Third-party partners services containing security scanning logic, are registered with NSX for guest VM protection. The partner service is enforced when the NSX admin deploys the registered services and applies end point protection policies to guest VM groups.
The guest introspection workflow for the endpoint protection use case is as follows:
Workflow Tasks | Role/Persona | Implementation |
---|---|---|
Guest Administrator |
Guest VM |
|
Register Partner Services | Partner Admin | Partner Console |
Configure Partner Services |
Partner Admin | Partner Console Note: Follow the partner provided documentation to configure Partner services in the Partner console. |
Deploy a Service | NSX Admin | API and NSX Manager UI |
View Service Instance Details | NSX Admin | API and NSX Manager UI |
Bring Up Service Instance | NSX Admin | API and NSX Manager UI |
Add Service Profile | NSX Admin | API and NSX Manager UI |
Consume Guest Introspection Policy | NSX Admin | API and NSX Manager UI |
Add and Publish Protection Rules | NSX Admin | API and NSX Manager UI |
Monitor Endpoint Protection Rules | NSX Admin | API and NSX Manager UI |