Based on the security information you obtained earlier, you must design solutions that support proper functioning of VMware Smart Assurance software components within the constraints of the network security environment.
-
For communication between Domain Managers across firewalls, plan on opening a hole in the firewall for VMware Smart Assurance communications. Certain TCP and UDP ports must be opened for proper communications:
-
SNMP polls: port 161
-
SNMP traps: port 162
-
Broker: port 426
-
License Manager: port 1744
-
Domain Manager: One port each, which can be configured
-
VMware Smart Assurance Adapters, including the Syslog Adapter and the SNMP Trap Adapter (Receiver). “Deploying Syslog Processing” on page 85 and “Deploy trap processing” on page 133 provide more information about the Syslog Adapter and the SNMP Trap Adapter.
-
-
If access lists are used, plan on deploying the IP addresses of hosts that include Domain Managers to the access list of devices that will be managed. The VMware Smart Assurance Domain Manager, for example, must have full access to browse the MIBs of the devices. (The specific MIBs are listed in the VMware Smart Assurance IP Manager User Guide and the VMware Smart Assurance IP Manager Reference Guide.) Depending on the network size and complexity, this task might require scheduling to obtain support from the organization’s network personnel.
-
You must have a listing of SNMP versions and related security parameter values that are used by specific devices in the organization’s network. Due to security concerns, it might not be appropriate to include them in the deployment build guide.
In addition, consider the level of security to configure for VMware Smart Assurance products. The VMware Smart Assurance security mechanisms support various levels of user authentication and both authentication and encrypted communication between VMware Smart Assurance products. Ensure that you understand the capabilities described in the VMware Smart Assurance System Administration Guide and then choose a level of security that is appropriate for the deployment.