You can create user-defined security groups.

Prerequisites

If you want to use security tags with security groups, the tags should be created before creating the security group. For information about creating security tags, see Assign a Security Tag to Virtual Machines.

Procedure

  1. Launch Security Services by completing the following steps.
    1. Click Network > Security.
    2. Select the organizational VDC for which you want to apply security settings and click Configure Services.

      The tenant portal opens Security Services.

  2. Select Grouping Objects > Security Groups

    The Security Groups page opens.

  3. Click +.
  4. Enter a name for the security group.
  5. Enter a meaningful description for the security group. This description displays in the list of security groups, so adding a meaningful description can make it easy to identify the security group at a glance.
  6. (Optional) Add a dynamic member set.
    1. Click + under Dynamic Member Sets.
    2. Select whether to match Any or All of the criteria in your statement.
    3. Enter the first object to match (Security tag, VM Guest OS Name, VM Name, VM Guest Host Name).
    4. Select an operator (contains, starts with, or ends with).
    5. Enter a value.
    6. (Optional) Use And or Or to add another statement.
  7. (Optional) Include Members.
    1. In Browse objects of type, select from the following types of objects: virtual machines, Org VDC networks, IP sets, MAC sets, or security tags.
    2. To include an object, select the object in the left panel, and click it to move it to the right panel.
  8. (Optional) Exclude members.
    1. In Browse objects of type, select from the following types of objects: virtual machines, Org VDC networks, IP sets, MAC sets, or security tags
    2. To exclude an object, select the object in the left panel, and click it to move it to the right panel.

Results

The security group can now be used in rules, such as firewall rules.