VMware Networking Community
rajeevsrikant
Expert
Expert

NSX - Dynamic Security Group

I am looking for creating a dynamic security group for the below condition.

I have servers with the computer name starting from server0000,server0001, .................... server0039

These servers will be created dynamically on need basis & i want these servers to be part of 1 security group dynamically.

Let me know how can i achieve it.

My plan is to create as below .

Dynamic Policy:

Computer Name starts with server000

Computer Name starts with server001

Computer Name starts with server002

Computer Name starts with server003

The above should cover servers from server0000 ~ server0039

Is there any better way to achieve it.

Reply
0 Kudos
2 Replies
cnrz
Expert
Expert

One way could be to tag each of these VMs with a common tag(Such as NSX-Tag-server -AppX during creation, and create a security group based on this tag. This puts the VMs with that tag into this Security group dynamically. If VRA is used, these tags could be part of the Blueprint

These links may be helpful:

https://thecloudxpert.net/2017/09/howto-configure-vmware-nsx-security-tags/

http://www.virtually-limitless.com/vcix-nv-study-guide/add-assign-edit-or-delete-security-tags-in-ns...

https://esxsi.com/2017/06/11/nsxtags/

http://www.routetocloud.com/tag/security-tag/

Another way could be to group the VMs with name including server00, and exluding VM names that includes server004, server005, server006, server007, server008 and server009.

These links may be helpful:

http://vcrooky.com/2017/08/nsx-configure-security-groups/

http://networkinferno.net/service-composer-security-groups-and-security-tags

http://www.virtualizationblog.com/nsx-step-by-step-part-31-working-with-security-group/

Reply
0 Kudos
DaleCoghlan
VMware Employee
VMware Employee

If your computer name is going to be the same as your VM Name, then why not use regular expressions?

"VM Name" "Matches Regular Expression" "^server0{2}[0-3][0-9]$"

Dale

Reply
0 Kudos