VMware Cloud Community
Alimogh74
Contributor
Contributor
‎11-24-2018 05:15 AM

NSX in vRA: How to give VM's firewall management to the owner user ?

Ciao,

We've implemented and integrated vSphere 6.7, vRA 7.4 and NSX 6.4.3 in our company's internal cloud, and it's about to get operational. Surely there is lack of enough knowledge and experience with this new platform and products with us!

Well, we need to give access to our internal users to define and manage firewall rules for their VMs, but how? We've practiced security group and security policy works in infrastructure level along with buleprint works in vRA.

At current, the user as items owner can change the security group assignment of its VMs, which will be served by security groups/policies defined by NSX admin. But we really need to make it possible for the user to define its own desired firewall rules!

Please show me a clue!

Thanks,

-Ali

0 Kudos
1 Reply
sk84
Expert
Expert
‎11-24-2018 05:37 AM

For security reasons, this is not intended by vRA. Otherwise, someone from the marketing team could create an any-any-allow rule, for example.

But you can build it yourself with XaaS Blueprints and Custom Workflows in vRO. Unfortunately, I have never found a guide for it that worked properly. You only find snippets and examples and have to help yourself.

Find out how to build custom forms for your XaaS blueprint so that you have a frontend and how to create workflows in vRO and link them to the XaaS blueprint and custom forms. Personally I would program the firewall management directly via the NSX REST API, because the vRO NSX plugin is crap in my opinion.

But maybe someone still knows a good tutorial, which covers exactly this use case.

--- Regards, Sebastian VCP6.5-DCV // VCP7-CMA // vSAN 2017 Specialist Please mark this answer as 'helpful' or 'correct' if you think your question has been answered correctly.