In this article
1. Feature Description
2. Setup
3. Viewing a VM's Security Posture
4. Table View
5. Topology View
Feature Description Virtual Machine Security Analysis is a tool that will report the security posture of a given VM. The posture is calculated by analyzing the dFW rules it belongs to directly or indirectly (via Security Group membership). Once completed, any membership a VM has in a rule or Security Group will be displayed along with the host information for where the VM resides. The resulting data is shown in both a tabular and graphical format.
Minimum Release: 3.1
Application: NSX-v, NSX T
License: Enterprise
Privilege level: Audit or higher
Setup
No setup required.
Viewing a VM’s Security Posture To top
Within the Operations > Distributed Firewall screen, navigate to the top of the page and click on the wrench icon.
This action will launch a new window to select a Virtual Machine to analyze
Table View To top
Once completed, the results are displayed in a table for review. The VM information (Name, ID, power state, cluster ID/Name and IP address) is displayed along with all Security Groups and dFW rules the VM directly or indirectly belongs to.
Direct Relationship – a VM belongs to a rule or Security Group by being explicitly placed
Indirect Relationship – a VM belongs to a rule or Security Group by an abstracted method such as a REGEX or Cluster Membership.
Additionally, the details of a host where the VM currently resides is displayed with the dFW state (enabled/disabled) and synchronization status.
ℹ️ If the host is not in synch with the published NSX Manager rule set or object list, the respective green status indicator is replaced with a red X. The user (if RBAC permissions are set), can attempt to manually re-synch the host to NSX.
💡To assist with troubleshooting, the output for the dvFilter (installed firewall rule set) is provided by clicking the Download dvFilter Information button.
Topology View To top
An alternate view is also provided to show the relationships in a topology map. This map is interactive with the children nodes under each branch being collapsable for busy diagrams.
The Cluster > Host > VM > Security Group and dFW rule relationships are displayed and can be downloaded in .PNG or .PDF formats.
Comments