operations for Horizon 6.6 VMware vrealize Operations for Horizon Administration 20 SEP 2018 VMware vrealize Operations for Horizon 6.6 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

VMware vrealize Operations for Horizon Administration. Modified on 3 JUL 2018 VMware vrealize Operations for Horizon 6.4

VMware vrealize Operations for Horizon Administration. Modified on 3 JUL 2018 VMware vrealize Operations for Horizon 6.4 VMware vrealize Operations for Horizon Administration Modified on 3 JUL 2018 VMware vrealize Operations for Horizon 6.4 You can find the most up-to-date technical documentation on the VMware website at:

More information

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0 Product Guide Revision B McAfee Cloud Workload Security 5.0.0 COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection, epolicy Orchestrator, McAfee

More information

Forescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2

Forescout. eyeextend for IBM BigFix. Configuration Guide. Version 1.2 Forescout Version 1.2 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191

More information

Oracle Enterprise Manager 11g Ops Center 2.5 Hands-on Lab

Oracle Enterprise Manager 11g Ops Center 2.5 Hands-on Lab Oracle Enterprise Manager 11g Ops Center 2.5 Hands-on Lab Introduction to Enterprise Manager 11g Oracle Enterprise Manager 11g is the centerpiece of Oracle's integrated IT management strategy, which rejects

More information

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC Virtualization Security & Audit John Tannahill, CA, CISM, CGEIT, CRISC jtannahi@rogers.com Session Overview Virtualization Concepts Virtualization Technologies Key Risk & Control Areas Audit Programs /

More information

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme SAI2803BU The Road to Micro- Segmentation with VMware NSX #VMworld #SAI2803BU Disclaimer This presentation may contain product features that are currently under development. This overview of new technology

More information

vrealize Operations Management Pack for NSX for vsphere 3.0

vrealize Operations Management Pack for NSX for vsphere 3.0 vrealize Operations Management Pack for NSX for vsphere 3.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.

More information

IT Systems Integration

IT Systems Integration IT Systems Integration vsphere Update Manager 6.0 Patch and Upgrade Management Guide. Prepared By IT Systems Version History Version Date Notes 1.0 01/13/17 Initial Release 1 Introduction VMware Update

More information

McAfee Cloud Workload Security Product Guide

McAfee Cloud Workload Security Product Guide Revision B McAfee Cloud Workload Security 5.1.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,

More information

Reset the Admin Password with the ExtraHop Rescue CD

Reset the Admin Password with the ExtraHop Rescue CD Reset the Admin Password with the ExtraHop Rescue CD Published: 2018-01-19 This guide explains how to reset the administration password on physical and virtual ExtraHop appliances with the ExtraHop Rescue

More information

Horizon Console Administration. 13 DEC 2018 VMware Horizon 7 7.7

Horizon Console Administration. 13 DEC 2018 VMware Horizon 7 7.7 Horizon Console Administration 13 DEC 2018 VMware Horizon 7 7.7 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this

More information

FlexPod Infrastructure Automation. September 2016 SL10295 Version 1.0.0

FlexPod Infrastructure Automation. September 2016 SL10295 Version 1.0.0 September 2016 SL10295 Version 1.0.0 1 Introduction to FlexPod Automation This lab demonstrates how to use FlexPod Automation to automate the configuration of a FlexPod (UCS Mini, Nexus Switches, Clustered

More information

VMware vfabric Data Director 2.5 EVALUATION GUIDE

VMware vfabric Data Director 2.5 EVALUATION GUIDE VMware vfabric Data Director 2.5 EVALUATION GUIDE Introduction... 2 Pre- requisites for completing the basic and advanced scenarios... 3 Basic Scenarios... 4 Install Data Director using Express Install...

More information

AppDefense Getting Started. VMware AppDefense

AppDefense Getting Started. VMware AppDefense AppDefense Getting Started VMware AppDefense You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit

More information

Table of Contents HOL NET

Table of Contents HOL NET Table of Contents - VMware AppDefense - Secure Datacenter Endpoints...2 Lab Guidance... 3 Module 1- Overview of VMware AppDefense (15 Minutes)... 9 AppDefense Platform Overview... 10 Conclusion... 14 Module

More information

Table of Contents HOL-HBD-1301

Table of Contents HOL-HBD-1301 Table of Contents Lab Overview... 2 - vcloud Hybrid Service Jump Start for vsphere Admins...3 Module 1 - vcloud Hybrid Service: Architecture and Consumption Principles...5 vcloud Hybrid Service... 6 vcloud

More information

SYMANTEC DATA CENTER SECURITY

SYMANTEC DATA CENTER SECURITY SYMANTEC DATA CENTER SECURITY SYMANTEC UNIFIED SECURITY STRATEGY Users Cyber Security Services Monitoring, Incident Response, Simulation, Adversary Threat Intelligence Data Threat Protection Information

More information

Introducing VMware Validated Design Use Cases

Introducing VMware Validated Design Use Cases Introducing VMware Validated Design Use Cases VMware Validated Designs 4.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced

More information

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4 NSX-T Data Center Migration Coordinator Guide 5 APR 2019 VMware NSX-T Data Center 2.4 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you

More information

NetScaler Analysis and Reporting. Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi

NetScaler Analysis and Reporting. Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi NetScaler Analysis and Reporting Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi (v4.0) Document Date: October 2016 www.goliathtechnologies.com 1 Legal Notices Goliath for

More information

VMware vrealize Operations for Horizon Administration

VMware vrealize Operations for Horizon Administration VMware vrealize Operations for Horizon Administration vrealize Operations for Horizon 6.3 This document supports the version of each product listed and supports all subsequent versions until the document

More information

VMware vsphere: What s New Lab Manual ESXi 5.5 and vcenter Server 5.5

VMware vsphere: What s New Lab Manual ESXi 5.5 and vcenter Server 5.5 VMware vsphere: What s New Lab Manual ESXi 5.5 and vcenter Server 5.5 VMware Education Services VMware, Inc. www.vmware.com/education VMware vsphere: What s New ESXi 5.5 and vcenter Server 5.5 Part Number

More information

Table of Contents HOL-PRT-1305

Table of Contents HOL-PRT-1305 Table of Contents Lab Overview... 2 - Abstract... 3 Overview of Cisco Nexus 1000V series Enhanced-VXLAN... 5 vcloud Director Networking and Cisco Nexus 1000V... 7 Solution Architecture... 9 Verify Cisco

More information

vrealize Operations Management Pack for NSX for vsphere 2.0

vrealize Operations Management Pack for NSX for vsphere 2.0 vrealize Operations Management Pack for NSX for vsphere 2.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.

More information

Cisco ACI vcenter Plugin

Cisco ACI vcenter Plugin This chapter contains the following sections: About Cisco ACI with VMware vsphere Web Client, page 1 Getting Started with, page 2 Features and Limitations, page 7 GUI, page 12 Performing ACI Object Configurations,

More information

Table of Contents HOL NET

Table of Contents HOL NET Table of Contents Lab Overview - - VMware NSX Multi-Site and SRM in an Active- Standby Setup... 2 Lab Guidance... 3 Lab Introduction... 9 Module 1 - Review Pre-Configured Multi-Site NSX and Configure Site-Local

More information

Table of Contents HOL-1757-MBL-6

Table of Contents HOL-1757-MBL-6 Table of Contents Lab Overview - - VMware AirWatch: Technology Partner Integration... 2 Lab Guidance... 3 Module 1 - F5 Integration with AirWatch (30 min)... 8 Getting Started... 9 F5 BigIP Configuration...

More information

How to create a System Logon Account in Backup Exec for Windows Servers

How to create a System Logon Account in Backup Exec for Windows Servers How to create a System Logon Account in Backup Exec for Windows Servers Problem How to create a System Logon Account in Backup Exec for Windows Servers Solution The Backup Exec System Logon Account (SLA)

More information

Installation. Power on and initial setup. Before You Begin. Procedure

Installation. Power on and initial setup. Before You Begin. Procedure Power on and initial setup, page 1 Customize ESXi host for remote access, page 4 Access and configure ESXi host, page 6 Deploy virtual machines, page 13 Install applications on virtual machines, page 14

More information

Sophos Enterprise Console Help. Product version: 5.3

Sophos Enterprise Console Help. Product version: 5.3 Sophos Enterprise Console Help Product version: 5.3 Document date: September 2015 Contents 1 About Sophos Enterprise Console 5.3...6 2 Guide to the Enterprise Console interface...7 2.1 User interface layout...7

More information

Table of Contents HOL-SDC-1635

Table of Contents HOL-SDC-1635 Table of Contents Lab Overview - - vrealize Log Insight... 2 Lab Guidance... 3 Module 1 - Log Management with vrealize Log Insight - (45 Minutes)... 7 Overview of vrealize Log Insight... 8 Video Overview

More information

NexentaStor VVOL

NexentaStor VVOL NexentaStor 5.1.1 VVOL Admin Guide Date: January, 2018 Software Version: NexentaStor 5.1.1 VVOL Part Number: 3000-VVOL-5.1.1-000065-A Table of Contents Preface... 3 Intended Audience 3 References 3 Document

More information

Data Protection Guide

Data Protection Guide SnapCenter Software 4.1 Data Protection Guide For VMs and Datastores using the SnapCenter Plug-in for VMware vsphere September 2018 215-13399_B0 doccomments@netapp.com Table of Contents 3 Contents Deciding

More information

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9

Forescout. eyeextend for MobileIron. Configuration Guide. Version 1.9 Forescout Version 1.9 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191

More information

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved

Trust in the Cloud. Mike Foley RSA Virtualization Evangelist 2009/2010/ VMware Inc. All rights reserved Trust in the Cloud Mike Foley RSA Virtualization Evangelist 2009/2010/2011 1 2010 VMware Inc. All rights reserved Agenda How do you solve for Trust = Visibility + Control? What s needed to build a Trusted

More information

ForeScout Amazon Web Services (AWS) Plugin

ForeScout Amazon Web Services (AWS) Plugin ForeScout Amazon Web Services (AWS) Plugin Version 1.1.1 and above Table of Contents Amazon Web Services Plugin Overview... 4 Use Cases... 5 Providing Consolidated Visibility... 5 Dynamic Segmentation

More information

Table of Contents HOL-1708-CHG-3

Table of Contents HOL-1708-CHG-3 Table of Contents Lab Overview - - Virtual SAN 6.2: Challenge Lab... 2 Lab Guidance... 3 Module Switcher... 8 Challenge 1 - Set Up a Virtual SAN Cluster (15 Mins)... 10 Introduction... 11 Module Switcher...

More information

vshield Quick Start Guide

vshield Quick Start Guide vshield Manager 4.1.0 Update 1 vshield Zones 4.1.0 Update 1 vshield Edge 1.0.0 Update 1 vshield App 1.0.0 Update 1 vshield Endpoint 1.0.0 Update 1 This document supports the version of each product listed

More information

Goliath Performance Monitor v11.7 POC Install Guide

Goliath Performance Monitor v11.7 POC Install Guide Goliath Performance Monitor v11.7 POC Install Guide Goliath Performance Monitor Proof of Concept Limitations Goliath Performance Monitor Proof of Concepts (POC) will be limited to monitoring 5 Hypervisor

More information

Storage Replication Adapter for VMware vcenter SRM. April 2017 SL10334 Version 1.5.0

Storage Replication Adapter for VMware vcenter SRM. April 2017 SL10334 Version 1.5.0 Storage Replication Adapter for VMware vcenter SRM April 2017 SL10334 Version 1.5.0 1 Introduction This lab introduces the fundamentals of VMware vcenter Site Recovery Manager on clustered Data ONTAP.

More information

Deploying the Cisco Tetration Analytics Virtual

Deploying the Cisco Tetration Analytics Virtual Deploying the Cisco Tetration Analytics Virtual Appliance in the VMware ESXi Environment About, on page 1 Prerequisites for Deploying the Cisco Tetration Analytics Virtual Appliance in the VMware ESXi

More information

Installing Cisco MSE in a VMware Virtual Machine

Installing Cisco MSE in a VMware Virtual Machine Installing Cisco MSE in a VMware Virtual Machine This chapter describes how to install and deploy a Cisco Mobility Services Engine (MSE) virtual appliance. Cisco MSE is a prebuilt software solution that

More information

Cisco Nexus 1000V InterCloud

Cisco Nexus 1000V InterCloud Deployment Guide Cisco Nexus 1000V InterCloud Deployment Guide (Draft) June 2013 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 49 Contents

More information

MOVE AntiVirus page-level reference

MOVE AntiVirus page-level reference McAfee MOVE AntiVirus 4.7.0 Interface Reference Guide (McAfee epolicy Orchestrator) MOVE AntiVirus page-level reference General page (Configuration tab) Allows you to configure your McAfee epo details,

More information

RSA pro VMware. David Matějů. RSA, The Security Division of EMC

RSA pro VMware. David Matějů. RSA, The Security Division of EMC RSA pro VMware David Matějů RSA, The Security Division of EMC david.mateju@rsa.com How secure are you? Does your IT security address the risks associated with virtualization and private cloud before they

More information

Cloud Workload Discovery 4.5.1

Cloud Workload Discovery 4.5.1 Product Guide Cloud Workload Discovery 4.5.1 For use with McAfee epolicy Orchestrator COPYRIGHT 2017 Intel Corporation TRADEMARK ATTRIBUTIONS Intel and the Intel logo are registered trademarks of the Intel

More information

Monitoring and Troubleshooting

Monitoring and Troubleshooting CHAPTER 22 The Monitor tab on the Cisco Identity Services Engine (ISE) home page, also known as the dashboard, provides integrated monitoring, reporting, alerting, and troubleshooting, all from one centralized

More information

Table of Contents HOL SLN

Table of Contents HOL SLN Table of Contents Lab Overview - - Modernizing Data Center for Maximum Business Flexibility... 2 Lab Guidance... 3 Module 1 - Introduction to Modernizing the Data Center (15 minutes)... 9 Introduction...

More information

VMware vrealize Operations for Horizon Installation

VMware vrealize Operations for Horizon Installation VMware vrealize Operations for Horizon Installation vrealize Operations for Horizon 6.4 Installation vrealize Operations for Horizon 6.4 This document supports the version of each product listed and supports

More information

Dynamic Datacenter Security Solidex, November 2009

Dynamic Datacenter Security Solidex, November 2009 Dynamic Datacenter Security Solidex, November 2009 Deep Security: Securing the New Server Cloud Virtualized Physical Servers in the open Servers virtual and in motion Servers under attack 2 11/9/09 2 Dynamic

More information

SnapCenter Software 4.0 Concepts Guide

SnapCenter Software 4.0 Concepts Guide SnapCenter Software 4.0 Concepts Guide May 2018 215-12925_D0 doccomments@netapp.com Table of Contents 3 Contents Deciding whether to use the Concepts Guide... 7 SnapCenter overview... 8 SnapCenter architecture...

More information

VMware vrealize Operations for Horizon Administration

VMware vrealize Operations for Horizon Administration VMware vrealize Operations for Horizon Administration vrealize Operations for Horizon 6.2 This document supports the version of each product listed and supports all subsequent versions until the document

More information

Introduction to Virtualization

Introduction to Virtualization Introduction to Virtualization Module 2 You Are Here Course Introduction Introduction to Virtualization Creating Virtual Machines VMware vcenter Server Configuring and Managing Virtual Networks Configuring

More information

Cisco Modeling Labs OVA Installation

Cisco Modeling Labs OVA Installation Prepare for an OVA File Installation, page 1 Download the Cisco Modeling Labs OVA File, page 2 Configure Security and Network Settings, page 2 Deploy the Cisco Modeling Labs OVA, page 12 Edit the Virtual

More information

VMware Adapter for SAP Landscape Management Installation Configuration and Administration Guide for VI Administrators

VMware Adapter for SAP Landscape Management Installation Configuration and Administration Guide for VI Administrators VMware Adapter for SAP Landscape Management Installation Configuration and Administration Guide for VI Administrators Product version 1.4.1 running on vsphere 6.0 VMware Adapter for SAP Landscape Management

More information

Disclaimer CONFIDENTIAL 2

Disclaimer CONFIDENTIAL 2 Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitment from VMware to deliver these features in any generally

More information

VMware Adapter for SAP Landscape Management Installation Configuration and Administration Guide for VI Administrators

VMware Adapter for SAP Landscape Management Installation Configuration and Administration Guide for VI Administrators VMware Adapter for SAP Landscape Management Installation Configuration and Administration Guide for VI Administrators Product version 1.4.1 running on vsphere 5.5 VMware Adapter for SAP Landscape Management

More information

VMware vrealize Operations for Horizon Installation. VMware vrealize Operations for Horizon 6.5

VMware vrealize Operations for Horizon Installation. VMware vrealize Operations for Horizon 6.5 VMware vrealize Operations for Horizon Installation VMware vrealize Operations for Horizon 6.5 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/

More information

WhatsConfigured v3.1 User Guide

WhatsConfigured v3.1 User Guide WhatsConfigured v3.1 User Guide Contents Table of Contents Welcome to WhatsConfigured v3.1 Finding more information and updates... 1 Sending feedback... 2 Deploying WhatsConfigured STEP 1: Prepare the

More information

Data Protection Guide

Data Protection Guide SnapCenter Software 4.0 Data Protection Guide For VMs and Datastores using the SnapCenter Plug-in for VMware vsphere March 2018 215-12931_C0 doccomments@netapp.com Table of Contents 3 Contents Deciding

More information

Table of Contents HOL-SDC-1307

Table of Contents HOL-SDC-1307 Table of Contents Lab Overview... 3 - vcloud Automation Solutions... 4 Module 1 - Enable Rapid Host Provisioning and Centralized Management with vsphere Auto Deploy... 6 Module Overview... 7 Case Study,

More information

ForeScout Extended Module for ServiceNow

ForeScout Extended Module for ServiceNow ForeScout Extended Module for ServiceNow Version 1.2 Table of Contents About ServiceNow Integration... 4 Use Cases... 4 Asset Identification... 4 Asset Inventory True-up... 5 Additional ServiceNow Documentation...

More information

The threat landscape is constantly

The threat landscape is constantly A PLATFORM-INDEPENDENT APPROACH TO SECURE MICRO-SEGMENTATION Use Case Analysis The threat landscape is constantly evolving. Data centers running business-critical workloads need proactive security solutions

More information

OmniVista 2500 Virtual Machine Management (VMM) edemo Script

OmniVista 2500 Virtual Machine Management (VMM) edemo Script OmniVista 2500 Virtual Machine Management (VMM) edemo Script Table of Contents 1. Introduction... 2 2. Demo Setup and Short Description... 3 3. Demo connectivity... 4 Connectivity through Remote Desktop

More information

VMware vsphere 5.5: Install, Configure, Manage Lab Addendum. Lab 3: Configuring VMware ESXi

VMware vsphere 5.5: Install, Configure, Manage Lab Addendum. Lab 3: Configuring VMware ESXi VMware vsphere 5.5: Install, Configure, Manage Lab Addendum Lab 3: Configuring VMware ESXi Document Version: 2014-07-08 Copyright Network Development Group, Inc. www.netdevgroup.com NETLAB Academy Edition,

More information