A tenant administrator or business group manager can assign one or more security policies, security groups, and security tags to a component machine provisioned with the multi-machine blueprint.

About this task

When you configure security groups for a component machine, specify a transport zone on the Network tab of the multi-machine blueprint to make security groups available for selection. The component is assigned to the selected security groups after provisioning.

You can also add security groups on the Network tab of the New or Edit Reservation page. All multi-machine components provisioned through the reservation are assigned to all of the security groups you select. For more information about adding security groups through the reservation, see Create a Reservation.

Security policies, security groups, and security tags appear for selection only if there are no existing component machines provisioned from this multi-machine blueprint. If a component machine is provisioned, then you cannot edit the security settings of the machine.

Familiarize yourself with the security features that can be applied to a multi-machine blueprint. See Applying Security on a Component Machine.

Prerequisites

  • Log in to the vRealize Automation console as a tenant administrator or business group manager.

  • Create a multi-machine blueprint that contains at least one virtual component blueprint. See Create a Multi-Machine Blueprint.

  • Verify that the supported version of VMware Tools is installed on the component machines. See NSX Installation and Upgrade Guide.

  • Verify that the NSX endpoint is configured to use the vRealize Automation security policy. See Run the Enable Security Policy Support for Overlapping Subnets Workflow in vRealize Orchestrator.

  • Verify that the security policies, security groups, and security tags are defined in the NSX environment. See NSX Administration Guide.

Procedure

  1. Select Infrastructure > Blueprints > Blueprints.
  2. Locate a multi-machine blueprint with at least one virtual component blueprint.
  3. Click Edit in the drop-down menu.
  4. (Optional) : Verify that a transport zone is selected.
    1. Click the Network tab on the Edit Blueprint page.
    2. Select a transport zone from the Transport zone drop-down box.
  5. Click the Build Information tab.
  6. Locate a blueprint in the Components table that has editable network settings.

    Look for Edit in the Network column.

  7. Click the Security tab.
  8. Select one or more security policies check boxes in the Security policies list.
  9. Select one or more security group check boxes in the Security groups list.
  10. Select one or more security tags check boxes in the Security tags list.
  11. Click OK.