VCAP6-NV Deploy – Objective 6.3 – Configure and Manage Universal Logical Security Objects

Skills and Abilities

Objective 6.3 – Configure and Manage Universal Logical Security Objects

  • Configure Universal MAC Sets
  • Configure Universal IP Sets
  • Configure Universal Security Groups
  • Configure Universal Services and Service Groups
  • Configure Universal Firewall Rules

Objective Prerequisites

The following prerequisites are assumed for this Objective:

  • A working VMware vSphere 6.x environment with 2 vCenter Servers and 2 Platform Services linked in ELM.
  • A working VMware NSX 6.x environment configured for cross-vCenter NSX.

Objective Breakdown

Note: These steps assume you are not even logged into vCenter Server.  Skip the first few steps if you are!

Using your favourite web browser, navigate to the vCenter Server login page (https://vcenter.fqdn).

Enter appropriate User name and Password and click Login.

Click Networking and Security.

Click NSX Managers.

Click the Primary NSX manager IP address.

Click Manage.

Click Grouping Objects.

Configure Universal MAC sets

Click MAC Sets.

Click Add(+).

Enter the Name of the new Universal MAC Set, (optional) Description and enter a list of MAC Addresses.

Check the Mark this object for Universal Synchronization checkbox.

Click OK.

Configure Universal IP Sets

Click IP Sets.

Click Add (+).

Enter the Name of the new Universal IP Set, (optional) Description and enter a range of IP Addresses.

Check the Mark this object for Universal Synchronization checkbox.

Click OK.

Configure Universal Services

Click Service.

Click Add(+).

Enter the Name of the new Universal Service, (optional) Description, and select a Protocol from the dropdown.

Note: if you select certain Protocols there are additional options to specify both a Destination Port and Source Port or utilise the pre-defined default port(s).

Check the Mark this object for Universal Synchronization checkbox.

Click OK.

Configure Universal Service Groups

Click Service Groups.

Click Add (+).

Enter the Name of the new Service Group., (optionally) add a Description and check the Mark this object for Universal Synchronization checkbox.

Select the appropriate Service or Service Group from the Object Type dropdown and then select the appropriate item(s) from the Available Objects list and click the arrow to move it to the Selected Objects list.

Click OK.

Configure Universal Security Groups

Click Security Groups.

Click Add (+).

Enter the Name of the Security Group, check the Mark this object for Universal Synchronisation and (optionally) check the Use for active standby deployments.

Click Next.

Define Membership Criteria as required and (optionally) add additional criteria using Add (+).

Select IP Sets, Security Tag, MAC Sets or Security Group from the Object Type dropdown.

Select the desired object from the Available Objects list and click the arrow to move it to the Select Objects list.

Click Next.

Click Finish.

Configure Universal Firewall Rules

Using your favourite web browser, navigate to the vCenter Server login page (https://vcenter.fqdn).

Enter appropriate User name and Password and click Login.

Click Networking and Security.

Click Firewall.

Click New Section.

Enter a Name for the New Section and check the Mark this section for Universal Synchronization checkbox.

Click Save.

Click Publish Changes.

Under the new Universal Section, click Add Rule.

Update the Firewall Rule Name

Highlight the new Universal Firewall Rule and click Edit Name.

Enter the new Rule Name and click Save.

Update the Firewall Rule Source

Under Source, click Edit.

Select a Universal object from the Object Type dropdown, highlight an item from the Available Objects list and click the arrow to move the item to the Selected Objects list.

Click OK.

Update the Firewall Rule Destination

Under Destination, click Edit.

Select a Universal object from the Object Type dropdown, highlight an item from the Available Objects list and click the arrow to move the item to the Selected Objects list.

Click OK.

 

Update the Firewall Rule Service

Under Service, click Edit.

Select a Universal object from the Object Type dropdown, highlight an item from the Available Objects list and click the arrow to move the item to the Selected Objects list.

Click OK.

(Optional) Update the Firewall Rule Action

Under Action, click Edit.

Make changes to the required Action and click Save.

(Optional) Update the Firewall Rule Filter (Applied To)

Under Applied To, click Edit.

Select a Universal object from the Object Type dropdown, highlight an item from the Available Objects list and click the arrow to move the item to the Selected Objects list.

Click OK.

Publish the Firewall Rule

Click Publish Changes.

Leave a Reply