6. Related publications
Use this topic to help you access information about Proventia Server for VMware.
Publications
The following documents are available for downloading from the IBM ISS Documentation
Web site at http://www.iss.net/support/documentation/.
v IBM Virtual Server Security for VMware (Proventia Server for VMware) Installation Guide Version
1.0
v IBM Virtual Server Security for VMware (Proventia Server for VMware) Administrator Guide
Version 1.0
License agreement
For licensing information about IBM ISS products, download the IBM® Licensing Agreement
from http://www.ibm.com/services/us/iss/html/contracts_landing.html.
vi Virtual Server Security for VMware: Installation Guide
7. Technical support contacts
IBM Internet Security Systems (IBM ISS) provides technical support to customers who are
entitled to receive support. You can find information related to Customer Support hours of
operation, phone numbers, and methods of contact on the IBM ISS Customer Support Web
page.
The IBM ISS Customer Support site
The IBM ISS Customer Support Web page at http://www.ibm.com/services/us/iss/support/
provides direct access to online user documentation, current versions listings, detailed product
literature, white papers, the Technical Support Knowledgebase, and contact information for
Customer Support.
Contact information
For contact information, go to the IBM ISS Contact Technical Support Web page at
http://www.ibm.com/services/us/iss/support/contacts.html.
About this publication vii
8. viii Virtual Server Security for VMware: Installation Guide
10. Overview
Proventia Server for VMware is a virtual agent that provides intrusion prevention, firewall,
and rootkit protection for virtual machines (hosts) running on VMware ESX 4.0.
Proventia Server for VMware provides the same protection for virtual hosts that conventional
security products provide for physical hosts. The intrusion prevention and firewall features
protect all traffic to and from any virtual machine in the system. The anti-rootkit feature
protects the virtual machines from malicious programs.
How it works
Proventia Server for VMware is an agent that runs on its own virtual machine called the
Security Virtual Machine or the SVM. You install the SVM on the same physical host as the
virtual hosts it protects, but it remains external to those protected hosts. The SVM can block
network-based attacks on virtual machines by inspecting and analyzing network traffic to,
from, and between virtual hosts in real time. The firewall can provide policy enforcement for
network communication on the external physical network and on all inter-virtual machine
traffic. The SVM provides rootkit protection by using introspection, which is the ability to
inspect the memory of a virtual machine.
Architectural overview
Proventia Server for VMware protection agents run as a Security Virtual Machine (SVM) on a
hosting VMware ESX 4.0 Server, and are responsible for securing all the virtual machines
running on a single hosting ESX Server. The SVM is deployed into every physical server that
must have protection for its virtual machines. This SVM exists as a privileged virtual machine.
2 Virtual Server Security for VMware: Installation Guide
11. Figure 1. Typical setup of the Proventia Server for VMware protection agent
The SVM monitors all the traffic involving virtual machines running on a hosting ESX Server,
including traffic passed between local virtual machines. The SVM uses VMware’s Distributed
Chapter 1. About Virtual Server Security for VMware (Proventia Server for VMware) 3
12. Virtual Filter (DV Filter) API to capture and analyze traffic to and from virtual machines
without the need for you to reconfigure the virtual network.
The SiteProtector system manages all the agents in a given installation. A Proventia Server for
VMware installation consists of all the SVMs within a VMware deployment.
About VMware ESX
VMware ESX is an enterprise-level virtualization tool that runs both the SVM and the virtual
machines that are protected by the SVM.
Where to install the ESX software
You install the ESX software directly on a server; it does not need to run on top of an
operating system. The ESX Server is managed by the VMkernel, which is based on the Linux®
kernel. The VMkernel eliminates the overhead of running an operating system beneath the
virtual machines.
4 Virtual Server Security for VMware: Installation Guide
13. About the Security Virtual Machine (SVM)
The SVM is virtual machine that hosts the Proventia Server for VMware protection agent. The
SVM runs on a hosting ESX Server.
Typical deployment
The following diagram shows a simple deployment of Proventia Server for VMware. This
diagram shows the SVM within the context of other virtual machines and its hosting ESX
Server, including the connections between the SVM and the SiteProtector instance that
manages it and the policy, event, and update pathways for the SVM.
Policies are the SiteProtector policies that are subscribed to by the SVM, deployed to the SVM,
and are used by the SVM to enforce protection of the virtual environment.
Events or Alerts contain data that is sent to the SiteProtector system to indicate network
attacks, virtual machine audit failures, or other situations detected by the SVM.
Updates are sent to the SVM from a SiteProtector Update Server (or xpu.iss.net as an alternate)
to update components of the SVM.
Chapter 1. About Virtual Server Security for VMware (Proventia Server for VMware) 5
14. Figure 2. Typical deployment of the SVM
Integration with IBM Proventia® Management SiteProtector™ system
The SiteProtector system provides centralized management for SVM.
The SVM receives policies and updates from the SiteProtector system, and also transmits
alerts and heartbeats to the SiteProtector system.
6 Virtual Server Security for VMware: Installation Guide
16. Deployment components
Before you deploy Proventia Server for VMware, make sure you are familiar with its
components.
Table 1. Proventia Server for VMware deployment components
Component Description and location
VMware ESX 4.0 A virtualization layer that runs on physical servers
that abstracts processor, memory, storage, and
resources into multiple virtual machines.
Download directly from http://www.vmware.com.
Reference: See the VMware ESX 4.0 product page
on the VMware site at http://www.vmware.com/
products/esx/ for more information about system
requirements for the ESX Server.
VMware vSphere Client 4.0 VMware vSphere Client is an interface that allows
you to connect remotely to the hosting ESX Server
from any Windows® PC.
Download directly from http://www.vmware.com.
Reference: See the VMware vSphere 4.0 product
page on the VMware site at http://
www.vmware.com/products/vsphere/ for more
information about system requirements for
vSphere Client.
ProventiaServerV.ovf The virtual machine image for the SVM.
Download from the IBM Download Center.
Internet Explorer version 6 or later Download directly from http://
www.microsoft.com/windows/internet-explorer/
default.aspx.
SiteProtector 2.0 SP 8.0 The IBM ISS centralized management console.
Download from the IBM Download Center.
8 Virtual Server Security for VMware: Installation Guide
17. Security Virtual Machine (SVM) requirements
Make sure the SVM meets the requirements listed in this section.
Reference: For a complete list of system requirements for Proventia Server for VMware, see
the System Requirements document on the IBM ISS Documentation Web site at
http://www.iss.net/support/documentation/.
Hosting ESX Server requirements
You can only install one SVM on each hosting ESX Server.
Your SVM must always be directed to its hosting ESX Server. The Proventia Manager setup
and the Proventia Setup installation steps provide guidance on how to direct your SVM to its
hosting ESX Server. Do not direct your SVM to a vCenter Server.
VMware Tools
The SVM does not support VMware Tools. Do not install VMware Tools on the SVM.
VMware VMotion and VMware Storage VMotion
The SVM does not support VMware VMotion (a technology that allows the live migration of
running virtual machines from one physical server to another server) and VMware Storage
VMotion (a component of VMware vSphere that provides an interface for migrating virtual
machine disk files across storage arrays or across ESX Servers, with no downtime or
disruption in service).
You must install the SVM on the local storage for the hosting ESX Server so that it cannot use
VMotion and Storage VMotion.
Memory requirements
Make sure the SVM has at least 1 GB of RAM and more than 10 GB of available hard disk
space.
Note: The SVM incurs a memory overhead for each virtual machine that it protects, but only
a fixed amount of processor time. The amount of RAM allocated to the SVM must be
appropriately scaled for the expected number of virtual hosts.
Chapter 2. Deployment components and system requirements 9
18. Virtual machine requirements
Make sure the virtual machines that are protected by the SVM meet the requirements listed in
this section.
VMware Tools
You must install VMware Tools on each virtual machine that you want the SVM to protect.
Installing virtual machines- consideration
When you install virtual machines in a virtual environment, you should not install them on
the virtual switches that were created as part of the Proventia Server for VMware installation.
The Proventia Server for VMware installation process creates the following virtual switches:
v ibm-vmwarenetwork-switch
v ibm-vmwareintrospect-switch
v ibm-accelerator-switch
10 Virtual Server Security for VMware: Installation Guide
20. Setup overview
You manually deploy and configure the SVM that has been provided to you by IBM as a
virtual machine image. The SVM is configured successfully when it can report to the
SiteProtector Agent Manager.
Process
The Proventia Server for VMware setup follows this process:
Table 2. Proventia Server for VMware setup tasks
Task Description
1 Install the SVM from the provided OVF on the server running the ESX host
Important: Make sure you install the SVM on the local storage for the hosting ESX Server
and not in a shared datastore. Installing the SVM on the ESX Local Storage prevents it from
being migrated to a shared storage area or another ESX Server environment in case of
failure.
2 Run Proventia Setup to configure initial settings for the SVM
3 Configure the Virtual Machine Observer (VMO) using Proventia Manager
The VMO is the module that communicates with the hosting ESX Server and collects
information about status changes in the virtual machines.
4 Configure network settings for the hosting ESX Server, and then reboot the ESX Server
These network settings enable introspection (the ability to inspect the memory of a virtual
machine) and enable analysis of network traffic.
5 Optional: Configure settings for the Accelerator function
The Accelerator analyzes traffic between one physical NIC (pNIC) on an ″accelerated″
virtual switch and one other virtual switch already configured on your virtual network.
12 Virtual Server Security for VMware: Installation Guide
21. Deploying the OVF file
The Open Virtualization Format (OVF) template provided by IBM for installation contains the
virtual machine image for the SVM.
About this task
OVF is a distribution format that uses existing packaging tools to combine one or more virtual
machines with a standards-based XML wrapper. OVF gives the virtualization platform a
portable package that contains all required installation and configuration parameters for
virtual machines. This format allows any virtualization platform that implements the standard
to correctly install and run virtual machines.
Reference: See http://www.vmware.com/pdf/ovf_spec_draft.pdf for more information about
OVF.
Procedure
1. Connect to your hosting ESX Server using VMware vSphere Client.
2. From the File menu, select Deploy OVF Template.
3. From the Deploy OVF Template - Source window, select the Deploy from file option, click
Browse to locate the OVF file for the corresponding virtual machine, and click Next.
4. From the Deploy OVF Template - OVF Template Details window, verify the OVF template
settings, and click Next.
5. From the Deploy OVF Template - Name and Location window, type a name for the SVM.
Tip: Consider naming the SVM after the ESX Server it is associated with so that you will
remember its name when you manage your protection from the SiteProtector system.
6. From the Deploy OVF Template - Network Mapping window, configure the Management
network mapping option. The Management network mapping option allows you to access
the Web management interface for the SVM from your Web browser and also enables the
SVM to communicate with SiteProtector.
7. Click Next.
8. From the Deploy OVF Template - Ready to Complete window, check the properties for the
SVM, and click Finish. The OVF is extracted and deployed to the hosting ESX Server.
9. Deploy the SVM.
Chapter 3. Deploying the SVM 13
22. Running Proventia Setup
The Proventia Setup program is a text-based setup program you use to configure the initial
settings for the SVM.
Procedure
1. Turn on the SVM.
2. Log on to the SVM, using the management console or by SSH, with the following
account credentials:
v username = admin
v password = admin
Note: Default passwords are all set to admin.
3. From the Welcome window, press ENTER, and accept the License Agreement.
4. From the Change Password (admin) window, change the password for the admin user,
and press ENTER.
5. From the Change Password (root) window, change the password for the root user, and
press ENTER.
6. From the Change Proventia Manager Password (admin) window, change the Proventia
Manager password for the admin user, and press ENTER.
7. From the Network Configuration - Management Interface IP Address window, choose
one of the following methods to set the IP address:
To set the IP address automatically via DHCP, select Set IP Address Automatically (via
DHCP), and press ENTER.
After the agent obtains an IP address from the DHCP server, go to Step 9.
If the agent fails to obtain the IP address dynamically, you will receive the following
message: Failed in getting IP Address dynamically.
If you receive this message, make sure your DHCP server is functioning and is available
on the network configured for the Management Interface.
Tip: Consider using a static IP address. DHCP environments can pose challenges to a
Proventia Server for VMware deployment.
To set a static IP address for the management interface, select Set IP Address Statically,
and press ENTER.
8. From the Network Configuration window, type the IP address, subnet mask, and
gateway address for the SVM, and press ENTER.
9. From the Host Configuration window, type the host name and domain name for the
SVM, and press ENTER.
10. From the DNS Configuration window, provide DNS settings for the SVM, and press
ENTER.
11. Optional: From the Time Zone Configuration window, set the time zone for the SVM, and
press ENTER.
14 Virtual Server Security for VMware: Installation Guide
23. Important: When you deploy the OVF file, the SVM will use the time zone and the
system time set for the hosting ESX Server.
12. Optional: From the Date/Time Configuration window, set the date and the time for the
SVM, and press ENTER.
Important: When you deploy the OVF file, the SVM will use the time zone and the
system time set for the hosting ESX Server.
13. From the Agent Name Configuration window, type the name for the SVM as it will be
displayed in the SiteProtector Console.
Tip: Consider naming the SVM after the ESX Server it is associated with so that you will
remember its name when you manage your protection from the SiteProtector system.
14. Press ENTER to exit the menu.
Configuring the VMO using Proventia Manager
The Virtual Machine Observer (VMO) module communicates with the hosting ESX Server and
collects information about changes in the status of the virtual machines, such as when new
virtual machines come online, when virtual machines are migrated, or when virtual machines
are suspended from operation or have resumed operation.
About this task
The VMO serves the following purposes:
v Receives virtual machine events from the hosting ESX Server (or Service Console). These
events are reported to the SiteProtector Console, such as events indicating that virtual
machines are coming online or going offline. VMO also maintains inventory information for
the virtual machines, which can be used by the other modules of Proventia Server for
VMware.
v Adds the security agent name to the configuration file of the virtual machines (VMX file),
so that the machines can be protected by the security agent through introspection.
Procedure
1. Open a Web browser, and type the IP address for the SVM (the IP address that was set for
the management interface during Proventia Setup): https://SVM_IP
2. Log on to Proventia Manager (the Web-based management interface for the SVM) using
the following account credentials:
v username = admin
v password = the Proventia Manager password you configured in Proventia Setup
3. Click System → VMware in the navigation pane.
Chapter 3. Deploying the SVM 15
24. 4. Type the following settings for the hosting ESX Server:
Option Description
ESX Server IP Address The IP address of the ESX Server hosting the SVM.
Note: The IP address you enter here is for
configuring the VMO module.
Administrator User Name The name of a user who has Administrator
privileges to access the hosting ESX Server.
Administrator Password The password of the user who has Administrator
privileges to access the hosting ESX Server.
5. Click OK.
Note: Because VMware does not provide a CA certificate for ESX 4.0, the VMO cannot
validate the server certificate on the client side. Instead, the VMO will establish a
connection with the hosting ESX Server using HTTPS.
16 Virtual Server Security for VMware: Installation Guide
25. Configuring network settings for the hosting ESX Server
The ESX Server is the host machine on which the SVM and the other virtual machines are
running.
Procedure
1. Log on to the SVM, using the management console or by SSH, with the following account
credentials:
v username = admin
v password = the password you configured in Proventia Setup
2. From the Proventia Setup Configuration Menu, select Network Configuration.
3. From the Network Configuration Menu, select ESX Server Configuration, and press
ENTER.
4. From the ESX Server Configuration window, type the following settings for the hosting
ESX Server:
Option Description
ESX Server IP Address The IP address of the ESX Server hosting the SVM.
Note: The IP address you enter here is for
configuring ARK and IPS protection.
Administrator User Name The name of a user who has Administrator
privileges to access the hosting ESX Server.
Administrator Password The password of the user who has Administrator
privileges to access the hosting ESX Server.
5. Press ENTER to finish configuring network settings for the hosting ESX Server.
6. Reboot the ESX Server for the configuration settings to take effect.
Chapter 3. Deploying the SVM 17
26. Optional: Configuring settings for the Accelerator
The Accelerator function enhances the performance of the SVM by analyzing traffic between
one physical NIC (pNIC) on an ″accelerated″ virtual switch and one other virtual switch
already configured on your virtual network.
Before you begin
Make sure you have configured network settings for the hosting ESX Server before you
configure settings for the Accelerator.
About this task
When you enable the Accelerator function, the SVM will configure the virtual network to
allow the agent to directly capture and monitor traffic on one external pNIC using a new
virtual switch. A network interface of the SVM will be attached to the virtual switch that
previously hosted the pNIC.
The protected virtual machines do not need special network changes for packet analysis by
IPS. The vNIC for a protected virtual machine can be on any virtual switch; traffic will still be
analyzed.
The Accelerator is an inline protection device that works through a bridged interface, which
uses two adapters on the SVM. You can only accelerate one pNIC. You should not accelerate
the pNIC connected to the SVM management interface. Also, make sure you set up the SVM
management interface on the same virtual switch as the hosting ESX Server management
interface.
Important: You should configure this setting after you have deployed the SVM and you have
determined how this setting will affect the performance of your virtual network.
Procedure
1. Log on to the SVM, using the management console or by SSH, with the following account
credentials:
v username = admin
v password = the password you configured in Proventia Setup
2. From the Network Configuration Menu, select Accelerator Configuration.
3. From the Accelerator Configuration Menu, select Enable Accelerator.
4. From the Accelerator Configuration window, type the following settings for the
Accelerator:
Option Description
ESX Server IP Address The IP address of the ESX Server hosting the SVM.
18 Virtual Server Security for VMware: Installation Guide
27. Option Description
Administrator User Name The name of a user who has Administrator
privileges to access the hosting ESX Server
Administrator Password The password of the user who has Administrator
privileges to access the hosting ESX Server.
Physical NIC Name The device name of the physical NIC (pNIC) to be
monitored by the SVM.
Press the SPACE BAR on your keyboard to toggle
through the available pNICs.
Attention: Do not select or accelerate the pNIC
connected to the SVM management console.
IP Address Range for MIA (Multiple Inspection The IP address range for all hosts that will be
Avoidance) accelerated. This range includes all vNICs
connected to the pNIC that is being accelerated
(the entire subnet).
Example: Use one of the following formats in this
field:
v Single IP address example: 1.1.1.1
v IP address range example: 1.1.1.1-1.1.1.1
v Network bits (CIDR) example: 1.1.1.10/24 0
You can also use commas to separate IP addresses
and ranges of IP addresses: 1.1.1.1,2.2.2.2,3.3.3.1-
3.3.3.10,4.4.4.4/24
MIA (Multiple Inspection Avoidance) is used to enhance the frame rate that the IPS engine
can analyze. When MIA is enabled, it examines every packet in the packet stream.
5. Press ENTER to finish configuring settings for the SVM.
Note: If the screen becomes unresponsive while you are configuring acceleration, try
disabling acceleration, and then go through the configuration steps again.
If disabling acceleration does not return the screen back to a responsive state, try removing
the acceleration settings manually, and then go through the configuration steps again.
See the topic “Uninstalling the SVM manually from your system” on page 22 later in this
guide, which includes steps on how to remove the acceleration settings manually.
Chapter 3. Deploying the SVM 19
28. Configuring SiteProtector system management
SiteProtector is the IBM ISS management system. The SiteProtector system manages the
connections between the SiteProtector Console and the SVM, including all policy, event, and
update settings for the agent.
Procedure
1. Open a Web browser, and type the IP address for the SVM (the IP address that was set
for the management interface during Proventia Setup): https://SVM_IP
2. Log on to Proventia Manager (the Web-based management interface for the SVM) using
the following account credentials:
v username = admin
v password = the Proventia Manager password you configured in Proventia Setup
3. Click Launch Proventia Manager.
4. Click System → Management in the navigation pane.
5. Click Add Agent Manager.
6. Configure the SiteProtector Agent Manager:
Option Description
Name The Agent Manager name exactly as it appears in
the SiteProtector Console.
Address The IP address of the SiteProtector Agent Manager.
Port The port number on which alerts are sent to the
SiteProtector system.
Note: The default port number is 3995. If you
change the default port number, you must also
configure the port number locally on the
SiteProtector Agent Manager.
Authentication Level Specifies how authentication between the SVM
and the Agent Manager is managed.
Username If the SVM must log into an account to access the
Agent Manager, type the user name for that
account here.
Password If the SVM must use a password to access the
Agent Manager, type the password here.
Proxy Settings If the SVM must go through a proxy to access the
Agent Manager, select the Use Proxy Settings
check box, and then type the Proxy Server
Address and Proxy Server Port.
7. Select the Register with SiteProtector check box.
8. In the Desired SiteProtector Group field, type the name of the Proventia Server for
VMware group registered in the SiteProtector system.
20 Virtual Server Security for VMware: Installation Guide
29. 9. In the Heartbeat Interval (secs) field, type the number of seconds you want the SVM to
wait between the time it contacts the SiteProtector system for changed policies and
updates. Range: 60 to 86,400 seconds (1 minute to 2 days). You should use the default of
3600.
Tip: Your SVM registers itself with the SiteProtector system at the end of the first
heartbeat. If you want to use a long heartbeat, you might want to set a short heartbeat
initially, and then change it after the SVM is registered.
10. Save your changes.
What to do next
See the SiteProtector documentation on the IBM ISS Documentation Web site at
http://www.iss.net/support/documentation/ for more information about Proventia OneTrust
tokens and licensing used by Proventia Server for VMware.
Using Proventia Manager to uninstall the SVM from your system
Follow this procedure to use Proventia Manager to remove the SVM from your system.
Procedure
1. Unregister the SVM from the SiteProtector system.
a. Open a Web browser, and type the IP address for the SVM (the IP address that was set
for the management interface during Proventia Setup): https://SVM_IP
b. Log on to Proventia Manager (the Web-based management interface for the SVM)
using the following account credentials:
v username = admin
v password = the Proventia Manager password you configured in Proventia Setup
c. Click Launch Proventia Manager.
d. Click System → Management in the navigation pane.
e. Clear the Register with SiteProtector check box.
2. Log on to the SVM, using the management console or by SSH, with the following account
credentials:
v username = admin
v password = the password you configured in Proventia Setup
3. Select Agent Management → Agent Uninstallation.
4. Type the host address, Administrator user name, and Administrator password for the
hosting ESX Server, and press ENTER.
5. Turn off the SVM.
Chapter 3. Deploying the SVM 21
30. Important: To avoid errors with removing the SVM from your system, make sure you do
not restart or turn off the hosting ESX Server before the SVM has finished being
uninstalled from your system.
6. Delete the SVM from the disk.
7. Reboot the hosting ESX Server.
Uninstalling the SVM manually from your system
Follow this procedure to manually remove the SVM from your system.
Procedure
1. Remove the file /etc/crm/issengine.policy.
2. Remove the file /etc/crm/issaccelerator.policy.
3. From the Services Control Panel, restart the issDaemon service.
4. Disconnect the pNIC from ibm-accelerator-switch.
5. Locate the virtual switch that is currently connected to eth4 on the SVM. Connect the
pNIC (that you disconnected from ibm-accelerator-switch) to this virtual switch.
6. Disconnect eth3 and eth4 on the SVM.
7. Associate eth3 and eth4 on the SVM to VM Network.
8. Remove ibm-accelerator-group and ibm-accelerator-switch.
9. Turn off the SVM.
Important: To avoid errors with removing the SVM from your system, make sure you do
not restart or turn off the hosting ESX Server before the SVM has finished being
uninstalled from your system.
10. Delete the SVM from the disk.
11. Delete the ibm-vmwarenetwork-switch and ibm-vmwareintrospect-switch switches.
12. Remove the DV Filter module using this command: esxupdate remove -b
cross_ibm-iss-vmkmod_400.1.0-164009
13. Restart the hosting ESX Server.
22 Virtual Server Security for VMware: Installation Guide
32. Any references in this information to non-IBM Web sites are provided for convenience only
and do not in any manner serve as an endorsement of those Web sites. The materials at those
Web sites are not part of the materials for this IBM product and use of those Web sites is at
your own risk.
IBM may use or distribute any of the information you supply in any way it believes
appropriate without incurring any obligation to you.
Licensees of this program who wish to have information about it for the purpose of enabling:
(i) the exchange of information between independently created programs and other programs
(including this one) and (ii) the mutual use of the information which has been exchanged,
should contact:
IBM Corporation
Project Management
C55A/74KB
6303 Barfield Rd.,
Atlanta, GA 30328
U.S.A
Such information may be available, subject to appropriate terms and conditions, including in
some cases, payment of a fee.
The licensed program described in this document and all licensed material available for it are
provided by IBM under terms of the IBM Customer Agreement, IBM International Program
License Agreement or any equivalent agreement between us.
All statements regarding IBM’s future direction or intent are subject to change or withdrawal
without notice, and represent goals and objectives only.
24 Virtual Server Security for VMware: Installation Guide
33. Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International
Business Machines Corp., registered in many jurisdictions worldwide. Other product and
service names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at “Copyright and trademark information” at Copyright
and trademark information at www.ibm.com/legal/copytrade.shtml.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or
both.
UNIX® is a registered trademark of The Open Group in the United States and other countries.
Microsoft® and Windows® are trademarks of Microsoft Corporation in the United States, other
countries, or both.
Other company, product, or service names may be trademarks or service marks of others.
Notices 25
34. 26 Virtual Server Security for VMware: Installation Guide