Determine the level of security for the network that the VMware Smart Assurance software will monitor so that the software can be configured to a corresponding level of security. For example, the security needs of a network in a financial, defense, or health care vertical market might be greater than in the manufacturing vertical market. Enumerate security preferences, such as the use of passwords, encrypted password storage, and encrypted communications to guide you when configuring VMware Smart Assurance security capabilities.
There are many security-related network features that will affect the deployment. These include:
-
Firewalls between parts of the deployment. Appropriate VMware Smart Assurance components must be able to poll the network, receive traps, and communicate with other VMware Smart Assurance components. Certain TCP and UDP ports will need to be opened in the firewalls to facilitate these communications.
-
Use of access lists. If access lists are used, the IP addresses of servers that are running VMware Smart Assurance products must be added to the access list of devices that will communicate with the VMware Smart Assurance products. VMware Smart Assurance, for example, must have full access to browse the MIBs of the devices.
-
Use of SNMP versions and their respective security capabilities. The version of SNMP that is used to communicate with the network devices can provide dramatically different levels of security. With SNMPv1 or v2c, the security is provided through the use of SNMP community strings. To properly configure VMware Smart Assurance, you must know the SNMP read community strings for all SNMPv1/v2c devices that will be managed.
For communications to devices using SNMPv3, the requirements are much greater. Obtain the values for these configuration parameters for each SNMPv3 device:
-
SNMPv3 username
-
SNMP engine ID
Optional. If wrong or omitted, discovery will find it.
-
Authentication protocol
MD5 and SHA are supported. NONE is the default.
-
Authentication password
Required only if an authentication protocol is used.
-
Privacy protocol
AES and DES are supported. NONE is the default.
-
Privacy password
Required only if a privacy protocol is used.
-
Context name, if used
-