vShield / vCloud Networking and Security App – Excluding VMs

This blog is specifically for VMware vCloud Networking and Security 5.x

I would definitely say that the number one question I get regarding vCloud Networking and Security is with regard to vShield App and all the things you can (and can not) do with it. One of the questions that I recently got was regarding exclusion of virtual machines… in other words, can we set it up so that certain VMs do not have the firewall rules applied to it/do not got through the vShield App appliance… Why yes, of course there is. Note that by default the vShield Manager and service vm’s are automatically excluded. Per best practices, the vCenter Server and additional service vm’s (such as partner vm’s like Trend Micro, McAfee, Symantec, etc.) should be excluded as well. Exclusion is useful when vCenter Server resides in the same cluster where vShield App is utilized.

When using the vShield Manager, if you select the vShield App under “Settings and Reports”, the Fail Safe option and Exclusion List options are available.

vShield App

The Fail Safe option sets up the default fail safe configuration when the vShield App virtual appliance is down.

The Exclusion List allows you to add the individual virtual machines that can be exclude from App protection. Once selecting the “Exclusion List” you get the following screen that allows you to add the individual virtual machines.


Page 155 of the vShield 5.5 Admin guide will give more detail.

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: