Application Rule Manager

VMware introduced a new feature in NSX 6.3 called Application Rule Manager (ARM)
 
ARM is a build in tool which is useful for defining the Micro Segmentation policies.
Most of the security admins do face challenges of how to deploy the NSX Micro Segmentation policies for applications in the Data center.
  • Network/Security admins often faced with challenges in knowing what the applications needs for their communication.
  • Knowing which application communicates with which servers & uses which ports has always been a challenge to network or security admin.
  • To achieve “Zero Trust” security policies it is required to close any unwanted communication.
  • When the data center hosts more than 100 applications, it adds to complexity (Defining the security policies always remain the challenge)
VMware addresses this using ARM tool. This tool is available under
Tools -> Flow Monitoring -> Application Rule Manager
 
ARM helps in simplifying the process of defining the Micro Segmentation polices by creating security group & firewall rules.
With ARM any application in the datacenter can be put in a monitoring mode & it will enable to capture the raw 5-tuple flow in NSX.
 
5 Tuple: Source IP Address/Destination IP Address/Protocols/L4 Source Port/L4 Destination Port
 
How it works:
  1. Capture the flow:
    1. 1st step is to capture the flows for the VMs for which we need to define the Micro Segmentation policies.
    2. This is similar to starting a new monitoring session for the selected VMs in which both the incoming & outgoing flows are captured.

Note:It is possible to define only 5 sessions for collecting the flows at any point of time simultaneously.

  1. Analyze the flow:
    1. 2nd step is to stop the capturing & start to analyze the captured flow.
    2. ARM analyses the captured raw flow & represent them into easily understandable flow.
    3. It generates the flow table & shows the flow or the communication between the VMs selected for capturing.
Ex – It maps the IP address captured in the flow with the VM object. It gives the details of the security group the VM is part of.
  1. Define Policies:

    1. 3rd step is to create security group, IP sets, services & firewall rules.
    2. After the flow is analyzed & with security groups, IP Sets & Services the network or security administrator can publish the Micro Segmentation policies to take effect.
    3. The new policies defined will be published as a “Section” in the firewall rule table.

Note: The firewall polices defined will be only for the VMs which were selected for the flow analyzes.

ARM tool is a simple tool & it is very easy to use it.

Example:

Tools -> Flow Monitoring -> Application Rule Manager

  1. Start new session & name the session – Ex “Test"

  1. Select the “VMs” for which we need to capture the flows & click Ok.

  1. Capturing of Data starts. In this example we have selected 11 VMs & data capturing for 11 VMs have been started.
  1. Stop capturing the data after some time which you feel is sufficient to capture the required flow.

  1. Once the capture is stopped, we can view the flows which shows the communication flow which has the source, destination, service & the direction.

  1. Based on each flow captured & analyzing it we can define the new firewall policy.