Restarting vCloud Network & Security Manager Web Service

Some time it happen that your vCloud Networking & Security Manager (vShield Manager) stop behaving & you want to restart it. One of the scenarios where you might need this if it stop synchronizing properly with vCenter or vCloud Director. The good news is most of these problems were resolved with the latest release of vCloud Network & Security Manager, but if it happen and you need to restart your vCNS services then below the commands that you can execute at the vCloud Network & Security Manager Console without the need to reboot the vCNS Appliance which can take a while. Below is how to do so in a step by step fashion:

1- Login to your vCNS Console (Default user name & password are as follow u:admin & password: default, if you want to change them you can follow my earlier post: Changing vCNS Console Password

2- Change to enable mode using the following command:

manager> enable

3- Change to Configure Terminal mode using the following command:
manager# configure terminal

4- Stop the web-manager service using the following command:
manager(config)# no web-manager

5- Execute the following command to restart the web-manager service
manager(config)# web-manager

I usually recommend stopping the web-manager service before shutting down vCloud Network & Security Manager if required for maintenance or so on.… Read More

vShield Manager is not synched with vCenter Server after you disconnect and reconnect the vShield Manager vNic

I had the problem where every now and then powering on vAPPs that utilize vShield fails and it reports that it failed because it could not create the required port group. This used to drive me crazy, especially the way I have found out to fix it was to reboot the vCloud Networking & Security Manager (vShield Manager) to sync it again with vCloud Director. This has end up being a known bug with vCloud Networking & Security 5.1.2 (I believe the same problem existed with 5.1.1 as well, but not sure of earlier vCNS versions). It seems that vCloud Network & Security 5.1.2 fails to synch back with vCenter after its vNic lost connectivity for any reason even after connectivity being restored. This has been pointed out in the release note of 5.1.1 as follow:

vShield Manager not reachable after network interface is disconnected and reconnected
vShield Manager is not synched with vCenter Server after you disconnect and reconnect the vShield Manager vNic.
Workaround: Reboot vShield Manager.

Release notes for vCNS 5.1.1 can be found at:

I know, I know that work around in the release note of having to restart vCloud Network & Security Manager each time you have that problem is not the greatest solution especially if your network is on the shaky side as my home lab.… Read More

Changing vCloud Networking & Security Console Password

While Changing the vCloud Networking & Security or vShield Manager Web Interface password is well documented at: Hardening vCloud Networking and Security 5.1.x virtual appliances, changing the console password of vCloud Network & Security or vShield Manager does not seems to be as well documented. Actually I have read in few places that its not possible to change the console password and enable password for vCloud Networking & Security Manager & Appliances. While that is partially true, you can actually recreate the admin account with the desired password which give you a similar effect to changing the password of the vCNS console admin account. The below procedure shows how to achieve just that in a step by step fashion:

How to change vCloud Networking & Security Console Password:

1. Connect to the console of the vShield Manager

2. Log in as ‘admin’  using the default credentials (U: admin  P: default)

3. Switch to ‘enable’ mode

  manager: enable

4. Switch to configuration mode

manager# configure terminal

5.  Create a temporary user, let’s call it tmpadmin

manager(config)# user tmpadmin password plaintext Newpassw0rd1

6. Save the configuration.

manager(config)# write memory

7. Exit twice until you are logged out

8. Log in as the new tmpadmin to the CLI and switch to ‘enable’ mode.… Read More

VXLAN Concept Simplified

While VXLAN seems to be the next revolutionary and world changing network technology out there, all the marketing hypes around it makes too confusing for the rest of us. When VXLANs first came out, I have decided to learn more about it. While there was tons of materials about it online, the more I read about it the more confused I was about this new magical networking technology. I have to admit while I know my ways around networking, I am still not anything near CCIE or in another word a networking whiz. I believe many more people out there who is not in the networking field are still confused about what is VXLANs and what problems it came to solve. In this post, I am trying to over simplify VXLANs for the rest of us to understand it. You can call it VXLAN for dummies if you want. I am not going to cover VXLANs in depth, but to touch on what its and where the idea of it came from.

Let’s start by a quick definition of VXLAN. Virtual Extensible LAN (VXLAN) is a proposed encapsulation protocol for running an overlay network on existing Layer 3 infrastructure. An overlay network is a virtual network that is built on top of existing network Layer 2 and Layer 3 technologies to support elastic compute architectures.… Read More

vShield Zone – vShield App – vShield Edge – vShield EndPoint Required vSphere version

Lately vShield seems to gain much popularity due to all the security benefits it offer in a virtual environment. Further, the security concern of merging 10s and (maybe 100s in the near future) of VMs on the same host seems just to push the demand for similar security capabilities in the Enterprise.  It seems there is a lot of confusion on which version of vSphere you require to run vShield products. This has been specially raised up with vShield Zone being a part of vSphere Advanced Edition and above, & people assuming the rest of the vShield Family will only work with vSphere Advanced and above. To be honest I had the question about a week back from one of our partners, and I did not know the answer and was trying to look it up on the net. Though I had no official answer in any of our documentation even internal one but found multiple blogs that posted different answers. Though my colleague @wibrahim had an e-mail from our security team with the official answer that I would like to share it with you. First thanks to @wibrahim for sharing the info, & being kind enough to take the time and share the original e-mail with me.… Read More