VMware Cloud Community
rob_ellison
Contributor
Contributor
‎06-03-2009 03:11 AM

vShield Zones and Nexus 1000v?

is it possible to use vShield Zones in conjunction with the Nexus 1000v?

how would this work in a multiple vlan type setup - i.e. MSP?

Reply
0 Kudos
10 Replies
secura
Contributor
Contributor
‎06-03-2009 04:17 AM

I am looking for the same answer as well.

I believe there is a configuration in vShield installation for a Distributed vswitch.

Could this work with Nexus ?

Kartik

Reply
0 Kudos
AntonVZhbankov
Immortal
Immortal
‎06-03-2009 04:58 AM

There is manual vShield install procedure for vNetwork Distributed switch on page 32 of "Administration Guide. vShield Zones 1.0"

"Installing a vShield Manually on a vNetwork Distributed Switch"


---

VMware vExpert '2009

http://blog.vadmin.ru

EMCCAe, HPE ASE, MCITP: SA+VA, VCP 3/4/5, VMware vExpert XO (14 stars)
VMUG Russia Leader
http://t.me/beerpanda
Reply
0 Kudos
secura
Contributor
Contributor
‎06-03-2009 05:11 AM

so does this conclude , that vshield Zones would work with CISCO nexus 1000v

?

Reply
0 Kudos
Texiwill
Leadership
Leadership
‎06-03-2009 06:24 AM

Hello,

It should work with the Nexus 1000V as it is really between the vswitches and not part of the vSwitch.


Best regards, Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009
Now Available on Rough-Cuts: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing ESX and the Virtual Environment'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|Virtualization Security Round Table Podcast[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
Reply
0 Kudos
vpert
Enthusiast
Enthusiast
‎06-09-2009 03:55 AM

Hi there,

has anyone done a sucessfull implementation of vShield on Nexus 1000V?

rgds

Tom

Reply
0 Kudos
vSerge
Enthusiast
Enthusiast
‎06-10-2009 11:18 AM

Here is the scoop on the 1000v & vShield Zones. Today, Zones are implement by placing a virtual appliance between two vSwitches - one with guests, one with the physical NICs. This deployment happens automatically on the ESX hosts you choose. Works great w/ the distributed vSwitch and the original vSwitch. However, Cisco 1000v does not allow for multiple instances of a switch to do this inline deployment to create a similar deployment as w/ VMware vSwitches; something that we're been working with Cisco with even before vSphere 4.0 was released. This affects any non-VMsafe virtual network appliance out there that need to go inline, so it's something that Cisco plans to address. The solutions we've discussed with Cisco are along the lines of what physical network appliances do, where there is a few lines of CLI configs on the Cisco to do send traffic to a virtual appliance for monitoring via dot1q trunk or untagged interface using policy-based routing or vACLs.

Today, it's possible to use vShield Zones with 1000v by actually creating a vDS or a regular vSwitch that homes all of the physical NICs and the 1000v continues to manage all the guests with the vShield sitting between the two inline. This works well, however, you do loose some of the features Cisco offers on the uplink side. If anyone is interested in trying out this configuration and other details, feel free to contact me <sergey@vmware.com>.

Reply
0 Kudos
saravanraj
Contributor
Contributor
‎06-10-2009 10:42 PM

Cisco and VMware have been working together on the support of vShield Zones with Nexus 1K as Sergey has mentioned. We plan to provide the capability in Nexus 1K to classify traffic that needs vShield services in a more granular fashion and redirect it to vShield using the "VACL redirect" functionality, consistent with our physical switch implementations. If you have further questions regarding this feature and other Nexus 1000V features, please feel free to contact us at Cisco Community on Nexus 1000V at :

https://www.myciscocommunity.com/community/products/nexus1000v

Reply
0 Kudos
secura
Contributor
Contributor
‎06-12-2009 04:08 AM

Hi all,

This was about the CISCO Nexus 1000v. I am a bit confused between the vDistributed switch given by VMware Vs the CISCO Nexus. Is the native vDistributed switch given by VMware bundled with Vsphere or is a separate download?

Thanks

Secura

Reply
0 Kudos
carlosVSZ
VMware Employee
VMware Employee
‎06-15-2009 05:35 PM

The vNetwork Distributed Switch is bundled with the Enterprise Plus license of vSphere 4. It is a feature that is available in this version, no need to download it separately.

For additional information on what key features/benefits are included see (look under VMware vNetwork for network related features):

For a networking white paper with details on vDS see:

Reply
0 Kudos
DSeaman
Enthusiast
Enthusiast
‎12-17-2009 05:35 PM

Appears to me that the Nexus 1000v v1.2 now supports vShield zones through the new VSD interface.

http://www.virtualization.info/2009/12/release-cisco-nexus-1000v-12.html

Derek Seaman
Reply
0 Kudos