VMware VS4-STD-C Evaluator Guide - Page 81

vSphere PowerCLI Summary, Evaluating the ESXi Firewall, Introduction, Evaluation Overview

Get VMware VS4-STD-C - vSphere Standard - PC PDF manuals and user guides View all VMware VS4-STD-C manuals
Add to My Manuals
Save this manual to your list of manuals

Page 81 highlights

VMware vSphere 5.0 Evaluation Guide - Volume One group called "Company X" on vSwitch0 for each host in the cluster "DemoCluster-01": Get-Cluster DemoCluster-01 | Get-VMHost | Get-VirtualSwitch -Name vSwitch0 | New-VirtualPortGroup "Company X" -VLanId 200 vSphere PowerCLI Summary In conclusion, you can see that vSphere PowerCLI is a robust command-line tool for automating all aspects of vSphere management, including host, network, storage, virtual machine, and guest OS management. It can be used with other PowerShell snap-ins provided by Microsoft or third-party companies to integrate VMware technologies easily into other products and reach inside the guest OS. The design of PowerShell and, inherently, vSphere PowerCLI, makes this scripting language easier to learn than many scripting languages before it. Complex configurations and reporting can be achieved with minimal effort from the administrator, safe in the knowledge of a repeatable, error-free solution. Evaluating the ESXi Firewall Introduction The ESXi 5.0 management interface is protected by a service-oriented and stateless firewall, which you can configure using the vSphere Client or at the command line with esxcli interfaces. A new firewall engine eliminates the use of iptables, and rule sets define port rules for each service. For remote hosts, you can specify the IP addresses or range of IP addresses that are allowed to access each service. Evaluation Overview In this exercise, you will configure the ESXi firewall to allow or deny SSH service to the host. SSH is a service that can be enabled or stopped on an ESXi host. As part of this exercise, you will stop and start SSH service, and also configure firewall rules. ESXi firewall configuration can be done through the vSphere Client interface and through the vCLI. In this example environment, you will configure the firewall rules through vSphere Client UI. Prerequisites The evaluation environment consists of the following components: 1. Three ESXi hosts 2. Virtual machines running on hosts 3. Each virtual machine a software tool installed a. PuTTY Stopping SSH Service to Prevent Access The SSH service provides a secure shell to manage the ESXi host. By default, this service is enabled. To stop this service, you have to follow these steps: 1. Select the Home > Inventory > Hosts and Clusters view. 2. Choose the host tm-pod01-esx01.tmsb.local in the left panel, and select Configuration tab on the right. 3. To see the firewall and services setting, select the Security Profile under the software section. Figure 110 shows the current Security Profile of the selected ESXi host. You can see that the SSH service is enabled and current firewall settings allow access to the SSH server on TCP port 22. TECHNICAL WHITE PAPER / 81

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
TECHNICAL WHITE PAPER / 81
VMware vSphere 5.0 Evaluation Guide –
Volume One
group called “Company X” on vSwitch0 for each host in the cluster “DemoCluster-01”:
Get-Cluster DemoCluster-01 | Get-VMHost | Get-VirtualSwitch -Name vSwitch0 | New-VirtualPortGroup
“Company X” -VLanId 200
vSphere PowerCLI Summary
In conclusion, you can see that vSphere PowerCLI is a robust command-line tool for automating all aspects of
vSphere management, including host, network, storage, virtual machine, and guest OS management. It can be
used with other PowerShell snap-ins provided by Microsoft or third-party companies to integrate VMware
technologies easily into other products and reach inside the guest OS.
The design of PowerShell and, inherently, vSphere PowerCLI, makes this scripting language easier to learn than
many scripting languages before it. Complex configurations and reporting can be achieved with minimal effort
from the administrator, safe in the knowledge of a repeatable, error-free solution.
Evaluating the ESXi Firewall
Introduction
The ESXi 5.0 management interface is protected by a service-oriented and stateless firewall, which you can
configure using the vSphere Client or at the command line with esxcli interfaces. A new firewall engine
eliminates the use of iptables, and rule sets define port rules for each service. For remote hosts, you can specify
the IP addresses or range of IP addresses that are allowed to access each service.
Evaluation Overview
In this exercise, you will configure the ESXi firewall to allow or deny SSH service to the host. SSH is a service that
can be enabled or stopped on an ESXi host. As part of this exercise, you will stop and start SSH service, and also
configure firewall rules. ESXi firewall configuration can be done through the vSphere Client interface and
through the vCLI. In this example environment, you will configure the firewall rules through vSphere Client UI.
Prerequisites
The evaluation environment consists of the following components:
±²
Three³ESXi³hosts
´²
Virtual³machines³running³on³hosts
µ²
Each³virtual³machine³a³software³tool³installed
PuTTY
Stopping SSH Service to Prevent Access
The SSH service provides a secure shell to manage the ESXi host. By default, this service is enabled. To stop this
service, you have to follow these steps:
±²
Select³the³
Home±>±Inventory±>±Hosts±and±Clusters
³view²³
´²
Choose³the³host³
tm-pod²³-esx²³´tmsb´local
³in³the³left³panel¶³and³select³
Configuration
³tab³on³the³right²
µ²
To³see³the³firewall³and³services³setting¶³select³the³
Security±Profile
³under³the³software³section²³Figure³±±·
±
shows³the³current³Security³Profile³of³the³selected³ESXi³host²³You³can³see³that³the³SSH³service³is³enabled³
and³current³firewall³settings³allow³access³to³the³SSH³server³on³TCP³port³´´²