Virtual Server Security for VMware: Installation Guide
Upcoming SlideShare
Loading in...5
×
 

Virtual Server Security for VMware: Installation Guide

on

  • 1,741 views

 

Statistics

Views

Total Views
1,741
Views on SlideShare
1,741
Embed Views
0

Actions

Likes
0
Downloads
39
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Virtual Server Security for VMware: Installation Guide Virtual Server Security for VMware: Installation Guide Document Transcript

  • IBM Virtual Server Security for VMware Installation Guide for Virtual Server Security for VMware (Proventia Server for VMware) Version 1.0
  • Copyright statement © Copyright IBM Corporation 2009. U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Publication Date: December 2009
  • Contents About this publication . . . . . . . . v Deploying the OVF file . . . . . . . . 13 Related publications . . . . . . . . . vi Running Proventia Setup. . . . . . . . 14 Technical support contacts . . . . . . . vii Configuring the VMO using Proventia Manager . . . . . . . . . . . . . 15 Chapter 1. About Virtual Server Security for Configuring network settings for the hosting VMware (Proventia Server for VMware) . . 1 ESX Server . . . . . . . . . . . . 17 Overview . . . . . . . . . . . . . 2 Optional: Configuring settings for the About VMware ESX. . . . . . . . . . 4 Accelerator . . . . . . . . . . . . 18 About the Security Virtual Machine (SVM) . . 5 Configuring SiteProtector system Integration with IBM Proventia Management management . . . . . . . . . . . . 20 SiteProtector system . . . . . . . . . . 6 Using Proventia Manager to uninstall the SVM from your system . . . . . . . . 21 Chapter 2. Deployment components and Uninstalling the SVM manually from your system requirements . . . . . . . . . 7 system . . . . . . . . . . . . . . 22 Deployment components . . . . . . . . 8 Security Virtual Machine (SVM) requirements 9 Notices . . . . . . . . . . . . . 23 Virtual machine requirements . . . . . . 10 Trademarks . . . . . . . . . . . . 25 Chapter 3. Deploying the SVM . . . . . 11 Index . . . . . . . . . . . . . . 27 Setup overview . . . . . . . . . . . 12 © Copyright IBM Corp. 2009, 2009 iii
  • iv Virtual Server Security for VMware: Installation Guide
  • About this publication This section describes the audience for this guide, identifies related publications, and provides contact information. Audience Users of this guide should have fundamental knowledge of installing, deploying, and configuring applications on VMware. Topics “Related publications” on page vi “Technical support contacts” on page vii © Copyright IBM Corp. 2009, 2009 v
  • Related publications Use this topic to help you access information about Proventia Server for VMware. Publications The following documents are available for downloading from the IBM ISS Documentation Web site at http://www.iss.net/support/documentation/. v IBM Virtual Server Security for VMware (Proventia Server for VMware) Installation Guide Version 1.0 v IBM Virtual Server Security for VMware (Proventia Server for VMware) Administrator Guide Version 1.0 License agreement For licensing information about IBM ISS products, download the IBM® Licensing Agreement from http://www.ibm.com/services/us/iss/html/contracts_landing.html. vi Virtual Server Security for VMware: Installation Guide
  • Technical support contacts IBM Internet Security Systems (IBM ISS) provides technical support to customers who are entitled to receive support. You can find information related to Customer Support hours of operation, phone numbers, and methods of contact on the IBM ISS Customer Support Web page. The IBM ISS Customer Support site The IBM ISS Customer Support Web page at http://www.ibm.com/services/us/iss/support/ provides direct access to online user documentation, current versions listings, detailed product literature, white papers, the Technical Support Knowledgebase, and contact information for Customer Support. Contact information For contact information, go to the IBM ISS Contact Technical Support Web page at http://www.ibm.com/services/us/iss/support/contacts.html. About this publication vii
  • viii Virtual Server Security for VMware: Installation Guide
  • Chapter 1. About Virtual Server Security for VMware (Proventia Server for VMware) This chapter describes how Virtual Server Security for VMware (Proventia Server for VMware) interacts with VMware ESX 4.0 and the IBM Proventia® Management SiteProtector™ system Topics “Overview” on page 2 “About VMware ESX” on page 4 “About the Security Virtual Machine (SVM)” on page 5 “Integration with IBM Proventia® Management SiteProtector™ system” on page 6 © Copyright IBM Corp. 2009, 2009 1
  • Overview Proventia Server for VMware is a virtual agent that provides intrusion prevention, firewall, and rootkit protection for virtual machines (hosts) running on VMware ESX 4.0. Proventia Server for VMware provides the same protection for virtual hosts that conventional security products provide for physical hosts. The intrusion prevention and firewall features protect all traffic to and from any virtual machine in the system. The anti-rootkit feature protects the virtual machines from malicious programs. How it works Proventia Server for VMware is an agent that runs on its own virtual machine called the Security Virtual Machine or the SVM. You install the SVM on the same physical host as the virtual hosts it protects, but it remains external to those protected hosts. The SVM can block network-based attacks on virtual machines by inspecting and analyzing network traffic to, from, and between virtual hosts in real time. The firewall can provide policy enforcement for network communication on the external physical network and on all inter-virtual machine traffic. The SVM provides rootkit protection by using introspection, which is the ability to inspect the memory of a virtual machine. Architectural overview Proventia Server for VMware protection agents run as a Security Virtual Machine (SVM) on a hosting VMware ESX 4.0 Server, and are responsible for securing all the virtual machines running on a single hosting ESX Server. The SVM is deployed into every physical server that must have protection for its virtual machines. This SVM exists as a privileged virtual machine. 2 Virtual Server Security for VMware: Installation Guide
  • Figure 1. Typical setup of the Proventia Server for VMware protection agent The SVM monitors all the traffic involving virtual machines running on a hosting ESX Server, including traffic passed between local virtual machines. The SVM uses VMware’s Distributed Chapter 1. About Virtual Server Security for VMware (Proventia Server for VMware) 3
  • Virtual Filter (DV Filter) API to capture and analyze traffic to and from virtual machines without the need for you to reconfigure the virtual network. The SiteProtector system manages all the agents in a given installation. A Proventia Server for VMware installation consists of all the SVMs within a VMware deployment. About VMware ESX VMware ESX is an enterprise-level virtualization tool that runs both the SVM and the virtual machines that are protected by the SVM. Where to install the ESX software You install the ESX software directly on a server; it does not need to run on top of an operating system. The ESX Server is managed by the VMkernel, which is based on the Linux® kernel. The VMkernel eliminates the overhead of running an operating system beneath the virtual machines. 4 Virtual Server Security for VMware: Installation Guide
  • About the Security Virtual Machine (SVM) The SVM is virtual machine that hosts the Proventia Server for VMware protection agent. The SVM runs on a hosting ESX Server. Typical deployment The following diagram shows a simple deployment of Proventia Server for VMware. This diagram shows the SVM within the context of other virtual machines and its hosting ESX Server, including the connections between the SVM and the SiteProtector instance that manages it and the policy, event, and update pathways for the SVM. Policies are the SiteProtector policies that are subscribed to by the SVM, deployed to the SVM, and are used by the SVM to enforce protection of the virtual environment. Events or Alerts contain data that is sent to the SiteProtector system to indicate network attacks, virtual machine audit failures, or other situations detected by the SVM. Updates are sent to the SVM from a SiteProtector Update Server (or xpu.iss.net as an alternate) to update components of the SVM. Chapter 1. About Virtual Server Security for VMware (Proventia Server for VMware) 5
  • Figure 2. Typical deployment of the SVM Integration with IBM Proventia® Management SiteProtector™ system The SiteProtector system provides centralized management for SVM. The SVM receives policies and updates from the SiteProtector system, and also transmits alerts and heartbeats to the SiteProtector system. 6 Virtual Server Security for VMware: Installation Guide
  • Chapter 2. Deployment components and system requirements This chapter describes the components that a Proventia Server for VMware deployment consists of and the requirements for each component. Topics “Deployment components” on page 8 “Security Virtual Machine (SVM) requirements” on page 9 “Virtual machine requirements” on page 10 © Copyright IBM Corp. 2009, 2009 7
  • Deployment components Before you deploy Proventia Server for VMware, make sure you are familiar with its components. Table 1. Proventia Server for VMware deployment components Component Description and location VMware ESX 4.0 A virtualization layer that runs on physical servers that abstracts processor, memory, storage, and resources into multiple virtual machines. Download directly from http://www.vmware.com. Reference: See the VMware ESX 4.0 product page on the VMware site at http://www.vmware.com/ products/esx/ for more information about system requirements for the ESX Server. VMware vSphere Client 4.0 VMware vSphere Client is an interface that allows you to connect remotely to the hosting ESX Server from any Windows® PC. Download directly from http://www.vmware.com. Reference: See the VMware vSphere 4.0 product page on the VMware site at http:// www.vmware.com/products/vsphere/ for more information about system requirements for vSphere Client. ProventiaServerV.ovf The virtual machine image for the SVM. Download from the IBM Download Center. Internet Explorer version 6 or later Download directly from http:// www.microsoft.com/windows/internet-explorer/ default.aspx. SiteProtector 2.0 SP 8.0 The IBM ISS centralized management console. Download from the IBM Download Center. 8 Virtual Server Security for VMware: Installation Guide
  • Security Virtual Machine (SVM) requirements Make sure the SVM meets the requirements listed in this section. Reference: For a complete list of system requirements for Proventia Server for VMware, see the System Requirements document on the IBM ISS Documentation Web site at http://www.iss.net/support/documentation/. Hosting ESX Server requirements You can only install one SVM on each hosting ESX Server. Your SVM must always be directed to its hosting ESX Server. The Proventia Manager setup and the Proventia Setup installation steps provide guidance on how to direct your SVM to its hosting ESX Server. Do not direct your SVM to a vCenter Server. VMware Tools The SVM does not support VMware Tools. Do not install VMware Tools on the SVM. VMware VMotion and VMware Storage VMotion The SVM does not support VMware VMotion (a technology that allows the live migration of running virtual machines from one physical server to another server) and VMware Storage VMotion (a component of VMware vSphere that provides an interface for migrating virtual machine disk files across storage arrays or across ESX Servers, with no downtime or disruption in service). You must install the SVM on the local storage for the hosting ESX Server so that it cannot use VMotion and Storage VMotion. Memory requirements Make sure the SVM has at least 1 GB of RAM and more than 10 GB of available hard disk space. Note: The SVM incurs a memory overhead for each virtual machine that it protects, but only a fixed amount of processor time. The amount of RAM allocated to the SVM must be appropriately scaled for the expected number of virtual hosts. Chapter 2. Deployment components and system requirements 9
  • Virtual machine requirements Make sure the virtual machines that are protected by the SVM meet the requirements listed in this section. VMware Tools You must install VMware Tools on each virtual machine that you want the SVM to protect. Installing virtual machines- consideration When you install virtual machines in a virtual environment, you should not install them on the virtual switches that were created as part of the Proventia Server for VMware installation. The Proventia Server for VMware installation process creates the following virtual switches: v ibm-vmwarenetwork-switch v ibm-vmwareintrospect-switch v ibm-accelerator-switch 10 Virtual Server Security for VMware: Installation Guide
  • Chapter 3. Deploying the SVM This chapter explains how to set up the SVM on your network, how to configure settings for individual components used by the SVM, how to remove the SVM from your system, and how to configure SiteProtector management. Topics “Setup overview” on page 12 “Deploying the OVF file” on page 13 “Running Proventia Setup” on page 14 “Configuring the VMO using Proventia Manager” on page 15 “Configuring network settings for the hosting ESX Server” on page 17 “Optional: Configuring settings for the Accelerator” on page 18 “Configuring SiteProtector system management” on page 20 “Using Proventia Manager to uninstall the SVM from your system” on page 21 “Uninstalling the SVM manually from your system” on page 22 © Copyright IBM Corp. 2009, 2009 11
  • Setup overview You manually deploy and configure the SVM that has been provided to you by IBM as a virtual machine image. The SVM is configured successfully when it can report to the SiteProtector Agent Manager. Process The Proventia Server for VMware setup follows this process: Table 2. Proventia Server for VMware setup tasks Task Description 1 Install the SVM from the provided OVF on the server running the ESX host Important: Make sure you install the SVM on the local storage for the hosting ESX Server and not in a shared datastore. Installing the SVM on the ESX Local Storage prevents it from being migrated to a shared storage area or another ESX Server environment in case of failure. 2 Run Proventia Setup to configure initial settings for the SVM 3 Configure the Virtual Machine Observer (VMO) using Proventia Manager The VMO is the module that communicates with the hosting ESX Server and collects information about status changes in the virtual machines. 4 Configure network settings for the hosting ESX Server, and then reboot the ESX Server These network settings enable introspection (the ability to inspect the memory of a virtual machine) and enable analysis of network traffic. 5 Optional: Configure settings for the Accelerator function The Accelerator analyzes traffic between one physical NIC (pNIC) on an ″accelerated″ virtual switch and one other virtual switch already configured on your virtual network. 12 Virtual Server Security for VMware: Installation Guide
  • Deploying the OVF file The Open Virtualization Format (OVF) template provided by IBM for installation contains the virtual machine image for the SVM. About this task OVF is a distribution format that uses existing packaging tools to combine one or more virtual machines with a standards-based XML wrapper. OVF gives the virtualization platform a portable package that contains all required installation and configuration parameters for virtual machines. This format allows any virtualization platform that implements the standard to correctly install and run virtual machines. Reference: See http://www.vmware.com/pdf/ovf_spec_draft.pdf for more information about OVF. Procedure 1. Connect to your hosting ESX Server using VMware vSphere Client. 2. From the File menu, select Deploy OVF Template. 3. From the Deploy OVF Template - Source window, select the Deploy from file option, click Browse to locate the OVF file for the corresponding virtual machine, and click Next. 4. From the Deploy OVF Template - OVF Template Details window, verify the OVF template settings, and click Next. 5. From the Deploy OVF Template - Name and Location window, type a name for the SVM. Tip: Consider naming the SVM after the ESX Server it is associated with so that you will remember its name when you manage your protection from the SiteProtector system. 6. From the Deploy OVF Template - Network Mapping window, configure the Management network mapping option. The Management network mapping option allows you to access the Web management interface for the SVM from your Web browser and also enables the SVM to communicate with SiteProtector. 7. Click Next. 8. From the Deploy OVF Template - Ready to Complete window, check the properties for the SVM, and click Finish. The OVF is extracted and deployed to the hosting ESX Server. 9. Deploy the SVM. Chapter 3. Deploying the SVM 13
  • Running Proventia Setup The Proventia Setup program is a text-based setup program you use to configure the initial settings for the SVM. Procedure 1. Turn on the SVM. 2. Log on to the SVM, using the management console or by SSH, with the following account credentials: v username = admin v password = admin Note: Default passwords are all set to admin. 3. From the Welcome window, press ENTER, and accept the License Agreement. 4. From the Change Password (admin) window, change the password for the admin user, and press ENTER. 5. From the Change Password (root) window, change the password for the root user, and press ENTER. 6. From the Change Proventia Manager Password (admin) window, change the Proventia Manager password for the admin user, and press ENTER. 7. From the Network Configuration - Management Interface IP Address window, choose one of the following methods to set the IP address: To set the IP address automatically via DHCP, select Set IP Address Automatically (via DHCP), and press ENTER. After the agent obtains an IP address from the DHCP server, go to Step 9. If the agent fails to obtain the IP address dynamically, you will receive the following message: Failed in getting IP Address dynamically. If you receive this message, make sure your DHCP server is functioning and is available on the network configured for the Management Interface. Tip: Consider using a static IP address. DHCP environments can pose challenges to a Proventia Server for VMware deployment. To set a static IP address for the management interface, select Set IP Address Statically, and press ENTER. 8. From the Network Configuration window, type the IP address, subnet mask, and gateway address for the SVM, and press ENTER. 9. From the Host Configuration window, type the host name and domain name for the SVM, and press ENTER. 10. From the DNS Configuration window, provide DNS settings for the SVM, and press ENTER. 11. Optional: From the Time Zone Configuration window, set the time zone for the SVM, and press ENTER. 14 Virtual Server Security for VMware: Installation Guide
  • Important: When you deploy the OVF file, the SVM will use the time zone and the system time set for the hosting ESX Server. 12. Optional: From the Date/Time Configuration window, set the date and the time for the SVM, and press ENTER. Important: When you deploy the OVF file, the SVM will use the time zone and the system time set for the hosting ESX Server. 13. From the Agent Name Configuration window, type the name for the SVM as it will be displayed in the SiteProtector Console. Tip: Consider naming the SVM after the ESX Server it is associated with so that you will remember its name when you manage your protection from the SiteProtector system. 14. Press ENTER to exit the menu. Configuring the VMO using Proventia Manager The Virtual Machine Observer (VMO) module communicates with the hosting ESX Server and collects information about changes in the status of the virtual machines, such as when new virtual machines come online, when virtual machines are migrated, or when virtual machines are suspended from operation or have resumed operation. About this task The VMO serves the following purposes: v Receives virtual machine events from the hosting ESX Server (or Service Console). These events are reported to the SiteProtector Console, such as events indicating that virtual machines are coming online or going offline. VMO also maintains inventory information for the virtual machines, which can be used by the other modules of Proventia Server for VMware. v Adds the security agent name to the configuration file of the virtual machines (VMX file), so that the machines can be protected by the security agent through introspection. Procedure 1. Open a Web browser, and type the IP address for the SVM (the IP address that was set for the management interface during Proventia Setup): https://SVM_IP 2. Log on to Proventia Manager (the Web-based management interface for the SVM) using the following account credentials: v username = admin v password = the Proventia Manager password you configured in Proventia Setup 3. Click System → VMware in the navigation pane. Chapter 3. Deploying the SVM 15
  • 4. Type the following settings for the hosting ESX Server: Option Description ESX Server IP Address The IP address of the ESX Server hosting the SVM. Note: The IP address you enter here is for configuring the VMO module. Administrator User Name The name of a user who has Administrator privileges to access the hosting ESX Server. Administrator Password The password of the user who has Administrator privileges to access the hosting ESX Server. 5. Click OK. Note: Because VMware does not provide a CA certificate for ESX 4.0, the VMO cannot validate the server certificate on the client side. Instead, the VMO will establish a connection with the hosting ESX Server using HTTPS. 16 Virtual Server Security for VMware: Installation Guide
  • Configuring network settings for the hosting ESX Server The ESX Server is the host machine on which the SVM and the other virtual machines are running. Procedure 1. Log on to the SVM, using the management console or by SSH, with the following account credentials: v username = admin v password = the password you configured in Proventia Setup 2. From the Proventia Setup Configuration Menu, select Network Configuration. 3. From the Network Configuration Menu, select ESX Server Configuration, and press ENTER. 4. From the ESX Server Configuration window, type the following settings for the hosting ESX Server: Option Description ESX Server IP Address The IP address of the ESX Server hosting the SVM. Note: The IP address you enter here is for configuring ARK and IPS protection. Administrator User Name The name of a user who has Administrator privileges to access the hosting ESX Server. Administrator Password The password of the user who has Administrator privileges to access the hosting ESX Server. 5. Press ENTER to finish configuring network settings for the hosting ESX Server. 6. Reboot the ESX Server for the configuration settings to take effect. Chapter 3. Deploying the SVM 17
  • Optional: Configuring settings for the Accelerator The Accelerator function enhances the performance of the SVM by analyzing traffic between one physical NIC (pNIC) on an ″accelerated″ virtual switch and one other virtual switch already configured on your virtual network. Before you begin Make sure you have configured network settings for the hosting ESX Server before you configure settings for the Accelerator. About this task When you enable the Accelerator function, the SVM will configure the virtual network to allow the agent to directly capture and monitor traffic on one external pNIC using a new virtual switch. A network interface of the SVM will be attached to the virtual switch that previously hosted the pNIC. The protected virtual machines do not need special network changes for packet analysis by IPS. The vNIC for a protected virtual machine can be on any virtual switch; traffic will still be analyzed. The Accelerator is an inline protection device that works through a bridged interface, which uses two adapters on the SVM. You can only accelerate one pNIC. You should not accelerate the pNIC connected to the SVM management interface. Also, make sure you set up the SVM management interface on the same virtual switch as the hosting ESX Server management interface. Important: You should configure this setting after you have deployed the SVM and you have determined how this setting will affect the performance of your virtual network. Procedure 1. Log on to the SVM, using the management console or by SSH, with the following account credentials: v username = admin v password = the password you configured in Proventia Setup 2. From the Network Configuration Menu, select Accelerator Configuration. 3. From the Accelerator Configuration Menu, select Enable Accelerator. 4. From the Accelerator Configuration window, type the following settings for the Accelerator: Option Description ESX Server IP Address The IP address of the ESX Server hosting the SVM. 18 Virtual Server Security for VMware: Installation Guide
  • Option Description Administrator User Name The name of a user who has Administrator privileges to access the hosting ESX Server Administrator Password The password of the user who has Administrator privileges to access the hosting ESX Server. Physical NIC Name The device name of the physical NIC (pNIC) to be monitored by the SVM. Press the SPACE BAR on your keyboard to toggle through the available pNICs. Attention: Do not select or accelerate the pNIC connected to the SVM management console. IP Address Range for MIA (Multiple Inspection The IP address range for all hosts that will be Avoidance) accelerated. This range includes all vNICs connected to the pNIC that is being accelerated (the entire subnet). Example: Use one of the following formats in this field: v Single IP address example: 1.1.1.1 v IP address range example: 1.1.1.1-1.1.1.1 v Network bits (CIDR) example: 1.1.1.10/24 0 You can also use commas to separate IP addresses and ranges of IP addresses: 1.1.1.1,2.2.2.2,3.3.3.1- 3.3.3.10,4.4.4.4/24 MIA (Multiple Inspection Avoidance) is used to enhance the frame rate that the IPS engine can analyze. When MIA is enabled, it examines every packet in the packet stream. 5. Press ENTER to finish configuring settings for the SVM. Note: If the screen becomes unresponsive while you are configuring acceleration, try disabling acceleration, and then go through the configuration steps again. If disabling acceleration does not return the screen back to a responsive state, try removing the acceleration settings manually, and then go through the configuration steps again. See the topic “Uninstalling the SVM manually from your system” on page 22 later in this guide, which includes steps on how to remove the acceleration settings manually. Chapter 3. Deploying the SVM 19
  • Configuring SiteProtector system management SiteProtector is the IBM ISS management system. The SiteProtector system manages the connections between the SiteProtector Console and the SVM, including all policy, event, and update settings for the agent. Procedure 1. Open a Web browser, and type the IP address for the SVM (the IP address that was set for the management interface during Proventia Setup): https://SVM_IP 2. Log on to Proventia Manager (the Web-based management interface for the SVM) using the following account credentials: v username = admin v password = the Proventia Manager password you configured in Proventia Setup 3. Click Launch Proventia Manager. 4. Click System → Management in the navigation pane. 5. Click Add Agent Manager. 6. Configure the SiteProtector Agent Manager: Option Description Name The Agent Manager name exactly as it appears in the SiteProtector Console. Address The IP address of the SiteProtector Agent Manager. Port The port number on which alerts are sent to the SiteProtector system. Note: The default port number is 3995. If you change the default port number, you must also configure the port number locally on the SiteProtector Agent Manager. Authentication Level Specifies how authentication between the SVM and the Agent Manager is managed. Username If the SVM must log into an account to access the Agent Manager, type the user name for that account here. Password If the SVM must use a password to access the Agent Manager, type the password here. Proxy Settings If the SVM must go through a proxy to access the Agent Manager, select the Use Proxy Settings check box, and then type the Proxy Server Address and Proxy Server Port. 7. Select the Register with SiteProtector check box. 8. In the Desired SiteProtector Group field, type the name of the Proventia Server for VMware group registered in the SiteProtector system. 20 Virtual Server Security for VMware: Installation Guide
  • 9. In the Heartbeat Interval (secs) field, type the number of seconds you want the SVM to wait between the time it contacts the SiteProtector system for changed policies and updates. Range: 60 to 86,400 seconds (1 minute to 2 days). You should use the default of 3600. Tip: Your SVM registers itself with the SiteProtector system at the end of the first heartbeat. If you want to use a long heartbeat, you might want to set a short heartbeat initially, and then change it after the SVM is registered. 10. Save your changes. What to do next See the SiteProtector documentation on the IBM ISS Documentation Web site at http://www.iss.net/support/documentation/ for more information about Proventia OneTrust tokens and licensing used by Proventia Server for VMware. Using Proventia Manager to uninstall the SVM from your system Follow this procedure to use Proventia Manager to remove the SVM from your system. Procedure 1. Unregister the SVM from the SiteProtector system. a. Open a Web browser, and type the IP address for the SVM (the IP address that was set for the management interface during Proventia Setup): https://SVM_IP b. Log on to Proventia Manager (the Web-based management interface for the SVM) using the following account credentials: v username = admin v password = the Proventia Manager password you configured in Proventia Setup c. Click Launch Proventia Manager. d. Click System → Management in the navigation pane. e. Clear the Register with SiteProtector check box. 2. Log on to the SVM, using the management console or by SSH, with the following account credentials: v username = admin v password = the password you configured in Proventia Setup 3. Select Agent Management → Agent Uninstallation. 4. Type the host address, Administrator user name, and Administrator password for the hosting ESX Server, and press ENTER. 5. Turn off the SVM. Chapter 3. Deploying the SVM 21
  • Important: To avoid errors with removing the SVM from your system, make sure you do not restart or turn off the hosting ESX Server before the SVM has finished being uninstalled from your system. 6. Delete the SVM from the disk. 7. Reboot the hosting ESX Server. Uninstalling the SVM manually from your system Follow this procedure to manually remove the SVM from your system. Procedure 1. Remove the file /etc/crm/issengine.policy. 2. Remove the file /etc/crm/issaccelerator.policy. 3. From the Services Control Panel, restart the issDaemon service. 4. Disconnect the pNIC from ibm-accelerator-switch. 5. Locate the virtual switch that is currently connected to eth4 on the SVM. Connect the pNIC (that you disconnected from ibm-accelerator-switch) to this virtual switch. 6. Disconnect eth3 and eth4 on the SVM. 7. Associate eth3 and eth4 on the SVM to VM Network. 8. Remove ibm-accelerator-group and ibm-accelerator-switch. 9. Turn off the SVM. Important: To avoid errors with removing the SVM from your system, make sure you do not restart or turn off the hosting ESX Server before the SVM has finished being uninstalled from your system. 10. Delete the SVM from the disk. 11. Delete the ibm-vmwarenetwork-switch and ibm-vmwareintrospect-switch switches. 12. Remove the DV Filter module using this command: esxupdate remove -b cross_ibm-iss-vmkmod_400.1.0-164009 13. Restart the hosting ESX Server. 22 Virtual Server Security for VMware: Installation Guide
  • Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user’s responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd. 1623-14, Shimotsuruma, Yamato-shi Kanagawa 242-8502 Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION ″AS IS″ WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. © Copyright IBM Corp. 2009, 2009 23
  • Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation Project Management C55A/74KB 6303 Barfield Rd., Atlanta, GA 30328 U.S.A Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us. All statements regarding IBM’s future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. 24 Virtual Server Security for VMware: Installation Guide
  • Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at Copyright and trademark information at www.ibm.com/legal/copytrade.shtml. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. UNIX® is a registered trademark of The Open Group in the United States and other countries. Microsoft® and Windows® are trademarks of Microsoft Corporation in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. Notices 25
  • 26 Virtual Server Security for VMware: Installation Guide
  • Index A L S accelerated mode 18 licensing 21 Security Virtual Machine Accelerator licensing agreement vi See SVM configuring settings 18 SiteProtector 5 enabling 18 M configuring management 20 admin user management interface IP address SiteProtector Agent Manager change password 14 setting automatically 14 IP address 20 Agent Manager 20 setting static 14 port 20 alerts 5 MIA 19 SiteProtector integration 6 anti-rootkit feature 2 Multiple Inspection Avoidance SiteProtector Update Server 5 ARK protection 17 See MIA SVM 5 date/time configuration 15 C N deployment 5 CA certificate 16 network mapping 13 deployment diagram 5 Customer Support site, IBM Internet network mapping interfaces deployment requirements 9 Security Systems vii Management 13 DNS configuration 14 customer support, IBM Internet non-accelerated mode 18 host configuration 14 Security Systems vii memory requirements 9 O network configuration 14 D Open Virtualization Format time zone configuration 14 deployment 8 See OVF uninstalling (using Proventia deployment requirements OVF 13 Manager) 21 Proventia Server for VMware 7 deploying 13 SVM 9 OVF file 8 T virtual machines 10 technical support, IBM Internet DHCP 14 P Security Systems vii documentation vi pNIC 18 documentation web site vi policies 5 U DV Filter 3 preface v uninstalling manually 22 Proventia Manager 15, 20, 21 updates 5 E Proventia OneTrust 21 ESX Proventia Server for VMware V description 8 architectural overview 2 virtual machine image 8 ESX Server components 8 Virtual Machine Observer about 4 deployment 8 See VMO configuring network settings 17 deployment requirements 7 virtual machines where to install 4 how it works 2 deployment requirements 10 events 5 licensing 21 virtual switch 18 overview 2 virtual switches 10 I setup process 12 ibm-accelerator-switch 10 IBM Internet Security Systems SiteProtector integration 6 ibm-vmwareintrospect-switch 10 customer support vii Proventia Setup 14 ibm-vmwarenetwork-switch 10 Customer Support site vii ProventiaServerV.ovf 8 VMkernel 4 technical support vii VMO 15 Web site vii R VMware Tools 10 IBM license agreement vi root user VMware vSphere Client 4.0 8 IPS protection 17 change password 14 description 8 VMX file 15 © Copyright IBM Corp. 2009, 2009 27
  • W Web site, IBM Internet Security Systems vii X xpu.iss.net 5 28 Virtual Server Security for VMware: Installation Guide
  • Printed in USA