Welcome to VMware vCloud Security. In this book, you will learn how to mitigate the security threats on a private cloud running VMware vCloud Director. This book will enable the reader with the knowledge, skills, and abilities to build a highly secured private cloud running VMware vCloud. We will also look at a detailed step-by-step coverage with screenshots, which are usually not available in Cloud Security product manuals.
You will learn how to configure and manage vCloud Networking and Security App, which is a hyper-based firewall. You will also learn how to use vShield Endpoint, which can help you to strengthen your cloud security by mitigating threats from virus and malware attack.
In the last chapter, you will learn some advanced concepts of cloud assessment for maintaining compliance standards that are available across the world. You will also learn how to run a data security scan and review the violation report that is generated by vCloud Networking and Security Data Security and take necessary action to mitigate those risks.
Chapter 1, Installation and Configuration of VMware vCloud Director, covers installing vCloud Director and configuring it for first-time use. It also introduces security roles in VMware vCloud Director, integration of LDAP servers with vCloud, and security hardening of vCloud Director.
Chapter 2, Securing Your vCloud using vCloud Networking and Security, will walk you through a hypervisor-based firewall that protects applications in the virtual datacenter from network-based attacks. It also focuses on creating access control policies based on logical constructs such as VMware vCenter Server containers and VMware vCloud Networking and Security Security Groups, but not just physical constructs such as IP addresses.
Chapter 3, Mitigating Threats Using VMware vShield Endpoint, will help you to strengthen security for virtual machines while improving performance for Endpoint protection. It also talks about vShield Endpoint that offloads antivirus and anti-malware agent processing to a dedicated Security Virtual Appliance that is delivered and supported by VMware partners. In this chapter, you will see the architecture of EPSEC and how to implement it.
Chapter 4, Overview of VMware vCloud Networking and Security Data Security, will talk about visibility of sensitive data stored within your organization's virtualized environments. It shows you how to use reports from data scans performed by vCloud Networking and Security Data Security, and ensures that sensitive data is adequately protected. It also shows you how to assess compliance with regulations around the world. In this chapter, you will see how to define data security policies, run scans, and analyze results.
You need VMware vSphere 5.1, which includes VMware vSphere ESXi, vCenter Server, any SSH Client (Putty), and vSphere Client. Also, you need the VMware vCloud Director and vCloud Networking and Security (vCNS) product suite.
This book is a valuable addition for technical professionals with Cloud Security administration skills and some amount of VMware vCloud experience, who wish to learn about advanced Cloud Networking and Security products and where they fit and how to configure them as well to mitigate risks in the VMware vCloud based private cloud.
In this book, you will find a number of styles of text that distinguish between different kinds of information.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: "To prevent loading it on the next reboot, the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vsepflt key needs to be modified, and the value of DWORD changed to 4."
Any command-line input or output is written as follows:
# /opt/vmware/vcloud-director/jre/bin/keytool -keystore certificates.ks -storetype JCEKS -storepass vmware123 -genkey -keyalg RSA -alias http
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Once you add the vCenter Server, you can see it under the Manage & Monitor tab.".
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.