On VMware vShield Zones 4.0 limitations
Dave Convery, VMware vExpert and Virtualization Architect at Anexinet, published a short but very interesting report on current limitations of vShield Zones, the firewall that VMware acquired from Blue Lane Technologies in October 2008 and that offers for free as part of vSphere 4.0 Advanced, Enterprise and Enterprise Plus editions.
He specifically mentions three shortcomings related to:
- Networking
…there is an unprotected Port Group (ORIGINAL Network). This needs to be added to the vSwitch AFTER the vShield Agent is installed. If the ORIGINAL Network is already a part of the vSwitch, it will need to be removed BEFORE installing the vShield Agent. In order to avoid an outage, you will need to disable DRS and manually vMotion all VMs off of the ESX/ESXi host before installing the vShield Agent and modifying the port groups. - DRS/HA
…with HA disabled for the vShield Agent, there is no facility for automatic startup. There is an automatic startup setting in the startup/shutdown section of the configuration settings. First, this is an all-or-nothing setting. Second…if a host fails, HA will restart all protected VMs on different hosts. If the host comes back on line, you risk having DRS migrate protected VMs back to that host. This will cause those VMs to become disconnected because the vShield Agent will not automatically start. If a host fails, hope that it fails good enough so it won’t restart. - Maintenance Mode
…you cannot power the vShield Agent off because the protected VMs would become disconnected. You cannot migrate it to a different host because it would cause a serious conflict and cause protected VMs to become disconnected. The only thing you can do is place the host in Maintenance Mode, then MANUALLY (*GASP*) migrate all of the protected VMs and then power the vShield Agent off. So much for automated patch management
Convery closes his (very welcome) report by saying that vShield Zones is a 1.x product, implying that some of the issues above are expected in a first generation product. Unfortunately it doesn’t seem the case: well before VMware acquired Blue Lane Technologies, vShield (formerly VirtualShield) already was at its 4th generation (Sep 2007). VMware acquired the startup one year later (so it’s safe to assume that Blue Lane made significant progresses in that timeframe) and had from October 2008 to May 2009 to deliver a more integrated platform.
virtualization.info Newest articles
June 13th, 2017
Log Insight is a log aggregation, management and analysis tool, that VMware first introduced in 2013 and considered a competitor of Splunk.
Yesterday VMware announced the release of version 4.5, available for…
June 6th, 2017
Today VMware announced the latest release of its cloud management platform vRealize Automation, former vCloud Automation Center.
VMware vRealize Automation 7.3 release notes can be found at this link.
The…
February 9th, 2017
“We see greater potential strategic opportunity in NSX over the next decade than our franchise product vSphere has had for the past decade.”
said VMware’s CEO Pat Gelsinger talking about…
November 22nd, 2016
Encryption of virtual machines is something that has been requested for years by the security community. VMware continued to postpone its implementation due to the negative operational impact that many…
November 1st, 2016
In September 2012 Dell announced to have completed the acquisition of Quest Software, a Californian company with an history in systems management, security, business intelligence and, falling back in our…
October 21st, 2016
Citrix announced its financial results for third quarter 2016.
The revenues for the second quarter were $841 million for an increase of 3% compared to Q3 2015.
Net income was $132…
October 19th, 2016
2016 edition of VMworld US has been quite turbulent, on the other hand during VMworld Europe, happening these days in Barcelona, the company announced a few more products for the…
October 18th, 2016
Log Insight is a log aggregation, management and analisys tool, that VMware first introduced in 2013 and now is usually compared with Splunk.
Yesterday VMware announced Log Insight’s new major…
October 13th, 2016
Yesterday Microsoft announced the general availability of Windows Server 2016 which the company defines as a cloud-ready OS.
Beside fancy definitions, one of the most relevant perks of this release…
September 22nd, 2016
During Oracle OpenWorld 2016 the company released version 3.4.2 of its enterprise virtualization solution.
Oracle VM is available for both x86 and SPARC based processor architectures and uses the Xen hypervisor…
September 1st, 2016
Today was the last day of VMware’s flagship conference VMworld in Las Vegas, an highly controversial edition which left a good chunk of the audience disoriented if not properly disappointed….
August 11th, 2016
Last week Gartner updated its Magic Quadrant for Cloud Infrastructure as a Service (IaaS) for the year 2016. The Magic Quadrant for the year 2015 was released in May last year…
August 2nd, 2016
Ansible is one of the four main players in the automation market, younger then the well known Chef and Puppet, has been launched in 2013 in Durham, N.C. and acquired…
July 19th, 2016
Yesterday IBM announced its results for Q2 2016.
If we compare with the same quarter in 2015 earnings per share, from continuing operations, decreased 22%. Net income, from continuing operations,…
Copyright © 2003-2019 virtualization.info. All rights reserved.