posted

3 Comments

In order to deploy Edge Gateway(s), we need to first deploy vCloud Networking and Security Manager (formerly known as vShield Manager) and connect it with vCenter.

Manager virtual appliance is deployed using the OVA file as shown below.

 

After deploying Manager, we need to configure the network.  The vCloud Networking and Security Manager requires IP connectivity to the vCenter Server, ESXi hosts, App Firewall and Edge Gateway instances.

  • Login to the console of the Manager (username: admin and password: default)
  • Type “enable” (password: default)
  • Type “setup” and provide the required details (sample configuration screen shown below)

Once the Manager appliance is configured, we can browse to “https://<ip address of manager>/ and login using admin / default.  Next step is to link the Manager to vCenter server as shown below.  Each vCloud Networking and Security Manager manages a single vCenter Server environment.

Once the Manager is installed and connected with vCenter, at the datacenter level we see the Network Virtualization and vShield plug-in tabs as shown below. Click on the green “+” sign to create an Edge Gateway, a wizard will walk you through the required parameters.  Give the Edge Gateway a name and tick “Enable HA” check box to deploy it in an active/standby fashion.

Next provide credentials for the Edge Gateway and tick “Enable SSH access” to access it remotely for executing CLIs and troubleshooting.

Next select the Edge Gateway Appliance size, see the blog for information on choosing the right appliance.  It is recommended to tick “Enable auto rule generation” check box to add firewall, NAT, and routing routes to enable control traffic to flow for various services such as load balancing, VPN, etc. When Enable auto rule generation not ticked, we must manually create firewall rules, NAT entries and routing routes to allow control channel traffic for Edge services.  Auto rule generation does not create rules for data-channel traffic.

Clicking on green “+” sign above prompts for the placement parameters for the Edge Gateway appliance as shown below.

When “Enable HA” checkbox ticked earlier, we can add two appliances (active and standby) with the placement parameters.  When only one appliance is added here with “Enable HA” ticked, the system would automatically deploy the standby instance for you.

Next add Edge Gateway uplink and internal interfaces with IP addresses, an example uplink interface configuration is shown below.  We can add up to ten internal or uplink interfaces. Edge Gateway must have at least one interface before it can be deployed.

Next, configure the default gateway.

Next configure Edge firewall default policy and HA options.

Last step is to review the configuration and click “Finish” to deploy the Edge.

You will now see the status as “Deploying vShield Edge Device”.

Once the deployment is finished, status changes to “Deployed”.

Once the Edge Gateway is deployed, double click to see what was deployed and start configuring services.

Get notification of these blog postings and more vCloud Networking and Security information by following me on Twitter @vCloudNetSec.