Trying to setup vCNS in a 2-node test lab but unable to install the App appliances as warning states that vCenter and vShield Manager shouldn't be firewall and best practice is that they are run on a management cluster. There is a workaround that is supposed to allow you to exclude the vm's from any rules, vShield 5 App Deep Dive Series Part 1: Deployment options for vShield Manager with vCenter Server | ..., this works great for vCenter but unfortunately the vShield Manager isn't listed to add.
Is this automatically excluded or is there a way to add the VM to this list?
Here is the situation in simple terms:
VMware: "Here is your gun, here are some cartridges, be careful"
HywelB: *loads gun, snaps off safety, and levels gun at own foot*
If you want to play, consider the VMware Hands on Labs, other wise loading the vCNS manager and everything into one vCenter is really risking things. We tried it a while back, and after the second or third time we blew things up, we decided to never speak of it again!
I agree Matt
But, with limited budget for test system, and its documented so assume supported, its a necessary evil I think. I just need to make sure there are blanks in the gun!!! So, did you find a way to exclude vCNS Manager?
The Manager and service virtual machines (App Firewall, Edge Gateway, Data Security virtual machines) are automatically excluded from App Firewall protection
Exclusion list is applied across all App Firewall installations within specified vShield Manager.
(Also, if a virtual machine has multiple vNICs; all of them are excluded from protection. )