Understanding vGW Series Integration with vCloud Director
The vGW Security Design VM integrates directly with VMware’s vCloud Director to allow vGW Series to retrieve information from vCloud Director about virtual machines (VMs). After you configure vCloud in the vGW Security Design VM, the information about a VM that it acquires can be used to dynamically associate that VM with vGW Series groups and policies that you create.
VMware vCloud Director
VMware’s vCloud Director Infrastructure-as-a-Service solution allows for rapid provisioning of complete virtual software-defined datacenter services. vCloud Director implements pooling, abstraction, and automation of data center services including storage and networking services. Using it, administrators can provision infrastructure without concern for physical hardware configuration.
Although vCloud Director can be used within an enterprise infrastructure, it is commonly used by cloud-based VM hosting providers.
vGW Series and vCloud
The vGW Security Design VM direct integration with vCloud Director allows it to collect information that is associated with a VM in vCloud Director. Information that vGW Series collects includes:
- VM membership in a specific organization.
- VM tags defined in the VM metadata. vCloud Director can
associate information about VMs from its Metadata tab page that is
configured by an administrator or other user, based on their permissions.
The vGW Security Design VM obtains the VM name and value data from this configuration. The vGW Security Design VM can obtain multiple values, if any.
vGW Security Design VM allows you to define Smart Groups used as policies in which VMs that match the Smart Group criteria are dynamically associated with the group, and its policy is applied to them. The vCloud Director information used in a dynamic group is associated with the vcd.tag property. The information appears as comma separated attrname=value pairs with the organization information appearing as the value for the OrgName attribute, such as OrgName=Org1.
For example, you could define a Firewall policy to be assigned to all VMs belonging to a particular organization. If the Smart Group configuration includes that organization, the Smart Group’s policy is applied to the matching VM.
You might define an Introspection Image Enforcer profile that specifies that all VMs running Windows OS that belong to a particular organization must have installed on them all applications installed on a Gold Image that they are compared to. You could also use the information acquired from vCloud Director in configuring AnitVirus scanning.
vGW Series and vCloud Director integration is characterized as follows:
- By default, vGW Security Design VM integration with vCloud
Director is disabled.
To enable integration with vCould Director, you set the center.vcd.enabled parameter to true:center.vcd.enabled=true.
By default it is set to false.
- vGW Series supports integration with vCloud Director 5.1 and later versions.
- Presently the vGW Security Design VM supports integration with only one vCloud Director server.
Requirements
For vGW Security Design VM to be able to integrate with vCloud Director and query it for VM inventory and other operations, the account connecting to vCloud Director must have admin privileges.