Data Center Connector for OpenStack

(1)

Product Guide

Data Center Connector 3.0.0 for

OpenStack

(2)

COPYRIGHT

McAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundscore, Foundstone, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others.

Product and feature names and descriptions are subject to change without notice. Please visit mcafee.com for the most current products and features. LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

(3)

Preface

This guide provides the information you need to work with your McAfee product.

Contents

About this guide

Find product documentation

About this guide

This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized.

Audience

McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

• Users — People who use the computer where the software is running and can access some or all of its features.

Conventions

This guide uses these typographical conventions and icons.

Book title, term,

emphasis Title of a book, chapter, or topic; a new term; emphasis.

Bold Text that is strongly emphasized. User input, code,

message Commands and other text that the user types; a code sample; a displayedmessage.

Interface text Words from the product interface like options, menus, buttons, and dialog boxes.

Hypertext blue A link to a topic or to an external website.

Note: Additional information, like an alternate method of accessing an

option.

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,

software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardware

(6)

Find product documentation

After a product is released, information about the product is entered into the McAfee online Knowledge Center.

Task

1 Go to the McAfee ServicePortal at http://support.mcafee.com and click Knowledge Center.

2 Enter a product name, select a version, then click Search to display a list of documents.

Preface

Find product documentation

(7)

1

Introduction

Data Center Connector for OpenStack helps you discover and import your virtual infrastructure using McAfee®_{ePolicy Orchestrator (McAfee ePO}™_{). You can also view the virtualization properties and}

protection status of your virtual machines.

Contents

Components and what they do VM security management made easy

Components and what they do

Each component performs specific functions to discover and manage your VMs.

Data Center Connector for OpenStack — With the connector you can:

• Register your cloud accounts like Rackspace, HP, and OpenStack cloud (Generic).

• Discover and import the VM information from your cloud accounts and add them to the McAfee ePO System Tree.

OpenStack Software — An open source platform for building public and private clouds. Rackspace public cloud — A transparent, enterprise-grade public cloud based on OpenStack

technology.

HP public cloud — A transparent, enterprise-grade public cloud based on OpenStack technology. OpenStack cloud (Generic) — A private cloud based on OpenStack technology.

Virtual Machines (VMs) — An isolated guest operating system installation within a normal host

operating system that supports both virtual desktops and virtual servers.

ePolicy Orchestrator — Management software that allows you to register a cloud account, so that

you can import your VMs and view them.

McAfee Agent — The client_{‑side component providing secure communication between McAfee ePO}

and managed products. It also serves as an updater for managed and unmanaged McAfee products.

(8)

VM security management made easy

Data Center Connector for OpenStack discovers and imports both running and stopped machine instances from the cloud accounts to the McAfee ePO server.

• This product integrates the management feature of McAfee ePO with the configured public and private clouds, which host and manage the VMs.

• It synchronizes periodically with both public and private clouds, and imports the VM details to McAfee ePO. The administrator doesn't need to add the cloud assets manually.

• The administrator can choose to deploy McAfee Agent to the discovered instances during the discovery or after. Then, other McAfee products can be installed on these discovered instances. • It provides extensive dashboards and queries to monitor the security compliance of the cloud

assets in real time.

1

Introduction

VM security management made easy

(9)

2

Installation

Before you set up your environment and import your VM information to McAfee ePO, make sure that you have your cloud account and its details ready.

You then install the extension and register the cloud accounts in McAfee ePO.

Contents Requirements

Download the software extension Install the extension

Register a Rackspace account Register an HP account

Register an OpenStack cloud (Generic) account Registered account details

Virtual machine details

Requirements

Make sure that your environment includes these components, and that they meet the requirements. • McAfee ePO 5.1.0

• One of these accounts: • Rackspace account • HP account

• OpenStack cloud (Generic) account

Data Center Connector for OpenStack supports the Havana release of OpenStack.

For details on system requirements and instructions for setting up the McAfee ePO environment, see

McAfee ePolicy Orchestrator Installation Guide.

Download the software extension

You must download the Data Center Connector for OpenStack extension before it can be installed into McAfee ePO.

Task

• From the McAfee download site (http://www.mcafee.com/us/downloads/), download the package OPENSTACK_Ext_3.0.0.zip.

(10)

Install the extension

You must install the product extension on the McAfee ePO server to be able to discover the VM information and import it to the System Tree.

Before you begin

Make sure that the extension file is in an accessible location on the network.

Task

For option definitions, click ? in the interface.

1 Log on to the McAfee ePO server as an administrator.

2 Click Menu | Software | Extensions | Install Extension.

3 Browse to and select the extension file OPENSTACK_Ext_3.0.0.zip, then click OK. The Install Extension page displays the extension name and version details.

4 Click OK.

Register a Rackspace account

You must register a Rackspace account, so that McAfee ePO establishes a connection with the Rackspace cloud. McAfee ePO then discovers, imports, and displays VM information under System Tree.

Make sure that you have your Rackspace account and its details ready.

The Registered Cloud Accounts option is available only after installing the Data Center Connector for OpenStack extension.

Task

2 Click Menu | Configuration | Registered Cloud Accounts, then click Actions | Add Cloud Account.

2

Installation

Install the extension

(11)

3 From the Choose Connector drop-down list, select Rackspace Public Cloud, then click OK.

4 On the Rackspace public cloud account details page, type these details:

• Name — A name for the Rackspace account in McAfee ePO. Account names can include characters a–z, A–Z, 0–9, and [_.-], without space.

• Identity Service Endpoint — The URL of the account.

The endpoint is prepopulated. Don't change the endpoint URL unless confirmed by the cloud provider.

• User Name — The user name of the account. • Password — The password of the account.

• Tags — List of McAfee ePO tags that are applied to VMs discovered for this Rackspace cloud account. Tag name can include characters a–z, A–Z, 0–9, and [_.-], with space. For details on tag usage, see the product documentation for McAfee ePO.

• Sync interval (in Minutes) — Specify the interval for McAfee ePO to synchronize with the Rackspace cloud.

The default value is 5 minutes. The maximum value is 525,600 minutes.

Installation

(12)

5 Click Validate Parameters to validate the account details and verify the connection to the Rackspace cloud.

6 (Optional) Deploy McAfee Agent on the registered VMs, select Create McAfee Agent deployment task and type the credentials to deploy the McAfee Agent package.

Make sure that the McAfee ePO server and the VMs in the Rackspace cloud can communicate with each other. Check the firewall settings for the machines in the cloud. For Linux VMs, SSH port (22) must be accessible. See the product documentation for your version of McAfee Agent.

7 Click Save to register the cloud account.

This action registers the Rackspace cloud and imports all discovered VMs, which are unmanaged, into the System Tree. The instances are imported with the structure and hierarchy of the Rackspace cloud.

The VMs that are already added and managed by McAfee ePO are retained with the existing policy settings. The connector adds the virtualization properties for these VMs.

8 View the imported VMs: click Menu | Systems | System Tree in McAfee ePO.

After the discovery, you can find your Rackspace account under the group Rackspace. The VMs from each Rackspace account are logically grouped under different geographical zones in McAfee ePO.

Register an HP account

You must register an HP account, so that McAfee ePO establishes a connection with the HP cloud. McAfee ePO then discovers, imports, and displays VM information under System Tree.

Make sure that you have your HP account and its details ready.

Task

2

Installation

Register an HP account

(13)

3 From the Choose Connector drop-down list, select HP Public Cloud, then click OK.

4 On the HP public cloud account details page, type these details:

• Name — A name for the HP account in McAfee ePO. Account names can include characters a–z, A–Z, 0–9, and [_.-], without space.

The endpoint is prepopulated. Don't change the endpoint URL unless confirmed by the cloud provider.

• User Name — The user name of the account in the format Project name:user login. For example, project1:Admin.

• Password — The password of the account.

• Tags — List of McAfee ePO tags that are applied to VMs discovered for this HP cloud account. Tag name can include characters a–z, A–Z, 0–9, and [_.-], with space. For details on tag usage, see the product documentation for McAfee ePO.

• Sync interval (in Minutes) — Specify the interval for McAfee ePO to synchronize with the HP cloud.

Installation

(14)

5 Click Validate Parameters to validate the account details and verify the connection to the HP cloud.

Make sure that the McAfee ePO server and the VMs in the HP cloud can communicate with each other. Check the firewall settings for the machines in the cloud. For Linux VMs, SSH port (22) must be accessible. See the product documentation for your version of McAfee Agent.

This action registers the HP cloud and imports all discovered VMs, which are unmanaged, into the

System Tree. The instances are imported with the structure and hierarchy of the HP cloud.

After the discovery, you can find your HP account under the group HP. The VMs from each HP account are logically grouped under different geographical zones in McAfee ePO.

Register an OpenStack cloud (Generic) account

You must register a OpenStack cloud (Generic) account, so that McAfee ePO establishes a connection with this cloud. McAfee ePO then discovers, imports, and displays VM information under System Tree.

Make sure that you have your OpenStack cloud (Generic) account and its details ready. The OpenStack account is termed as generic, because you can provide the URL of the

OpenStack implementation under Identity Service Endpoint and configure the cloud account.

Task

2

Installation

Register an OpenStack cloud (Generic) account

(15)

3 From the Choose Connector drop-down list, select OpenStack Cloud (Generic), then click OK.

4 On the OpenStack Cloud (Generic) account details page, type these details:

• Name — A name for the Rackspace account in McAfee ePO. Account names can include characters a–z, A–Z, 0–9, and [_.-], without space.

• User Name — The user name of the account in the format Project name:user login. For example, Project1:admin.

• Password — The password of the account.

• Tags — List of McAfee ePO tags that are applied to VMs discovered for this cloud account. Tag name can include characters a-z, A–Z, 0–9, and [_.-], with space. For details on tag usage, see the product documentation for McAfee ePO.

• Sync interval (in Minutes) — Specify the interval for McAfee ePO to synchronize with the cloud.

5 Click Validate Parameters to validate the account details and verify the connection to the cloud.

Installation

(16)

Make sure that the McAfee ePO server and theVMs in the OpenStack cloud (Generic) can

communicate with each other. Check the firewall settings for the machines in the cloud. For Linux VMs, SSH port (22) must be accessible. See the product documentation for your version of McAfee Agent.

This action registers the OpenStack cloud (Generic) and imports all discovered VMs, which are unmanaged, into the System Tree. The instances are imported with similar structure and hierarchy of the cloud.

After the discovery, you can find your OpenStack cloud (Generic) account under the group OpenStack. The VMs from OpenStack cloud (Generic) are logically grouped under different zones in McAfee ePO.

Registered account details

After configuring and registering the cloud account with McAfee ePO, the account details of these registered cloud accounts are displayed in McAfee ePO.

Property Description

Name Name of the cloud account.

Type Type of the cloud account: HP Public Cloud, Rackspace Public cloud, or OpenStack generic.

Last Successful Sync Displays the date and time when the last successful synchronization between

McAfee ePO and the cloud account occurred.

Last Sync Status Displays the last synchronization status, including Synch Scheduled, Success, In Progress, and Failure.

Total VMs Displays the number of VMs discovered for this account.

Running VMs Displays the number of VMs that are up and running in this account.

Managed VMs Displays the number of VMs that McAfee ePO manages.

Auto Deploy MA Specifies if the administrator has enabled the Auto deploy McAfee Agent task for the registered account.

2

Installation

Registered account details

(17)

Tags McAfee ePO tag that is applied on the VM.

Actions You can edit, delete, and synchronize the cloud accounts using McAfee ePO.

When you delete an account, you can select these options:

• Delete System Tree group corresponding to this account — Deletes all VMs and groups from this account.

• Delete Tags — Deletes the McAfee ePO tags for this account.

If you don't select any of these options, only the account details are deleted.

You can retrieve the registered Data Center details by running the Datacenters query under Menu |

Reporting | Queries and Reports | Shared Groups | Datacenter.

Virtual machine details

After importing the discovered VMs from the cloud accounts, the VM details are displayed in the System Tree.

System Name Displays the name of the VM.

Managed State Specifies if the system is managed by McAfee Agent.

Tags Displays the tag applied on this VM.

IP Address Displays the IP address of the VM.

User Name Displays the user name of the user logged on to the system.

Last Communication Displays the time of the last synchronization.

You can view more details of the cloud accounts by selecting and adding the required columns using the Choose Columns option under System Tree | Actions. By default, these columns don't appear under System

Tree.

Availability Zone Displays the region where the instance is created.

Image ID Displays the unique value provided to the instance from the cloud account.

Instance ID Displays the unique value provided to the instance from the cloud account.

Instance Type Displays the hardware configuration selected for an instance during the launch.

Key Name Displays the key name, which is provided during the launch of the instance.

Launch time Displays the time when the instance is launched in the cloud account.

Platform Specifies whether the platform is Microsoft Windows or Linux.

Private IP address Displays the private IP address from the cloud account.

Public IP Address Displays the public IP address from the cloud account.

Tags Displays the tags of the systems on McAfee ePO.

You can view the virtualization properties of the selected VM by navigating to Menu | Systems | System

Tree. Double-click the target VM and click the Virtualization tab.

Installation

(18)

2

Installation

Virtual machine details

(19)

3

Queries and reports

With the Data Center Connector for OpenStack software, you can quickly generate a summary view of all registered Data Centers.

The predefined queries and dashboards provide out_{‑of‑the‑box functionality, because they are added to} your McAfee ePO server when the software is installed. You can configure these queries to display results in charts or tables, which you can use as dashboard monitors. Query results can be exported to several formats, which can be downloaded or sent as an attachment to an email message.

You can also create custom queries based on the properties collected by the Data Center software. For details on how to use custom queries, see the product documentation for your version of McAfee ePO.

Contents

Predefined Data Center queries Dashboards and monitors

Predefined Data Center queries

You can use predefined queries as is, edit them, or create queries from events and properties stored in the McAfee ePO database.

You can't edit predefined queries in McAfee ePO 5.1.

To create custom queries, your assigned permission set must include the ability to create and edit private queries.

(20)

Data Center provides these predefined queries:

Query Description

Anti-malware Status Specifies whether the system is in one of these states.

• Application Control Enabled — These VMs have McAfee Application Control installed and enabled.

• Only Anti-Virus Enabled — These VMs have a McAfee anti-virus product installed and enabled.

• Unprotected — These VMs don't have any McAfee anti-virus product enabled.

Application Reputation Categorizes the applications based on Global Threat Intelligence (McAfee GTI) file reputation:

• Good • Bad • Unclassified

For details on file reputation, see the product documentation for McAfee Application Control.

Security Incidents (last

14 days) Displays the events reported for these components on the VMs in the last 14days. • Application Control

• AntiVirus • Firewall

• Memory Protection

Data Centers Displays all registered Data Centers.

File Integrity Monitoring

Status Displays the number of VMs with File Integrity Monitoring (FIM) installed andenabled. For details on FIM, see the product documentation for McAfee Change Control.

Host Firewall Status Specifies whether the system is in one of these two states:

• Firewall Enabled — These VMs have McAfee Host Intrusion Prevention (McAfee Agent-based) installed.

• Not in use — These VMs don't have McAfee Host Intrusion Prevention (McAfee Agent-based) installed.

OS Distribution The OS Type shows the template value selected while creating the VMs. However, it might not be the actual operating system installed on the VM.

Boot Attestation Status

of Hypervisors Displays the Boot Attestation status of VMs. For details, see the productdocumentation for Boot Attestation Service.

View default queries

Run the predefined queries to generate reports based on Data Center components.

Task

2 Click Menu | Reporting | Queries & Reports.

3 From the Groups | McAfee Groups pane, select Data Center to display the queries for the selected group.

3

Queries and reports

Predefined Data Center queries

(21)

4 From the Queries list, select a query, then click Run.

5 In the query results page, click any item in the results to drill down further.

6 Click Close when finished.

Dashboards and monitors

Dashboards, which are comprised of monitors, help you track key metrics from all Data Center products.

Reports are grouped under McAfee Dashboards.

Data Center dashboard

The Data Center dashboard is added to your McAfee ePO server when you install the Data Center software.

The dashboard displays a collection of monitors based on the results of the default Data Center software queries.

The default monitors that appear under the Data Center dashboard are: • Anti-malware Status — Displays the state of the VM.

• Application Control Enabled — These VMs have McAfee Application Control installed and enabled. • Only Anti-Virus Enabled — These VMs have a McAfee anti-virus product installed and enabled. • Unprotected — These VMs don't have any McAfee anti-virus product enabled.

(22)

• Application Reputation — Categorizes the applications based on GTI file reputation. • Good

• Bad • Unclassified

This dashboard retrieves data from the McAfee Application Control extension.

For details on file reputation, see the product documentation for McAfee Application Control.

• Security Incidents (last 14 days) — Specifies events reported for these components on the VMs in the last 14 days.

• Application Control • AntiVirus

• Firewall

• Memory Protection

3

Dashboards and monitors

(23)

• Data Centers — Displays all registered Data Centers.

• File Integrity Monitoring Status — Displays the number of VMs with File Integrity Monitoring (FIM) installed and enabled.

• Enabled — File Integrity Monitoring is enabled on these VMs. • Disabled — File Integrity Monitoring is disabled on these VMs. • Not Installed — File Integrity Monitoring isn't installed on these VMs.

For more details on FIM, see the product documentation for McAfee Change Control.

(24)

• Host Firewall Status — Displays the state of the system.

• Firewall Enabled — These VMs have McAfee Host Intrusion Prevention installed. • Not in use — These VMs don't have McAfee Host Intrusion Prevention installed.

• OS Distribution — Displays the OS Type. It shows the template value selected while creating the VMs. However, it might not be the actual operating system installed on the VM.

• Boot Attestation Status for Hypervisors — Displays the Boot Attestation status of vCenter hypervisors. For details, see the product documentation for Boot Attestation Service.

3

Dashboards and monitors

(25)

Index

A

about this guide 5

accounts, registering HP 12

OpenStack 14

Rackspace 10

antimalware status dashboard 21

Application Control 19, 21

application reputation dashboard, GTI 21

B

Boot Attestation Service 19, 21

C

Change Control 19

cloud accounts 7

components, Data Center 7

connector, choosing 10, 12, 14

conventions and icons used in this guide 5

D

dashboards, Data Center antimalware status 21

application reputation 21

boot attestation status 21

Data Center 21

File Integrity Monitoring Status 21

Firewall Status 21

OS Distribution 21

security incidents 21

Data Center Connector for OpenStack components 7, 8

default queries, displaying 20

documentation

audience for this guide 5

product-specific, finding 6

typographical conventions and icons 5

E

ePolicy Orchestrator components 7, 8

download package 9

ePolicy Orchestrator (continued) install extension 10 requirements 9 extension downloading 9 installing 10

F

file reputation 21

FIM (File Integrity Monitoring Status) 21

firewall status 21

G

GTI (Global Threat Intelligence), file reputation 21

H

HP account displaying 16

editing and deleting 16

registering 12

I

installation

download software 9

HP account, registering 9, 12

OpenStack cloud (Generic) accountt, registering 14

Rackspace account, registering 10

requirements 9

M

McAfee ServicePortal, accessing 6

monitors, Data Center 21

O

OpenStack cloud (Generic) account 14

registering 14

Openstack connector HP 7

(26)

Openstack connector (continued) Rackspace 7

P

protection status, displaying 20, 21

Q

queries, Data Center default, viewing 20

pie charts 20

predefined 19

viewing default queries 20

R

Rackspace account displaying 16

registering 10

requirements

reports, Data Center 19

S

security incidents dashboard 21

ServicePortal, finding product documentation 6

status firewall 21 trust 21

T

tags defining 10, 12, 14 deleting 16 displaying 16

technical support, finding product information 6

V

virtual machines, discovering HP 12

OpenStack cloud (Generic) 14

Rackspace 10

Index

(27)