NSX – Configure Security Groups

1. Log in to the vSphere Web Client.

2. Click Networking & Security and then click Service Composer.

3. Click the Security Groups tab and then click the Add Security Group icon.

4. Type a name and description for the security group and click Next.

5. On the Dynamic Membership page, define the criteria that an object must meet for it to be added to the security group you are creating. For example, you may include a criteria to add all members tagged with the specified security tag (such as Allow_Web_Access) to the security group. Security tags are case sensitive.

Note – If you define a security group by virtual machines that have a certain security tag applied to them, you can create a dynamic or conditional workflow. The moment the tag is applied to a virtual machine, the virtual machine is automatically added to that security group. Or you can add all virtual machines containing the name W2008 AND virtual machines that are in the logical switch global_wire to the security group.

6. Click Next.

7. On the Select objects to include page, select the tab for the resource you want to add and select one or more resource to add to the security group. You can include the following objects in a security group.

  • Other security groups to nest within the security group you are creating.
  • Cluster
  • Virtual wire
  • Network
  • Virtual App
  • Datacenter
  • IP sets
  • AD groups
  • MAC Sets
  • Security tag
  • vNIC
  • Virtual Machine
  • Resource Pool
  • Distributed Virtual Port Group

The objects selected here are always included in the security group regardless of whether or not they match the dynamic criteria.

When you add a resource to a security group, all associated resources are automatically added. For example, when you select a virtual machine, the associated vNIC is automatically added to the security group.

8. Click Next and select the objects that you want to exclude from the security group.

9. Click Finish.

Membership of a security group is determined as follows:

{Expression result (derived from step 4) + Inclusions (specified in step 6} – Exclusion (specified in step 7)

which means that inclusion items are first added to the expression result. Exclusion items are then subtracted from the combined result.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.