The Panorama plugin for Nutanix facilitates the use of dynamic address groups by monitoring virtual machines in your Nutanix environment. Prism Central groups entities in your Nutanix environments by categories and filters them further by value. Panorama creates tags based on categories and values you define in Prism Central.
When a virtual machine is placed in a category and assigned a value, Panorama applies the corresponding tag to the virtual machine’s IP address. You can then create security policy by using the tags as match criteria for dynamic address groups in Panorama.
Nutanix Plugin Category Value
In the example above, we have two categories—Dev and HR—with two values inside each of them. These categories are in the cluster, which is within Prism Central. After you begin monitoring your Nutanix environment, Panorama uses value, category, cluster, and Prism Central to form tags.
When you view the match criteria for dynamic address groups, the tags are listed in the following format:
To secure workloads in these categories, use tags such as these as match criteria in the dynamic address groups. You can then use the dynamic address groups as source and destination address groups in your security policy rules. When a virtual machine joins a dynamic address group, the policy you created is applied automatically.
Install the Panorama Plugin for Nutanix
To get started with endpoint monitoring on Nutanix, download and install the Panorama plugin for Nutanix. If you have a Panorama HA configuration, repeat this installation process on each Panorama peer.
When installing the plugin on Panorama in an HA pair, install the plugin on the passive peer before the active peer. After installing the plugin on the passive peer, it will transition to a non-functional state. Installing the plugin on the active peer returns the passive peer to a functional state.
Log in to the Panorama user interface.
Select > Panorama > Plugins
Select > Check Now to retrieve a list of available updates
Select > Download in the Action column to download the plugin
Select the version of the plugin and click Install in the Action column to install the plugin
Panorama will alert you when the installation is complete
Configure the Panorama Plugin for Nutanix
After installing the plugin, complete the following procedure to establish a connection between Panorama and Prism Central.
Log in to the Panorama web interface.
Enable monitoring and set the monitoring interval.
Select > Panorama > Nutanix > Setup > General
Select > Enable Monitoring
Set the Monitoring Interval in seconds
The monitoring interval is how often Panorama retrieves updated networking information from Prism Central
Create a notify group.
Select > Panorama > Nutanix > Setup > Notify Groups
Enter a descriptive Name for your notify group
Select the device groups in your Nutanix deployment
Add Prism Central information
Select Panorama > Nutanix > Setup > Nutanix Prism Central
Enter a descriptive name for your Prism Central
Enter the IP address or FQDN for your Prism Central
Enter your Prism Central username
Enter and confirm your Prism Central password
Click Validate to confirm that you entered the Prism Central credentials correctly.
If you return to the Nutanix Prism Central Info window after clicking OK, clicking the Validate button returns a credential validation error message. This is the expected behavior. Although Panorama displays dots in the password field, the field is empty; this causes the validation to fail despite Panorama being successfully connected to Prism Central.
Configure the Monitoring Definition.
Select Panorama > Nutanix > Monitoring Definition and click Add
Enter a descriptive Name and optionally a description to identify the Prism Central for which you use this definition
Select the Prism Central and Notify Group
Commit your changes
Verify that you can view the VM information on Panorama and define the match criteria for dynamic address groups.