Understanding vGW Series Smart Groups

Background

In most organizations the virtualized environment changes rapidly. Environmental change cycles that occur over days and weeks in the physical data center take place almost instantaneously in the virtualized environment. New virtual machines (VMs) can be cloned or created from templates; new virtual hardware can be added to existing VMs and reconfigured; and existing VMs can be moved from one network to another in a matter of minutes or even seconds.

To accommodate these rapid changes and to allow you to secure the network during them, the vGW Series provides a feature called Smart Groups. A Smart Group is characterized by a set of rules that set the membership criteria. If a VM’s configuration matches those rules, it is dynamically associated with the Smart Group. Furthermore, if you define the Smart Group as a policy group, the policy is automatically pushed out to the VMs in the group and those that are added to it.

Smart Groups allow you to maintain complete control. Security changes can be applied automatically and instantly, or simple alerts can be generated signaling the need for manual intervention.

With Smart Groups:

About Smart Groups

To create a Smart Group, you define one or more rules, or expressions. For a VM to belong to a group, its configuration must meet the rules’ criteria. You can specify whether a VM is required to meet all the criteria or only part of it.

Smart Groups are dynamic in that their membership can change rapidly. VMs can be added to or removed from Smart Groups automatically within seconds. At any time a VM’s configuration might be changed in a way that now causes it to match a Smart Group. If a VM no longer matches a Smart Group’s rules, it is removed from the group. You can observe this transition in the VM tree. A VM within a Smart Group appears within the group under Policy Groups. When that VM no longer matches the Smart Group’s rules, it is moved to Monitoring Groups.

vGW Series continuously analyzes both its own and the VMware objects databases in relation to the Smart Group rules that you configure to determine if a VM should belong to a Smart Group or not. The rules that you configure to define a Smart Group are obtained from two locations:

You can associate Smart Groups with a firewall policy. Policy association is controlled by the Policy Group option that you can select when you define the Smart Group.

Using Smart Groups, you can streamline policy application to ensure security efficiently throughout your virtual infrastructure. Firewall policies are applied to VMs instantly without your intervention when a VM becomes a member of a Smart Group. Consider these two cases in which firewall policies are automatically applied to VMs:

Related Documentation