I'm attempting to install vShield zones in a vSphere environment wihtout any success. I have 3 vSwitches, vSwitch0 is for service console, VM and FT; vSwitch1 is for virtual machine traffic; vSwitch3 is for iSCSI traffic.
vSwitch1 has 2 port groups each on a differnet VLAN (112 and 115) and this is the vSwitch i would like to install the vShield on.The majority of my servers are on VLAN112.
I've configured a new port group called vsmgmt and configured it on VLAN112. I imported and installed the vShield Manger OVF and configured it on VLAN112. I'm able to connect to the web interface no problem.
When attempting to install a vShield (version 1.0-216288) I followed the steps in the Quickstart guide. It looks like there has been some changes in this version as a couple of the configuration steps were slightly different from the supplied documentation. There is no details on what is required for the following settings:
Select a vSwitch for management port:
Specify associated VLAN ID (Optional):
After the install completes, the vShield Manager is unable to see the vShield agent (I get the error that the vshield is unreachable). I've tried the manual install as detailed here:
but this fails with the same problem.
I am able to ping the vShield agents from the vShield manager.
I've tried a few different options for the above configuration settings, but nothing seems to work. My intial thoughts were that because the port groups handle the VLAN tagging, the vShield would not need to have this configuration setting, but that didn't seem to work. I'm also not sure what is meant by Select a vSwitch for management port: but assume i should be putting vSwitch1 in as this is the vSwitch with the vsmgmt port group. There is nothing in the reference documentationthat that refers to these settings at all.
If anyone could help that would be greatly appreciated.
I've fixed this with a simple reboot of the vShield Manager.
Select a vSwitch for management port: does need to be the vSwitch with the pre-created vsmgmt port group
Specify associated VLAN ID (Optional): does need to have the same vlan ID as vShield Manager as it creates a port group with those properties.It's not the properties for the vShield agent VM.