VCAP6-NV Deploy – Objective 4.2 – Configure and Manage Service Composer

Skills and Abilities

Objective 4.2 – Configure and Manage Service Composer

  • Create/configure Service Composer according to a deployment plan:
    • Configure Security Groups
    • Configure Security Policies
    • Configure Activity Monitoring for a Security Policy
  • Create/edit/delete Security Tags
    • Create a Security Tag
    • Edit a Security Tag
    • Assign a Security Tag
    • Detach a Security Tag
    • Delete a Security Tag
  • Configure Network Introspection
  • Configure Guest Introspection

Objective Prerequisites

The following prerequisites are assumed for this Objective:

  • A working VMware vSphere 6.x environment.
  • A working VMware NSX 6.x environment.

Objective Breakdown

Create/configure Service Composer according to a deployment plan:

Configure Security Groups

Note: These steps assume you are not even logged into vCenter Server.  Skip the first few steps if you are!

Using your favourite web browser, navigate to the vCenter Server login page (https://vcenter.fqdn).

Enter appropriate User name and Password and click Login.

Click Networking and Security.

Click Service Composer.

Click Security Policies tab and then click New Security Group.

Enter a Name for the new Security Group and click Next.

Specify the membership requirements for the dynamic membership and click Next.

Select the Object Type (dropdown), move the objects to the Select Objects list and click Next.

Select the Object Type (dropdown), move the objects to the Select Objects list and click Next.

Click Finish.

Configure Security Policies

Note: These steps assume you are not even logged into vCenter Server.  Skip the first few steps if you are!

Using your favourite web browser, navigate to the vCenter Server login page (https://vcenter.fqdn).

Enter appropriate User name and Password and click Login.

Click Networking and Security.

Click Service Composer.

Click Security Policies tab and then New Security Policy.

Enter the Name of the new Policy, (optionally) select the Inherit Security Policy check box and select a Parent Policy (dropdown), then click OK.

Note: We’re skipping guest introspection services as i haven’t configured anything.

Click Next.

Click Add(+).

Enter the Name for the new Firewall Rule and select an Action option (Allow, Reject or Block). (Optional) (Optional) At Source, click Change to choose an Object as the source. (Optional) At Destination, click Change to choose an Object as the destination.  (Optional) At Service, click Change to choose the Service type (HTTPS,HTTP etc). At Status, select the Enabled option and (optional) click the Log option.

Click OK and add additional rules as required.

Click Next.

Click Next.

Click Finish.

Assigning the Security Policy to a Security Group

Right Click on the Security Policy.

Click Apply Policy.

Check the Security Group to apply the Security Policy too.

Click OK.

Configure Activity Monitoring for a Security Policy

 

Watch this space!

Create/Edit/Remove Security Tags

See HOWTO: Configure VMware NSX Security Tags

Configure Network Introspection

Watch this space!

 

Configure Guest Introspection

Watch this space!

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.