DDoS Secure: VMware Virtual Edition Installation Guide

DDoS Secure
VMware Virtual Edition Installation Guide
Release
5.13.2-0
Published: 2013-11-25
Copyright © 2013, Juniper Networks, Inc.

Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, California 94089
USA
408-745-2000
www.juniper.net
Copyright © Webscreen Technology 2001-2013
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United
States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,
transfer, or otherwise revise this publication without notice.
DDoS Secure VMware Virtual Edition Installation Guide
All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the
year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks
software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at
http://www.juniper.net/support/eula.html. By downloading, installing or using such software, you agree to the terms and conditions of
that EULA.
ii Copyright © 2013, Juniper Networks, Inc.

Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Part 1 VMware Virtual Edition Installation
Chapter 1 DDoS Secure VMware Virtual Edition Overview . . . . . . . . . . . . . . . . . . . . . . . . 3
DDoS Secure VMware Virtual Edition Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 2 Prerequisites for Installing a DDoS Secure Appliance Virtual Edition . . . . . . 7
Physical Interface Requirements for Installing a DDoS Secure Appliance VE . . . . . 7
Chapter 3 ESX (i) Server Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Preparing to Configure an ESX (i) Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 4 DDoS Secure Appliance Virtual Engine Installation Overview . . . . . . . . . . . . 11
Deploying a DDoS Secure Appliance Using the vSphere OVA Package . . . . . . . . . 12
DDoS Secure Appliance Virtual Engine Startup and Shutdown . . . . . . . . . . . . . . . 17
Tuning the Hardware Configuration of a DDoS Secure Appliance Virtual
Engine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Powering On a DDoS Secure Appliance Virtual Engine . . . . . . . . . . . . . . . . . . . . . 23
Configuring the Management IP Address in a DDoS Secure Appliance . . . . . . . . . 27
Connecting to the DDoS Secure Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
First Boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Understanding DDoS Secure Appliance Overview Page Information . . . . . . . 33
Configuring a Pair of High Availability DDoS Secure Appliances . . . . . . . . . . . . . . 34
Part 2 Appendix
Appendix A Installing Virtual Switches in a Network Adaptor . . . . . . . . . . . . . . . . . . . . . . 39
Installing Virtual Switches in a Network Adaptor . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Adding JS Protected and Protected LAN Port Groups . . . . . . . . . . . . . . . . . . . 41
Adding a JS Data Share Port Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Adding a JS Internet Port Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Reassigning the Existing VM Network Interfaces to a DDoS Secure
Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Copyright © 2013, Juniper Networks, Inc. iii

Appendix B Installing an Existing Single NIC ESX (i) Server . . . . . . . . . . . . . . . . . . . . . . . 69
Installing an Existing Single NIC ESX (i) Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Adding JS Protected and Protected LAN Port Groups in a NIC ESX (i)
Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Adding a JS Data Share Port Group to a NIC ESX (i) Server . . . . . . . . . . . . . . 82
Adding a JS Internet Port Group to a NIC ESX (i) Server . . . . . . . . . . . . . . . . . 86
Appendix C Installing and Configuring a New ESX (i) Server . . . . . . . . . . . . . . . . . . . . . . . 97
Installing and Configuring a New ESX (i) Server . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Installing an ESX (i) Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Connecting to vSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Configuring vSwitch0 in the DDoS Secure Appliance Management
Interface(s) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Creating Internet Traffic for a DDoS Secure Appliance . . . . . . . . . . . . . . . . . 103
Configuring a Data Share Port Group in a DDoS Secure Appliance . . . . . . . . 110
Setting a DDoS Secure Appliance Protected Interface to Promiscuous
Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Changing the Configuration Settings in an ESX (i) Server VMNIC
Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Appendix D Reassigning the Existing VM Network Interfaces in a VM Server . . . . . . . . . 113
Reassigning the Existing VM Network Interfaces in a VM Server . . . . . . . . . . . . . . 113
Appendix E Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Reconfiguring a vSphere Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Appendix F Understanding Sizing Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Understanding Sizing Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Appendix G NUMA Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Tuning in a NUMA Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
iv Copyright © 2013, Juniper Networks, Inc.

List of Figures
Chapter 1 DDoS Secure VMware Virtual Edition Overview . . . . . . . . . . . . . . . . . . . . . . . . 3
Figure 1: Virtual Edition with DDoS Protection System (External Servers
Protection) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Figure 2: Virtual Edition with DDoS Protection System (VM Servers
Protection) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Figure 3: Deploy OVF Template . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Figure 4: OVF Template Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Figure 5: EULA - Accept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Figure 6: EULA Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Figure 7: EULA – Name and Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Figure 8: Disk Format . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Figure 9: Network Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Figure 10: Ready to Complete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Figure 11: Deployment Confirmation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Figure 12: vSphere Client - Primary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Figure 13: VM Startup and Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Figure 14: VM Startup and Shutdown –Startup Order . . . . . . . . . . . . . . . . . . . . . . 18
Figure 15: VM Startup and Shutdown – Automatic Startup . . . . . . . . . . . . . . . . . . 19
Figure 16: VM Autostart Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Figure 17: Startup and Shutdown – Confirmation . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Figure 18: Startup and Shutdown – Complete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Figure 19: Primary Virtual Machine Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Figure 20: DDoS Secure Appliance Power On . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Figure 21: DDoS Secure Appliance Package Installation . . . . . . . . . . . . . . . . . . . . . 24
Figure 22: DDoS Secure Appliance Package Progression . . . . . . . . . . . . . . . . . . . . 25
Figure 23: DDoS Secure Appliance VMware Tools Screen . . . . . . . . . . . . . . . . . . . 25
Figure 24: DDoS Secure Appliance Package Update Screen . . . . . . . . . . . . . . . . . 26
Figure 25: DDoS Secure Appliance Primary Console . . . . . . . . . . . . . . . . . . . . . . . 26
Figure 26: IP Address Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Figure 27: Netmask Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Figure 28: Gateway Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Figure 29: Input Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Figure 30: Layer 2, Layer 23 or Layer 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Figure 31: Navigation Block Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Figure 32: DDoS Secure Appliance Log in Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Figure 33: Security Log in Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Figure 34: First Boot Screen Snippets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Copyright © 2013, Juniper Networks, Inc. v

Figure 35: First Boot Accept Screen Snippet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Figure 36: DDoS Secure Appliance Summary Board . . . . . . . . . . . . . . . . . . . . . . . 34
Figure 37: Configure Interface Page - Data Share Interface . . . . . . . . . . . . . . . . . . 35
Part 2 Appendix
Appendix A Installing Virtual Switches in a Network Adaptor . . . . . . . . . . . . . . . . . . . . . . 39
Figure 38: Example of ESX (i) Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Figure 39: Example of ESX (i) Server with Dual NIC . . . . . . . . . . . . . . . . . . . . . . . . 41
Figure 40: ESX (i) Server Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Figure 41: ESX (i) Server Add Network Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Figure 42: ESX (i) Server Wizard - Network Access . . . . . . . . . . . . . . . . . . . . . . . . 43
Figure 43: ESX (i) Server Wizard - Connection Settings . . . . . . . . . . . . . . . . . . . . . 44
Figure 44: ESX (i) Server Wizard Confirmation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Figure 45: ESX (i) Server Configuration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Figure 46: vSwitch Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Figure 47: vSwitch Network Wizard – Connection Type . . . . . . . . . . . . . . . . . . . . . 47
Figure 48: vSwitch Network Wizard – Connection Settings . . . . . . . . . . . . . . . . . . 48
Figure 49: vSwitch Network Wizard – Confirmation . . . . . . . . . . . . . . . . . . . . . . . 49
Figure 51: JS Protected Properties - General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Figure 52: JS Protected Properties - Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Figure 53: vSwitch3 Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Figure 54: ESX (i) Host Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Figure 55: VMware Connection Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Figure 56: Virtual Machine Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Figure 57: Virtual Machine Connection Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Figure 58: Virtual Machine Connection Settings Completion . . . . . . . . . . . . . . . . 56
Figure 59: Virtual Machine Connections Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Figure 60: Virtual Machine Configuration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Figure 61: vSwitch Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Figure 62: vSwitch Connection Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Figure 63: Virtual Machine Connection Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Figure 64: Network Wizard Completion Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Figure 65: Virtual Machine Configuration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Figure 67: JS Internet Properties - General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Figure 68: JS Internet Properties - Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Figure 69: vSwitch Properties - Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Figure 70: Virtual Machine Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
Appendix B Installing an Existing Single NIC ESX (i) Server . . . . . . . . . . . . . . . . . . . . . . . 69
Figure 71: ESX (i) Server with Single NIC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Figure 72: ESX (i) Server with Single NIC after DDoS Secure Appliance
Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Figure 73: JS Protected and Protected LAN Port Groups . . . . . . . . . . . . . . . . . . . . 72
Figure 74: Connection Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Figure 75: Virtual Machine Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Figure 77: Virtual Machine Connection Settings Completion . . . . . . . . . . . . . . . . . 75
vi Copyright © 2013, Juniper Networks, Inc.

List of Figures
Figure 78: Virtual Machine Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Figure 79: vSwitch Properties - Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Figure 80: Virtual Machine Connection Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Figure 82: Virtual Machine Connection Completion . . . . . . . . . . . . . . . . . . . . . . . . 78
Figure 83: vSwitch Properties Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Figure 84: JS Protected Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Figure 85: JS Protected Properties - General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Figure 86: JS Protected Properties - Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Figure 87: Virtual Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Figure 88: Virtual Switch Connection Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Figure 89: Virtual Switch - Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Figure 91: Virtual Machine Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Figure 92: Virtual Switch Configuration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Figure 94: Virtual Machine Connection Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Figure 96: Virtual Machine Connection Completion Page . . . . . . . . . . . . . . . . . . . 90
Figure 97: Virtual Machine Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Figure 98: vSwitch Properties Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Figure 99: JS Internet Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Figure 100: JS Internet Properties - General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Figure 101: JS Internet vSwitch Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Appendix C Installing and Configuring a New ESX (i) Server . . . . . . . . . . . . . . . . . . . . . . . 97
Figure 102: VMware vSphere Client Log in Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Figure 103: VMware vSphere Summary Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Figure 104: vSphere Client Configuration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Figure 105: vSwitch Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Figure 106: VM Network Properties - General . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Figure 107: vSwitch Properties - Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Figure 108: vSphere Client Configuration Page . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Figure 109: vSwitch Properties - Connection Type . . . . . . . . . . . . . . . . . . . . . . . . 105
Figure 110: Virtual Machine - Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Figure 111: Virtual Machine - Connection Settings . . . . . . . . . . . . . . . . . . . . . . . . . 106
Figure 112: Virtual Machine Connection Setting Completion . . . . . . . . . . . . . . . . . 107
Figure 113: Virtual Machine Connection Networking . . . . . . . . . . . . . . . . . . . . . . . 107
Figure 114: vSwitch Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Figure 115: JS Internet Properties - General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Figure 116: JS Internet Properties - Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Appendix D Reassigning the Existing VM Network Interfaces in a VM Server . . . . . . . . . 113
Figure 117: VM Server Edit Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Figure 118: Virtual Machine Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
Figure 119: Virtual Machine Properties - Hardware . . . . . . . . . . . . . . . . . . . . . . . . . 115
Figure 120: Virtual Machine Network Adapter . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Appendix E Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Figure 121: DDoS Secure Primary Appliance Summary . . . . . . . . . . . . . . . . . . . . . . 117
Copyright © 2013, Juniper Networks, Inc. vii

Appendix G NUMA Tuning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Figure 122: Processor Sockets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Figure 123: Virtual Machine Properties Resources options . . . . . . . . . . . . . . . . . . 122
Figure 124: Virtual Machine Properties - Allocating Maximum vCPUs . . . . . . . . . 122
viii Copyright © 2013, Juniper Networks, Inc.

List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Chapter 2 Prerequisites for Installing a DDoS Secure Appliance Virtual Edition . . . . . . 7
Table 3: DDoS Secure Appliance VE Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Table 4: Default Configurations in OVF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Part 2 Appendix
Appendix F Understanding Sizing Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Table 5: Sizing Requirement Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Copyright © 2013, Juniper Networks, Inc. ix

About the Documentation
• Documentation and Release Notes on page xi
• Documentation Conventions on page xi
• Documentation Feedback on page xiii
• Requesting Technical Support on page xiii
Documentation and Release Notes
To obtain the most current version of all Juniper Networks® technical documentation,
see the product documentation page on the Juniper Networks website at
http://www.juniper.net/techpubs/.
If the information in the latest release notes differs from the information in the
documentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore the
nuances of network architecture, deployment, and administration. The current list can
be viewed at http://www.juniper.net/books.
Documentation Conventions
Table 1 on page xii defines notice icons used in this guide.
Copyright © 2013, Juniper Networks, Inc. xi

Table 1: Notice Icons
Icon Meaning Description
Informational note Indicates important features or instructions.
Caution Indicates a situation thatmight result in loss of data or hardware damage.
Warning Alerts you to the risk of personal injury or death.
Laser warning Alerts you to the risk of personal injury froma laser.
Table 2 on page xii defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
Convention Description Examples
To enter configuration mode, type the
configure command:
user@host> configure
Bold text like this Represents text that you type.
user@host> show chassis alarms
No alarms currently active
Represents output that appears on the
terminal screen.
Fixed-width text like this
• A policy term is a named structure
that defines match conditions and
actions.
• Junos OS CLI User Guide
• RFC 1997, BGP Communities Attribute
• Introduces or emphasizes important
new terms.
• Identifies guide names.
• Identifies RFC and Internet draft titles.
Italic text like this
Configure the machine’s domain name:
[edit]
root@# set system domain-name
domain-name
Represents variables (options for which
you substitute a value) in commands or
configuration statements.
Italic text like this
• To configure a stub area, include the
stub statement at the [edit protocols
ospf area area-id] hierarchy level.
• The console port is labeled CONSOLE.
Represents names of configuration
statements, commands, files, and
directories; configuration hierarchy levels;
or labels on routing platform
components.
Text like this
< > (angle brackets) Encloses optional keywords or variables. stub <default-metricmetric>;
xii Copyright © 2013, Juniper Networks, Inc.

Table 2: Text and Syntax Conventions (continued)
Convention Description Examples
About the Documentation
broadcast | multicast
(string1 | string2 | string3)
Indicates a choice between the mutually
exclusive keywords or variables on either
side of the symbol. The set of choices is
often enclosed in parentheses for clarity.
| (pipe symbol)
Indicates a comment specified on the rsvp { # Required for dynamicMPLS only
same line as the configuration statement
to which it applies.
# (pound sign)
community name members [
community-ids ]
Encloses a variable for which you can
substitute one or more values.
[ ] (square brackets)
[edit]
routing-options {
static {
route default {
nexthop address;
retain;
}
}
}
Identifies a level in the configuration
hierarchy.
Indention and braces ( { } )
Identifies a leaf statement at a
configuration hierarchy level.
; (semicolon)
GUI Conventions
• In the Logical Interfaces box, select
All Interfaces.
• To cancel the configuration, click
Cancel.
Represents graphical user interface (GUI)
items you click or select.
Bold text like this
In the configuration editor hierarchy,
select Protocols>Ospf.
Separates levels in a hierarchy of menu
selections.
> (bold right angle bracket)
Documentation Feedback
We encourage you to provide feedback, comments, and suggestions so that we can
improve the documentation. You can send your comments to
techpubs-comments@juniper.net, or fill out the documentation feedback form at
https://www.juniper.net/cgi-bin/docbugreport/ . If you are using e-mail, be sure to include
the following information with your comments:
• Document or topic name
• URL or page number
• Software release version (if applicable)
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,
Copyright © 2013, Juniper Networks, Inc. xiii

or are covered under warranty, and need post-sales technical support, you can access
our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf .
• Product warranties—For product warranty information, visit
http://www.juniper.net/support/warranty/ .
• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
• Find CSC offerings: http://www.juniper.net/customers/support/
• Search for known bugs: http://www2.juniper.net/kb/
• Find product documentation: http://www.juniper.net/techpubs/
• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
• Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
https://www.juniper.net/alerts/
• Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/
Opening a Case with JTAC
You can open a case with JTAC on the Web or by telephone.
• Use the Case Management tool in the CSC at http://www.juniper.net/cm/.
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see
http://www.juniper.net/support/requesting-support.html.
xiv Copyright © 2013, Juniper Networks, Inc.

PART 1
VMware Virtual Edition Installation
• DDoS Secure VMware Virtual Edition Overview on page 3
• Prerequisites for Installing a DDoS Secure Appliance Virtual Edition on page 7
• ESX (i) Server Preparation on page 9
• DDoS Secure Appliance Virtual Engine Installation Overview on page 11
Copyright © 2013, Juniper Networks, Inc. 1

CHAPTER 1
DDoS Secure VMware Virtual Edition
Overview
• DDoS Secure VMware Virtual Edition Overview on page 3
DDoS Secure VMware Virtual Edition Overview
This chapter provides an overview of the VMware Virtual Edition (VE). Figure 1 on page 4
illustrates the Virtual Edition with DDoS external server protection system and
Figure 2 on page 5 illustrates the Virtual Edition with DDoS Secure with VM protection
system.

Figure 1: Virtual Edition with DDoS Protection System (External Servers
Protection)

Chapter 1: DDoS Secure VMware Virtual Edition Overview
Figure 2: Virtual Edition with DDoS Protection System (VM Servers
Protection)
The DDoS Secure appliance Virtual Edition provides the freedom and operational flexibility
to install a fully automatic DDoS protection system for any hardware platform running
VMware ESX (i) v4 or later server software.
The DDoS Secure appliance VMware solution is placed between the JS Internet port
group and the port group JS Protected as a layer 2 device controlling the flow between
the two switches. The solution is scalable for performance by adding in virtual CPUs and
scalable for IP protection by adding in more virtual memory (subject to license key).
High Availability primary and secondary instances of DDoS Secure appliance VE are
connected to the JS Data Share port group. This connection is then used to synchronize
the configuration and other information of the DDoS Secure appliance VE standby/active
pair.
Related
Documentation
• Physical Interface Requirements for Installing a DDoS Secure Appliance VE on page 7
• Preparing to Configure an ESX (i) Server on page 9
• Deploying a DDoS Secure Appliance Using the vSphere OVA Package on page 12

CHAPTER 2
Prerequisites for Installing a DDoS Secure
Appliance Virtual Edition
Physical Interface Requirements for Installing a DDoS Secure Appliance VE
Table 3 on page 7 describes the prerequisites to be met before installing DDoS Secure
appliance VE.
Table 3: DDoS Secure Appliance VE Prerequisites
PREREQUISITE COMPONENT TYPE(S) COMMENTS
Provides support to run a 64-bit virtual guest. VT is usually enabled
through the BIOS settings of the host.
Intel-VTx or equivalent with
64-bit support
64-bit hardware
assisted virtualization
support enabled
Provides a virtualization layer that abstracts the processor, memory,
storage, and networking resources of the physical host into multiple
virtual machines.
You can install ESX (i) installable on any hard drive on your physical
server.
VMware ESX (i) 4.1 Server
or above
Bare-Metal Embedded
Hypervisor
Installs on a Windows PC and is the primary method of interaction
with VMware vSphere. The vSphere client acts as a console to operate
virtual machines and as an administration interface into ESX (i) hosts.
The vSphere client is downloadable from the vCenter server system
and ESX (i) hosts. The vSphere client includes documentation for
administrators and console users.
Virtual Infrastructure VMware vSphere Client
Management Tool
Deploys the DDoS Secure appliance Virtual Edition (VE) on to an ESX
(i) server using a vSphere client.
The DDoS Secure appliance Virtual Edition (VE) Product package is
downloadable from the from the Juniper Network website:
https://juniper.net (login required).
DDoS Secure appliance OVA package
Virtual Edition Product
package
At least 800MB free of virtual RAM to allocate to each DDoS Secure
appliance VE.
Virtual managed in vSphere
environment
RAM

Table 3: DDoS Secure Appliance VE Prerequisites (continued)
PREREQUISITE COMPONENT TYPE(S) COMMENTS
Virtual diskmanaged in At least 11GB of free space for each DDoS Secure appliance VE.
vSphere environment
Datastore
CPU Virtual CPU At least one virtual CPU. Preferably two ormore.
Connects existing management traffic and DDoS Secure appliance
VE(s) together through a port group ManagementLan.
1 x vSwitch
1 x Port Group
Management Network
It is recommended that the physical Internet Gateway router/switch
is connected to a vSwitch with a dedicated vmnic. The DDoS Secure
appliance Internet interface must be connected to this vSwitch using
a JS Internet port group configured in promiscuous mode.
1 x vSwitch
1 x Dedicated
Port Group
Internet Network
It is recommended that firewalls/load balancers/servers and so on
are connected to a vSwitch with port group ProtectedLAN so that
their traffic is routed using the DDoS Secure appliance transparently
to and from the internet gateway. DDoS Secure appliance protected
interfaces must be connected to this vSwitch using a dedicated JS
Protected port group configured in promiscuous mode.
1 x vSwitch
1 x Dedicated
Port Group
1 x Port Group
Protected Network
DDoS Secure appliance VE can be paired to provide a highly available
active/standby pair. The port group is labeled as JS Data Share.
1 x vSwitch
1 x Port Group
Data Share Network
Related
Documentation
• DDoS Secure VMWare Virtual Edition Overview on page 3

CHAPTER 3
ESX (i) Server Preparation
Preparing to Configure an ESX (i) Server
It is possible that the ESX (i) server has been built in many different ways, or the ESX (i)
server has not yet been built.
There are three existing generic build scenarios, and most existing ESX (i) configurations
should map into one of the following scenarios:
1. Two (or more) NIC interfaces in use—Existing 2+ NIC ESX (i) Installation.
2. Single (possibly teamed) NIC interface in use—Existing Single NIC ESX (i) Installation.
3. Initial build of ESX (i) server—New ESX (i) Installation.
Verify which is the most appropriate scenario to use to reconfigure/update the ESX (i)
internal networking layout.
NOTE: This preparation work MUST be done prior to installing the DDoS
Secure appliance VMware instance.
The ESX (i) server may be restricted in the number of physical interfaces, so
it may not be possible to associate each vSwitch with a dedicated physical
interface.
The Management Lan port group and JS Data Share port group must not be
on the same vSwitch, unless they are in different VLANs.
The JS Internet port group and JS Protected port group must not be on the
same vSwitch, unless they are in different VLANs.
Related
Documentation
• DDoS Secure VMWare Virtual Edition Overview on page 3

CHAPTER 4
DDoS Secure Appliance Virtual Engine
Installation Overview
To install the DDoS Secure appliance VE, you will need to deploy a DDoS Secure appliance
OVF Template package onto the VMware ESX (i) server via a vSphere client. The vSphere
configuration wizard guides you through the initial configuration and allows you to change
the virtual machine name, disk format and the network mapping.
There are two variants of the Open Virtualization Format (OVF). One variant is for general
use and the other variant is for light use (that is, demo on laptop).
Table 4 on page 11 describes the initial default configuration contained in the OVF:
Table 4: Default Configurations in OVF
RESOURCE GENERAL VALUE VALUE
vCPU 4 vCPU 2 vCPU
Virtual Disk 100GB 15GB
Memory 6000 MB 1000 MB
Network Interfaces 4 4
It is quite likely that these defaults will need to be changed according to bandwidth
requirements, the number of protected servers, tracked IP addresses and TCP connections;
depending on your network usage. Resource values must be changed using the vSphere
client user interface before powering on the virtual machine for the first time.
• DDoS Secure Appliance Virtual Engine Startup and Shutdown on page 17
• Tuning the Hardware Configuration of a DDoS Secure Appliance Virtual
Engine on page 22
• Powering On a DDoS Secure Appliance Virtual Engine on page 23
• Configuring the Management IP Address in a DDoS Secure Appliance on page 27
• Configuring a Pair of High Availability DDoS Secure Appliances on page 34

Deploying a DDoS Secure Appliance Using the vSphere OVA Package
To deploy an appliance using the vSphere OVA package:
1. Verify that you have created all the necessary port groups.
2. In vSphere client, select the appropriate host or resource pool.
3. Select File > Deploy OVF Template to invoke the Deploy OVF template wizard, as
shown in Figure 3 on page 12.
Figure 3: Deploy OVF Template
The Deploy OVF Template wizard will be invoked and will request selection of an OVA
package. Use the OVA package previously downloaded from the DDoS Secure
appliance Technology website. The OVA package can be identified by the following
naming format:
DDoS Secure appliance[VERSION].[ARCH].ova
DDoS Secure applianceFC11_64-4.0.2-2.x86_64.ova
ddossecureCENTOS_6_3-lite-5.13.2-0.x86_64.ova
4. Specify your OVA file or click Browse to browse for it and then click Next to continue.
Figure 4 on page 13 displays the OVF template details.

Chapter 4: DDoS Secure Appliance Virtual Engine Installation Overview
Figure 4: OVF Template Details
5. The Wizard reads and verifies the OVF template details. Click Next to continue.
Figure 5 on page 13 displays the EULA screen.
Figure 5: EULA - Accept
6. Read and accept the End User License Agreement (EULA). Click Next to continue.
Figure 6 on page 14 displays the screen to enter the name of the EULA.

Figure 6: EULA Name
7. A suggested default VM name is provided. Rename this to DDoS Secure appliance
Primary (DDoS Secure appliance Secondary, if this is the second instance for a HA
pair), or any other suitable name. Figure 7 on page 14 displays the screen to enter the
name and location.
Figure 7: EULA – Name and Location

8. Click Next to continue. Figure 8 on page 15 displays the screen with disk format details.
Figure 8: Disk Format
9. Select the disk format in which the DDoS Secure appliance VE files are stored. You
must choose Thick provisioned format (the default format).
10. Click Next to continue. Figure 9 on page 15 displays the network mapping screen.
Figure 9: Network Mapping

11. Map the networks used in the OVF template to the networks defined in your inventory.
If the port groups have been labeled up as previously described, no changes are
required. However, if there are differences, for each source network choose an
appropriate destination network by selecting an inventory network from the destination
networks drop-down select box.
12. Click Next to continue. Figure 10 on page 16 displays the ready to complete screen.
Figure 10: Ready to Complete
13. Review the configured settings and click Finish to start the deployment process. This
completes the wizard process, the Deploy OVF Template window will now close. It
may take a few minutes for the new machine to be deployed in the vSphere client
inventory. Figure 11 on page 16 displays the deployment completion message.
Figure 11: Deployment Confirmation
Upon deployment, a window box will appear stating that the deployment has been
successful.
14. Click Close to continue.

Related
Documentation
DDoS Secure • Appliance Virtual Engine Startup and Shutdown on page 17
• Tuning the Hardware Configuration of a DDoS Secure Appliance Virtual Engine on
page 22
DDoS Secure Appliance Virtual Engine Startup and Shutdown
To start or shutdown a Virtual Machine:
1. Open the vSphere client.
2. Select the ESX (i) host in the inventory.
3. Select the Configuration tab and click Virtual Machine Startup Shutdown.
Figure 12 on page 17 displays the vSphere primary client screen.
Figure 12: vSphere Client - Primary
4. Click Properties on the same line as Virtual Machine startup and shutdown.
Figure 13 on page 18 displays the virtual machine startup and shutdown screen.

Figure 13: VM Startup and Shutdown
5. Select Allow virtual machines to start and stop automatically with the system under
System Settings, as shown in Figure 14 on page 18.
Figure 14: VM Startup and Shutdown –Startup Order
6. In the startup order window, select DDoS Secure appliance Primary under Manual
Startup and click Move Up (in this case) twice for automatic startup, as shown in
Figure 15 on page 19.

Figure 15: VM Startup and Shutdown – Automatic Startup
7. Click Edit.
The Virtual Machine Autostart Settings window is displayed.
8. Under Shutdown Settings, select Use specified settings and select Guest Shutdown
from the Perform shutdown action drop-down, as shown in Figure 16 on page 20.

Figure 16: VM Autostart Settings
9. Click OK in the Virtual Machine Startup and Shutdown window. Figure 17 on page 21
displays the confirmation screen of Virtual Machine Startup and Shutdown window.

Figure 17: Startup and Shutdown – Confirmation
10. Click OK in the vSphere Client window. Figure 18 on page 21 displays the completion
screen of Virtual Machine Startup and Shutdown window.
Figure 18: Startup and Shutdown – Complete
Startup and Shutdown configuration for DDoS Secure appliance Primary is now complete.
NOTE: If the entry is repeated multiple times, select another configuration
option and then switch back to validate the screen above.

Related
Documentation
Deploying a DDoS Secure Appliance • Using the vSphere OVA Package on page 12
page 22
• Understanding Sizing Requirements on page 119
Tuning the Hardware Configuration of a DDoS Secure Appliance Virtual Engine
Increasing the number of vCPUs will improve performance of the DDoS Secure appliance
VE and increasing the memory will increase the number of servers the appliance VE will
be capable of protecting. Increasing disk space will increase the logging retention
capability.
Alterations to vCPUs, memory and disk space can only be done with the appliance
powered off. Furthermore, the disk space cannot be changed after the appliance has
been powered on and the software installed.
Open the vSphere Client, select a appliance virtual machine from the inventory and select
Edit Settings, this will open the Virtual Machine properties window.
Use the recommended Virtual Machine Properties. Any memory configurations suggested
by the vSphere client are not applicable to the appliance VE and should be ignored.
Areas to consider are:
• CPUs
• Memory
• Disk Space
Figure 19 on page 23 displays the Primary Virtual Machine Properties window.

Figure 19: Primary Virtual Machine Properties
Related
Documentation
Powering On a DDoS Secure Appliance Virtual Engine
Before powering on for the first time, confirm that you have configured the correct amount
of disk space as this cannot be subsequently changed. To power on a DDoS Secure
appliance virtual engine:
1. Open the vSphere client, select a DDoS Secure appliance virtual machine from the
inventory and power on the machine by typing Ctrl-B or using the mouse-click driven
menus, as shown in Figure 20 on page 24.

Figure 20: DDoS Secure Appliance Power On
When powering on your DDoS Secure appliance virtual machine for the first time, the
DDoS Secure appliance software will automatically install and boot the DDoS Secure
appliance VE up to the login: prompt. It will pause, requesting that VMtools Installation
is enabled before this can complete.
2. Monitor the install by selecting the Console pane of the DDoS Secure appliance virtual
machine, as shown in Figure 21 on page 24.
Figure 21: DDoS Secure Appliance Package Installation

Figure 22 on page 25 software packages being installed and the DDoS Secure appliance
is waiting for VMtools to be installed.
Figure 22: DDoS Secure Appliance Package Progression
3. Right click the Guest name in the Inventory and select Interactive Tools Upgrade, as
Figure 23: DDoS Secure Appliance VMware Tools Screen

The update screen appears after the VMtools CD has been detected, as shown in
Figure 24: DDoS Secure Appliance Package Update Screen
When the installation has finished, you will be prompted to login at the console, as
Figure 25: DDoS Secure Appliance Primary Console
An IP address will be allocated by DHCP if it is available. If DHCP is not available, it
will default to 192.168.0.196.

Related
Documentation
page 22
Configuring the Management IP Address in a DDoS Secure Appliance
To configure DDoS Secure appliance management IP address:
1. Login from the console with username configure and password configure.
The following sets up the interface mapping, IP address, netmask, gateway and speed
of the DDoS Secure appliance management interface. Replace the values shown with
your appropriate settings to connect to your management network.
2. Enter the management IP address for accessing the DDoS Secure appliance GUI or
CLI, as shown in Figure 26 on page 27. This IP address must not be in use elsewhere.
Figure 26: IP Address Configuration
3. Enter the management IP netmask, as shown in Figure 27 on page 27.
Figure 27: Netmask Configuration
4. Enter the management network gateway. This has to be in the same subnet as the
management IP address, as shown in Figure 28 on page 27.
Figure 28: Gateway Configuration
5. If you are satisfied with the input values, then enter y, as shown in Figure 29 on page 27.
Figure 29: Input Values
6. Choose the Layer 2, Layer 23 or Layer 3 operational mode, as shown in

Figure 30: Layer 2, Layer 23 or Layer 3
The DDoS Secure appliance normally works as a layer 2 device on the main data path
that provides DDoS protection. However, there are circumstances where layer 2 will
not work and the DDoS appliance needs to operate in a layer 3 type environment
without the interfaces being in promiscuous mode. This mode is catered for, but does
have limitations as described in the selection figure. Normally, you would select n at
this point. Otherwise, you will need to define the appropriate IP addresses.
The DDoS Secure appliance will re-configure and the console will return to the login
prompt.
• Connecting to the DDoS Secure Appliance on page 28
• First Boot on page 31
• Understanding DDoS Secure Appliance Overview Page Information on page 33
Connecting to the DDoS Secure Appliance
To connect to the DDoS Secure appliance:
1. Open a browser window on a management PC. It is recommended that the
management PC is connected via the vSwitch associated with the JS Management
port group although access to the DDoS Secure appliance GUI and command line
can also be gained via vSwitches associated with the non-promiscuous Protected or
Internet port groups (provided routing is in place). Whichever method is used, the
management PC will need to be configured with an IP address that is routable to/from
the management IP address of the DDoS Secure appliance.
2. Type https://aaa.bbb.ccc.ddd in the address bar, where aaa.bbb.ccc.ddd is the IP
address of the management interface of the appliance (factory default is
192.168.0.196). A navigation block error is displayed, as shown in Figure 31 on page 29.

Figure 31: Navigation Block Error
NOTE: The URL is prefixed with https://.
All traffic between the Management PC and the DDoS Secure appliance
is encrypted.
The DDoS Secure appliance produces a self-signed certificate for use in the secured
communications. This certificate is recreated every time the appliance management
interface IP address is reconfigured, or if there is less than a year to run when a software
patch is applied. It is possible for the date to be invalid if the clocks on the DDoS Secure
appliance and on the browser are significantly out of phase. It is possible to replace
this certificate through the GUI.
3. View the certificate and install it to prevent the security alert every time you connect
to the DDoS Secure appliance.
4. Click Process anyway if you are sure that you are trying to connect to the DDoS Secure
appliance. The DDoS Secure appliance login page is displayed in Figure 32 on page 30.

Figure 32: DDoS Secure Appliance Log in Page
5. Click Login to access the DDoS Secure appliance.
Alternatively, check Use Original GUI to access the older DDoS Secure interface. If the
checkbox is pre-checked, DDoS Secure has determined that your browser does not
support the new UI interface.
6. Enter the username and password when prompted. Figure 33 on page 31 displays the
security log in page.

Figure 33: Security Log in Page
The default user name is user and the password is password.
7. Click Login.
First Boot
On the first connection, the licensing screen appears on the Management PC.
Figure 34 on page 32 displays the first boot screen snippets.
NOTE: The first time of use, you will be asked to accept the DDoS Secure
EULA.

Figure 34: First Boot Screen Snippets

1. Read the End User License Agreement carefully to make sure that you fully understand
the Terms and Conditions.
To accept the End User License Agreement:
Click I Accept to accept the terms and conditions.
Click Cancel to proceed no further.
This will cause the system to power-off.
On accepting the Terms and Conditions of the license, the DDoS Secure appliance
will then display a second licensing screen. Figure 35 on page 33 displays the first boot
accept screen snippet
Figure 35: First Boot Accept Screen Snippet
On accepting the Terms and Conditions of the license, the DDoS Secure appliance
will redirect to the overview page.
Understanding DDoS Secure Appliance Overview Page Information
After successful authentication, the DDoS Secure appliance summary board is displayed.
Figure 36 on page 34 displays the DDoS Secure appliance overview page.

Figure 36: DDoS Secure Appliance Summary Board
The options available are:
• Traffic Monitor — Displays the average speed of data processed, both inbound and
outbound, for the appliance.
• Load Status — Displays how busy the DDoS Secure appliance engine is.
• Attack Status — Displays how aggressively the DDoS Secure appliance is dropping
traffic to defend the appropriate resources.
• Good Traffic — Displays the distribution of where good traffic is coming from.
• Bad Traffic — Displays distribution of where the bad traffic is coming from.
• Protected Performance — Displays how busy a protected IP is from an aggregated
Charm perspective, and what the average traffic to and from the IP is.
Configuring a Pair of High Availability DDoS Secure Appliances
DDoS Secure appliance VEs can be HA paired within the same inventory on the same
ESX (i) server or on a different inventory on a different ESX (i) server providing they share
network connectivity in your network design.
Having an Active/Standby pair of DDoS Secure appliances means that (software)
maintenance can be on one of the DDoS Secure appliances (such as an upgrade) while
still having Internet traffic flowing.
DDoS Secure appliance data share interfaces are used to synchronize configurations,
state information and incident information between the active/standby pair.
The Primary DDoS Secure appliance and the Secondary DDoS Secure appliance in a HA
pair both require configuration of their data share IP addresses.

To configure data share IP addresses:
1. Click Login symbol on the DDoS Secure portal.
2. You will then be prompted for a login and password.
3. Enter initial username as user and password as password.
4. Click OK.
After successful authentication, on the first access, the DDoS Secure appliance page
is displayed.
5. In the Left pane, click Configuration/Logs, which will bring up a new tab.
6. In the Left pane, click Configure Interfaces. The Data Share Interface Definition option
is displayed, as shown in Figure 37 on page 35.
Figure 37: Configure Interface Page - Data Share Interface
7. Under Data Share Interface Definition, enter the IP address and the network mask.
NOTE: Both DDoS Secure appliance data share interfaces IP address must
be unique and in the same (preferable RFC1918) subnet in order to connect.
NOTE: Both DDoS Secure appliances must be connected to the same JS
Protected, JS Internet and JS Management port groups so HA operation to
be established.
Related
Documentation
page 22
• Installing Virtual Switches in a Network Adaptor on page 39

PART 2
Appendix
• Installing an Existing Single NIC ESX (i) Server on page 69
• Installing and Configuring a New ESX (i) Server on page 97
• Reassigning the Existing VM Network Interfaces in a VM Server on page 113
• Troubleshooting on page 117
• NUMA Tuning on page 121

APPENDIX A
Installing Virtual Switches in a Network
Adaptor
Installing Virtual Switches in a Network Adaptor
You need to separate the source of your unprotected traffic from the network segment
hosting your servers by using two separate virtual switches, one for each area. The DDoS
Secure appliance Virtual Edition will be bridging these two virtual switches and hence
control what is and is not allowed to flow between them.
The source of unprotected traffic might be an external network (for example, Internet
Gateway) connected to an ESX (i) network adaptor or it might already be on a separate
virtual network which is routed or bridged to your server virtual network.
In the rest of this appendix, we will refer to port groups associated with two virtual
switches as the JS Internet port group (carrying unprotected traffic) and the JS Protected
and Protected LAN port groups (carrying protected traffic).
Wherever unprotected xxx is referred, this is likely to be called something else on the
original ESX (i) configuration, the default being VM Network . Substitute as appropriate.
Figure 38 on page 40 illustrates a simple example of an ESX (i) Server:

Figure 38: Example of ESX (i) Server
The following sections outline the steps required for reconfiguring the example dual NIC
ESX (i) Server:
• Add new vSwitch C and attach a new JS Protected port group (connects to DDoS
Secure appliance) and a new Protected LAN port group (connects to protected
network).
• Set JS Protected port group to support promiscuous mode.
• Add new vSwitch D and attach a new JS Data Share port group.
• Attach a new JS Internet port group with vSwitch A.
• Set JS Internet port group to support promiscuous mode.
• Install the DDoS Secure appliance VE from the OVA file.
• Connect to the GUI using the default IP address https://192.168.0.196, log in with
username user and password password. The management IP address can be changed
from the Configure Interfaces icon on the left-hand pane.
• Log in to the DDoS Secure appliance GUI.
• Reassign your firewall/load balancers/servers from the original Unprotected Network
port group to the Protected LAN port group.
• Place the DDoS Secure appliance VE in desired operating mode.
• Remove the Unprotected Network port group (Optional).

Appendix A: Installing Virtual Switches in a Network Adaptor
Figure 39 on page 41 illustrates the ESX (i) Server with a dual NIC after DDoS Secure
appliance installation.
Figure 39: Example of ESX (i) Server with Dual NIC
• Adding JS Protected and Protected LAN Port Groups on page 41
• Adding a JS Data Share Port Group on page 52
• Adding a JS Internet Port Group on page 57
• Reassigning the Existing VM Network Interfaces to a DDoS Secure Appliance on page 66
Adding JS Protected and Protected LAN Port Groups
To add port groups JS protected and Protected LAN:
1. Open the vSphere client if not already open.

3. Select the Configuration tab and click Networking as shown in Figure 40 on page 42.
Figure 40: ESX (i) Server Console
4. Click Add Networking. The Add Network Wizard page is displayed, as shown in figure
Figure 41: ESX (i) Server Add Network Wizard

5. Click the connection type Virtual Machine.
6. Click Next. The ESX (i) server wizard for network access is displayed, as shown in
Figure 42: ESX (i) Server Wizard - Network Access
7. Select Create a virtual switch and uncheck all network adapters.
8. Click Next.
The ESX (i) server wizard for connection settings is displayed, as shown in

Figure 43: ESX (i) Server Wizard - Connection Settings
9. In Port Group Properties area, change the Network Label to Protected LAN.
10. Click Next.
The ESX (i) server wizard confirmation screen is displayed, as shown in

Figure 44: ESX (i) Server Wizard Confirmation
11. Click Finish.
12. Return to the main vSphere client window where your ESX (i) host is selected in the
inventory list.
13. Select the Configuration tab and click Networking. The server configuration page is
displayed, as shown in Figure 45 on page 46.

Figure 45: ESX (i) Server Configuration Page
14. Click Properties of the Virtual Switch with the Protected LAN port group created in
this section. The vSwitch Properties page is displayed, as shown in
Figure 46: vSwitch Properties

15. In the vSwitch properties window, click Add. The wizard connection type page is
Figure 47: vSwitch Network Wizard – Connection Type
16. Choose connection type Virtual Machine and click Next. The wizard connection settings
page is displayed, as shown in Figure 48 on page 48.

Figure 48: vSwitch Network Wizard – Connection Settings
17. In port group properties, change the Network Label to JS Protected.
18. Click Next. The wizard connection confirmation page is displayed, as shown in
Figure 49 on page 49

Figure 49: vSwitch Network Wizard – Confirmation
19. Click Finish.
The vSwitch3 Properties page is displayed, as shown in Figure 50 on page 49.

20. Select the JS Protected port group .
21. Click Edit. The JS protected properties for general tab is displayed, as shown in
Figure 51: JS Protected Properties - General
22. In the JS Protected Properties window, select the Security tab.
The JS Protected Properties- Security tab is displayed, as shown in

Figure 52: JS Protected Properties - Security
23. Check Promiscuous Mode and select Accept from the list.
24. Click OK. The vSwitch3 Properties page is displayed, as shown in Figure 53 on page 52.

Figure 53: vSwitch3 Properties
The ProtectedLAN and JS Protected port group configurations are now complete.
Adding a JS Data Share Port Group
The JS Data Share port group is used to synchronize configuration of a DDoS Secure
appliance HA Pair. The appliance recommend you create HA pairs on the same ESX (i)
host thereby allowing software upgrade of standby whilst the other is active.
Even if a standalone appliance is to be deployed, this port group is still required for the
appliance data share interface to connect to. Follow the instructions below to configure
the JS Data Share port group on a new vSwitch:
3. Select Configuration tab and click Networking. The ESX (i) host configuration page is

Figure 54: ESX (i) Host Configuration
4. Click Add Networking. The VMware connection type page is displayed, as shown in
Figure 55: VMware Connection Type

5. Choose connection type Virtual Machine and click Next. The virtual machine network
access page is displayed, as shown in Figure 56 on page 54.
Figure 56: Virtual Machine Network Access
6. Select create a virtual switch and uncheck all network adapters. The virtual machine
connection settings page is displayed, as shown in Figure 57 on page 55.
In certain circumstances a user may want to pair up with a appliance external to the
ESX (i) server. In this case, select the network adapter that the external appliance
data share interface is connected to.

Figure 57: Virtual Machine Connection Settings
7. In Port Group Properties area, change the network label to JS Data Share.
8. Click Next. The virtual machine connection settings completion page is displayed, as

Figure 58: Virtual Machine Connection Settings Completion
9. Click Finish.
The JS Data Share port group configuration is now complete. The virtual machine
connection page is displayed, as shown in Figure 59 on page 57.

Figure 59: Virtual Machine Connections Page
Adding a JS Internet Port Group
To add JS Internet port group:
3. Select the Configuration tab and click Networking. The virtual machine configuration

Figure 60: Virtual Machine Configuration Page
4. Click Properties next to Virtual Switch with Unprotected Network port group . The
vSwitch Properties page is displayed, as shown in Figure 61 on page 59.
NOTE: Unprotected network is the name for the existing port group.

5. In the vSwitch Properties window, in the Configuration list pane, click Add. The vSwitch
connection type page is displayed, as shown in Figure 62 on page 59.
Figure 62: vSwitch Connection Type

6. Choose connection type as Virtual Machine.
7. Click Next. The Virtual Machines - Connection Settings page is displayed, as shown
in Figure 63 on page 60.
8. In the Port Group Properties area, change the Network Label to JS Internet.
9. Click Next. The network wizard completion page is displayed, as shown in

Figure 64: Network Wizard Completion Page
10. Click Finish.
11. Return to main vSphere client window where your ESX (i) host is selected in the
inventory list.
12. Select the Configuration tab and click Networking. The virtual machine configuration
page is displayed, as shown in Figure 65 on page 62

Figure 65: Virtual Machine Configuration Page
13. Click Properties of the Virtual Switch with the JS Internet port group created in this
section. The vSwitch0 Properties page is displayed, as shown in Figure 66 on page 63.

14. Select the port group JS Internet and click Edit. The JS Internet properties page is

Figure 67: JS Internet Properties - General
15. In the JS Internet Properties window, select the Security tab. The JS Internet properties
for the security tab is displayed, as shown in Figure 68 on page 65.

Figure 68: JS Internet Properties - Security
16. Check Promiscuous Mode and select Accept from the list.
17. Click OK. The vSwitch3 Properties page is displayed, as shown in Figure 69 on page 66.

Figure 69: vSwitch Properties - Ports
The JS Internet port group configuration is now complete.
Reassigning the Existing VM Network Interfaces to a DDoS Secure Appliance
All virtual machines connected to existing Unprotected Network port group will need
reconfiguring to use the Protected LAN port group.

1. Select the virtual machine in the vSphere Client inventory and open the properties
window using option Edit Settings.
The virtual machine properties for hardware is displayed, as shown in
Figure 70: Virtual Machine Properties
2. In the Hardware tab, select the Network Adaptor previously connected to the
Unprotected Network port group. This will be visible in the Hardware Summary but
appear as a blank selection under the Network Connection pane.
3. Choose Protected LAN port group from the drop-down select box of Network
Connections.
4. Click OK.
5. Repeat reconfiguration for each virtual machine connected to the port group renamed
from Unprotected Network to Protected LAN.

APPENDIX B
Installing an Existing Single NIC ESX (i)
Server
• Installing an Existing Single NIC ESX (i) Server on page 69
Installing an Existing Single NIC ESX (i) Server
You must retain the association between the single physical interface, the virtual switch
and vmKernel which carries the ESX (i)/vSphere management traffic. Removing this
association will lead to loss of communication with your ESX (i) Server and may require
an ESX (i) server rebuild.
You will need to separate the source of your unprotected traffic from the network segment
hosting your firewall/load balancer/servers by placing them on two separate virtual
switches. The DDoS Secure appliance Virtual Edition will be bridging these two virtual
switches and hence controls the flow between them.
The source of unprotected traffic might be an external network (for example: Internet
Gateway) connected to an ESX (i) network adaptor or it might already be on a separate
virtual network which is routed or bridged to your server virtual network.
In the rest of this chapter we will refer to port groups associated with two virtual switches
as the JS Internet port group (carrying unprotected traffic) and the JS Protected and
Protected LAN port groups (carrying protected traffic).
Wherever Unprotected xxx is referred, this is likely to be called something else on the
original ESX configuration, the default being VM Network. Substitute as appropriate.
Figure 71 on page 70 illustrates a simple example of an ESX (i) Server with a single NIC.

Figure 71: ESX (i) Server with Single NIC
The following sections outline the steps required for reconfiguring the example single
NIC ESX (i) Server:
• Add new vSwitch B and associate a new JS Protected port group (connects to DDoS
Secure appliance) and a new Protected LAN port group (connects to protected
network).
• Set JS Protected port group to support promiscuous mode.
• Add new switch C and associate a new JS Data Share port group.
• Associate a new JS Internet port group with vSwitch A.
• Set JS Internet port group to support Promiscuous mode.
• Install the DDoS Secure appliance VE from the .OVA file.
• Connect to the GUI using the default IP address https://192.168.0.196, login with
username user and password password. The management IP address can be changed
from the Configure Interfaces icon within the (Admin) left-hand pane.
• Logon to the DDoS Secure appliance GUI and apply a new license.
• Reassign your firewall/load balancers/servers from the original Unprotected Network
port group to the Protected LAN port group.
• Place the DDoS Secure appliance VE in desired operating mode.
Figure 72 on page 71illustrates the ESX (i) Server with a single NIC after DDoS Secure
appliance installation.

Appendix B: Installing an Existing Single NIC ESX (i) Server
Figure 72: ESX (i) Server with Single NIC after DDoS Secure Appliance
Installation
• Adding JS Protected and Protected LAN Port Groups in a NIC ESX (i) Server on page 71
• Adding a JS Data Share Port Group to a NIC ESX (i) Server on page 82
• Adding a JS Internet Port Group to a NIC ESX (i) Server on page 86
Adding JS Protected and Protected LAN Port Groups in a NIC ESX (i) Server
To add JS Protected and ProtectedLAN port groups:
3. Select the Configuration tab and click Networking. The JS protected and Protected
LAN port groups are displayed, as shown in Figure 73 on page 72.

Figure 73: JS Protected and Protected LAN Port Groups
4. Click Add Networking. The network Connection Type page is displayed, as shown in
Figure 74: Connection Type

5. Choose connection type Virtual Machine.
6. Click Next. The virtual machine network access page is displayed, as shown in
Figure 75: Virtual Machine Network Access
8. Click Next. The virtual machine connection settings page is displayed, as shown in

9. In port group Properties, change the Network Label to Protected LAN.
10. Click Next. The virtual machine connection setting completion page is displayed, as

Figure 77: Virtual Machine Connection Settings Completion
11. Click Finish.
inventory list, and select the Configuration tab and click Networking. The virtual machine
inventory page is displayed, as shown in Figure 78 on page 76.

Figure 78: Virtual Machine Inventory
13. Click Properties of the Virtual Switch with the Protected LAN port group, as shown in
Figure 79: vSwitch Properties - Port

14. In the vSwitch properties window, and click Add. The virtual machine connection type
wizard page is displayed, as shown in Figure 80 on page 77.
Figure 80: Virtual Machine Connection Type
15. Choose connection type Virtual Machine, and click Next. The virtual machine connection
settings page is displayed, as shown in Figure 81 on page 78.

16. In port group Properties, change the Network Label to JS Protected, and click Next.
The virtual machine connection complete page is displayed, as shown in
Figure 82: Virtual Machine Connection Completion

17. Click Finish to return to vSwitch properties window, as shown in Figure 83 on page 79.
Figure 83: vSwitch Properties Port
18. Select the port group JS Protected and click Edit. The JS protected properties page is

Figure 84: JS Protected Properties
19. In the JS Protected Properties window, select Security tab, as shown in

Figure 85: JS Protected Properties - General
20. Check Promiscuous Mode and select Accept from the drop-down select box, and click
OK, as shown in Figure 86 on page 82.

Figure 86: JS Protected Properties - Port
The Protected LAN and JS Protected port group configurations are now complete.
Adding a JS Data Share Port Group to a NIC ESX (i) Server
The JS Data Share port group is used to synchronize configuration of a DDoS Secure
appliance HA Pair. DDoS Secure appliance recommend you create HA pairs on the same
ESX (i) host thereby allowing software upgrade of standby whilst the other is active.
Even if a Standalone DDoS Secure appliance is to be deployed, this port group is still
required for the DDoS Secure appliance data share interface to connect to.
Follow the instructions below to configure the JS Data Share port group:
3. Select the Configuration tab and click Networking, as shown in Figure 87 on page 83.

Figure 87: Virtual Switch
4. Click Add Networking. The connection type page is displayed, as shown in
Figure 88: Virtual Switch Connection Type
5. Choose connection type Virtual Machine, and click Next, as shown in

Figure 89: Virtual Switch - Network Access
In certain circumstances, a user may want to pair up with a DDoS Secure appliance
external to the ESX (i) server. In this case select the network adapter that the external
DDoS Secure appliance data share Interface is connected to, as shown in

7. In Port Group Properties area, change the Network Label to JS Data Share.
8. Click Next. The virtual machine summary page is displayed, as shown in

Figure 91: Virtual Machine Summary
9. Click Finish.
The JS Data Share port group configuration is now complete.
Adding a JS Internet Port Group to a NIC ESX (i) Server
To add JS Internet port group:
3. Select the Configuration tab and click Networking, as shown in Figure 92 on page 87.

Figure 92: Virtual Switch Configuration Page
4. Click Properties next to Virtual Switch with Unprotected Network port group, as shown
NOTE: Unprotected Network is the name for the existing port group.

5. In the vSwitch properties window, in the Configuration list pane, click Add, as shown
Figure 94: Virtual Machine Connection Type
6. Choose connection type Virtual Machine.
7. Click Next. The virtual machine connection settings page is displayed, as shown in

8. In Properties port group, change the Network Label to JS Internet.
9. Click Next. Figure 96 on page 90 displays the virtual machine connection completion
page.

Figure 96: Virtual Machine Connection Completion Page
10. Click Finish.
inventory list, select the Configuration tab and click Networking. The virtual machine
inventory configuration page is displayed, as shown in Figure 97 on page 91.

Figure 97: Virtual Machine Inventory
12. Click Properties of the Virtual Switch with the JS Internet port group created in this
section. The vSwitch properties summary page is displayed, as shown in

Figure 98: vSwitch Properties Summary
13. Select the port group JS Internet and click Edit, as shown in Figure 99 on page 93.

Figure 99: JS Internet Properties
14. In the JS Internet Properties window, select the Security tab, as shown in

15. Check Promiscuous Mode and select Accept from the drop-down and click OK. The
vSwitch0 properties page is displayed, as shown in Figure 101 on page 95.

Figure 101: JS Internet vSwitch Properties

APPENDIX C
Installing and Configuring a New ESX (i)
Server
• Installing and Configuring a New ESX (i) Server on page 97
Installing and Configuring a New ESX (i) Server
• Installing an ESX (i) Server on page 97
• Connecting to vSphere on page 97
• Configuring vSwitch0 in the DDoS Secure Appliance Management
Interface(s) on page 98
• Creating Internet Traffic for a DDoS Secure Appliance on page 103
• Configuring a Data Share Port Group in a DDoS Secure Appliance on page 110
• Setting a DDoS Secure Appliance Protected Interface to Promiscuous Mode on page 111
• Changing the Configuration Settings in an ESX (i) Server VMNIC Interface on page 112
Installing an ESX (i) Server
Read the VMware step-by-step guide on installing and configuring ESX (i) . After
successful installation of ESX (i) server, several configuration steps are essential. In
particular, some licensing, networking, and security configuration are necessary.
For more details on these configuration tasks, see the following guides in the vSphere
Documentation:
• The ESX (i) Installable Server Setup Guide for information on licensing
• The ESX (i) Configuration Guide for information on networking and security
Connecting to vSphere
Read the VMware step-by-step guide on installing and configuring vSphere Client onto
a Windows PC.
Start the vSphere Client on your Windows PC. Enter the IP address assigned to your ESX
(i) server. Figure 102 on page 98 displays the VMware vSphere client log in page. For the
first login, use the user root and there is no password.

Figure 102: VMware vSphere Client Log in Page
Set the root password for the ESX (i) server and update the VMware license key to the
one obtained from VMware.
Configuring vSwitch0 in the DDoS Secure Appliance Management Interface(s)
vSwitch0 (default) is set up at ESX (i) installation with a vmKernel port labeled
Management Network which provides management network access to the kernel and
virtual machine VM Network port group connectivity using vmnic0.
Follow the steps below to configure vSwitch0 to add in the DDoS Secure appliance
management interface(s). Figure 103 on page 99 displays the VMware vSphere summary
page.

Appendix C: Installing and Configuring a New ESX (i) Server
Figure 103: VMware vSphere Summary Page

1. Select the Configuration tab and click Networking. The vSphere client configuration
Figure 104: vSphere Client Configuration Page
2. Click Properties on the same line as Virtual Switch: vSwitch0, as shown in

3. In the vSwitch properties window, in the Ports tab, select the VM Network port group
and click Edit. The virtual machine general tab is displayed, as shown in

Figure 106: VM Network Properties - General
4. On the General tab, rename the Network Label to ManagementLan and click OK.
5. In the vSwitch Properties window, click Close, as shown in Figure 107 on page 103.

Figure 107: vSwitch Properties - Ports
The ManagementLan port group configuration is now complete.
Creating Internet Traffic for a DDoS Secure Appliance
You could route your Internet connection through the same vSwitch as your Management
port group. However, DDoS Secure appliance recommends you create a separate
vSwitch/port group/NIC for internet traffic to guarantee separation between the Internet
and management traffic.
This section describes the creation of the JS Internet port group which exchanges traffic
between DDoS Secure appliance Internet interface and the Internet.
The DDoS Secure appliance Internet interface is set to promiscuous mode and therefore
must be connected to a port group that is configured to accept promiscuous traffic on
the vSwitch. The port group is named JS Internet. Do not connect any other VM instance
to this port group as this could create an unacceptable security risk.
The following instructions guide you through the configuration of a vSwitch, adding a
port group with network label JS Internet and setting this to promiscuous mode.
In our running example, the next vSwitch (vSwitch1) is used for internet traffic.

1. Return to the Configuration tab and click Networking, as shown in Figure 108 on page 104.
Figure 108: vSphere Client Configuration Page
2. Click Add Networking. The vSwitch properties for connection type is displayed, as

Figure 109: vSwitch Properties - Connection Type
3. Choose connection type Virtual Machine, and click Next. The virtual machine network
access page is displayed, as shown in Figure 110 on page 105.
Figure 110: Virtual Machine - Network Access

4. Select Create a virtual switch and select one unclaimed network adapters. In this case
select vmnic1, as shown in Figure 111 on page 106.
Figure 111: Virtual Machine - Connection Settings
5. In Port Group Properties, change the Network Label to JS Internet.
6. Click Next. The virtual machine connection setting completion page is displayed, as

Figure 112: Virtual Machine Connection Setting Completion
7. Click Finish.
inventory list, select the Configuration tab and click Networking, as shown in
Figure 113: Virtual Machine Connection Networking
9. Click Properties of the Virtual Switch with Virtual Machine port group JS Internet, as

10. Select JS Internet port group configuration and click Edit. The JS Internet properties
for General tab is displayed, as shown in Figure 115 on page 109.

11. In the JS Internet Properties window, select the Security tab, as shown in

Figure 116: JS Internet Properties - Security
12. Check Promiscuous Mode and select Accept from the drop-down select box, and click
OK.
Configuring a Data Share Port Group in a DDoS Secure Appliance
The JS Data Share port group is used to synchronize configurations of a DDoS Secure
appliance HA Pair. DDoS Secure appliance recommends you create HA pairs on the same
ESX (i) host which allows, for example, software maintenance with no disruption to
traffic flows. Even if a standalone DDoS Secure appliance is to be used, this port group
is still required for the DDoS Secure appliance Data Share interface to connect to.
To configure the data share port group:
1. Return to the Configuration tab and click Networking.
2. Click Add Networking.
3. Choose connection type Virtual Machine and click Next.

DDoS Secure: VMware Virtual Edition Installation Guide

DDoS Secure: VMware Virtual Edition Installation Guide

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (20)

Ähnlich wie DDoS Secure: VMware Virtual Edition Installation Guide

Ähnlich wie DDoS Secure: VMware Virtual Edition Installation Guide (20)

Mehr von Juniper Networks

Mehr von Juniper Networks (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

DDoS Secure: VMware Virtual Edition Installation Guide