To import cloud resources into Server & Workload Protection, Server & Workload Protection users must first have an account with which to access the cloud provider service
resources. Trend Micro recommends creating a dedicated account each user and another
for Server & Workload Protection itself. That is, users should each have one account to access and control the virtual
machines themselves and a separate account for Server & Workload Protection to connect to those resources.
NoteHaving a dedicated account for Server & Workload Protection ensures that you can refine the rights and revoke this account at any time. It is
recommended to give Server & Workload Protection an access key or secret key with read-only rights at all times.
|
NoteServer & Workload Protection only requires read-only access to import the cloud resources and mange their security.
|
What are the benefits of adding a vCloud account? {What}
The benefits of adding a vCloud account (through the Server & Workload Protection console > ) instead of adding individual vCloud resources (through the Server & Workload Protection console > ), are:
- Changes in your cloud resource inventory are automatically reflected in the Server & Workload Protection console. For example, if you delete a number of instances from vSphere, those instances disappear automatically from the Server & Workload Protection console. By contrast, if you use , cloud instances that are deleted from vCenter remain visible in the Server & Workload Protection console until they are manually deleted.
- Cloud resources are organized into their own branch in the Server & Workload Protection console, which lets you easily see which resources are protected and which are not. Without the vCloud account, all your cloud resources appear at the same root level under Computers.
Proxy setting for cloud accounts
You can configure Server & Workload Protection to use a proxy server specifically for connecting to instances being protected in
cloud accounts. The proxy setting can be found in .
Create a VMware vCloud Organization account for Server & Workload Protection
Procedure
- Log in to VMware vCloud Director.
- On the System tab, go to Manage And Monitor.
- In the left navigation pane, click Organizations.
- Double-click the Organization you wish to give the Server & Workload Protection user access to.
- On the Organizations tab, click Administration.
- In the left navigation pane, go to .
- Click the " plus " sign to create a new user.
- Enter the new user's credentials and other information, and select Organization Administrator as the user's Role.
Note
Organization Administrator is a simple pre-defined Role you can assign to the new user account, but the only privilege required by the account isand you should consider creating a new vCloud role with just this permission. - Click OK to close the new user's properties window.
What to do next
The vCloud account is now ready for access by Server & Workload Protection.
NoteTo import the VMware vCloud resources into Server & Workload Protection, users will be prompted for the Address of the vCloud, their User name , and their Password .
The User name must include "@orgName". For example if the vCloud account's username is kevin and the vCloud Organization you've given the account access to is called CloudOrgOne, then the Server & Workload Protection user must enter kevin@CloudOrgOne as their username when importing the vCloud resources.
(For a vCloud administrator view, use @system.)
|
Import computers from a VMware vCloud Organization Account
Procedure
- In the Server & Workload Protection console, go to Computers.
- Right-click Computers in the navigation panel and select Add vCloud Account to display the Add vCloud Cloud Account wizard.
- In Name and Description, enter the resources you are adding. (These are only used for display purposes in the Server & Workload Protection console.)
- In Address, enter the hostname or address of vCloud Director.
- In User Name and Password, enter vCloud authentication credentials. User names should have the format username@vcloudorganization.
- Click Next.
- Server & Workload Protection will verify the connection to the cloud resources and display a summary of the import action. Click Finish.
What to do next
The VMware vCloud resources now appear in the Server & Workload Protection console under their own branch on Computers.
Import computers from a VMware vCloud Air data center
Procedure
- In the Server & Workload Protection console, go to the Computers section, right-click Computers in the navigation panel and select Add vCloud Account to display the Add vCloud Account wizard.
- Enter a Name and Description of the vCloud Air data center you are adding. (These are only used for display purposes
in the Server & Workload Protection console.)
- Enter the Address of the vCloud Air data center.To determine the address of the vCloud Air data center:
- Log in to your vCloud Air portal.
- On the Dashboard tab, click on the data center you want to import into Server & Workload Protection. This will display the Virtual Data Center Details information page.
- In the Related Links section of the Virtual Data Center Details page, click on vCloud Director API URL. This will display the full URL of the vCloud Director API.
- Use the hostname only (not the full URL) as the Address of the vCloud Air data center that you are importing into Server & Workload Protection.
- In User Name and Password, enter virtual data center credentials. User names should have the format username@virtualdatacenterid.
- Click Next.
- Server & Workload Protection will verify the connection to the vCloud Air data center and display a summary of
the import action. Click Finish.
What to do next
The VMware vCloud Air data center now appears in the Server & Workload Protection console under its own branch on Computers.
Remove a cloud account
Removing a cloud provider account from Server & Workload Protection is permanent. However, your account with your cloud provider is unaffected and any
agents that were installed on the instances will still be installed, running, and
providing protection (although they will no longer receive security updates.) If you
decide to re-import computers from the Cloud Provider Account, the agents will download
the latest Security Updates at the next scheduled opportunity.
Procedure
- Go to the Computers page, right-click on the Cloud Provider account in the navigation panel, and select Remove Cloud Account.
- Confirm that you want to remove the account.
- The account is removed from Server & Workload Protection.