About the vGW Security Design VM Tree

This topic covers the VM tree that lets you select the virtual machines to focus on.You use the VM tree in conjunction with most vGW Security Design VM modules. You select the group of VMs or an individual VM in the VM tree. You can view information about the VMs or act on them, depending on the module selected in the taskbar. Figure 18 shows three selected VM groups.

Figure 18: VM Tree with Selected VMs

VM Tree with Selected VMs

For details on the modules button bar, see Understanding the vGW Security Design VM Taskbar.

VM Tree Overview

The VM tree controls the information displayed in the pane beside it. You can select all VMs in the tree, groups of VMs, or a single VM. When you select a module using the taskbar, that module’s content appears and is particularized for the VMs selected in the VM tree.

The module controls the type of information that appears; the tree controls the VMs whose information appears. The combined selections allow you to configure information pertaining to the module for the VMs. For example, to view network traffic for all machines, select All Machines in the tree, and then click the Network icon in the taskbar.

The VM tree contains the following main groups:

Table 2 identifies the icons that show the state of monitored VMs.

Table 2: Virtual Machine State Icons

The VM is being fully monitored, but it is not secure. For example, no firewall policy is loaded.

The system (VM or externally defined machine) is not being monitored, and it has not been moved to a ‘secured’ network.

Note: Network reports can display sessions between an unmonitored system and a monitored VM.

The vGW Series cannot determine the IP address of the system. This could be because the system is powered down, suspended, or does not have VMware Tools installed.

Tip: You can manually define an IP address by clicking Settings > vGW Application Settings > Machines.

The VMs are compliant.

The VMs are not compliant.

This is a VMware component; for example, it is an ESX host.

Locating VMs in a Complex VM Tree

Locating VMs in the VM tree can become difficult as the VM tree grows in complexity. To simplify the process and make it easier to find specific VMs, the VM tree allows you to use a filter with advanced capabilities. You can enter a text string in the filter box that matches on VM names within the tree. As you enter the text, the vGW dynamically searches the tree for any matches.

Note: An x icon is shown at the right side of the search field as the filter is being applied. You can use it to clear the filter.

As the filter is applied, the tree is expanded to show matching VMs. You do not need to expand all groups in the tree to find them. Branches in the tree that do not contain matches are collapsed.

You can use the Advanced Filter Editor feature to search the VM tree based on attributes, rather than by name.

To use the advanced filter, click the icon at the left side of the search filter. This displays the Advanced Filter Editor shown in Figure 19.

Figure 19: Searching on All VMs in the VM Tree Using the Advanced Editor

 Searching on All VMs in the VM Tree
Using the Advanced Editor

You can search on attributes such as vi.portgroup, vi.vlan, and vi.ipv4. You can also search by name. See Figure 20.

Figure 20: Searching for Specific VMs in the VM Tree Using the Advanced Editor

Searching for Specific VMs in the VM Tree
Using the Advanced Editor

To remove the filter and collapse the branches, click the x icon to the right of the filter.

Related Documentation