The Security Intelligence infrastructure classification feature attempts to identify the compute entities that provide network infrastructure services in your NSX environment. These services include DNS, DHCP, LDAP, and Active Directory.

By identifying the compute entities that provide network infrastructure services in your network, Security Intelligence can help you exclude those compute workloads from the traffic flow visualization or from the DFW policy recommendations analysis that you initiate.

The Plan & Troubleshoot > Configurations > Classifications page displays the infrastructure classifications that Security Intelligence identified. To review, accept, or modify the inferred classifications, you can use the following steps.

Prerequisites

Ensure that you have the required privileges to administer the compute entity classifications. See Role-Based Access Control in Security Intelligence for more information.

Procedure

  1. From your browser, log in with the required privileges to an NSX Manager at https://<nsx-manager-ip-address>.
  2. Select Plan & Troubleshoot > Configurations
  3. In the Classifications tab, select one or more of the the compute entities listed.
  4. Review the classification and determine if the selected entity is correctly classified as a network infrastructure service or not.
    1. If available, select Accept if you agree that the selected entity has been correctly classified by the Security Intelligence infrastructure classification service.
    2. If the Accept button above the table is dimmed or if you do not agree that the selected compute entity is a network infrastructure service, click Modify.

      You can use the Modify button above the table or the Modify link provided in the last column corresponding to the compute entity you are reviewing.

    3. In the Modify Classification dialog box, select the correct classification from the Workload Classification drop-down menu. Select Infrastructure Service if the compute entity is an infrastructure service, such as DNS, DHCP, LDAP, or Active Directory. Select Others (Non-Infrastructure) if the compute entity is not one of the infrastructure services.

      Image of the Modify Classification modal where the details about the currently selected compute entity can be modified.

    4. (Optional) In the More details text box, enter the type of application that is running on the compute entity or workload.
    5. Click Save.

Results

The system updates the information for the compute entity in the Classifications table.