Hi,
I'm currently in the process od deploying vShield Apps in my environment. The problem I have is, that the environment is heavily firewalled an I cannot open a direct connection from the ESXi hosts, where vShield Apps should run, and the vShield Manager (vSM).
AFAIK the process of deplyoing the Apps looks like this:
1. Start deployment from the vShield Manager GUI, Network adress pre-config has to be put in
2. The vSM request from the vCenter, that the target Host get the neccessary .ova template from the vShield Manager, using wget over port 443.
3. The vCenter deploys the vShield App template, makes the network configuration of the appliance and the vswitch and in the last step, the vShiel App communicates with the vShield Manager.
Currently I am not able to execute the second step, that is the deplyoment of the vShield App template. The reason is, that I cannot open port 443 from the ESXi Host directly to the vShield Manager and am forced to use a VIP and ALG in between. So what should be done is, to give the vSM a VIP, which the ESXi Hosts must talk to instead of the real vSM IP, and the vCenter\vShield Apps would have to use this address to download the template and later to communicate with the vSM.
Is it possible to extract the ova. template of the vShield appliance, deploy them manually, tell them to use the VIP instead of the real vSM IP and connect them to the Manager?