Gather network security information
Determine the level of security for the network that the
VMware Smart Assurance
software will monitor so that the software can be configured to a corresponding level of security. For example,
the security needs of a network in a financial, defense, or health care vertical market might be greater than in the manufacturing vertical market. Enumerate security preferences, such as the use of passwords, encrypted password storage, and encrypted
communications to guide you when configuring VMware Smart Assurance
security capabilities.There are many security-related network features that will affect the deployment. These include:
- Firewalls between parts of the deployment. AppropriateVMware Smart Assurancecomponents must be able to poll the network, receive traps, and communicate with otherVMware Smart Assurancecomponents. Certain TCP and UDP ports will need to be opened in the firewalls to facilitate these communications.
- Use of access lists. If access lists are used, the IP addresses of servers that are runningVMware Smart Assuranceproducts must be added to the access list of devices that will communicate with theVMware Smart Assuranceproducts.VMware Smart Assurance, for example, must have full access to browse the MIBs of the devices.
- Use of SNMP versions and their respective security capabilities. The version of SNMP that is used to communicate with the network devices can provide dramatically different levels of security. With SNMPv1 or v2c, the security is provided through the use of SNMP community strings. To properly configureVMware Smart Assurance, you must know the SNMP read community strings for all SNMPv1/v2c devices that will be managed.For communications to devices using SNMPv3, the requirements are much greater. Obtain the values for these configuration parameters for each SNMPv3 device:
- SNMPv3 username
- SNMP engine IDOptional. If wrong or omitted, discovery will find it.
- Authentication protocolMD5 and SHA are supported. NONE is the default.
- Authentication passwordRequired only if an authentication protocol is used.
- Privacy protocolAES and DES are supported. NONE is the default.
- Privacy passwordRequired only if a privacy protocol is used.
- Context name, if used