Security is always the first important thing to lookout on at every stage of server & network. In virtual networking VMware provides vSwitch which allow you to provide 3 types of security policy which you can implement to secure your virtual infrastructure.
When we are using the Networking we always worried about the Network security but we can apply many security policy using Router, Switch etc So In terms of Virtual Networking it also works almost same as physical networking but it provides the virtual switch which is managed at host level.
vSwitch works same like physical switch but does not provide the more advanced features which physical switch provides. VMware has provided many good features in vSwitch such as Teaming & failover, Traffic Shaping, Security which are easy to use & help to manage networking in a better way.
As we have already seen Teaming and failover , Traffic Shaping so now we will look at the last feature which is Security. vSwitch provides 3 different types of security options which can be implemented on vSwitch.
So let’s see one by one.
Promiscuous Mode : Promiscuous Mode is set to Reject by default but we set it to accpet to view the traffic flowing through the entire vSwitch. Promiscuous Mode will allow you to sniff & capture all the traffic of the virtual machines going through vSwitch. If you are using VLAN in your networking than keep in mind that Promiscuous Mode will only allow to capture the traffic of VM port group which is in same VLAN. It does not allow VM to capture traffic on VLANs that aren’t specified by the port group. You can set this policy to Accept or Reject.
MAC Address Changes : This is the second security policy provided by vSwitch. It is set to Accept by default. which allows the operating system to change the MAC Address. The Default setting is useful when using the Microsoft NLB. If you set it to Reject mode it will check on the if the MAC Address is changed & if it is changed than assigned MAC Address it will disable the network connectivity & port will no longer will able to connect until you set it to Accept.
Forged Transmits : This is the Third security policy provided by vSwitch. It is also set to Accept by default. which allows the network traffic to be flowed from vSwitch if Source MAC address is still not matching. If it sets to Reject it will compare the source MAC address with with actual MAC address of VM NIC if it finds that Source MAC address is changed it will drop the network packets.
So by this way you can set 3 types of Security Policy at vSwitch level.
Checkout Our Posts on vSwitch :-
- What is vSwitch ?
- How to Create vSwitch ?
- How to add Uplinks in vSwitch ?
- How to Configure NIC Teaming in vSwitch ?
- How to Configure Traffic Shaping in vSwitch ?
- What are vSwitch Security Policies ?
- How to Configure vSwitch Security Policies ?
- Difference Between vSphere Standard Switch & vSphere Distributed Switch.
That’s it for Today Friends. I Hope you liked reading this post & If you find anything more to be added or removed feel free to write it in our comments. If you find it useful You are Feel free to share this on social media to help others & spread knowledge.
If you have any query on any thing you are free to write it in our comments section & we will make sure to provide you the better solution as soon as possible.