virtual server security for vmware: installation guide

IBM Virtual Server Security for VMware

Installation Guide for Virtual ServerSecurity for VMware(Proventia Server for VMware)

Version 1.0

��

Copyright statement© Copyright IBM Corporation 2009.

U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP ScheduleContract with IBM Corp.

Publication Date: December 2009

Contents

About this publication . . . . . . . . vRelated publications . . . . . . . . . viTechnical support contacts . . . . . . . vii

Chapter 1. About Virtual Server Security forVMware (Proventia Server for VMware) . . 1Overview . . . . . . . . . . . . . 2About VMware ESX. . . . . . . . . . 4About the Security Virtual Machine (SVM) . . 5Integration with IBM Proventia ManagementSiteProtector system. . . . . . . . . . 6

Chapter 2. Deployment components andsystem requirements . . . . . . . . . 7Deployment components . . . . . . . . 8Security Virtual Machine (SVM) requirements 9Virtual machine requirements . . . . . . 10

Chapter 3. Deploying the SVM . . . . . 11Setup overview . . . . . . . . . . . 12

Deploying the OVF file . . . . . . . . 13Running Proventia Setup. . . . . . . . 14Configuring the VMO using ProventiaManager . . . . . . . . . . . . . 15Configuring network settings for the hostingESX Server . . . . . . . . . . . . 17Optional: Configuring settings for theAccelerator . . . . . . . . . . . . 18Configuring SiteProtector systemmanagement . . . . . . . . . . . . 20Using Proventia Manager to uninstall theSVM from your system . . . . . . . . 21Uninstalling the SVM manually from yoursystem . . . . . . . . . . . . . . 22

Notices . . . . . . . . . . . . . 23Trademarks . . . . . . . . . . . . 25

Index . . . . . . . . . . . . . . 27

© Copyright IBM Corp. 2009, 2009 iii

iv Virtual Server Security for VMware: Installation Guide

About this publication

This section describes the audience for this guide, identifies related publications, and providescontact information.

Audience

Users of this guide should have fundamental knowledge of installing, deploying, andconfiguring applications on VMware.

Topics

“Related publications” on page vi

“Technical support contacts” on page vii

© Copyright IBM Corp. 2009, 2009 v

Related publications

Use this topic to help you access information about Proventia Server for VMware.

Publications

The following documents are available for downloading from the IBM ISS DocumentationWeb site at http://www.iss.net/support/documentation/.v IBM Virtual Server Security for VMware (Proventia Server for VMware) Installation Guide Version

1.0

v IBM Virtual Server Security for VMware (Proventia Server for VMware) Administrator GuideVersion 1.0

License agreement

For licensing information about IBM ISS products, download the IBM® Licensing Agreementfrom http://www.ibm.com/services/us/iss/html/contracts_landing.html.

vi Virtual Server Security for VMware: Installation Guide

http://www.iss.net/support/documentation/

http://www.ibm.com/services/us/iss/html/contracts_landing.html

Technical support contacts

IBM Internet Security Systems (IBM ISS) provides technical support to customers who areentitled to receive support. You can find information related to Customer Support hours ofoperation, phone numbers, and methods of contact on the IBM ISS Customer Support Webpage.

The IBM ISS Customer Support site

The IBM ISS Customer Support Web page at http://www.ibm.com/services/us/iss/support/provides direct access to online user documentation, current versions listings, detailed productliterature, white papers, the Technical Support Knowledgebase, and contact information forCustomer Support.

Contact information

For contact information, go to the IBM ISS Contact Technical Support Web page athttp://www.ibm.com/services/us/iss/support/contacts.html.

About this publication vii

http://www.ibm.com/services/us/iss/support/

http://www.ibm.com/services/us/iss/support/contacts.html

viii Virtual Server Security for VMware: Installation Guide

Chapter 1. About Virtual Server Security for VMware(Proventia Server for VMware)

This chapter describes how Virtual Server Security for VMware (Proventia Server forVMware) interacts with VMware ESX 4.0 and the IBM Proventia® Management SiteProtector™

system

Topics

“Overview” on page 2

“About VMware ESX” on page 4

“About the Security Virtual Machine (SVM)” on page 5

“Integration with IBM Proventia® Management SiteProtector™ system” on page 6

© Copyright IBM Corp. 2009, 2009 1

Overview

Proventia Server for VMware is a virtual agent that provides intrusion prevention, firewall,and rootkit protection for virtual machines (hosts) running on VMware ESX 4.0.

Proventia Server for VMware provides the same protection for virtual hosts that conventionalsecurity products provide for physical hosts. The intrusion prevention and firewall featuresprotect all traffic to and from any virtual machine in the system. The anti-rootkit featureprotects the virtual machines from malicious programs.

How it works

Proventia Server for VMware is an agent that runs on its own virtual machine called theSecurity Virtual Machine or the SVM. You install the SVM on the same physical host as thevirtual hosts it protects, but it remains external to those protected hosts. The SVM can blocknetwork-based attacks on virtual machines by inspecting and analyzing network traffic to,from, and between virtual hosts in real time. The firewall can provide policy enforcement fornetwork communication on the external physical network and on all inter-virtual machinetraffic. The SVM provides rootkit protection by using introspection, which is the ability toinspect the memory of a virtual machine.

Architectural overview

Proventia Server for VMware protection agents run as a Security Virtual Machine (SVM) on ahosting VMware ESX 4.0 Server, and are responsible for securing all the virtual machinesrunning on a single hosting ESX Server. The SVM is deployed into every physical server thatmust have protection for its virtual machines. This SVM exists as a privileged virtual machine.

2 Virtual Server Security for VMware: Installation Guide

The SVM monitors all the traffic involving virtual machines running on a hosting ESX Server,including traffic passed between local virtual machines. The SVM uses VMware’s Distributed

Figure 1. Typical setup of the Proventia Server for VMware protection agent

Chapter 1. About Virtual Server Security for VMware (Proventia Server for VMware) 3

Virtual Filter (DV Filter) API to capture and analyze traffic to and from virtual machineswithout the need for you to reconfigure the virtual network.

The SiteProtector system manages all the agents in a given installation. A Proventia Server forVMware installation consists of all the SVMs within a VMware deployment.

About VMware ESX

VMware ESX is an enterprise-level virtualization tool that runs both the SVM and the virtualmachines that are protected by the SVM.

Where to install the ESX software

You install the ESX software directly on a server; it does not need to run on top of anoperating system. The ESX Server is managed by the VMkernel, which is based on the Linux®

kernel. The VMkernel eliminates the overhead of running an operating system beneath thevirtual machines.


About the Security Virtual Machine (SVM)

The SVM is virtual machine that hosts the Proventia Server for VMware protection agent. TheSVM runs on a hosting ESX Server.

Typical deployment

The following diagram shows a simple deployment of Proventia Server for VMware. Thisdiagram shows the SVM within the context of other virtual machines and its hosting ESXServer, including the connections between the SVM and the SiteProtector instance thatmanages it and the policy, event, and update pathways for the SVM.

Policies are the SiteProtector policies that are subscribed to by the SVM, deployed to the SVM,and are used by the SVM to enforce protection of the virtual environment.

Events or Alerts contain data that is sent to the SiteProtector system to indicate networkattacks, virtual machine audit failures, or other situations detected by the SVM.

Updates are sent to the SVM from a SiteProtector Update Server (or xpu.iss.net as an alternate)to update components of the SVM.

Chapter 1. About Virtual Server Security for VMware (Proventia Server for VMware) 5

Integration with IBM Proventia® Management SiteProtector™ system

The SiteProtector system provides centralized management for SVM.

The SVM receives policies and updates from the SiteProtector system, and also transmitsalerts and heartbeats to the SiteProtector system.

Figure 2. Typical deployment of the SVM


Chapter 2. Deployment components and systemrequirements

This chapter describes the components that a Proventia Server for VMware deploymentconsists of and the requirements for each component.

Topics

“Deployment components” on page 8

“Security Virtual Machine (SVM) requirements” on page 9

“Virtual machine requirements” on page 10


Deployment components

Before you deploy Proventia Server for VMware, make sure you are familiar with itscomponents.

Table 1. Proventia Server for VMware deployment components

Component Description and location

VMware ESX 4.0 A virtualization layer that runs on physical serversthat abstracts processor, memory, storage, andresources into multiple virtual machines.

Download directly from http://www.vmware.com.Reference: See the VMware ESX 4.0 product pageon the VMware site at http://www.vmware.com/products/esx/ for more information about systemrequirements for the ESX Server.

VMware vSphere Client 4.0 VMware vSphere Client is an interface that allowsyou to connect remotely to the hosting ESX Serverfrom any Windows® PC.

Download directly from http://www.vmware.com.Reference: See the VMware vSphere 4.0 productpage on the VMware site at http://www.vmware.com/products/vsphere/ for moreinformation about system requirements forvSphere Client.

ProventiaServerV.ovf The virtual machine image for the SVM.

Download from the IBM Download Center.

Internet Explorer version 6 or later Download directly from http://www.microsoft.com/windows/internet-explorer/default.aspx.

SiteProtector 2.0 SP 8.0 The IBM ISS centralized management console.

Download from the IBM Download Center.


http://www.vmware.com

http://www.vmware.com/products/esx/

http://www.vmware.com/products/esx/

http://www.vmware.com

http://www.vmware.com/products/vsphere/

http://www.vmware.com/products/vsphere/

http://www.microsoft.com/windows/internet-explorer/default.aspx



Security Virtual Machine (SVM) requirements

Make sure the SVM meets the requirements listed in this section.

Reference: For a complete list of system requirements for Proventia Server for VMware, seethe System Requirements document on the IBM ISS Documentation Web site athttp://www.iss.net/support/documentation/.

Hosting ESX Server requirements

You can only install one SVM on each hosting ESX Server.

Your SVM must always be directed to its hosting ESX Server. The Proventia Manager setupand the Proventia Setup installation steps provide guidance on how to direct your SVM to itshosting ESX Server. Do not direct your SVM to a vCenter Server.

VMware Tools

The SVM does not support VMware Tools. Do not install VMware Tools on the SVM.

VMware VMotion and VMware Storage VMotion

The SVM does not support VMware VMotion (a technology that allows the live migration ofrunning virtual machines from one physical server to another server) and VMware StorageVMotion (a component of VMware vSphere that provides an interface for migrating virtualmachine disk files across storage arrays or across ESX Servers, with no downtime ordisruption in service).

You must install the SVM on the local storage for the hosting ESX Server so that it cannot useVMotion and Storage VMotion.

Memory requirements

Make sure the SVM has at least 1 GB of RAM and more than 10 GB of available hard diskspace.

Note: The SVM incurs a memory overhead for each virtual machine that it protects, but onlya fixed amount of processor time. The amount of RAM allocated to the SVM must beappropriately scaled for the expected number of virtual hosts.

Chapter 2. Deployment components and system requirements 9


Virtual machine requirements

Make sure the virtual machines that are protected by the SVM meet the requirements listed inthis section.

VMware Tools

You must install VMware Tools on each virtual machine that you want the SVM to protect.

Installing virtual machines- consideration

When you install virtual machines in a virtual environment, you should not install them onthe virtual switches that were created as part of the Proventia Server for VMware installation.

The Proventia Server for VMware installation process creates the following virtual switches:v ibm-vmwarenetwork-switchv ibm-vmwareintrospect-switchv ibm-accelerator-switch


Chapter 3. Deploying the SVM

This chapter explains how to set up the SVM on your network, how to configure settings forindividual components used by the SVM, how to remove the SVM from your system, andhow to configure SiteProtector management.

Topics

“Setup overview” on page 12

“Deploying the OVF file” on page 13

“Running Proventia Setup” on page 14

“Configuring the VMO using Proventia Manager” on page 15

“Configuring network settings for the hosting ESX Server” on page 17

“Optional: Configuring settings for the Accelerator” on page 18

“Configuring SiteProtector system management” on page 20

“Using Proventia Manager to uninstall the SVM from your system” on page 21

“Uninstalling the SVM manually from your system” on page 22


Setup overview

You manually deploy and configure the SVM that has been provided to you by IBM as avirtual machine image. The SVM is configured successfully when it can report to theSiteProtector Agent Manager.

Process

The Proventia Server for VMware setup follows this process:

Table 2. Proventia Server for VMware setup tasks

Task Description

1 Install the SVM from the provided OVF on the server running the ESX hostImportant: Make sure you install the SVM on the local storage for the hosting ESX Serverand not in a shared datastore. Installing the SVM on the ESX Local Storage prevents it frombeing migrated to a shared storage area or another ESX Server environment in case offailure.

2 Run Proventia Setup to configure initial settings for the SVM

3 Configure the Virtual Machine Observer (VMO) using Proventia Manager

The VMO is the module that communicates with the hosting ESX Server and collectsinformation about status changes in the virtual machines.

4 Configure network settings for the hosting ESX Server, and then reboot the ESX Server

These network settings enable introspection (the ability to inspect the memory of a virtualmachine) and enable analysis of network traffic.

5 Optional: Configure settings for the Accelerator function

The Accelerator analyzes traffic between one physical NIC (pNIC) on an ″accelerated″virtual switch and one other virtual switch already configured on your virtual network.


Deploying the OVF file

The Open Virtualization Format (OVF) template provided by IBM for installation contains thevirtual machine image for the SVM.

About this task

OVF is a distribution format that uses existing packaging tools to combine one or more virtualmachines with a standards-based XML wrapper. OVF gives the virtualization platform aportable package that contains all required installation and configuration parameters forvirtual machines. This format allows any virtualization platform that implements the standardto correctly install and run virtual machines.

Reference: See http://www.vmware.com/pdf/ovf_spec_draft.pdf for more information aboutOVF.

Procedure1. Connect to your hosting ESX Server using VMware vSphere Client.2. From the File menu, select Deploy OVF Template.3. From the Deploy OVF Template - Source window, select the Deploy from file option, click

Browse to locate the OVF file for the corresponding virtual machine, and click Next.4. From the Deploy OVF Template - OVF Template Details window, verify the OVF template

settings, and click Next.5. From the Deploy OVF Template - Name and Location window, type a name for the SVM.

Tip: Consider naming the SVM after the ESX Server it is associated with so that you willremember its name when you manage your protection from the SiteProtector system.

6. From the Deploy OVF Template - Network Mapping window, configure the Managementnetwork mapping option. The Management network mapping option allows you to accessthe Web management interface for the SVM from your Web browser and also enables theSVM to communicate with SiteProtector.

7. Click Next.8. From the Deploy OVF Template - Ready to Complete window, check the properties for the

SVM, and click Finish. The OVF is extracted and deployed to the hosting ESX Server.9. Deploy the SVM.

Chapter 3. Deploying the SVM 13

http://www.vmware.com/pdf/ovf_spec_draft.pdf

Running Proventia Setup

The Proventia Setup program is a text-based setup program you use to configure the initialsettings for the SVM.

Procedure1. Turn on the SVM.2. Log on to the SVM, using the management console or by SSH, with the following

account credentials:v username = admin

v password = admin

Note: Default passwords are all set to admin.3. From the Welcome window, press ENTER, and accept the License Agreement.4. From the Change Password (admin) window, change the password for the admin user,

and press ENTER.5. From the Change Password (root) window, change the password for the root user, and

press ENTER.6. From the Change Proventia Manager Password (admin) window, change the Proventia

Manager password for the admin user, and press ENTER.7. From the Network Configuration - Management Interface IP Address window, choose

one of the following methods to set the IP address:To set the IP address automatically via DHCP, select Set IP Address Automatically (viaDHCP), and press ENTER.After the agent obtains an IP address from the DHCP server, go to Step 9.If the agent fails to obtain the IP address dynamically, you will receive the followingmessage: Failed in getting IP Address dynamically.

If you receive this message, make sure your DHCP server is functioning and is availableon the network configured for the Management Interface.

Tip: Consider using a static IP address. DHCP environments can pose challenges to aProventia Server for VMware deployment.To set a static IP address for the management interface, select Set IP Address Statically,and press ENTER.

8. From the Network Configuration window, type the IP address, subnet mask, andgateway address for the SVM, and press ENTER.

9. From the Host Configuration window, type the host name and domain name for theSVM, and press ENTER.

10. From the DNS Configuration window, provide DNS settings for the SVM, and pressENTER.

11. Optional: From the Time Zone Configuration window, set the time zone for the SVM, andpress ENTER.


Important: When you deploy the OVF file, the SVM will use the time zone and thesystem time set for the hosting ESX Server.

12. Optional: From the Date/Time Configuration window, set the date and the time for theSVM, and press ENTER.

Important: When you deploy the OVF file, the SVM will use the time zone and thesystem time set for the hosting ESX Server.

13. From the Agent Name Configuration window, type the name for the SVM as it will bedisplayed in the SiteProtector Console.

Tip: Consider naming the SVM after the ESX Server it is associated with so that you willremember its name when you manage your protection from the SiteProtector system.

14. Press ENTER to exit the menu.

Configuring the VMO using Proventia Manager

The Virtual Machine Observer (VMO) module communicates with the hosting ESX Server andcollects information about changes in the status of the virtual machines, such as when newvirtual machines come online, when virtual machines are migrated, or when virtual machinesare suspended from operation or have resumed operation.

About this task

The VMO serves the following purposes:v Receives virtual machine events from the hosting ESX Server (or Service Console). These

events are reported to the SiteProtector Console, such as events indicating that virtualmachines are coming online or going offline. VMO also maintains inventory information forthe virtual machines, which can be used by the other modules of Proventia Server forVMware.

v Adds the security agent name to the configuration file of the virtual machines (VMX file),so that the machines can be protected by the security agent through introspection.

Procedure1. Open a Web browser, and type the IP address for the SVM (the IP address that was set for

the management interface during Proventia Setup): https://SVM_IP2. Log on to Proventia Manager (the Web-based management interface for the SVM) using

the following account credentials:v username = admin

v password = the Proventia Manager password you configured in Proventia Setup3. Click System → VMware in the navigation pane.


4. Type the following settings for the hosting ESX Server:

Option Description

ESX Server IP Address The IP address of the ESX Server hosting the SVM.Note: The IP address you enter here is forconfiguring the VMO module.

Administrator User Name The name of a user who has Administratorprivileges to access the hosting ESX Server.

Administrator Password The password of the user who has Administratorprivileges to access the hosting ESX Server.

5. Click OK.

Note: Because VMware does not provide a CA certificate for ESX 4.0, the VMO cannotvalidate the server certificate on the client side. Instead, the VMO will establish aconnection with the hosting ESX Server using HTTPS.


Configuring network settings for the hosting ESX Server

The ESX Server is the host machine on which the SVM and the other virtual machines arerunning.

Procedure1. Log on to the SVM, using the management console or by SSH, with the following account

credentials:v username = admin

v password = the password you configured in Proventia Setup2. From the Proventia Setup Configuration Menu, select Network Configuration.3. From the Network Configuration Menu, select ESX Server Configuration, and press

ENTER.4. From the ESX Server Configuration window, type the following settings for the hosting

ESX Server:

Option Description

ESX Server IP Address The IP address of the ESX Server hosting the SVM.Note: The IP address you enter here is forconfiguring ARK and IPS protection.

Administrator User Name The name of a user who has Administratorprivileges to access the hosting ESX Server.


5. Press ENTER to finish configuring network settings for the hosting ESX Server.6. Reboot the ESX Server for the configuration settings to take effect.


Optional: Configuring settings for the Accelerator

The Accelerator function enhances the performance of the SVM by analyzing traffic betweenone physical NIC (pNIC) on an ″accelerated″ virtual switch and one other virtual switchalready configured on your virtual network.

Before you begin

Make sure you have configured network settings for the hosting ESX Server before youconfigure settings for the Accelerator.

About this task

When you enable the Accelerator function, the SVM will configure the virtual network toallow the agent to directly capture and monitor traffic on one external pNIC using a newvirtual switch. A network interface of the SVM will be attached to the virtual switch thatpreviously hosted the pNIC.

The protected virtual machines do not need special network changes for packet analysis byIPS. The vNIC for a protected virtual machine can be on any virtual switch; traffic will still beanalyzed.

The Accelerator is an inline protection device that works through a bridged interface, whichuses two adapters on the SVM. You can only accelerate one pNIC. You should not acceleratethe pNIC connected to the SVM management interface. Also, make sure you set up the SVMmanagement interface on the same virtual switch as the hosting ESX Server managementinterface.

Important: You should configure this setting after you have deployed the SVM and you havedetermined how this setting will affect the performance of your virtual network.

Procedure1. Log on to the SVM, using the management console or by SSH, with the following account

credentials:v username = admin

v password = the password you configured in Proventia Setup2. From the Network Configuration Menu, select Accelerator Configuration.3. From the Accelerator Configuration Menu, select Enable Accelerator.4. From the Accelerator Configuration window, type the following settings for the

Accelerator:

Option Description

ESX Server IP Address The IP address of the ESX Server hosting the SVM.


Option Description

Administrator User Name The name of a user who has Administratorprivileges to access the hosting ESX Server


Physical NIC Name The device name of the physical NIC (pNIC) to bemonitored by the SVM.

Press the SPACE BAR on your keyboard to togglethrough the available pNICs.

Attention: Do not select or accelerate the pNICconnected to the SVM management console.

IP Address Range for MIA (Multiple InspectionAvoidance)

The IP address range for all hosts that will beaccelerated. This range includes all vNICsconnected to the pNIC that is being accelerated(the entire subnet).Example: Use one of the following formats in thisfield:

v Single IP address example: 1.1.1.1

v IP address range example: 1.1.1.1-1.1.1.1

v Network bits (CIDR) example: 1.1.1.10/24 0

You can also use commas to separate IP addressesand ranges of IP addresses: 1.1.1.1,2.2.2.2,3.3.3.1-3.3.3.10,4.4.4.4/24

MIA (Multiple Inspection Avoidance) is used to enhance the frame rate that the IPS enginecan analyze. When MIA is enabled, it examines every packet in the packet stream.

5. Press ENTER to finish configuring settings for the SVM.

Note: If the screen becomes unresponsive while you are configuring acceleration, trydisabling acceleration, and then go through the configuration steps again.

If disabling acceleration does not return the screen back to a responsive state, try removingthe acceleration settings manually, and then go through the configuration steps again.

See the topic “Uninstalling the SVM manually from your system” on page 22 later in thisguide, which includes steps on how to remove the acceleration settings manually.


Configuring SiteProtector system management

SiteProtector is the IBM ISS management system. The SiteProtector system manages theconnections between the SiteProtector Console and the SVM, including all policy, event, andupdate settings for the agent.

Procedure1. Open a Web browser, and type the IP address for the SVM (the IP address that was set

for the management interface during Proventia Setup): https://SVM_IP2. Log on to Proventia Manager (the Web-based management interface for the SVM) using

the following account credentials:v username = admin

v password = the Proventia Manager password you configured in Proventia Setup3. Click Launch Proventia Manager.4. Click System → Management in the navigation pane.5. Click Add Agent Manager.6. Configure the SiteProtector Agent Manager:

Option Description

Name The Agent Manager name exactly as it appears inthe SiteProtector Console.

Address The IP address of the SiteProtector Agent Manager.

Port The port number on which alerts are sent to theSiteProtector system.Note: The default port number is 3995. If youchange the default port number, you must alsoconfigure the port number locally on theSiteProtector Agent Manager.

Authentication Level Specifies how authentication between the SVMand the Agent Manager is managed.

Username If the SVM must log into an account to access theAgent Manager, type the user name for thataccount here.

Password If the SVM must use a password to access theAgent Manager, type the password here.

Proxy Settings If the SVM must go through a proxy to access theAgent Manager, select the Use Proxy Settingscheck box, and then type the Proxy ServerAddress and Proxy Server Port.

7. Select the Register with SiteProtector check box.8. In the Desired SiteProtector Group field, type the name of the Proventia Server for

VMware group registered in the SiteProtector system.


9. In the Heartbeat Interval (secs) field, type the number of seconds you want the SVM towait between the time it contacts the SiteProtector system for changed policies andupdates. Range: 60 to 86,400 seconds (1 minute to 2 days). You should use the default of3600.

Tip: Your SVM registers itself with the SiteProtector system at the end of the firstheartbeat. If you want to use a long heartbeat, you might want to set a short heartbeatinitially, and then change it after the SVM is registered.

10. Save your changes.

What to do next

See the SiteProtector documentation on the IBM ISS Documentation Web site athttp://www.iss.net/support/documentation/ for more information about Proventia OneTrusttokens and licensing used by Proventia Server for VMware.

Using Proventia Manager to uninstall the SVM from your system

Follow this procedure to use Proventia Manager to remove the SVM from your system.

Procedure1. Unregister the SVM from the SiteProtector system.

a. Open a Web browser, and type the IP address for the SVM (the IP address that was setfor the management interface during Proventia Setup): https://SVM_IP

b. Log on to Proventia Manager (the Web-based management interface for the SVM)using the following account credentials:v username = admin

v password = the Proventia Manager password you configured in Proventia Setupc. Click Launch Proventia Manager.d. Click System → Management in the navigation pane.e. Clear the Register with SiteProtector check box.

2. Log on to the SVM, using the management console or by SSH, with the following accountcredentials:v username = admin

v password = the password you configured in Proventia Setup3. Select Agent Management → Agent Uninstallation.4. Type the host address, Administrator user name, and Administrator password for the

hosting ESX Server, and press ENTER.5. Turn off the SVM.



Important: To avoid errors with removing the SVM from your system, make sure you donot restart or turn off the hosting ESX Server before the SVM has finished beinguninstalled from your system.

6. Delete the SVM from the disk.7. Reboot the hosting ESX Server.

Uninstalling the SVM manually from your system

Follow this procedure to manually remove the SVM from your system.

Procedure1. Remove the file /etc/crm/issengine.policy.2. Remove the file /etc/crm/issaccelerator.policy.3. From the Services Control Panel, restart the issDaemon service.4. Disconnect the pNIC from ibm-accelerator-switch.5. Locate the virtual switch that is currently connected to eth4 on the SVM. Connect the

pNIC (that you disconnected from ibm-accelerator-switch) to this virtual switch.6. Disconnect eth3 and eth4 on the SVM.7. Associate eth3 and eth4 on the SVM to VM Network.8. Remove ibm-accelerator-group and ibm-accelerator-switch.9. Turn off the SVM.

Important: To avoid errors with removing the SVM from your system, make sure you donot restart or turn off the hosting ESX Server before the SVM has finished beinguninstalled from your system.

10. Delete the SVM from the disk.11. Delete the ibm-vmwarenetwork-switch and ibm-vmwareintrospect-switch switches.12. Remove the DV Filter module using this command: esxupdate remove -b

cross_ibm-iss-vmkmod_400.1.0-164009

13. Restart the hosting ESX Server.


Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document in othercountries. Consult your local IBM representative for information on the products and servicescurrently available in your area. Any reference to an IBM product, program, or service is notintended to state or imply that only that IBM product, program, or service may be used. Anyfunctionally equivalent product, program, or service that does not infringe any IBMintellectual property right may be used instead. However, it is the user’s responsibility toevaluate and verify the operation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matter described inthis document. The furnishing of this document does not grant you any license to thesepatents. You can send license inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBM IntellectualProperty Department in your country or send inquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan Ltd.1623-14, Shimotsuruma, Yamato-shiKanagawa 242-8502 Japan

The following paragraph does not apply to the United Kingdom or any other country wheresuch provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINESCORPORATION PROVIDES THIS PUBLICATION ″AS IS″ WITHOUT WARRANTY OF ANYKIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THEIMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or impliedwarranties in certain transactions, therefore, this statement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes areperiodically made to the information herein; these changes will be incorporated in neweditions of the publication. IBM may make improvements and/or changes in the product(s)and/or the program(s) described in this publication at any time without notice.


Any references in this information to non-IBM Web sites are provided for convenience onlyand do not in any manner serve as an endorsement of those Web sites. The materials at thoseWeb sites are not part of the materials for this IBM product and use of those Web sites is atyour own risk.

IBM may use or distribute any of the information you supply in any way it believesappropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose of enabling:(i) the exchange of information between independently created programs and other programs(including this one) and (ii) the mutual use of the information which has been exchanged,should contact:

IBM CorporationProject ManagementC55A/74KB6303 Barfield Rd.,Atlanta, GA 30328U.S.A

Such information may be available, subject to appropriate terms and conditions, including insome cases, payment of a fee.

The licensed program described in this document and all licensed material available for it areprovided by IBM under terms of the IBM Customer Agreement, IBM International ProgramLicense Agreement or any equivalent agreement between us.

All statements regarding IBM’s future direction or intent are subject to change or withdrawalwithout notice, and represent goals and objectives only.


Trademarks

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of InternationalBusiness Machines Corp., registered in many jurisdictions worldwide. Other product andservice names might be trademarks of IBM or other companies. A current list of IBMtrademarks is available on the Web at “Copyright and trademark information” at Copyrightand trademark information at www.ibm.com/legal/copytrade.shtml.

Linux is a registered trademark of Linus Torvalds in the United States, other countries, orboth.

UNIX® is a registered trademark of The Open Group in the United States and other countries.

Microsoft® and Windows® are trademarks of Microsoft Corporation in the United States, othercountries, or both.

Other company, product, or service names may be trademarks or service marks of others.

Notices 25

http://www.ibm.com/legal/copytrade.shtml

http://www.ibm.com/legal/copytrade.shtml

Index

Aaccelerated mode 18Accelerator

configuring settings 18enabling 18

admin userchange password 14

Agent Manager 20alerts 5anti-rootkit feature 2ARK protection 17

CCA certificate 16Customer Support site, IBM Internet

Security Systems viicustomer support, IBM Internet

Security Systems vii

Ddeployment 8deployment requirements

Proventia Server for VMware 7SVM 9virtual machines 10

DHCP 14documentation vidocumentation web site viDV Filter 3

EESX

description 8ESX Server

about 4configuring network settings 17where to install 4

events 5

IIBM Internet Security Systems

customer support viiCustomer Support site viitechnical support viiWeb site vii

IBM license agreement viIPS protection 17

Llicensing 21licensing agreement vi

Mmanagement interface IP address

setting automatically 14setting static 14

MIA 19Multiple Inspection Avoidance

See MIA

Nnetwork mapping 13network mapping interfaces

Management 13non-accelerated mode 18

OOpen Virtualization Format

See OVFOVF 13

deploying 13OVF file 8

PpNIC 18policies 5preface vProventia Manager 15, 20, 21Proventia OneTrust 21Proventia Server for VMware

architectural overview 2components 8deployment 8deployment requirements 7how it works 2licensing 21overview 2setup process 12SiteProtector integration 6

Proventia Setup 14ProventiaServerV.ovf 8

Rroot user

change password 14

SSecurity Virtual Machine

See SVMSiteProtector 5

configuring management 20SiteProtector Agent Manager

IP address 20port 20

SiteProtector integration 6SiteProtector Update Server 5SVM 5

date/time configuration 15deployment 5deployment diagram 5deployment requirements 9DNS configuration 14host configuration 14memory requirements 9network configuration 14time zone configuration 14uninstalling (using Proventia

Manager) 21

Ttechnical support, IBM Internet

Security Systems vii

Uuninstalling manually 22updates 5

Vvirtual machine image 8Virtual Machine Observer

See VMOvirtual machines

deployment requirements 10virtual switch 18virtual switches 10

ibm-accelerator-switch 10ibm-vmwareintrospect-switch 10ibm-vmwarenetwork-switch 10

VMkernel 4VMO 15VMware Tools 10VMware vSphere Client 4.0 8

description 8VMX file 15


WWeb site, IBM Internet Security

Systems vii

Xxpu.iss.net 5


��

Printed in USA

virtual server security for vmware: installation guide

Documents