VCAP6-NV Deploy - Objective 6.3 - Configure and Manage Universal Logical Security Objects
VMware NSX-V VCAP6-NV VCIX6-NV HOWTO
Published on 20 November 2017 by Christopher Lewis. Words: 712. Reading Time: 4 mins.
Skills and Abilities
Objective 6.3 - Configure and Manage Universal Logical Security Objects
- Configure Universal MAC Sets
- Configure Universal IP Sets
- Configure Universal Security Groups
- Configure Universal Services and Service Groups
- Configure Universal Firewall Rules
Objective Prerequisites
The following prerequisites are assumed for this Objective:
- A working VMware vSphere 6.x environment with 2 vCenter Servers and 2 Platform Services linked in ELM.
- A working VMware NSX 6.x environment configured for cross-vCenter NSX.
Objective Breakdown
Note: These steps assume you are not even logged into vCenter Server. Skip the first few steps if you are!
Using your favourite web browser, navigate to the vCenter Server login page (https://vcenter.fqdn).
Enter appropriate User name and Password and click Login.
Click Networking and Security.
Click NSX Managers.
Click the Primary NSX manager IP address.
Click Manage.
Click Grouping Objects.
Configure Universal MAC sets
Click MAC Sets.
Click Add(+).
Enter the Name of the new Universal MAC Set, (optional) Description and enter a list of** MAC Addresses**.
Check the Mark this object for Universal Synchronization checkbox.
Click OK.
Configure Universal IP Sets
Click IP Sets.
Click Add (+).
Enter the Name of the new Universal IP Set, (optional) Description and enter a range of IP Addresses.
Check the Mark this object for Universal Synchronization checkbox.
Click OK.
Configure Universal Services
Click Service.
Click Add(+).
Enter the Name of the new Universal Service, (optional) Description, and select a Protocol from the dropdown.
Note: if you select certain Protocols there are additional options to specify both a Destination Port and Source Port or utilise the pre-defined default port(s).
Check the Mark this object for Universal Synchronization checkbox.
Click OK.
Configure Universal Service Groups
Click Service Groups.
Click Add (+).
Enter the Name of the new Service Group., (optionally) add a Description and check the Mark this object for Universal Synchronization checkbox.
Select the appropriate Service or Service Group from the Object Type dropdown and then select the appropriate item(s) from the Available Objects list and click the arrow to move it to the Selected Objects list.
Click OK.
Configure Universal Security Groups
Click Security Groups.
Click Add (+).
Enter the Name of the Security Group, check the Mark this object for Universal Synchronisation and (optionally) check the Use for active standby deployments.
Click Next.
Define Membership Criteria as required and (optionally) add additional criteria using Add (+).
Select IP Sets, Security Tag, MAC Sets or Security Group from the Object Type dropdown.
Select the desired object from the Available Objects list and click the arrow to move it to the Select Objects list.
Click Next.
Click Finish.
Configure Universal Firewall Rules
Using your favourite web browser, navigate to the vCenter Server login page (https://vcenter.fqdn).
Enter appropriate User name and Password and click Login.
Click Networking and Security.
Click Firewall.
Click New Section.
Enter a Name for the New Section and check the Mark this section for Universal Synchronization checkbox.
Click Save.
Click Publish Changes.
Under the new Universal Section, click Add Rule.
Update the Firewall Rule Name
Highlight the new Universal Firewall Rule and click Edit Name.
Enter the new Rule Name and click Save.
Update the Firewall Rule Source
Under Source, click Edit.
Select a Universal object from the Object Type dropdown, highlight an item from the Available Objects list and click the arrow to move the item to the Selected Objects list.
Click OK.
Update the Firewall Rule Destination
Under Destination, click Edit.
Select a Universal object from the Object Type dropdown, highlight an item from the Available Objects list and click the arrow to move the item to the Selected Objects list.
Click OK.
Update the Firewall Rule Service
Under Service, click Edit.
Select a Universal object from the Object Type dropdown, highlight an item from the Available Objects list and click the arrow to move the item to the Selected Objects list.
Click OK.
(Optional) Update the Firewall Rule Action
Under Action, click Edit.
Make changes to the required Action and click Save.
(Optional) Update the Firewall Rule Filter (Applied To)
Under Applied To, click Edit.
Select a Universal object from the Object Type dropdown, highlight an item from the Available Objects list and click the arrow to move the item to the Selected Objects list.
Click OK.
Publish the Firewall Rule
Click Publish Changes.
Published on 20 November 2017 by Christopher Lewis. Words: 712. Reading Time: 4 mins.
- VCAP6-NV Deploy - Objective 6.2 - Configure and Manage Universal Logical Network Objects ()
- VCAP6-NV Deploy - Objective 6.1 - Configure Cross vCenter VMware NSX infrastructure components ()
- Achievement Unlocked - VMware Certified Implementation Expert 6 - Network Virtualization ()
- VCAP6-NV Deploy - Objective 4.2 - Configure and Manage Service Composer ()
- HOWTO: Configure VMware NSX Security Tags ()
- Operating a Private Cloud - Part 3: Creating a Pricing Card in VMware Aria Automation
- Operating a Private Cloud - Part 2: Creating a Pricing Card in VMware Aria Operations
- Operating a Private Cloud - Part 1: Understanding Pricing Cards in VMware Aria
- Zero2Hero - Using Aria Automation to Deploy Multiple Machines with Multiple Disks - Part 5
- Zero2Hero - Using Aria Automation to Deploy Multiple Machines with Multiple Disks - Part 4