You can define and change security group settings in network profiles and in cloud template designs.
- Existing security group specified in a network profile
You can add an existing security group to a network profile. When a cloud template design uses that network profile, its machines are grouped together as members of the security group. This method does not require that you add a security group resource to a cloud template design. You can also use a load balancer in this configuration, For related information, see Using a load balancer resource in a vRealize Automation cloud template.
- Security group component associated to machine resource in a cloud template design
You can drag and drop a security group resource on to a cloud template design and bind the security group resource to a machine NIC by using constraint tags on the existing security group resource in the cloud template design and on the existing security group in the data-collected resource. You can also make this association by connecting the objects together with a connection line on the cloud template design canvas, similar to how you associate networks to machines on the design canvas.
When you drag and drop a security group resource onto the cloud template design canvas, it can be of type
new. If it’s an
existingsecurity group type, you should add a tag constraint value as prompted. If it's a
newsecurity group type, you can configure firewall rules.
- An existing security group allocated with tag constraints and associated with a machine NIC in the cloud template
For example, you can associate a security group resource with a machine NIC (in a machine resource)in the cloud template design by matching tags between the two resources.
As an example for NSX-T when tags are specified in the source endpoint, you can use NSX-T tags specified in your NSX-T application. You can then use an NSX-T tag, specified as a constraint on a network resource in a cloud template design, where the network resource is connected to a machine NIC in the cloud template design. NSX-T tags enable you to dynamically group machines by using a pre-defined NSX-T tag that is data-collected from the NSX-T source endpoint. Use a logical port when you create the NSX-T tag in NSX-T.
- Firewall rules in an on-demand security group resource in a cloud template design
You can add firewall rules to an on-demand security group in the cloud template design.
For information about available firewall rules, see Using a security group resource in a vRealize Automation cloud template.
For information about defining security groups in network profiles, see Learn more about network profiles in vRealize Automation.
For information about viewing and changing security groups settings in infrastructure resource pages, see Security resources in vRealize Automation.
For information about defining security groups in cloud template designs, see Using a security group resource in a vRealize Automation cloud template.
For examples of security group resources in cloud template designs, see Network, security, and load balancer examples in vRealize Automation cloud templates.