Create security groups that are used in configuring firewall rules for the groups of applications in the SDDC.

A security group is a collection of assets (or objects) from your vSphere inventory that you group. You perform this procedure multiple times to configure all the necessary security groups. In addition, you create the VMware Appliances and Windows Servers groups from the security groups you add in the previous repetitions of this procedure.

Table 1. Security Groups for the Management Clusters Components in the SDDC

Name

Object Type

Selected Object

Platform Services Controller Instances

IP Sets

Platform Services Controller Instances

vCenter Server Instances

IP Sets

vCenter Server Instances

vRealize Automation Appliances

IP Sets

vRealize Automation Appliances

vRealize Automation Windows

IP Sets

vRealize Automation Windows

vRealize Business Server

IP Sets

vRealize Business Server

vRealize Automation Proxy Agents

IP Sets

vRealize Automation Proxy Agents

vRealize Business Data Collector

IP Sets

vRealize Business Data Collector

vSphere Storage APIs - Data Protection based backup solution

IP Sets

VMware VADP

vRealize Operations Manager

IP Sets

vRealize Operations Manager

vRealize Operations Manager Remote Collectors

IP Sets

vRealize Operations Manager Remote Collectors

vRealize Suite Lifecycle Manager

IP Sets

vRealize Suite Lifecycle Manager

Site Recovery Manager

IP Sets

Site Recovery Manager

vSphere Replication

IP Sets

vSphere Replication

vRealize Log Insight

IP Sets

vRealize Log Insight

Update Manager Download Service

IP Sets

Update Manager Download Service

SDDC

IP Sets

SDDC

Administrators

IP Sets

Administrators

Windows Servers

Security Groups

  • Site Recovery Manger

  • vRealize Automation Windows

  • vRealize Automation Proxy Agents

VMware Appliances

Security Groups

  • Platform Services Controller Instances

  • vCenter Server Instances

  • vSphere Replication

  • vRealize Automation Appliances

  • vRealize Business Server

  • vRealize Business Data Collector

  • vSphere Storage APIs - Data Protection based backup solution

  • vRealize Operations Manager

  • vRealize Operations Manager Remote Collectors

  • vRealize Suite Lifecycle Manager

  • vRealize Log Insight

Procedure

  1. Log in to vCenter Server by using the vSphere Client.
    1. Open a Web browser and go to https://sfo01w01vc01.sfo01.rainpole.local/ui.
    2. Log in by using the following credentials.
      Setting Value
      User name administrator@vsphere.local
      Password vsphere_admin_password
  2. Create the security group.
    1. From the Home menu, select Networking & Security.
    2. In the Navigator, click Groups and Tags.
    3. On the Security Groups tab, from the NSX Manager drop-down menu, select 172.16.11.66.
    4. Click Add

      The Create Security Group wizard appears.

    5. On the Name and Description page, enter the following settings and click Next.

      Setting

      Value

      Name

      Platform Services Controller Instances

      Universal Synchronization

      On

    6. On the Select Objects to Include page, enter the following settings and click Next.

      Setting

      Value

      Object Type

      		IP Sets

      Selected Objects

      Platform Services Controller Instances

    7. On the Ready to Complete page, verify the configuration values that you entered and click Finish.
  3. Repeat the previous step to create all security groups.