Configuring vGW Series Multi-Center

This topic explains how to configure the Multi-Center feature which allows you to synchronize the configuration at one vGW Security Design VM across multiple vGW Security Design VMs connected to different VMware vCenters. The Multi-Center feature allows you to streamline configuration across multiple vGW Security Design VMs and coordinate various aspects of security as you scale. It relies on the configuration at one vGW Security Design VM, referred to as the master center, which is synchronized in part or whole to other vGW Security VMs, referred to as delegate centers.

Note: You can also use Multi-Center with the Split-Center feature to synchronize the configuration across multiple vGW Security Design VMs that manage resources in the same vCenter.

Before you read this topic, read Understanding the Multi-Center Feature.

This topic contains the following sections:

vGW Security Design VM Master Center

As administrator of the master center, you configure the object synchronization for all delegate centers–at the master vGW Security Design VM. After you configure the vGW Security Design VM that you will use as the master center, you can define delegate center configurations for individual delegate centers.

Although you configure Multi-Center for all delegate centers, each delegate center has its own independent configuration, and they can differ. When you add a delegate center configuration, you designate the objects that are synchronized to it.

Note: The master vGW Security Design VM and the delegates must be able to communicate using addresses from the same IP protocol family. Communication problems should not exist if this is the case. Too, if either of them is configured for dual stack, problems should not exist. If both are configured with a single IP from different protocol families, problems could ensue. To solve this problem, you could change the IP address used for one of them.

vGW Security Design VM Delegate Centers

Administrators of the master and delegate centers cooperate in implementing Multi-Center. They determine the objects to synchronize to the delegate center from the master center. Each delegate center has its own configuration at the master center. Configuration objects, such as policies, configured at the master center that are synchronized to delegate centers are viewed as global objects from the perspective of the delegate center. Some delegate centers might not synchronize a certain object, but rather retain their own local configuration for that object. For information about configuration objects and how they are synchronized, see Understanding vGW Series Multi-Center Synchronized Objects.

A vGW Security Design VM delegate center is created for a vCenter no differently from how it would be if it were independent. You import the OVA into the vCenter to be secured. For information on how to integrate vGW Series with vCenter, see Using the OVA Bundled Method to Integrate vGW Series with the VMware Infrastructure. After the installation is complete, you can begin to engage the vGW Security VM in the Multi-Center configuration.

Configuring Multi-Center

To configure Multi-Center, use the Settings module vGW Application Settings > Multi-Center page on the master center. To add a delegate center to the Multi-Center configuration:

  1. At the bottom Multi-Center Configuration pane, click Add. See Figure 122.

    Figure 122: Multi-Center Configuration Page at Master vGW Security Design VM

    Multi-Center Configuration Page at Master
vGW Security Design VM

    The Delegate Center Configuration (Add) pane is displayed on the master vGW Security Design VM.

  2. In the Configuration Name field, specify a name for the configuration that represents the delegate center. Note that the name field is used only for reference, and it can be anything. It does not need to match the name of the delegate vGW Security Design VM. See Figure 123.

    Figure 123: Delegate Center Configuration on the Master vGW Security Design VM

    Delegate Center Configuration on the Master
vGW Security Design VM
  3. In the Delegate Hostname/IP field, enter the name or the IP address of the delegate center.

    Enter a valid hostname, IPv4 address, or IPv6 address.

  4. In the Login User ID and Login Password fields, enter the delegate center’s authentication information.
  5. In the Center Objects to Synchronize pane, select the objects to synchronize.
    • Check Select All if you want the state of all of the objects in the list to be synchronized from the master vGW Security Design VM to the delegate center that you are defining.
    • If you want only some of the objects to be synchronized from the master vGW Security Design VM to the delegate center, select the check box before each object to synchronize.
      • Global Policy–Synchronizes the global policy and all objects it depends on. Among other objects, configurations for the source and destination of the rules in the policy and the protocols are copied.
      • Default Policy–Synchronizes the default policy and all objects it depends on. Among other objects, configurations for the source and destination of the rules in the policy and the protocols are copied.
      • Quarantine Policy–Synchronizes the quarantine policy and all objects it depends on. Among other objects, configurations for the source and destination of the rules in the policy and the protocols are copied.
      • Policy Groups–Synchronizes all the policy groups and policies associated with them, and all objects that they depend on. Among other configurations, the sources and destinations of the rules in the policies, the protocols, the networks and the machines in the groups are copied.
      • Monitoring Groups–Synchronizes all the monitoring groups and the policies associated with them, and all objects that they depend on. Among other configurations, the sources and destinations of the rules in the policies, the protocols, the networks and the machines in the groups are copied.
      • Networks–Synchronizes all networks.
      • External Machines–Synchronizes all external machines.
      • IDS Signatures–Synchronizes IDS Signatures and Settings.
      • Compliance - Synchronizes compliance rules and all objects that they depend on, such as groups.
      • Antivirus Settings–Synchronizes all AntiVirus scan configurations, and all objects that they depend on, such as groups.

Related Documentation