Hi All
We are looking to deploy a security platform on VMC that utilises a dedicated per-host appliance. on vSphere (on-prem), ports were mirrored by way of creating a dedicated vDS portgroup for the hosts.
I see from various articles online that we can create a port mirroring session for each segment (see https://cloud.vmware.com/community/2019/04/25/port-mirroring-vmware-cloud-aws/) that could forward to a security endpoint appliance, but how can we achieve the same as we have on prem, in VMC and capture traffic in the same way as on prem?
Cheers
PMB
Hi @petemb,
You can use port mirroring in VMConAWS to analyze Ingress, Egress or Bi Directional traffic.
Port Mirroring use a "source group" where the data is monitored and a "destination group" where the data is copied to, so you will need to create Compute Groups for the source VMs and the destination VMs to send the traffic ( this destination group is based on IPs addresses)
Also you you will need a virtual appliance to be deployed on the VMConAWS side as your security VM to analyze the traffic or install the security software in a new VM.
The steps are quite simple:
Related links:
There is good video where you can see a live demo in this link: https://www.youtube.com/watch?v=CToNGJ7jGvg&feature=emb_logo
How to add a Port Mirroring Profile: https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.0/administration/GUID-DBF4B64F-5F77-4255-95BF-...
How to add a Compute Group: https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/com.vmware.vmc-aws.networking-security/GUID-...
VMware Cloud on AWS Networking and Security guide Updated 14 January 2021: https://docs.vmware.com/en/VMware-Cloud-on-AWS/services/vmc-on-aws-networking-security.pdf
Regards,