VMware Cloud Community
Kwangwon
Contributor
Contributor
‎11-29-2010 11:40 PM

Capturing Traffics among Virtual Machines!

Configuring Passthrough is quite tough process so far. We are dealing with IPS(Intrusion Prevention Services) and IDS(Intrusion Detection Services). The reason I have been actually trying configuring Passthrough is capturing traffics among Virtual Machines for IPS. well, is there any other method to do it? If so, Necessity for VMDirectPath will be decreased. Please help me. :$

Thanks,

Kwangwon.

0 Kudos
2 Replies
ChrisDearden
Expert
Expert
‎11-30-2010 12:56 AM

if your IPS was a VM you could connect it to a promiscuous port on the vSwitch your VM's are connected to ?

check with your IPS vendor to see if they have a suitable virtual appliance.

@chrisdearden

If this post has been useful , please consider awarding points. @chrisdearden http://jfvi.co.uk http://vsoup.net
ezzeldin72
VMware Employee
VMware Employee
‎11-30-2010 02:32 AM

To capture virtual switch traffic you must modify the default security settings.

To monitor traffic, the port group Promiscuous Mode parameter must be set to Accept through the vSphere Client.

For a virtual machine, attach the virtual NIC to the switch or port group to monitor.

you IPS vm should configure the virtual NIC for promiscuous mode operation.

Ezzeldin Hussein | MBA| VCAP-DCA/DCD | VCI Level II | VCP-DCV/DT/CMA/NX | VCA/VSP/VTSP | vExpert Team Lead, Systems Engineering, NALE | Member of CTO Ambassador Program.  Business Central Tower A, Dubai Internet City, Dubai, POB 500569 Mobile(EG): +20106 5533 950 Mobile(UAE): +971 56 9095 106 Mobile(OM): +968 9066 0533