Our hypothetical company, ACME Enterprise, only permits approved users to access specific applications on corporate assets.

Their security policy mandates are:
  • Allow only authorized users to access critical business applications
  • Allow only authorized applications on corporate servers
  • Allow access to only required ports from specific networks

Based on the above, they need controlled access for employees based on user identity to safeguard corporate assets. As a starting point, the security operator at ACME Enterprise needs to be able to verify that only administrative access is allowed to the MS SQL servers.

Procedure

  1. Log in to the vSphere Web Client.
  2. Click Networking & Security and then Activity Monitoring.
  3. Click the Inbound Activity tab.
  4. In Outbound from leave value as All Observed AD Groups to see access from any and all employees.
  5. In Where destination virtual machine, select includes, and leave all observed destination virtual machines selected.
  6. In And where destination application, select includes, click all observed destination applications and select the MS SQL servers.
  7. Click Search.
    The search results show that only administrative users are accessing the MS SQL servers. Notice that are no groups (such as Finance or HR) accessing these servers.
  8. We can now invert this query by setting the Outbound from value to HR and Finance AD groups.
  9. Click Search.
    No records are displayed, confirming that no users from either of these groups can access MS SQL servers.