Home » VMware Manuals » Computer Software » VMware VS4-STD-C » Manual Viewer

VMware VS4-STD-C Evaluator Guide - Page 89

Testing SSH Firewall Rules, one of the allowed IP addresses in the ﬁrewall conﬁguration. Therefore

Add to My Manuals
Save this manual to your list of manuals

Page 89 highlights

VMware vSphere 5.0 Evaluation Guide - Volume One 5. After clicking the firewall Properties link, you will see the Firewall Properties panel, as shown in Figure 120. Select the SSH Server under the Secure Shell category, and click Firewall. 6. In this example environment, you have to enable the SSH remote access only from virtual machine VM_02 with IP address 10.91.35.55. SSH connections from all other IP addresses are denied. You can also give a range of IP addresses or subnet class in the "Only allow connections..." field shown in Figure 121. Figure 121. After configuring the firewall rule to allow remote access for only virtual machine VM_02, you can test this firewall setting by establishing PuTTY sessions from different virtual machines. Testing SSH Firewall Rules In this example environment, you will try to establish SSH sessions from the following two virtual machines that are running from Host3 (tm-pod01-esx03.tmsb.local): 1. VM_02 : With IP address 10.91.35.55 2. VM_04 : With IP address 10.91.35.67 First, you can try creating a SSH session using the PuTTY tool on VM_02. This virtual machine IP address is one of the allowed IP addresses in the firewall configuration. Therefore, you can expect the SSH connection to be established. TECHNICAL WHITE PAPER / 89

Section	Page
About This Guide	5
Intended Audience	5
System Requirements	5
Hardware Requirements	5
Servers	5
Storage	5
Networking	5
Software and Licensing Requirements	6
VMware vSphere	6
Guest Operating Systems	6
Evaluation Guide Environment Setup	7
Server Configuration	8
Logical Network Setup	8
Storage Setup	10
Virtual Machine Setup	10
VMware vSphere 5.0 Evaluation Guide, Volume One – Worksheet	11
vSphere Evaluation Tasks	12
High Availability	12
Introduction	12
Prerequisites	12
Enabling HA	12
Connect to Virtual Server	13
Go to Cluster Summary	14
Edit Cluster Settings	15
Wait for Task to Complete	16
Verifying VMware HA Enablement	16
HA Status Screen	16
Virtual Machine Protection State	20
Host Protection State	21
VMware HA Advanced Options	22
Admission Control	24
Virtual Machine Options	25
Virtual Machine Monitoring	27
Storage Heartbeats	29
Validating VMware HA Operation	29
Host Failure	29
Host Isolation	34
Disabling VMware HA	43
Connect to a Virtual Server	43
Go to the Cluster Summary	44
Edit Cluster Settings	45
Wait for Task to Complete	46
Getting Familiar with the New Command-Line Interface	46
Introduction	46
The New esxcli Command	47
esxcli Command-Line Syntax	47
Remote esxcli Command Authentication	49
Enabling Access to the ESXi Shell	50
Enabling the ESXi Shell from the DCUI	50
Enabling the ESXi Shell from the vSphere Client	50
Enabling SSH Access to the ESXi Shell	51
Enabling SSH from the DCUI	51
Enabling the SSH from the vSphere Client	52
vSphere Client Notification When the ESXi Shell and SSH Are Enabled	53
Installing the vCLI	53
Installing the vCLI on Windows	53
Installing the vCLI on Linux	53
Installing the vCLI with the vMA	53
Sample esxcli Commands Run Locally from the ESXi Shell	54
Sample esxcli Commands Run Remotely from the vCLI	56
Formatting esxcli Output	58
The localcli Command	59
Bringing It All Together	60
vSphere PowerCLI by Example	62
Introduction	62
Prerequisites	62
Install vSphere PowerCLI	62
Getting Started with vSphere PowerCLI	69
Connecting to a vSphere Host or vCenter	69
Using vSphere PowerCLI	71
vSphere PowerCLI Summary	81
Evaluating the ESXi Firewall	81
Introduction	81
Evaluation Overview	81
Prerequisites	81
Stopping SSH Service to Prevent Access	81
Testing Access with SSH Service Stopped	85
Creating Firewall Rules to Block SSH Access	86
Testing SSH Firewall Rules	89
Image Builder	91
Introduction	91
Image Builder Prerequisites	92
Preparation Tasks	92
Install vSphere PowerCLI	92
Download the ESXi Offline Bundle	92
Extract the ESXi Offline Bundle	92
Start an Image Builder vSphere PowerCLI Session	92
Import the ESXi Offline Bundle	94
Display Software Depots	94
Display VIBs	95
Display Image Profiles	95
Create a New Image Profile	96
Create a New Image Profile by Manually Selecting Individual VIBs	96
Create a New Image Profile by Cloning an Existing Image Profile	98
Removing VIBs from an Image Profile	98
Compare Image Profiles	99
Export Image Profile	99
Export As an Offline Bundle	99
Export As a Bootable ISO Image	100
Product Documentation	100
Using Storage Performance Statistics	101
Introduction	101
Monitoring Performance Statistics of a Datastore	103
Help and Support During the Evaluation	105
VMware Contact Information	105

Match case Limit results 1 per page

TECHNICAL WHITE PAPER / 89

VMware vSphere 5.0 Evaluation Guide –

Volume One

¹²

After³clicking³the³ﬁrewall³Properties³link¶³you³will³see³the³Firewall³Properties³panel¶³as³shown³in³Figure³±´·²³

Select³the³SSH³Server³under³the³Secure³Shell³category¶³and³click³

Firewall´

º²

In³this³example³environment¶³you³have³to³enable³the³SSH³remote³access³only³from³virtual³machine³VM¾·´³

with³IP³address³±·²½±²µ¹²¹¹²³SSH³connections³from³all³other³IP³addresses³are³denied²³You³can³also³give³a³

range³of³IP³addresses³or³subnet³class³in³the³“Only³allow³connections²²²”³ﬁeld³shown³in³Figure³±´±²³

Figure 121.

After conﬁguring the ﬁrewall rule to allow remote access for only virtual machine VM_02, you can test this

ﬁrewall setting by establishing PuTTY sessions from diﬀerent virtual machines.

Testing SSH Firewall Rules

In this example environment, you will try to establish SSH sessions from the following two virtual machines that

are running from Host3 (tm-pod01-esx03.tmsb.local):

±²

VM¾·´³¿³With³IP³address³±·²½±²µ¹²¹¹

´²

VM¾·¸³¿³With³IP³address³±·²½±²µ¹²º»

First, you can try creating a SSH session using the PuTTY tool on VM_02. This virtual machine IP address is

one of the allowed IP addresses in the ﬁrewall conﬁguration. Therefore, you can expect the SSH connection to

be established.