You can define and change security group settings in network profiles and cloud templates.
- Existing security group specified in a network profile.
You can add an existing security group to a network profile. When a cloud template uses that network profile, its machines are members of the security group. This method does not require that you add a security group resource to a cloud template. You can also use a load balancer in this configuration. For related information, see More about load balancer resources in vRealize Automation cloud templates.
- Security group component associated to machine resource in a cloud template
You can drag and drop a security group resource onto a cloud template and bind the security group resource to a machine NIC by using constraint tags on the existing security group in the cloud template and on the existing security group in the data-collected resource. You can also make this association by connecting the objects on the cloud template design canvas, similar to how you associate networks to machines.
When you drag and drop a security group resource onto the cloud template design canvas, it can be of type
existing
ornew
. If it’s anexisting
security group type, add a tag constraint value as prompted. If it's anew
security group type, you can configure firewall rules. - An existing security group allocated with tag constraints and associated with a machine NIC in the cloud template
You can associate a security group resource with a machine NIC (in a machine resource) in the cloud template by matching tags between the two resources.
As an example for NSX-T when tags are specified in the source endpoint, you can use NSX-T tags specified in your NSX-T application. You can then use an NSX-T tag, specified as a constraint on a network resource in a cloud template, where the network resource is connected to a machine NIC in the cloud template. NSX-T tags allow you to dynamically group machines by using a pre-defined NSX-T tag that is data-collected from the NSX-T source endpoint. Use a logical port when you create the NSX-T tag in NSX-T.
- Firewall rules in an on-demand security group resource in a cloud template
You can add firewall rules to an on-demand security group in a cloud template.
For information about available firewall rules, see More about security group and tag resources in vRealize Automation cloud templates.
Learn more
For information about defining security groups in network profiles, see Learn more about network profiles in vRealize Automation.
For information about viewing and changing security groups settings in infrastructure resource pages, see Security resources in vRealize Automation.
For information about defining security groups in cloud templates, see More about security group and tag resources in vRealize Automation cloud templates.
For examples of security group resources in cloud templates, see Networks, security resources, and load balancers in vRealize Automation.