Hello!
Between security policies or distributed firewall rules, what would be the recommended one to use? I get the feeling that for repetitive rules such as access to infrastructure services (AD, DNS) it would be better to use Security Policies that can be applied to different Security Groups. But when i think about an Application with distinct requirements it would be better to create the rules in Distributed Firewall, as those rules would only apply to a few VMs.
Should i just choose one way and go for it? What is the recommendation?
Thanks!!
priscillagr,
If you haven't checked out the VMware NSX Micro-segmentation: Day 1 Guide, it's a great resource. As a customer (before joining VMware), I found the best bang for your buck is using the DFW with Dynamic Security Groups. It's an easy transition from traditional ip based objects/groups but gives you all the benefits of using dynamic security groups. Service composer requires more effort up front but is beneficial when you have a lot of repetitive policies. A great example of this can be seen here Using NSX Service Composer to create a more elegant ruleset | nsxperts.com.
Hope this Helps!
priscillagr,
If you haven't checked out the VMware NSX Micro-segmentation: Day 1 Guide, it's a great resource. As a customer (before joining VMware), I found the best bang for your buck is using the DFW with Dynamic Security Groups. It's an easy transition from traditional ip based objects/groups but gives you all the benefits of using dynamic security groups. Service composer requires more effort up front but is beneficial when you have a lot of repetitive policies. A great example of this can be seen here Using NSX Service Composer to create a more elegant ruleset | nsxperts.com.
Hope this Helps!
Thank you! It helped me a lot!