- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
The Panorama plugin for Nutanix facilitates the use of dynamic address groups by monitoring virtual machines in your Nutanix environment. Prism Central groups entities in your Nutanix environments by categories and filters them further by value. Panorama creates tags based on categories and values you define in Prism Central.
When a virtual machine is placed in a category and assigned a value, Panorama applies the corresponding tag to the virtual machine’s IP address. You can then create security policy by using the tags as match criteria for dynamic address groups in Panorama.
In the example above, we have two categories—Dev and HR—with two values inside each of them. These categories are in the cluster, which is within Prism Central. After you begin monitoring your Nutanix environment, Panorama uses value, category, cluster, and Prism Central to form tags.
When you view the match criteria for dynamic address groups, the tags are listed in the following format:
ntnx.PC-<prism-central-name>.CL-<cluster-name>.<category>.<value>
With the information in the example above, Panorama creates the following tags:
ntnx.PC-PrismCentralHQ.CL-ClusterAlpha.Dev.Engineering
ntnx.PC-PrismCentralHQ.CL-ClusterAlpha.Dev.QA
ntnx.PC-PrismCentralHQ.CL-ClusterAlpha.HR.Recruiting
ntnx.PC-PrismCentralHQ.CL-ClusterAlpha.HR.Benefits
To secure workloads in these categories, use tags such as these as match criteria in the dynamic address groups. You can then use the dynamic address groups as source and destination address groups in your security policy rules. When a virtual machine joins a dynamic address group, the policy you created is applied automatically.
To get started with endpoint monitoring on Nutanix, download and install the Panorama plugin for Nutanix. If you have a Panorama HA configuration, repeat this installation process on each Panorama peer.
When installing the plugin on Panorama in an HA pair, install the plugin on the passive peer before the active peer. After installing the plugin on the passive peer, it will transition to a non-functional state. Installing the plugin on the active peer returns the passive peer to a functional state.
After installing the plugin, complete the following procedure to establish a connection between Panorama and Prism Central.
If you return to the Nutanix Prism Central Info window after clicking OK, clicking the Validate button returns a credential validation error message. This is the expected behavior. Although Panorama displays dots in the password field, the field is empty; this causes the validation to fail despite Panorama being successfully connected to Prism Central.
Select Panorama > Objects > Address Groups and click Add
Click Add Match Criteria. You can select dynamic tags as the match criteria to populate the members of the group
Select the And or Or operator and select the attributes that you would like to filter for or match against
Click OK
Make sure to bookmark Set Up the VM Series Firewall on Nutanix AHV to stay informed on the latest updates!
Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumbs up) button, don't forget to subscribe to the LIVEcommunity Blog.
As always, we welcome all comments and feedback in the comments section below.
Stay Secure,
Kiwi out !
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
2 Likes | |
1 Like | |
1 Like | |
1 Like | |
1 Like |