Install vShield Manager (vCloud Networking and Security)
This article describes how to install the vShield Manager appliance for use with vCloud Director. The appliance was named vShield Manager but the actual product has been renamed to VMware vCloud Networking and Security. So when you search for the software for this product that is what you should search for. To download the software and request an evaluation license key visit VMware's website at www.vmware.com/try-vmware. Once you are logged in with your VMware account the actual download is still named vShield Manager 5.5.0 (so much for consistency). This article is based on version 5.5.
The prerequisites for this article are:
- One or more ESXi-servers running that are being managed by vCenter server.
- If you plan to use vShield Manager with vCloud Director then these ESXi-hosts must be in a cluster to be able to configure that cluster for VXLAN-networking. (Even if you have just one ESXi-host it must be placed in a cluster.) And the ESXi-hosts must be attached to a vSphere Distributed Switch.
The first step is importing the appliance. You can do this with the vSphere Client but it can also be performed with the vSphere Web Client, the steps are the same. In the vSphere Client select Deploy OVF Template from the File-menu. In the vSphere Web Client select your Datacenter or host and either select the option Deploy OVF Template from the right-click menu or from the actions drop down menu in the top-bar.
Browse to the location of the appliance that you have downloaded. The deployment wizard will show information about the appliance. And it will display the End User License Agreement that you must accept.
Next you choose the location in your datacenter and the storage location for the appliance. And a network to connect the appliance to. This must be a network where this appliance can communicate with your vCenter Server. When you are done making your selections a summary page will be displayed allowing you to have the appliance powered on after deployment. This usually is a good idea. It takes a few minutes and after that your appliance will be started and you are ready for the next steps to configure the appliance.
Open a console to the appliance and login with the default username and password
Next enter the following two commands:
This will let you configure the fixed IP-address for your appliance.
When this is done reboot the appliance and when it is restarted login to the web based management interface to configure the appliance to be used with vCloud Director in your vCenter environment.
Login to the web based management interface with the default username and password (admin / default) You will now see the configuration web page as in the image below where you can attach your vShield Manager to your Lookup Service, your vCenter Server and configure other networking settings such as DNS-servers and NTP-servers.
Next don't forget to change the password for the appliance. In the top menu click Change Password to do this.
When you want to use vCloud Director with VXLAN networking the hosts in your cluster must be prepared for this. To enable this feature in vShield Manager open your Datacenter-object from the list on the left, select Network Virtualization and click Preparation. Next click Edit to configure your cluster.
Next in the Network Virtualization management tab click Segment ID and click Edit to configure the network segment ID's that will be used by this instance of vShield Manager and the multicast addresses it can use for your VXLAN networking. Work with your network administrator to discuss what values to use.
In this example below the range from 5000 to 6000 allows for 1001 networks to be created. For the multicast range you can read the specification at IANA or VMware's VXLAN deployment guide. A range you can freely use is 220.127.116.11 to 18.104.22.168.