Networking

If you’ve been in a situation where you need to test connectivity, you’ve probably used the ping command. But what do you do when you’re trying to test connectivity from an ESXi host? Luckily there is a command called vmkping that will allow you to test from the host. The first thing that you need to do is to SSH into your ESXi host. Turn the SSH Service on from the Configuration –> Security Profile Tab. Then you can use your favorite ssh client and remote into your host. ...

theITHollow.com lab suffered an outage to the core switch a few weeks ago (an aging Cisco 3750) and I was looking for a replacement that wouldn’t break the bank. Luckily I found the HP v1910-24G (JE006A) to be more than adequate. One of my main gripes with this switch was that the Command Line Interface was very limited. See for yourself. While the cli out of the box is nice, and I would say necessary, there isn’t a lot that can be done with it. For basic configuration tasks, you’ll be stuck with the Web GUI. But after digging through some HP discussion boards I found out that you can enable the Comware operating system commands. ...

A secured, remote connection to your data is a requirement for almost all network designs these days. Mobility, telecommuting and late night help desk calls have created an environment that needs to have access to the local network in a secure fashion. vCNS Edge can provide these services to your virtual infrastructure. In previous posts, I’ve walked through installing vCNS Manager and installing vCNS Edge appliances. These are prerequisites to setting up SSL VPN on the VMware vCloud Network and Security appliance.. ...

VMware vCloud Networking and Security (vCNS) can provide Network Address Translation (NAT) services from the vCNS Edge appliance. There are two types of NAT that the edge appliance can provide. Destination NAT (DNAT) is used to provide access to a private IP Address from a (usually) public IP Address for incoming traffic. Source NAT (SNAT) is used to translate a private IP Address into a (usually) public IP Address for outgoing traffic. This type of NAT can also be called “masquerading”. (It’s a subtle difference that we won’t go into in this post.) ...

One of the most basic tasks that happens on a network is assigning IP Addresses. Once a VMware vCNS Edge appliance has been deployed, you can now hand out IP address through Dynamic Host Control Protocol (DHCP). In previous posts, I’ve walked through installing vCNS Manager and installing vCNS Edge appliances. These are prerequisites to setting up DHCP on the VMware vCloud Network and Security appliance. vCNS Edge DHCP Setup Log into your vShield Manager and click on the Datacenter. Click the “Network Virtualization” Tab where you’ll find the Edge appliance you’ve already deployed. Go to Actions and click “Manage”. ...

vCloud Networking and Security has the capabilities to provide edge services inside of your virtual environment. Edge firewalls, network address translation, DHCP, routing are all things that vCNS Edge can do for you. This post goes into the steps necessary to deploy vCNS Edge. I should mention that vCNS and the previous name vShield may be used interchangeably in this article. Logical Diagram The picture below is a diagram of what our environment will look like when we’re done. We have production VMs as you might expect, and our new vCNS Edge VM. We’ve also got our new Edge network and a Shielded VM which will not be connected to the production vSwitch directly. ...

If you’re a vSphere Administrator and have compliance regulations to deal with, vShield Endpoint might save you a lot of hassle. From my own experience with PCI-DSS, it was important to limit the cardholder data environment scope. The fewer devices that touch credit card data, the fewer items that had to be protected. In the same breath, it was important to have Anti-Virus, malware protection, firewall rules and file integrity monitoring. vShield Endpoint allows for all of these things to be handled in a single package. This post looks specifically at Trend Micro’s Deep Security Product. ...

In the first post in this series, we deployed the vShield Endpoint host driver and installed the Trend Micro Deep Security Manager on a Windows VM. Trend Micro Deep Security Appliance Deployment First, we need to login to the Deep Security Manager which is conveniently accessed as a web page. Go the the DNS name of the Manager that you entered during the setup wizard in part 1 of this series. Log in with the username and password that you specified. ...

The first parts of this series focused mainly on how to install the Trend Micro Deep Security product and how to prepare your environment. This post shows you a bit more of what can be accomplished with the product. vShield Endpoint Part 1 vSheidl Endpoint Part 2 Policies This is the guts of the product. All the configurations you’ve done up to this point have been leading up to a solution that can help secure your environment and possibly make it comply with a regulatory body. ...

VMware has a very nice solution for managing network access between virtual machines. In a physical environment, blocking access between servers would require routing network traffic through a firewall. This might mean several vlans, subnets and routes. Luckily now that many infrastructures are virtual we have an alternative. vCloud Networking and Security (vCNS) is a solution that can be used to block traffic between virtual machines. vCNS can be a bit intimidating so this is a quick, getting started, guide on how you can test it out in your environment. ...