Configuring vGW Series to Support Auto Deploy

Prerequisites

For vGW Series to automatically install vGW Security VMs on ESXi hosts provisioned by VMware Auto Deploy:

You use the Automatic Securing of Auto-deployed hosts pane of the Settings > vGW Application Settings > Install Settings page to configure vGW Series to automatically secure these hosts. See Figure 117.

vGW Series automatically installs a vGW Security VM on the selected hosts.

Figure 117: Configuring Automatic Installation of vGW Security VMs for Auto-Deployed ESXi Hosts

Configuring Automatic Installation
of vGW Security VMs for Auto-Deployed ESXi Hosts

To configure vGW Series to install a vGW Security VM on selected ESXi hosts that are automatically deployed:

  1. Select the ESXi hosts to secure:
    • No hosts: No hosts will be secured.
    • All hosts: All hosts will be secured.
    • Hosts in the following clusters: Only hosts in the clusters that you identify will be secured. Select the check box for each cluster that you want to include.
  2. Specify a prefix to use as part of the name that is assigned to every automatically installed vGW Security VM. Select the port group and the data store to use.
    • SVM Name prefix—vGW Series automatically assigns a name to a vGW Security VM. It uses this value as the prefix. To create the complete name, the value is prepended to the last octet of the ESXi host IP address in the format [prefix]_[octet].

      For example, if you used SVM_ as the prefix, if the last octet of the ESXi host IP address to be secured was 123, the name SVM_123 would be assigned to the vGW Security VM for that host.

    • Port Group—From the Port Group list, select the network label for the port groups.

      Port groups serve as anchor points for VMs that connect to labeled networks. A port group is identified by a unique network label. The same network label is used for all port groups in a datacenter that are physically connected to the same network.

      When you select either All Hosts or specific clusters, vGW Series updates the port group selection list. However, the list includes only port groups that are common to all connected hosts.

      This behavior applies if you select one cluster or more than one.

    • Datastore—From the Datastore list, select the datastore to use for the vGW Security VMs.

      When you select either All Hosts or specific clusters whose hosts are to be secured, vGW Series updates the datastore list to include their datastores. The list includes only options that are common to all connected hosts. If there are no datastores that are on all hosts, the list is empty. However, if there is only one connected host, the list will show all of the datastores that are on that host.

      This behavior applies to all clusters, whether you select one or more.

  3. On the Method list, select the method to use to acquire IP addresses for the vGW Security VMs.
    • Method—Select either DHCP or static.
    • IP Address—If Method is set to static, specify the static IP address to assign to the vGW Security VM.
    • Network Mask—Specify the network mask to use in the IP address for the vGW Security VM.
    • Default Gateway—Specify the default gateway for the vGW Security VMs.
  4. To override the limit restricting the number of times that vGW Series is allowed to attempt to install vGW Security VM on a host after repeated failures, reset the error count. Select Force recheck on all hosts.

    vGW Series maintains a count of the number of failed attempts for each host. When that count is exceeded, it no longer tries to install a vGW Security VM on it. The installation attempts limit is set in the center.auto.deploy.svm.install.retry.count parameter which has a default of 3 times. If you select this check box, the count is reset. It is also reset if you modify configuration settings.

You can create a per-host XML configuration. If you do this, the file must reside at /usr/lib/tomcat/webapps/ROOT/WEB-INF/autoDeploy.xml. You can find the xsd to use at:
http://vgw-milford.juniper.net/trac/browser/center/branches/fullers/schemas/autoDeploy.xsd.

The fallback behavior is:

Related Documentation