From the Security tab the tenant administrator or business group manager can enable the App isolation and assign security groups, security tags, and security policies to a multi-machine blueprint.

Security policies, security groups, and security tags are defined in the NSX environment. See NSX Administration Guide.

Security Group

Collection of assets or grouping objects from the vSphere inventory. The grouping feature enables you to create custom containers to which you can assign resources, such as virtual machines and network adapters, for distributed firewall protection. After a group is defined, you can add the group as source or destination to a firewall rule for protection.

The dynamic mapping capability of security groups let you define the criteria that an object must meet for it to be added to the security group you are creating. This gives you the ability to include virtual machines by defining a filter criteria with a number of parameters supported to match the search criteria. For example, you might include a criteria to add all virtual machines that run a specific operating system such as Microsoft Windows 2003 to the security group.

Security Tag

Include a criteria to add all of the virtual machines tagged with a specified security tag to a security group. Security tags are case sensitive.

Security Policy

During data collection the security policies that have been defined in NSX appear in the Security tab. The tenant administrator or business group manager can assign security policies on selected component machines.

For example, for a Web component you can apply a Web security policy. A security policy is a set of endpoint, firewall, and network introspection services that can be applied to a security group.

App Isolation

Use the logical firewall to prevent all of the inbound and outbound traffic to the applications in the multi-machine blueprint. The component machines in the multi-machine blueprints can communicate with each other but cannot connect outside the firewall.

The vCloud Automation Center App Isolation security policy has a precedence value of 3456. If the 3456 precedence value is applied to another component, the deployment fails.