VMware NSX

 View Only
  • 1.  NSX - Dynamic Security Group

    Posted Mar 29, 2018 01:25 AM

    I am looking for creating a dynamic security group for the below condition.

    I have servers with the computer name starting from server0000,server0001, .................... server0039

    These servers will be created dynamically on need basis & i want these servers to be part of 1 security group dynamically.

    Let me know how can i achieve it.

    My plan is to create as below .

    Dynamic Policy:

    Computer Name starts with server000

    Computer Name starts with server001

    Computer Name starts with server002

    Computer Name starts with server003

    The above should cover servers from server0000 ~ server0039

    Is there any better way to achieve it.



  • 2.  RE: NSX - Dynamic Security Group

    Posted Mar 29, 2018 04:01 AM

    One way could be to tag each of these VMs with a common tag(Such as NSX-Tag-server -AppX during creation, and create a security group based on this tag. This puts the VMs with that tag into this Security group dynamically. If VRA is used, these tags could be part of the Blueprint

    These links may be helpful:

    https://thecloudxpert.net/2017/09/howto-configure-vmware-nsx-security-tags/

    http://www.virtually-limitless.com/vcix-nv-study-guide/add-assign-edit-or-delete-security-tags-in-nsx/

    https://esxsi.com/2017/06/11/nsxtags/

    http://www.routetocloud.com/tag/security-tag/

    Another way could be to group the VMs with name including server00, and exluding VM names that includes server004, server005, server006, server007, server008 and server009.

    These links may be helpful:

    http://vcrooky.com/2017/08/nsx-configure-security-groups/

    http://networkinferno.net/service-composer-security-groups-and-security-tags

    http://www.virtualizationblog.com/nsx-step-by-step-part-31-working-with-security-group/



  • 3.  RE: NSX - Dynamic Security Group

    Broadcom Employee
    Posted Apr 23, 2018 06:13 AM

    If your computer name is going to be the same as your VM Name, then why not use regular expressions?

    "VM Name" "Matches Regular Expression" "^server0{2}[0-3][0-9]$"

    Dale