VMware VS4-STD-C Evaluator Guide - Page 81
vSphere PowerCLI Summary, Evaluating the ESXi Firewall, Introduction, Evaluation Overview
View all VMware VS4-STD-C manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 81 highlights
VMware vSphere 5.0 Evaluation Guide - Volume One group called "Company X" on vSwitch0 for each host in the cluster "DemoCluster-01": Get-Cluster DemoCluster-01 | Get-VMHost | Get-VirtualSwitch -Name vSwitch0 | New-VirtualPortGroup "Company X" -VLanId 200 vSphere PowerCLI Summary In conclusion, you can see that vSphere PowerCLI is a robust command-line tool for automating all aspects of vSphere management, including host, network, storage, virtual machine, and guest OS management. It can be used with other PowerShell snap-ins provided by Microsoft or third-party companies to integrate VMware technologies easily into other products and reach inside the guest OS. The design of PowerShell and, inherently, vSphere PowerCLI, makes this scripting language easier to learn than many scripting languages before it. Complex configurations and reporting can be achieved with minimal effort from the administrator, safe in the knowledge of a repeatable, error-free solution. Evaluating the ESXi Firewall Introduction The ESXi 5.0 management interface is protected by a service-oriented and stateless firewall, which you can configure using the vSphere Client or at the command line with esxcli interfaces. A new firewall engine eliminates the use of iptables, and rule sets define port rules for each service. For remote hosts, you can specify the IP addresses or range of IP addresses that are allowed to access each service. Evaluation Overview In this exercise, you will configure the ESXi firewall to allow or deny SSH service to the host. SSH is a service that can be enabled or stopped on an ESXi host. As part of this exercise, you will stop and start SSH service, and also configure firewall rules. ESXi firewall configuration can be done through the vSphere Client interface and through the vCLI. In this example environment, you will configure the firewall rules through vSphere Client UI. Prerequisites The evaluation environment consists of the following components: 1. Three ESXi hosts 2. Virtual machines running on hosts 3. Each virtual machine a software tool installed a. PuTTY Stopping SSH Service to Prevent Access The SSH service provides a secure shell to manage the ESXi host. By default, this service is enabled. To stop this service, you have to follow these steps: 1. Select the Home > Inventory > Hosts and Clusters view. 2. Choose the host tm-pod01-esx01.tmsb.local in the left panel, and select Configuration tab on the right. 3. To see the firewall and services setting, select the Security Profile under the software section. Figure 110 shows the current Security Profile of the selected ESXi host. You can see that the SSH service is enabled and current firewall settings allow access to the SSH server on TCP port 22. TECHNICAL WHITE PAPER / 81