A security group is a collection of assets or grouping objects in VMware Cloud Director, such as virtual machines, organization virtual data center networks, or security tags.

Security groups can have dynamic membership criteria based on security tags, virtual machine name, virtual machine guest OS name, or virtual machine guest host name. For example, all virtual machines that have the security tag "web" will be automatically added to a specific security group destined for Web servers. After creating a security group, a security policy is applied to that group.

Create a Security Group by Using Your VMware Cloud Director Tenant Portal

By using the VMware Cloud Director Tenant Portal, you can create user-defined security groups.

Prerequisites

If you want to use security tags with security groups, Create and Assign Security Tags by Using Your VMware Cloud Director Tenant Portal.

Procedure

  1. Open the Security Services.
    1. Navigate to Networking > Security.
    2. Select the organization VDC for which you want to apply security settings, and click Configure Services.
      The tenant portal opens Security Services.
  2. Navigate to Grouping Objects > Security Groups
    The Security Groups page opens.
  3. Click the Create (create button) button.
  4. Enter a name and, optionally, a description for the security group.
    The description displays in the list of security groups, so adding a meaningful description can make it easy to identify the security group at a glance.
  5. (Optional) Add a dynamic member set.
    1. Click the Add (create button) button under Dynamic Member Sets.
    2. Select whether to match Any or All of the criteria in your statement.
    3. Enter the first object to match.
      The options are Security Tag, VM Guest OS Name, VM Name, and VM Guest Host Name.
    4. Select an operator, such as Contains, Starts with, or Ends with.
    5. Enter a value.
    6. (Optional) To add another statement, use a Boolean operator And or Or.
  6. (Optional) Include Members.
    1. From the Browse objects of type drop-down menu, select the type of objects, such as Virtual Machines, Org VDC networks, IP sets, MAC sets, or Security tags.
    2. To include an object in the Include Members list, select the object from the left panel, and move it to the right panel by clicking the right arrow.
  7. (Optional) Exclude members.
    1. From the Browse objects of type drop-down menu, select the type of objects, such as Virtual Machines, Org VDC networks, IP sets, MAC sets, or Security tags.
    2. To include an object in the Exclude Members list, select the object from the left panel, and move it to the right panel by clicking the right arrow.
  8. To preserve your changes, click Keep.

Results

The security group can now be used in rules, such as firewall rules.

Edit a Security Group by Using Your VMware Cloud Director Tenant Portal

By using the VMware Cloud Director Tenant Portal, you can edit user-defined security groups.

Procedure

  1. Open the Security Services.
    1. Navigate to Networking > Security.
    2. Select the organization VDC for which you want to apply security settings, and click Configure Services.
      The tenant portal opens Security Services.
  2. Navigate to Grouping Objects > Security Groups
    The Security Groups page opens.
  3. Select the security group you want to edit.
    The details for the security group display below the list of security groups.
  4. (Optional) Edit the name and the description of the security group.
  5. (Optional) Add a dynamic member set.
    1. Click the Add button under Dynamic Member Sets.
    2. Select whether to match Any or All of the criteria in your statement.
    3. Enter the first object to match.
      The options are Security Tag, VM Guest OS Name, VM Name, and VM Guest Host Name.
    4. Select an operator, such as Contains, Starts with, or Ends with.
    5. Enter a value.
    6. (Optional) To add another statement, use a Boolean operator And or Or.
  6. (Optional) Edit a dynamic member set by clicking the Edit icon next to the member set that you want to edit.
    1. Apply the necessary changes to the dynamic member set.
    2. Click OK.
  7. (Optional) Delete a dynamic member set by clicking the Delete icon next to the member set that you want to delete.
  8. (Optional) Edit the included members list by clicking the Edit icon next to the Include Members list.
    1. From the Browse objects of type drop-down menu, select the type of objects, such as Virtual Machines, Org VDC networks, IP sets, MAC sets, or Security tags.
    2. To include an object in the include members list, select the object from the left panel, and move it to the right panel by clicking the right arrow.
    3. To exclude an object from the include members list, select the object from the right panel, and move it to the left panel by clicking the left arrow.
  9. (Optional) Edit the excluded members list by clicking the Edit icon next to the Exclude Members list.
    1. From the Browse objects of type drop-down menu, select the type of objects, such as Virtual Machines, Org VDC networks, IP sets, MAC sets, or Security tags.
    2. To include an object in the exclude members list, select the object from the left panel, and move it to the right panel by clicking the right arrow.
    3. To exclude an object from the exclude members list, select the object from the right panel, and move it to the left panel by clicking the left arrow.
  10. Click Save changes.
    The changes to the security group are saved.

Delete a Security Group by Using Your VMware Cloud Director Tenant Portal

By using the VMware Cloud Director Tenant Portal, you can delete a user-defined security group.

Procedure

  1. Open the Security Services.
    1. Navigate to Networking > Security.
    2. Select the organization VDC for which you want to apply security settings, and click Configure Services.
      The tenant portal opens Security Services.
  2. Navigate to Grouping Objects > Security Groups
    The Security Groups page opens.
  3. Select the security group you want to delete.
  4. Click the Delete button.
  5. To confirm the deletion, click OK.

Results

The security group is deleted.