In our last post Installing vCloud Director we learnt how to install vCloud director on Redhat Server. Before jumping into configuring the vCloud director appliance we will install one more component of vCloud Suite i.e. vShield Manager.
What is vShield Manager aka vCloud Networking and Security (vCNS)?
vShield Manager is now known as vCloud Networking and Security and it provides firewall protection, traffic analysis, and network perimeter services to protect your vCenter Server virtual infrastructure. It is also abbreviated as vCNS.
vCNS is used to monitor and push configurations to vShield App, vShield Endpoint, and vShield Edge instances. vShield Manager is a virtual appliance deployed as an OVA file downloaded from VMware.
In this post we will learn how to install the vShield Manager appliance for use with vCloud Director.
Prerequisites for installing vCNS
- One or more ESXi-servers running that are being managed by vCenter server.
- If you plan to use vShield Manager with vCloud Director then these ESXi-hosts must be in a cluster to be able to configure that cluster for VXLAN-networking.
- ESXi-hosts must be attached to a vSphere Distributed Switch.
The first step is importing the appliance.
In the vSphere Client select Deploy OVF Template from the File-menu.
Browse to the path where you have downloaded your vShield Manager (vCNS) ovf appliance and hit Next.
The next screen will show you the general properties of the appliance like Product name, version, Publisher and description etc. Hit Next to continue.
Accept the license agreement to continue and hit Next.
Choose a name for this appliance according to your naming convention and select the folder where you want to deploy this appliance. I am deploying all my vCloud management VM’s in a directory called vCloud Director.
Select your Datacenter/Cluster where this appliance will be deployed (in case you have more than one datacenter/cluster)
Select the datastore where your appliance will be stored and hit next.
You can select the disk provisioning type on next screen. Since this is for my lab deployment I am going with thin provision. You may opt for thick provision if you are deploying vCNS in your Prod environment or your lab (depending upon your choice)
On the next screen to follow select a network to connect the appliance to. This must be a network where this appliance can communicate with your vCenter Server.
Enter the password for “admin” user of this appliance. You require admin credential to login to the vCNS appliance after deployment to configure the appliance for the first time.
Also you need to set a password for the privilege mode. This is similar to setting password for “En” mode on routers and switches. vCNS is also a kind of switch so you need this password.
When you are done making your selections a summary page will be displayed allowing you to have the appliance powered on after deployment. It takes a few minutes and after that your appliance will be started and you are ready for the next steps to configure the appliance.
Clicking finish button will start deploying the vShield Manager appliance.
Once the deployment is finished you can see your vShield Manager virtual machine in your vCenter Server inventory.
You can power on the vShield virtual machine and start configuring it.
Note:: In my Lab I faced one issue while trying to power-on the vShield Manager virtual machine. My Esxi hosts had only 6 GB of RAM and while trying power-on the VM, DRS was unable to find an appropriate host where this VM can placed and run.
This was very annoying for me as I was super excited to start begin with configuring the appliance to use. The issue occurred because vShield Manager VM had reservation set on memory. It was set to use 3 GB memory at minimum.
All I did was reducing the reservation to 2 GB and my VM powered-on without any further issues.
In your lab you can also try after deploying your vShield Manager VM if it is not powering on.
In the next post of this series we will learn how to configure vCNS for the first time.