Based on the security information you obtained earlier, you must plan design solutions so that the applications can function properly in the network’s security environment:
-
Configure security policies (rules) to enable a one-way connection from the FLEXnet license server and the Broker to the various applications.
For communication between Managers across firewalls, plan on opening a hole in the firewall for the VMware Smart Assurance communications. Certain UDP and TCP ports must be opened for proper communications:
-
Broker: Port 426
-
License Manager: Port 1744
-
Manager: one port each, which can be configured
-
Adapters, including SNMP Trap Adapter and Syslog Adapter. The VMware Smart Assurance Service Assurance Manager Adapter Platform User Guide provides details.
-
-
Consider proxy servers when communicating with VMware Smart Assurance applications that reside behind firewalls. Using a proxy server reduces the number of firewall ports that need to be opened to one firewall port. “Configuring the Java clients to use a proxy server” on page 86 provides additional information on the procedure to configure the Java clients to use a proxy server.
-
If access lists are used, plan on deploying the IP addresses of hosts that include Managers to the access list of devices that will be managed. VMware Smart Assurance applications must have full access to browse the MIBs of the devices. The VMware Smart Assurance IP Manager User Guide lists the specific MIBs. Depending on the network size and complexity, this may require scheduling to obtain support from the organization’s network personnel.
-
You must have a listing of SNMP versions and related security parameter values that are used by specific devices in the organization’s network. Due to security concerns, it may not be appropriate to include them in the deployment build guide.