XMC Integration with HyperV

  • 0
  • 2
  • Question
  • Updated 2 days ago
  • Answered
Hi All, I've seen quite a couple of interesting integration videos posted, with various security appliances, and one with VMware depicting IPS applications or Enhanced Securing of the network using API  integrations with XMC I was hoping that there is an Integration with HyperV that I could reference defining policy usage in a similar manner 
Photo of domingos Da Mata

domingos Da Mata

  • 100 Points 100 badge 2x thumb

Posted 1 week ago

  • 0
  • 2
Photo of Kurt Semba

Kurt Semba, Employee

  • 1,462 Points 1k badge 2x thumb
Hi Domingos,

there is an older integration with Hyper-V and System Center Virtual Machine manager that is provided by Connect (part of XMC when the NMS-ADV license is available).

But those integrations have not been requested a lot so they are pretty rudimentary. What features exactly would you be looking for?

Thanks 
Photo of domingos Da Mata

domingos Da Mata

  • 100 Points 100 badge 2x thumb
Hi Kurt 
I saw a tutorial demonstrating the ability to define an application server profile, assign it to a port, and distinguish between server profile type eg web, database, mail server etc. this was associated to a VM Ware tutorial , My customer is looking to do the same on HyperV
 The XMC would then allow the appropriate profile to be loaded on the port associated with the VM as the application server is moved within the cluster  

Photo of Kurt Semba

Kurt Semba, Employee

  • 1,462 Points 1k badge 2x thumb
Hi Domingos,

yes, the Hyper-V integration provides that functionality. Let me provide some more details: the Hyper-V integration uses an adapter that you install on each Hyper-V server (or on your SCVMM server if you have one). It regularly reads all your VMs and the vSwitches they are connected to. If it finds a new VM or the vSwitch was changed for an existing VM's NIC it will take the vSwitch name and assign an end-system group in NAC for that VM's network interface with the same name as the vSwitch. Based on the new NAC end-system group membership, NAC will change the policy on the corresponding, physical switch port (the port where that VM is hitting the physical switch). 

You will have to connect your VMs to different vSwitches based on their "type": example: vSwitches for web servers, database servers, etc.

So you would need to connect all your Hyper-V physical host servers to switches that support MAC authentication and policy (or at least dynamic VLAN via RADIUS).

Hope this helps.
Kurt
Photo of domingos Da Mata

domingos Da Mata

  • 100 Points 100 badge 2x thumb
Thanks Kurt appreciate your assistance