VMware vCloud Security
Prasenjit Sarkar
Language: English
Pages: 79
ISBN: 2:00220109
Format: PDF / Kindle (mobi) / ePub
What you will learn from this book
Install and configure VMware vCloud Director
Understand security hardening of vCloud Director in a nutshell
Monitor vShield Endpoint health status
Create a data security policy
Review the violation reports that are generated by a vCloud Networking and Security Data Security scan
Learn the purpose and operation of vCloud Networking and Security Data Security
In Detail
Security is a major concern, in particular now that everything is moving to the cloud. A private cloud is a cloud computing platform built on your own hardware and software. The alternative is to deploy the services you need on a public cloud infrastructure provided by an external supplier such as Amazon Web Services, Rackspace Cloud, or HP Public Cloud. While a public cloud can afford greater flexibility, a private cloud gives you the advantage of greater control over the entire stack.
"VMware vCloud Security" focuses on some critical security risks, such as the application level firewall and firewall zone, virus and malware attacks on cloud virtual machines, and data security compliance on any VMware vCloud-based private cloud. Security administrators sometimes deploy its components incorrectly, or sometimes cannot see the broader picture and where the vCloud security products fit in. This book is focused on solving those problems using VMware vCloud and the vCloud Networking and Security product suite, which includes vCloud Networking and Security App, vShield Endpoint, and vCloud Networking and Security Data Security.
Ensuring the security and compliance of any applications, especially those that are business critical, is a crucial step in your journey to the cloud. You will be introduced to security roles in VMware vCloud Director, integration of LDAP Servers with vCloud, and security hardening of vCloud Director. We’ll then walk through a hypervisor-based firewall that protects applications in the virtual datacenter from network-based attacks. We’ll create access control policies based on logical constructs such as VMware vCenter Server containers and VMware vCloud Networking and Security security groups but not just physical constructs, such as IP addresses. You’ll learn about the architecture of EPSEC and how to implement it. Finally, we will understand how to define data security policies, run scans, and analyze results.
Approach
VMware vCloud Security provides the reader with in depth knowledge and practical exercises sufficient to implement a secured private cloud using VMware vCloud Director and vCloud Networking and Security.
Who this book is for
This book is primarily for technical professionals with system administration and security administration skills with significant VMware vCloud experience who want to learn about advanced concepts of vCloud security and compliance.
However, by default, these files are not forwarded to the centralized logging server. You have to manually configure the vCloud cell to forward these to the centralized logging server. It is recommended that you configure this option for the following reasons: It allows audit logs from all the cells to be viewed together at a central location at the same time. Database logs are not retained after 90 days, but logs transmitted via Syslog can be retained as long as desired. It protects the
machine is down. By default, it is set to Block. To change this behavior, follow these instructions: Log in to the vCloud Networking and Security Manager web portal. On the left-hand pane, under Settings & Reports, go to vShield App. On the right-hand pane, in the Fail Safe section, click on the Change link. When prompted, click on Yes to change the App fail policy to allow. You can exclude a set of virtual machines from vCloud Networking and Security App protection. The exclusion list
installing vShield Endpoint: Install vShield Endpoint on each ESXi host. This will effectively install the MUX module on each host. When you install the MUX module on each host, it opens ports 48651 to 448666 for communication between the host and partner SVA. Deploy and configure an SVA to each ESXi host according to the instructions from the VMware antivirus partner. However, in our example, we will use vCloud Networking and Security Data Security as the SVA. Install VMware Tools 8.6.0 or
Security SVA that provides visibility into sensitive data stored within your organization's vCloud environments. This is discussed in great detail in the next chapter. This is for demo purposes only. If there is no SVA, there is no mechanism for EPSEC to protect the VMs on a host. The following steps are performed for installing the VMware vCloud Networking and Security Data Security SVA: Select the ESXi host in the inventory panel, and go to the vShield tab. Here you can see the relevant
vShield Endpoint prerequisites VMware vCenter plugin / vCloud Networking and Security App Firewall – use case VMware vCloud Directorarchitecture / VMware vCloud Director architecture VMware vShield Data Security SVAinstalling / Installing vShield Endpoint VMware vShield Managerabout / vCloud Networking and Security Data Security architecture VMware vSphere / VMware vCloud Director architecture vShield Appabout / vCloud Networking and Security App Firewall – use case benefits /