vSphere Integrated Containers (VIC) Networking with NSX

In this demo, provides an overview of NSX networking for vSphere Integrated Containers. I already have a environment on containers with vSphere Integrated Containers (VIC), be sure to check out our guide here:
We can use NSX to provide micro segmentation of the container workloads.

Security Group

First we need to create security groups for virtual machines, use of security groups with dynamic membership can help us ensure that containers have the right level of security policies applied to them. 

nsx1

 

Select Service Composer –> Security groups –> Add

Input the Name (web-sg)

name

Next step: Name contains = diy_web

name

Define dynamic membership click in Next

def

Select Objects to Exclude click in Next

sg2

Click in Finish

fin

 

For the time being, i have only a container created.

efective

Distributed Firewall Configuration

Now, we”ll create some rules and allow only required traffic:

  • We will allow only the  protocol HTTP

Click on Firewall and ADD Rule and input Name rule.

rule1.jpg

Now we’ll configure Source and Destination:

rule2.jpg

Source:

rule3

Destination:

rule4

Service:

rule5

In web traffic: Allow and click Publish.

rule6.jpg

With this, only o container diy_linux will be able to communicate with the web server (diy_linux…) only allow traffic on a specific port (http/https).

That’s all for now!

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: