In looking at implementing vShield Zones, I'm trying to figure out what the requirements are for compatibility with vmotion and fault tolerance. I create a port group for a vShield zone on one of the ESX servers in the environment. Do I need to exactly duplicate the configuration of that vShield zone port group on every ESX server to which I want to possiblly vmotion a VM or have a VM fail over to through fault tolerance or HA - even if that server currently doesn't have any VM's that need a vShield Zone?
Currently I don't have any vshield zones, vshield edge, or vshield app installed or configured. What product should be used is a decision yet to be made. However, High availability clusters and fault tolerance are currently being used. The concern is, how would adding a solution from the vShield suite of products impact the functionality of HA/FT/Vmotion that is currently in place.
vShield App, Edge and Endpoint products are all slightly different and have different use cases or problems they address. Given that, the way they work with VMware availability solutions and pre requisites for that, change.
If it helps, I will be happy to get a quick conf call to understand what specific use cases you are targetting and I can help with vis-a-vis with other offerings.
firstname.lastname@example.org is the email if you need to reach out to me.
Network Security Product Management