How to install vShield 5.1 Manager, App and Endpoint

In this guide we will be installing the vShield Manager appliance and the installing vShield App and vShield Endpoint (Now called vShield Networking and Security). You can reference the VMware quick start guide here.

The first step in this is to install the vShield Manager appliance. The vShield Manager is the core centralized network management component of vShield. The vShield manager can be installed on a different host than your vShield agents. This is a good candidate to run in a separate management vSphere cluster, but not required. There is one vShield Manager required per vCenter instance.

Taken from the quick start guide here are the hardware requirements for the vShield components.

  • Memory
    • vShield Manager: 8GB allocated, 3GB reserved
    • vShield App: 1GB allocated, 1 GB reserved
    • vShield Edge compact: 256 MB, large: 1 GB, x-large: 8 GB
    • vShield Data Security: 512 MB
  • Disk Space
    • vShield Manager: 60 GB
    • vShield App: 5 GB per vShield App per ESX host
    • vShield Edge compact and large: 320 MB, lx-Large: 4.4 GB (with 4 GB swap file)
    • vShield Data Security: 6GB per ESX host
  • vCPU
    • vShield Manager: 2
    • vShield App: 2
    • vShield Edge compact: 1, large and x-Large: 2
    • vShield Data Security: 1

 

So let’s deploy the appliance now.

Open the vSphere client and select file, Deploy OVF Template… And follow the screenshots.

 

16-46-5416-47-0916-47-2216-48-2616-48-3316-48-4416-48-5616-49-1616-49-30

Now the appliance will be deployed.

Once the appliance has been successfully deployed go ahead and power it on. And we will now configure the appliance to begin using it.

Once the appliance has booted up you will need to login at the console.

15-17-08

The default username is admin and the default password is default.

Now at the command prompt type enable and enter the password from above again.

15-17-46

Now at the manager prompt type setup.

15-17-58

Now you will need to enter the following information

  • IP Address
  • Subnet Mask
  • Default gateway
  • Primary DNS IP
  • Secondary DNS IP
  • DNS domain search list

And then save the new configuration and reboot the appliance.

After the appliance reboots open your web browser up and connect to https://appliance_ip

 

15-22-34

Login with admin and password is default.

15-22-56

Click on settings and reports.

15-23-06

The first thing we will configure is the Lookup Service

15-24-12

Click edit and enter the following information

Lookup Service Host (Whatever server is configured as your SSO server for vCenter Server 5.1)

Port (Leave default)

SSO Administrator Username (admin@System-Domain) (This is the default unless you changed it during the SSO installation)

Password (Use the password that you configured during the SSO installation when installing vCenter Server 5.1)

***NOTE*** If you are using the vCenter Server Appliance you will need to check this link out for the password of admin@System-Domain. William Lam’s post saved me on this.

15-27-15

Click OK and then choose “Yes” to accept the certificate

15-27-30

Here is what the Lookup Service will look like when complete

15-27-41

Now we will configure the vCenter Server section

15-29-46

Click edit and enter the following information

vCenter Server (IP or hostname of your vCenter Server)

Administrator Username

Administrator Password

15-30-17

Click OK and then choose “Yes” to accept the certificate

 

15-30-30

Check Install this certificate and then click ignore

 

15-30-55

Here is what the vCenter Server section will look like when completed

 

15-31-09

Now we will configure the NTP Server section

15-33-24

Enter IP or hostname of NTP server and click OK

15-33-44

Now we have completed the initial setup and your settings and reports will look like below which will show your clusters, hosts and vms.

15-36-4915-37-34

Now open up Internet Explorer and add *:\\vshield_IP to your trusted security zone. If you do not do this you will not be able to open up the vShield pages within vCenter.

15-38-47

Now within vCenter Home screen you will see vShield listed at the bottom

15-39-31

Click vShield and you will see the same login window as you did when using your browser

Username admin and the password is default

Once logged in you will see the same interface as you did when using your browser

Select datacenters

15-40-14

Select your first host in the correct datacenter cluster that you want to install vShield App on and select install vShield App. When you install vShield app it will deploy a vm instance to the host that will control all vms networking that are part of vShield. You cannot shut down these vms unless the host is in maintenance mode. This is for obvious reasons.

15-44-14

Now select the datastore to use for the vShield App appliance, the management port group to use for the appliance, enter the IP address, Netmask and Default Gateway to use.

Click Install

15-46-05

15-46-21

The installation is complete

16-13-53

Now install vShield Endpoint

16-14-10

16-14-46

16-15-01

16-15-34

 

Now follow the same process for vShield App and vShield Endpoint on each host in your cluster.

That is all for the initial setup. Now you can click through some of the sections within vShield and see additional areas that will need to be setup when you are ready to start creating firewall rules and etc. But for this is it for this guide. I will be creating another guide for further configurations and use very soon. Which will include configuring the vShield Edge devices. These are external connections within the datacenter.

Below are some additional screenshots of information contained within vShield. You should also start seeing some traffic details starting to populate.

16-28-1116-28-3716-29-0116-30-0816-30-3016-30-5116-31-1616-31-29

6 thoughts on “How to install vShield 5.1 Manager, App and Endpoint

  1. hi,

    when you install vshield endpoint, is it put esxi in maintenance mode / reboot?

    or will it be install while esxi host im production mode (with working vm guests on it) ?

    thank you 🙂

    • No it will not place the host into maintenance mode when deploying the vShield endpoint appliance to any host. It is completely hot and will not affect any of your workloads until you place their vNetwork into the portgroup protected by vShield.

    • @Ritesh Assuming you are talking about trend micro AV inside your VMs then there is no need at all for both. Best would be to use vShield Edge with your AV vendor of choice (If supported) to take the additional load off of your VMs. Hope this helps!
      Enjoy!

  2. Pingback: Bitdefender Gravityzone with vShield using Ravello | Uber Tech Geek

  3. Hello vShield is installed now I would like to install endpoint on every esx host but receiving this error : failed to initiate installation:internal server error :resource lock acquisition failed.
    I can’t find why.. any clue ?
    Thank you

Leave a Reply

Your email address will not be published. Required fields are marked *

*