Creating vGW Series Smart Groups

This topic explains how to configure vGW Series Smart Groups. For information about Smart Groups, see Understanding vGW Series Smart Groups.

To define a Smart Group:

  1. Select Setting > Security Settings > Groups.
  2. To create a new Smart Group:
    1. Click Add Group.
    2. On the displayed pane, click Add a Smart Group .

    The pane displays with the Advanced options shown by default. In Advanced mode, you can add as many rows as needed to define the Smart Group criteria. Each row establishes an equation.

    If you do not know the meaning of an attribute or the values that it can take, click ? at the end of the row. The pop-up window that is displayed describes the attribute. It gives its data type, and it identifies possible values.

  3. Give the Smart Group a name. A short, descriptive name is best as it will be displayed in the Groups table.
  4. For Matches, select
    • Any–A VM matches any of the configured rules to become a member of the Smart Group.
    • All–A VM must meet all configured rules to become a member of the Smart Group.
  5. For each row, select the following information:
    • An attribute. See Table 16.
    • A comparator. For example, you can require that VMs meet the attribute specification to belong to the group, or you can define a rule that excludes VMs that meet the criteria.
    • A value.
  6. Select the Policy Group check box if you want the Smart Group to belong to a policy group.

    When you select Policy Group:

    • The Smart Group is added to the Policy Groups area in the VM tree.

      You can now configure a firewall policy for the Smart Group on its Group Policy page. You use the Firewall module in conjunction with the VM tree to display the Smart Group’s policy page.

    • You specify a priority level and a precedence level:
      • You can select high, medium (default), or low for the priority level.
      • Smart Groups can be created with the same priority level. You can use Precedence within Level to define the precedence for Smart Groups with the same priority level.

    A VM can belong to more than one Smart Group. In this case, the policy rules of all Smart Groups that the VM is a member of are applied to the VM. How the rules are applied also depends on the precedence and priority settings. It can happen that more than one Smart Group is defined with the same priority level and the same precedence within that level. In this case, Smart Group rules are applied to the VM in the order in which the Smart Groups were created.

  7. Test the configuration before you save the Smart Group definition. Click Test to verify that the group contains the VMs that you intended it to include.

The following values are returned for the Type field.

Table 16: Smart Group Attributes

Attribute name

Data Type

Description

vf.antivirus.database.version

String Value

What version of AV database version is this VM using? (What's installed on the central AV database it is connected to)?

vf.antivirus.endpoint.connected

Boolean Value

Is this VM properly connected to central AV scan engine?

vf.antivirus.endpoint.enabled

Boolean Value

Does this VM have an operational AV agent installed?

vf.antivirus.endpoint.version

String Value

Version of endpoint installed on the VM.

vf.antivirus.engine.version

String Value

What version of the AV engine is this VM is using? (What is installed on the central VM database it is connected to?)

vf.antivirus.onaccess.enabled

Boolean Value

Does this VM have on-access AV scanning enabled?

vf.antivirus.quarantine.enabled

Boolean Value

Is this VM configured to quarantine virus files?

vf.app_count_bad

Integer

Number of applications on a VM that are classified as bad.

vf.app_count_known

Integer

Number of applications on a VM that are classified as known.

vf.app_count_unclassified

Integer

Number of applications on a VM that are unclassified.

vf.app_count_unknown

Integer

Number of applications on a VM that are classified as unknown.

vf.app.gi.compliant

String Value

Is this VM in compliance with the selected Gold Image?

vf.app.is.gold.image

Boolean Value

Is this VM defined as a master image for Image Enforcer comparisons?

vf.app.matches.gold.image

Boolean Value

Is this VM compliant with its configured Gold Image?

vf.app.registry

String Value

Registry value from Windows registry as determined by Introspection of VM.

vf.application

String Value

An application installed on a VM.

vf.description

String

The text string description of the VM, as defined in the vGW Security Design Settings module Machines section.

vf.firewall

String

Is this VM a vGW Security VM?

vf.group

Multi String

Comma-separated string of all vGW groups to which a VM belongs.

vf.has_installed_group_policy

Boolean

Does the VM have a non-default group policy installed?

vf.has_installed_policy

Boolean

Does the VM have an installed security policy?

vf.hotfix

Multi String

Hotfix installed on a VM.

vf.monitored

Boolean

Is the VM currently being monitored by the vGW Security Design VM?

vf.name

String

Name as defined in the vGW Security Design VM.

vf.os

String

The operating system installed on the VM.

vf.quarantined

Boolean Value

Is this VM in a quarantined state, and thus in the Quarantine Policy group?

vf.secured

Boolean

Is a VM currently secured by the vGW Security Design VM?

vf.secured_active

Boolean

Is the VM actively protected by vGW?

vf.tag

String

Tags associated with this VM that are semicolon separated.

vf.type

Enumeration

The machine object type.

vf.virus.infected

Boolean Value

Has a virus been detected on this VM by the vGW antivirus engine?

vi.attribute

String Value

The attribute values that are defined in the annotation box in VI.

vi.cluster

String

Cluster containing a VM.

vi.datacenter

String

Data Center in vCenter where a VM is housed.

vi.deleted

Boolean Value

Has this VM been deleted?

vi.excfg.copy.disable

Boolean Value

Is the copy and paste to remote console feature disabled for this VM?

vi.excfg.deviceconnectable.disable

Boolean Value

Is this VM configured to allow devices to be connected?

vi.excfg.deviceedit.disable

Boolean Value

Is this VM configured to allow devices to be connected and removed?

vi.excfg.diskshrink.disable

Boolean Value

Is this VM configured to prevent virtual disk shrinking?

vi.excfg.diskwiper.disable

Boolean Value

Is this VM configured to prevent virtual disk shrinking?

vi.excfg.dragndrop.disable

Boolean Value

Is the copy and paste to remote console feature disabled for this VM?

vi.excfg.hostinfo.disable

Boolean Value

Is access to host performance information available to this VM?

vi.excfg.log.disable

Boolean Value

Is the VM log file size limited for this VM?

vi.excfg.log.keep.old

Numeric Value

Is the number of stored log files limited for this VM?

vi.excfg.log.rotatesize

Numeric Value

Is the VM log file size limited for this VM?

vi.excfg.paste.disable

Boolean Value

Is the copy and paste to remote console feature disabled for this VM?

vi.excfg.remotedisplay.max

Numeric Value

How many remote consoles are available for this VM? VMware Hardening guideline recommends limiting to one.

vi.excfg.remoteop.disable

Boolean Value

Are remote operations disabled for this guest?

vi.excfg.setguiopts.disable

Boolean Value

Is the copy and paste to remote console feature disabled for this VM?

vi.excfg.vmxfilesize.limit

Numeric Value

Is the VMX file size limited (to limit the informational messages from VM to VMX file)?

vi.folder

Multi-String

The folder containing a VM in vCenter.

vi.host

String

ESX/ESXi hosting a VM.

vi.host.console.ids

Boolean Value

Is vGW IDS inspection enabled for this hypervisor's service console?

vi.host.console.monitor

Boolean Value

Is vGW network monitoring enabled for this hypervisor's service console?

vi.host.lockdown

Boolean Value

Is lockdown mode enabled for this hypervisor host?

vi.host.ntp.enabled

Boolean Value

Is Network Time Protocol (NTP) configured and enabled for this hypervisor?

vi.host.techsupportmode.disable

Boolean Value

Is tech support mode enabled for this hypervisor?

vi.host.vmkernel.isolated.vlan

Boolean Value

Is the vmkernel management network on this hypervisor on an isolated VLAN?

vi.host.vmkernel.isolated.vswitch

Boolean Value

Is the vmkernel management network on this hypervisor on an isolated vSwitch?

vi.indep.nonpersist.disk.ct

Numeric Value

The number of virtual disks used by this VM that are configured as Independent nonpersistent and thus cannot be introspection scanned.

vi.ipv4

IPv4 (multi value)

The IP addresses as known on a VM.

vi.memory_inspection

Boolean

Are VMsafe memory and CPU API enabled for this VM?

vi.name

String

Name of this VM as defined in vCenter.

vi.notes

String

Annotation free text notes attached to the VM in vCenter.

vi.os

String Value

Operating system defined for the VM in vCenter.

vi.pg.security.forgedtransmits

Boolean Value

Is VM connected to a port group that allows forged MAC addresses (MACs other than defined in the VMX)?

vi.pg.security.macchanges

Boolean Value

Is VM connected to a port group that allows reception of unknown MAC addresses (MACs other than defined in the VMX)?

vi.pg.security.promiscuous

Boolean Value

Is VM connected to a promiscuous port group?

vi.portgroup

String Value

Port groups on the virtual switch this VM is actively connected to. Port Groups for disconnected vNICs will not be included. (For a running/suspended VM, this will be the port groups actually connected. For a stopped VM, this value is the port groups that are connected at poweron.)

vi.portgroup.all

String Value

Port groups on the virtual switch this VM is connected to. This list includes port groups even if the vNIC is disconnected. (For a running/suspended VM, this will be the port groups actually connected. For a stopped VM, this value is the port groups that are connected at poweron.)

vi.powerstate

Enumeration

What is the current power state of this VM?

vi.pvlan

Numeric Value

Private VLAN values for connected port groups.

vi.pvlan.all

Numeric Value

List of all private VLANs in use by this VM, includes vNICs in both connected and disconnected states.

vi.os

String

Operating system defined for the VM in vCenter

vi.resourcepool

String

Resource pool VM is a member of vCenter.

vi.snapshots.count

Numeric Value

How many snapshots exist for this VM?

vi.vapp

Multi String

vApp group VM is a member of vCenter.

vi.vlan

Multi-value integer

VLANs of connected port groups.

vi.vlan.all

Multi-value integer

VLANs of all interfaces.

vi.vmci_enabled

Boolean

Is VMCI (shared memory communications) enabled for this VM?

vi.vmsafe_configured

Boolean

Is VMsafe firewall security enabled for this VM?

vi.vmsafe_dvfilter

Multi String

The dvfilters protecting this VM.

vi.vmsafe.initfailmode

Enumeration

If VMsafe is unable to initialize, what is the network connectivity choice for this VM?

vi.vmwaretools.running

Boolean

Is VMware Tools running on this VM?

vi.vmwaretools.uptodate

Boolean

Is the version of VMware Tools installed on this VM current?

vi.vnic.count

Numeric Value

Number of connected vNICs.

vi.vswitch

Multi String

vSwitch VM is connected to.

To define a Smart Group, you use the attributes in Table 16. Select Settings > Groups, and click Add Smart Group.

The editor has two modes, Basic and Advanced. In Basic mode you can select one to many attributes and assign an All or Any constraint. You simply add rules by clicking the + sign.

This example uses Advanced mode.

  1. From the Settings module, select Security Settings.
  2. Click Add Smart Group.
  3. In the Add Group pane, enter a name for the Smart Group. For this example, enter Apache Web Servers.
  4. Select the All option button in the Matches area.
  5. Click the down arrow to display a list of attributes. Select vi.name for the attribute, select Contains for the comparator, and enter www for the value.

    If you are unsure of the meaning of an attribute, click ? at the end of the row. A pop-up window shows the attribute data type and its possible values.

  6. Click the + mark at the end of the section to display another row.

    This simple Smart Group example uses only two attributes, but you can add as many rows as needed to define the Smart Group.

  7. Select vf.application, select Contains, and enter www.
  8. Under Group Attributes, select Policy Group.
  9. Select Medium as the priority level, and assign it a precedence of 2 in the Precedence within Level .

Related Documentation