WIXLIB

5nine Cloud Security for Hyper-VFree EditionVersion 4.0February 201411

5nine Cloud Security 4.0 Free Edition Getting Started GuideTable of Contents5nine Cloud Security for Hyper-V Free Edition .5Summary .5System Requirements .5Permissions .5Features and Benefits .6Installation .7vFirewall Silent Installation .185nine Security Operations .19Adding and RemovingH.19Setting v-Firewall Rules .19Setting Virtual Firewall .27Antivirus .285nine Security Configuration File and PowerShell API.385nine Security and Compliance Scanner for Hyper-V.44Summary .44Installation .44Interface .47Operation .49Checking Scan Results.52VMs Firewalling .52Intrusion Detection .53Performance .54Antivirus Protection .55Overall Report .56 2009-2014 5nine Software, Inc. All rights reserved.Security & Management Solutions for Hyper-V and Windows Server2

5nine Cloud Security 4.0 Free Edition Getting Started Guide 2014 5nine Software.All rights reserved. All trademarks are the property of their respective owners.No part of this publication may be reproduced, transmitted, transcribed, stored in a retrievalsystem, or translated into any language in any form by any means, without written permissionfrom 5nine Software Inc (5nine). The information contained in this document represents thecurrent view of 5nine on the issue discussed as of the date of publication and is subject tochange without notice. 5nine shall not be liable for technical or editorial errors or omissionscontained herein. 5nine makes no warranties, express or implied, in this document. 5nine mayhave patents, patent applications, trademark, copyright, or other intellectual property rightscovering the subject matter of this document. All other trademarks mentioned herein are theproperty of their respective owners. Except as expressly provided in any written licenseagreement from 5nine, the furnishing of this document does not give you any license to thesepatents, trademarks, copyrights, or other intellectual property. 2009-2014 5nine Software, Inc. All rights reserved.Security & Management Solutions for Hyper-V and Windows Server3

5nine Cloud Security 4.0 Free Edition Getting Started GuideContacting 5nine SoftwareWe are always welcome your feedback on the product as well as your user experience. In caseyou would like to help us improve the product, please contact us at info@5nine.com.Customer SupportPlease contact techsupport@5nine.com if you have encountered any issue using 5nine CloudSecurity for Hyper-V Free Edition. 2009-2014 5nine Software, Inc. All rights reserved.Security & Management Solutions for Hyper-V and Windows Server4

5nine Cloud Security 4.0 Free Edition Getting Started Guide5nine Cloud Security for Hyper-V Free EditionSummary5nine Cloud Security Free Edition is a Virtual Infrastructure monitoring tool with the ability todefine network traffic rules for Hyper-V Virtual Machines and harden your Virtual Infrastructurefrom a security perspective; both programmatically – using a PowerShell API and via theManagement Console. Security allows to review network traffic logs for each of the monitoredVirtual machines and generates related reports.5nine Cloud Security Free Edition is designed for the monitoring and control of the trafficbetween Hyper-V Virtual machines and between Virtual machines and external networks(Virtual Firewall). It also includes an Intrusion Detection System (IDS) as well as antivirus.5nine Cloud Security Free Edition is designed for evaluation purposes as it includes lessfunctionality when compared to the capabilities of the Datacenter Edition, which supports thefull functionality of Security. For instance IDS is not available in the Free Edition and the VirtualFirewall settings offer less flexibility.5nine Cloud Security Free Edition also includes 5nine Security and Compliance Scanner forHyper-V. The description for this functionality is given in the “ 2009-2014 5nine Software, Inc. All rights reserved.Security & Management Solutions for Hyper-V and Windows Server5

5nine Cloud Security 4.0 Free Edition Getting Started Guide5nine Security and Compliance Scannerfor Hyper-V” section.System Requirements OS: Host: Windows Server 2012 or Windows 8 with enabled Hyper-V; Guest VM: any .NET 4.0; SQL 2008 Express edition on Management server/VM (in case DB logging is required); MS PowerShell; IIS.PermissionsFor both domain and workgroup configurations: TCP port 8788 should be opened on managed host. 5nine Cloud Security should be installed on each Hyper-V host monitored andprotected (in case several hosts are managed from one Management console). Same with the 5nine Security service for SC VMM 5nine Security plugins. WMI access 33(WS.10).aspx ) SQL database or file access (read/write).Allow to control Hyper-V(http://blogs.msdn.com/b/virtual pc to-control-hyper-v.aspx) User should be a local administrator. If the host is managed remotely from the centralized management console, thereshould also be an account with similar permissions used in Server Settings. The bestpractice recommendation is to use the same account for the service on the managedhost and in Server Settings in the management console.For workgroup/mixed domain environments: Account for workgroup environment should also have similar permissions for currentmanaged hosts. Managed and management servers should be marked as trusted hosts in the casewhere the workgroup environment is used on several domains environments. 2009-2014 5nine Software, Inc. All rights reserved.Security & Management Solutions for Hyper-V and Windows Server6

5nine Cloud Security 4.0 Free Edition Getting Started GuideFeatures and BenefitsSimple installation. 5nine Cloud Security Free Edition has one component that is required tobe installed – intuitive Management interface (DLL) that supports PowerShell API (describedbelow) to set and change traffic rules. Management API has a simple-to-use GUI applicationthat allows to set traffic rules between the virtual machines and external networks.Management interface can be installed either on a server or a Virtual machine, and allows theSystem Administrator to access rules, logs and reports:InstallationTo setup 5nine Cloud Security Free Edition (DLL and Management GUI application) –administrator needs to run setup.exe application from the downloaded 5nine Cloud SecurityFree Edition archive on the server that matches 5nine Cloud Security Free Edition section.”section.System RequirementsNo license is required for the Free Edition. 2009-2014 5nine Software, Inc. All rights reserved.Security & Management Solutions for Hyper-V and Windows Server7

5nine Cloud Security 4.0 Free Edition Getting Started GuideThen the 5nine Cloud Security Free Edition Setup Wizard will be opened:Read the SQL server information (you have to make sure it is available on your host for 5nineCloud Security Free Edition successful installation) and click Next: 2009-2014 5nine Software, Inc. All rights reserved.Security & Management Solutions for Hyper-V and Windows Server8

5nine Cloud Security 4.0 Free Edition Getting Started GuideChoose the path where 5nine Cloud Security Free Edition is to be installed and the users whowill be able to work with the product:You can check the physical space available on your drives and the space required for theinstallation by pressing the Disc Cost button on the window shown above:The 5nine Cloud Security Free Edition Information window will then appear: 2009-2014 5nine Software, Inc. All rights reserved.Security & Management Solutions for Hyper-V and Windows Server9

5nine Cloud Security 4.0 Free Edition Getting Started GuideSelect MS SQL data source:vFirewall remote installation is one step of the installation process. Installing vFW on somemachine locally you can define servers on which you want to install vFW remotely. After thedata source selection page you will see the page where you can select – include remote setupstem to setup process or not.Warnings!1. When using the remote installation, make sure, that all the servers have the same usercredentials as the local server. Credentials will be requested during further installationprocess only once. It is currently impossible to enter different user credentials for theremote servers and installation will fail, if there is a credentials mismatch.2. Be sure, that the similar SQL data sources are used on all the servers. You will berequested to select the MS SQL data source only once (if the Existing MS SQL Serverinstance option has been selected) as described above, and you will not be able to selecta different one for the other servers. This will cause a serious problem. The installationwill be accomplished on all the servers, but the product may not function properly.If remote setup checkbox is cleared setup goes with a common scenario: 2009-2014 5nine Software, Inc. All rights reserved.Security & Management Solutions for Hyper-V and Windows Server10

5nine Cloud Security 4.0 Free Edition Getting Started GuideSpecify if a remote installation step is required in the setup process:If the checkbox is checked you can select servers for the remote installation. Remoteinstallation server selection dialog goes after user credentials dialog. That dialog is similar tomonitored servers discovery dialog.For remote management Security uses WinRM service and it should be available. For caseslisted below trusted hosts should be configured:-Client and remote servers are in different domains and there is no trust between thetwo domains;Client or remote server is located in a domain and the other one is located in aworkgroup;Both client and remote server are located in a workgroup.Trusted hosts should be configured on both client and remote server sides. It can be done withthe command below:Set-Item wsman: localhost\client\trustedhosts -Value "{CompureName}"Or manuallyconfigured with gpedit.msc console:gpedit.msc console - Local Computer Policy/Computer Configuration/AdministrativeTemplates/Windows Components/Windows Remote Management (WinRM)/WinRM Client - Trusted HostsTo add all machines from workgroup to trusted hosts “{local}” name can be used. Typicalsymptom of such a problem is an error “WinRM cannot process the request” in a ManagementConsole log. This message may also appear when the system can’t resolve remote host’s path(it is wrong or DNS server is inaccessible for example) or wrong credentials are used.5nine Cloud Security Free Edition uses system security log events for logging denied packets.By default Windows Filtering Platform filtering audit is disabled to prevent the system logoverflow and avoid storing of unnecessary data. WFP filtering audit can be enabled withfollowing command:auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:enable /failure:enable 2009-2014 5nine Software, Inc. All rights reserved.Security & Management Solutions for Hyper-V and Windows Server11

5nine Cloud Security 4.0 Free Edition Getting Started GuideWFP filtering can be enabled from 5nine Cloud Security Free Edition setup. “Enable WindowsFiltering Platform audit” checkbox exists on a “Installation settings” page. If that checkbox ischecked the command listed above would be executed during the installation process:You can manually disable WFP with following command:auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disableIt will be better to disable WFP filtering audit if it is not used or after 5nine Cloud Security FreeEdition uninstallation.Confirm installation: 2009-2014 5nine Software, Inc. All rights reserved.Security & Management Solutions for Hyper-V and Windows Server12