To control access to the microservices in your application inside a global namespace, you can create the access control policies through the VMware Secure App IX Console UI.
Layer 4/ layer 7 requests are controlled (which to allow/deny).
- In the navigation panel on the left, select
Alternatively, you can create the autoscaling policy by navigating to the panel on the left and selecting Autoscaling Policy page, click New Policy.. In the upper-right corner of the
- In the New Access Control Policy window, provide a name for the access control policy that is not already in use. Optionally add a description.
- Select a global namespace from the GNS Scope drop-down menu.
- Select a source group from the Source Services drop-down menu. Click Add Source Group to add multiple source groups.
- Select a destination group from the Destination Services drop-down menu. Click Add Destination Group to add multiple destination groups.
- Select the Policy Intent drop-down to choose whether you want to allow or deny traffic between the source and destination groups.
Allow: VMware Secure App IX permits traffic using the type of authentication you applied to the policy.
Deny: VMware Secure App IX silently drops all packets for the session and does not send any active control messages such as TCP resets or ICMP unreachable.
You can choose to allow or deny all traffic or specific traffic as follows:
Specific TCP Connections: You can allow or deny traffic for a specific TCP connections. Select Allow or Denyand select Specific TCP Connections from the drop-down menu. From the Ports drop-down menu, choose either All Ports or Specific Ports.
Specific Ports: Choose either Single Port and enter the port number or select Port Range and enter the range of port number that you wish to allow or deny traffic.
Click Add TCP Port to add multiple port numbers or ranges.
Specific HTTP Requests: You can allow or deny a specific HTTP requests by selecting Specific HTTP Requests from Policy Intent drop down.
Methods: Choose either All Methods or Specific Methods. For Specific Methods, select the methods that you wish to allow from the given list.
Paths: Select All Paths or Specific Paths from the drop-down menu. For Specific Paths, enter the exact path by choosing Path is Exactly or select Path Starts With and enter the starting parameter of the path.
Hostnames: Select All Hostnames or Specific Paths from the drop-down menu. For Specific Hostnames, enter the specific hostname. You can also enter it in the wildcard format.
- Click Next.
- On the Summary page, review the access control policy and click Save.
The new access control policy appears on the Access Control Policies page. Expand a specific access control policy to view more details.
What to do next
To edit an existing autoscaling policy, perform these steps:
On the Access Control Policies page, click the vertical three dots to the right of the desired access control policy.
On the menu, click Edit Configuration.
To advance through the configuration pages after making changes, click Next.
To delete an autoscaling policy that you no longer need, perform these steps:
Click the vertical three dots to the right of the autoscaling policy.
On the menu, click Delete.
You can define an access control policy through the VMware Secure App IX Console UI before an application is deployed.
To see access control policy at work in the VMware Secure App IX Console UI, perform these steps.
In the navigation panel on the left, click Home.
On the Home page, click the GNS Overview tab.
Click the global namespace that contains the services with access control policies.
Click the Policies tab to see the list of access control policies for the particular global namespace.