You can define dynamic security groups of virtual machines based on specific criteria to which to apply distributed firewall rules.

Procedure

  1. In the top navigation bar, click Networking and then click the Data Center Groups tab.
    The list of data center groups appears.
  2. Click the target data center group.
  3. Under Security, click Dynamic Groups and click New.
  4. Enter a name and, optionally, a description for the dynamic security group.
  5. To create a criterion for inclusion in the group, add up to four rules that apply either to a VM name, VM OS name, or to a VM security tag.
    Option Description
    VM name You can create a rule that applies to VM names which contain or start with a term that you specify.
    1. From the drop-down menu for the rule type, select VM name.
    2. Select an operator for the rule.
      • Select Containsto apply the rule to VM names that contain a specific term.
      • Select Starts with to apply the rule to VM names that start with a specific term.
    3. Enter the defining term for the rule.
    VM tag You can create a rule that applies to VM tags which equal, contain, start with, or end with a term that you specify.
    1. From the drop-down menu for the rule type, select VM tag.
    2. Select an operator for the rule.
      • To apply the rule to VM tags that are equal to a specific term, select Equals.
      • To apply the rule to VM tags that start with a specific term, select Starts with.
      • To apply the rule to VM tags that end with a specific term, select Ends with.
      • To apply the rule to VM tags that contain a specific term, select Contains.
    3. Enter the defining term for the rule.
    OS Name You can create a rule based on the detected guest OS of virtual machines that have VMware Tools installed and running. The detected guest OS of a VM is listed as the detectedGuestOs attribute of the VMRecord and AdminVMRecord user elements in the VMware Cloud Director API.
    1. From the drop-down menu for the rule type, select OS Name.
    2. Select an operator for the rule.
      • To apply the rule to VMs with an OS name that is equal to a specific term, select Equals.
      • To apply the rule to VMs with an OS name that starts with a specific term, select Starts with.
      • To apply the rule to VMs with an OS name that ends with a specific term, select Ends with.
      • To apply the rule to VMs with an OS name that contains a specific term, select Contains.
    3. Enter the defining term for the rule.
  6. To add another criterion, click Add Criterion and add up to four rules to it.
    You can include up to three criteria in a dynamic security group.
  7. Click Save.

What to do next

You can use the dynamic group that you created to add distributed firewall rules to the data center group or to add firewall rules to an NSX edge gateway that is scoped to the data center group. See: