vShield Administration Guide
80
VMware, Inc.
Alarms
Alarms signal the vCenter Server administrator about vShield Endpoint events that require attention. Alarms
are automatically cancelled in case the alarm state is no longer present.
vCenter Server alarms can be displayed without a custom vSphere plug-in. See the
vCenter Server
Administration Guide
on events and alarms.
Upon registering as a vCenter Server extension, the vShield Manager defines the rules that create and remove
alarms, based on events coming from the three vShield Endpoint components: SVM, vShield Endpoint
module, and thin agent. Rules can be customized. For instructions on how to customize rules for alarms, see
the vCenter Server documentation. In some cases, there are multiple possible causes for the alarm. The tables
that follow list the possible causes and the corresponding actions you might want to take for remediation.
vShield Endpoint defines three sets of alarms:
“Host Alarms”
on page 80
“SVM Alarms”
on page 80
“VM Alarms”
on page 81
Host Alarms
Host alarms are generated by events affecting the health status of the vShield Endpoint module.
SVM Alarms
SVM alarms are generated by events affecting the health status of the vShield Endpoint module.
Table 14-1.
Warnings (Marked Yellow)
Possible Cause
Action
SVM is registered, but vShield Endpoint
module does not see any virtual machines to
protect. No requests for protection are coming
from any virtual machines. No virtual machines
are currently protected.
Usually a transient state occurring while existing virtual
machines are being moved with vMotion, or are just coming up.
No action required.
The ESX host has no virtual machines yet, or only virtual
machines with non-supported operating systems. No action
required.
Check the vShield Manager console for the status of the virtual
machines that should be protected on that host. If one or more
have an error status, the Endpoint thin agents in those machines
may be malfunctioning.
Table 14-2.
Errors (Marked Red)
Possible Cause
Action
The SVM version is not compatible with the
vShield Endpoint module version.
Install compatible components. Look in the
vShield Endpoint
Installation Guide
for compatible versions for vShield Endpoint
module and SVM.
Table 14-3.
Red SVM Alarms
Problem
Action
The vShield Monitor is not receiving status from
the SVM.
Either there are network issues between the vShield Monitor and the
SVM, or the SVM is not operating properly.
The SVM failed to initialize
Contact your security provider for help with SVM errors.
Содержание VSHIELD APP 1.0.0 UPDATE 1 - API
Страница 9: ...VMware Inc 9 vShield Manager and vShield Zones...
Страница 10: ...vShield Administration Guide 10 VMware Inc...
Страница 14: ...vShield Administration Guide 14 VMware Inc...
Страница 18: ...vShield Administration Guide 18 VMware Inc...
Страница 24: ...vShield Administration Guide 24 VMware Inc...
Страница 34: ...vShield Administration Guide 34 VMware Inc...
Страница 42: ...vShield Administration Guide 42 VMware Inc...
Страница 46: ...vShield Administration Guide 46 VMware Inc...
Страница 47: ...VMware Inc 47 vShield Edge and Port Group Isolation...
Страница 48: ...vShield Administration Guide 48 VMware Inc...
Страница 57: ...VMware Inc 57 vShield App and vShield Endpoint...
Страница 58: ...vShield Administration Guide 58 VMware Inc...
Страница 62: ...vShield Administration Guide 62 VMware Inc...
Страница 68: ...vShield Administration Guide 68 VMware Inc...
Страница 78: ...vShield Administration Guide 78 VMware Inc...
Страница 85: ...VMware Inc 85 Appendixes...
Страница 86: ...vShield Administration Guide 86 VMware Inc...
Страница 130: ...vShield Administration Guide 130 VMware Inc...
Страница 144: ...vShield Administration Guide 144 VMware Inc...