Service Composer can be effectively used to back up your security configurations and restore them at a later time.

Procedure

  1. Install, register, and deploy the Rapid 7 Vulnerability Management solution.
  2. Create a security group for the first tier of the Share Point application - web servers.
    1. Log in to the vSphere Web Client.
    2. Click Networking & Security and then click Service Composer.
    3. Click the Security Groups tab and click the Add Security Group icon.
    4. In Name, type SG_Web.
    5. In Description, type Security group for application tier.
    6. Do not do anything on the Define membership Criteria page and click Next.
    7. On the Select objects to include page, select the web server virtual machines.
    8. Do not do anything on the Select objects to exclude page and click Next.
    9. Review your selections on the Ready to Complete page and click Finish.
  3. Now create a security group for your database and share point servers and name them SG_Database, and SG_Server_SharePoint respectively. Include the appropriate objects in each group.
  4. Create a top level security group for your application tiers and name it SG_App_Group. Add SG_Web, SG_Database, and SG_Server_SharePoint to this group.
  5. Create a security policy for your web servers.
    1. Click the Security Policies tab and click the Add Security Policy icon.
    2. In Name, type SP_App.
    3. In Description, type SP for application web servers.
    4. Change the weight to 50000. The policy precedence is set very high so as to ensure that it is enforced above most other policies (with the exception of quarantine).
    5. Click Next.
    6. On the Endpoint Services page, click add and fill in the following values.
      Option Value
      Action Do not modify the default value
      Service Type Vulnerability Management
      Service Name Rapid 7
      Service Configuration Silver
      State Do not modify the default value
      Enforce Do not modify the default value
    7. Do not add any firewall or network introspection services and click Finish.
  6. Map SP_App to SG_App_Group.
  7. Navigate to the canvas view to confirm that the SP_App has been mapped to SG_App_Group.
    1. Click the Information Security tab.
    2. Click the number next to the SP icon to see that the SP_App is mapped.
  8. Export the SP_App policy.
    1. Click the Security Policies tab and then click the Export Blueprint (export) icon.
    2. In Name, type Template_ App_ and in Prefix, type FromAppArchitect.
    3. Click Next.
    4. Select the SP_App policy and click Next.
    5. Review your selections and click Finish.
    6. Select the directory on your computer where you want to download the exported file and click Save.
    The security policy as well as all the security groups to which this policy has been applied (in our case, the Application security group as well as the three security groups nested within it) are exported.
  9. In order to demonstrate how the exported policy works, delete the SP_App policy.
  10. Now we will restore the Template_ App_ DevTest policy that we exported in step 7.
    1. Click Actions and then click the Import Service Configuration icon.
    2. Select the FromAppArtchitect_Template_App file from your desktop (you saved it in step 7).
    3. Click Next.
    4. The Ready to complete page displays the security policies along with associated objects (security groups on which these have been applied, as well as Endpoint services, firewall rules, and network introspection services) to be imported.
    5. Click Finish.
      The configuration and associated objects are imported to the vCenter inventory and are visible in the canvas view.