Configuring Scaling Using the Multi-Center and Split-Center Features

This topic explains how to use the vGW Series Split-Center and Multi-Center features together to secure your virtualized environment as you scale.

These features are typically used together to:

This topic contains the following sections:

vGW Series Split-Center Multi-Center Configuration Requirements

This example addresses a customer environment with a virtualized infrastructure that includes data centers at three individual VMware vCenters:

About the Example

This customer’s virtualized environment spans three vCenters at various locations. The customer plans to use the Split-Center feature to divide security management responsibility for resources at one of the vCenters among two vGW Security Design VMs.

The customer plans to deploy largely the same configuration for all vGW Security Design VMs. Because manually creating separate configurations with the same parameters is time consuming and error prone, the customer decides to use the Multi-Center feature to solve this problem.

The Multi-Center feature allows the customer to use a single vGW Security Design VM as the master center. Its configuration is copied to all slave, or delegate, vGW Security Design VMs.

For this example, vGW Security Design VM-3 serves as the primary center. The administrator of vGW Security Design VM-3 configures the Multi-Center feature for all delegate centers.

Using the Settings module Application Settings > Multi-Center, the administrator defines an entry for each delegate vGW Security Design VM center. For this example, delegate centers include:

You use the Delegate Center Configuration (Add) pane of the Settings module Multi-Center feature to create an entry for a delegate vGW Security Design VM center. See Figure 124.

Figure 124: Delegate Center Configuration on the Master vGW Security Design VM

Delegate Center Configuration on the Master
vGW Security Design VM

To do so, you provide the following information:

Configuring Split-Center and Multi-Center for vGW Security Design VMs

Configuring Split-Center for the First vGW Security Design VM

Step-by-Step Procedure

This configuration shows how to use the Split-Center feature to give vGW Security Design VM-1 management responsibility for part of the resources at vCenter1.

From the Settings module vGW Application Settings > vCenter Integration page:

  1. In the vCenter Settings pane, enter the following information:
    • The server name or IP address of the vCenter. For this example, enter vCenter1.
    • The vGW Security Design VM-1 username and password to authenticate to vCenter1. For this example, enter admin-1 and talk#321.
  2. In the vCenter Settings pane, select a management scope for vGW Security Design VM-1. To display the data centers belonging to vCenter1, select the Selected Datacenters option button.

    The data centers belonging to vCenter1 are displayed:

    • vCenter1-data-center-1
    • vCenter1-data-center-2
    • vCenter1-data-center-3
    • vCenter1-data-center-4
    • vCenter1-data-center-5

    By default, the system is configured to allow the vGW Security Design VM to manage all data centers.

  3. Click the check box before vCenter1-data-center-1, and click Save to allow vGW Security Design VM-1 to manage it.

    vGW Security Design VM-1 will now be able to manage only the VMs and other resources for vCenter1-data-center-1 of vCenter1.

    Note: Before the system saves your selection, vCenter1 verifies the authentication credentials that you specified. The system displays the following message:

    Checking vCenter login credentials. This may take up to 15 seconds depending on server loads.

    If your credentials are invalid, your data center scope management selection is not committed.

  4. If you want to commit the configuration, click Okay.

Configuring Split-Center for the Second vGW Security Design VM

Step-by-Step Procedure

This configuration shows how to use the Split-Center feature to give vGW Security Design VM-2 management responsibility for part of the resources at vCenter1.

  1. From vGW Security Design VM-2, select the Settings module.
  2. In the navigation tree, select vCenter Integration beneath vGW Application Settings.
  3. In the vCenter Settings pane, enter the following information:
    • The server name or IP address of the vCenter. For this example, enter vCenter1.
    • The vGW Security Design VM-2 username and password to authenticate to vCenter1. For this example, enter admin-2 and talk#4*5#6.
  4. In the vCenter Settings pane, select a management scope for vGW Security Design VM-2. To display the data centers belonging to vCenter1, select the Selected Data centers option button.

    The data centers belonging to vCenter1 are displayed:

    • vCenter1-data-center-1
    • vCenter1-data-center-2
    • vCenter1-data-center-3
    • vCenter1-data-center-4
    • vCenter1-data-center-5

    By default, the system is configured to allow the vGW Security Design VM to manage all data centers.

  5. Click the check boxes before vCenter1-data-center-2, vCenter1-data-center-3, vCenter1-data-center-4, vCenter1-data-center-5,and click Save to allow vGW Security Design VM-2 to manage them.

    Note: Before the system saves your selection, vCenter1 verifies the authentication credentials that you specified. The system displays the following message:

    Checking vCenter login credentials. This may take up to 15 seconds depending on server loads.

    If your credentials are invalid, your data center scope management selection is not committed.

  6. To commit the configuration, click Okay.

Defining Entries for a Delegate Center Using the Multi-Center Feature

Step-by-Step Procedure

This example shows how to define entries for one of the three vGW Security Design VMs to allow it to become a delegate center and inherit most of the vGW Security Design VM-3 master’s configuration. Configuration of the other two delegate centers is not shown here, but it is done similarly to the single configuration example.

This example shows how to configure:

To define a delegate center entry for vGW Security Design VM-1, from the vGW Security Design VM-3 master Settings module vGW Application Settings > Multi-Center page:

  1. Enter mc-delegate-1 as the name for the delegate center entry.
  2. Enter admin-1 and talk#321 as the user ID and password credentials of the delegate center.
  3. Under Synchronize Objects, click Select All.
  4. If you are satisfied with the configuration, click Save. Otherwise, click Cancel.

Related Documentation