Deep Security can be configured to protect vCloud Director workloads. vCD workloads are presented in Deep Security in the following hierarchy:
- vCloud Director instance
- virtual data center
- vApp
- virtual machine (being the endpoint that can be protected)
This allows an administrator to protect specific virtual machines (VMs) belonging to certain vDC’s/vApp’s.
- Multiple vCD instances can be presented, but make sure that all vCenters that the vCD uses for resources are already configured in the Administrative side of the portal.
- The following vCloud Director settings must be configured correctly:
- vCD public URL
- vCD public REST API base URL
These settings are located under System > Administration > Public Addresses.
- It is possible to have a VM listed in both the vCloud Directory and Active Directory at the same time, if the OS of the VM is part of the same Windows domain. Ensure that either in-guest Agent is activated or Agentless protection via VMware is used. Do not use both methods to enable protection for a VM. The activation will fail with an error message to deactivate the Agent first.
- When adding more than one vCloud Director instance, ensure that the corresponding provider virtual datacenter (PvDC) resources have been added to the DSM. These include the following:
- all vCenter instances that are used for PvDC
- all vShield Manager instances that are used for PvDC
- Public catalog VMs must have the vShield Driver installed as part of the Template configuration before adding the vApp/VM to the catalog. This will ensure that vShield Drivers are already enabled when a VM is deployed, thus the vApp/VM can be used for Agentless protection.
A. Prepare the following information for the configuration:
- vCloud Director DNS Name or IP Address
This should be the same as what you will find in the vCloud Director settings found in System Settings > Public Addresses > VCD Public URL.
- System Administrator account
Instead of using the built-in default Administrator account, it is recommended to create a new administrator account that will be used for the DSM.
B. Configure a new vCD instance in DSM:
- Click Computers and then right-click the Computers Inventory Object.
- Click Add Cloud Account.
- Change the Provider type to vCloud.
- Enter a descriptive name for the vCloud instance.
- In the Address field, type the IP address or DNS name of the vCloud Director instance.
Enter the address of the vCloud Director instance in this format: vcloud.mycompany.com. This should be the same as the vCloud Director setting in System Settings > Public Addresses > VCD Public URL.
- Do not use the console address or name.
- There is no need to include “http” or “https” in the address.
- In the User name field, follow the format "username@organizationname", as in the following example: admin@clientx.
In this example, admin is the username defined in the Clientx organization.
- Enter the password.
- Click Next to finish the configuration.
Only the following vCD objects are visible in DSM:
- virtual data center
- vApp
- virtual machine