Understanding vGW Series Smart Groups

This topic includes the following sections:


In most organizations the virtualized environment changes rapidly. Environmental change cycles that occur over days and weeks in the physical data center take place almost instantaneously in the virtualized environment. New virtual machines (VMs) can be cloned or created from templates; new virtual hardware can be added to existing VMs and reconfigured; and existing VMs can be moved from one network to another in a matter of minutes or even seconds.

To accommodate these rapid changes and to allow you to secure the network during them, the vGW Series provides a feature called Smart Groups. A Smart Group is characterized by a set of rules that set the membership criteria. If a VM’s configuration matches those rules, it is dynamically associated with the Smart Group. Furthermore, if you define the Smart Group as a policy group, the policy is automatically pushed out to the VMs in the group and those that are added to it.

Smart Groups allow you to maintain complete control. Security changes can be applied automatically and instantly, or simple alerts can be generated signaling the need for manual intervention.

With Smart Groups:

About Smart Groups

To create a Smart Group, you define one or more rules created as expressions. For a VM to belong to a group, its configuration must meet one or more of the rules’ criteria, depending on your specifications. You can specify whether a VM is required to meet all the criteria or only part of it.

Smart Groups are dynamic in that their membership can change rapidly. VMs can be added to or removed from Smart Groups automatically within seconds. At any time a VM’s configuration might be changed in a way that now causes it to match a Smart Group. If a VM no longer matches a Smart Group’s rules, it is removed from the group. You can observe this transition in the VM tree. A VM within a Smart Group appears within the group under Policy Groups. When that VM no longer matches the Smart Group’s rules, it is moved to Monitoring Groups.

Related Documentation