Create security groups for use in configuring firewall rules for the groups of applications in the SDDC.

A security group is a collection of assets (or objects) from your vSphere inventory that you group together.

You perform this procedure multiple times to configure all of the necessary security groups. In addition, you create the VMware Appliances and Windows Servers groups from the security groups you add in the previous repetitions of this procedure.

Security Groups for the Management Clusters Components in the SDDC

Name

Object Type

Selected Object

Site Recovery Manager

IP Sets

Site Recovery Manager

Platform Services Controller Instances

IP Sets

Platform Services Controller Instances

vCenter Server Instances

IP Sets

vCenter Server Instances

vSphere Replication

IP Sets

vSphere Replication

vRealize Automation Appliances

IP Sets

vRealize Automation Appliances

vRealize Automation Windows

IP Sets

vRealize Automation Windows

vRealize Orchestrator

IP Sets

vRealize Orchestrator

vRealize Business Server

IP Sets

vRealize Business Server

vRealize Automation Proxy Agents

IP Sets

vRealize Automation Proxy Agents

vRealize Business Data Collector

IP Sets

vRealize Business Data Collector

vSphere Data Protection

IP Sets

vSphere Data Protection

vRealize Operations Manager

IP Sets

vRealize Operations Manager

vRealize Operations Manager Remote Collectors

IP Sets

vRealize Operations Manager Remote Collectors

vRealize Log Insight

IP Sets

vRealize Log Insight

Update Manager Download Service

IP Sets

Update Manager Download Service

SDDC

IP Sets

SDDC

Administrators

IP Sets

Administrators

Windows Servers

Security Groups

Site Recovery Manger

vRealize Automation Windows

vRealize Automation Proxy Agents

VMware Appliances

Security Groups

Platform Services Controller Instances

vCenter Server Instances

vSphere Replication

vRealize Automation Appliances

vRealize Orchestrator

vRealize Business Server

vRealize Business Data Collector

vSphere Data Protection

vRealize Operations Manager

vRealize Operations Manager Remote Collectors

vRealize Log Insight

1

Log in to vCenter Server by using the vSphere Web Client.

a

Open a Web browser and go to https://mgmt01vc01.sfo01.rainpole.local/vsphere-client.

b

Log in using the following credentials.

Setting

Value

User name

administrator@vsphere.local

Password

vsphere_admin_password

2

In the Navigator, click Networking & Security and click NSX Managers.

3

Select the 172.16.11.65 NSX Manger instance, and click the Manage tab.

4

Click Grouping Objects, select Security Group, and click the Add new Security Group icon. 

The Add Security Group wizard appears.

5

On the Name and description page, enter Site Recovery Manager in the Name text box, select the Mark this object for Universal Synchronization check box, and click Next

For all security groups that you configure, select the Mark this object for Universal Synchronization check box.

6

On the Select objects to include page, select IP Sets from the Object Type drop-down menu, select Site Recovery Manger from the list of available objects, click the Add button, and click Next.

7

On the Ready to Complete page, verify the configuration values that you entered and click Finish.

8

Repeat this procedure to create all of the necessary security groups.