Service Composer offers a canvas view displaying all security groups within the selected NSX Manager. The view also displays details such as members of each security group as well as the security policy applied on it.

This topic introduces Service Composer by walking you through a partially configured system so that you can visualize the mappings between security groups and security policy objects at a high level from the canvas view.

1

Log in to the vSphere Web Client.

2

Click Networking & Security and then click Service Composer.

3

Click the Canvas tab.

All security groups within the selected NSX Manager (that are not contained within another security group) are displayed along with the policies applied on them. The NSX Manager drop-down lists all NSX Managers on which the currently logged in user has a role assigned.

Service Composer canvas top level view
service

Each rectangular box in the canvas represents a security group and the icons within the box represents security group members and details about the security policy mapped to the security group.

Security group
sec

A number next to each icon indicates the number of instances - for example, icon indicates that 1 security policy is mapped to that security group.

Icon

Click to display

SG

Security groups nested within the main security group.

members

Virtual machines that are currently part of the main security group as well as nested security groups. Click the Errors tab to see virtual machines with service errors.

SP

Effective security policies mapped to the security group.

You can create a new security policy by clicking the Create Security Policy (add) icon. The newly created security policy object is automatically mapped to the security group.

Map additional security policies to the security group by clicking the Apply Security Policy (apply) icon.

EP

Effective Endpoint services associated with the security policy mapped to the security group. Suppose you have two policies applied to a security group and both have the same category Endpoint service configured. The effective service count in this case will be 1 (since the second lower priority service is overridden).

Endpoint service failures, if any, are indicated by the alert icon. Clicking the icon displays the error.

firewall

Effective firewall rules associated with the security policy mapped to the security group.

Service failures, if any, are indicated by the alert icon. Clicking the icon displays the error.

net

Effective network introspection services associated with the security policy mapped to the security group.

Service failures, if any, are indicated by the alert icon. Clicking the icon displays the error.

Clicking an icon displays a dialog box with appropriate details.

Details displayed when you click an icon in the security group
canvas

You can search for security groups by name. For example, if you type PCI in the search field in the top right corner of the canvas view, only the security groups with PCI in their names are displayed.

To see the security group hierarchy, click the Top Level (zoom) icon at the top left of the window and select the security group you want to display. If a security group contains nested security groups, click expand to display the nested groups. The top bar displays the name of the parent security group and the icons in the bar display the total number of security policies, endpoint services, firewall services, and network introspection services applicable to the parent group. You can navigate back up to the top level by clicking the Go up one level (GoUp) icon in the top left part of the window.

You can zoom in and out of the canvas view smoothly by moving the zoom slider on the top right corner of the window. The Navigator box shows a zoomed out view of the entire canvas. If the canvas is much bigger than what fits on your screen, it will show a box around the area that is actually visible and you can move it to change the section of the canvas that is being displayed.

Now that we have seen how the mapping between security groups and security policies work, you can begin creating security policies to define the security services you want to apply to your security groups.