This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

VMware ESXi guest segmentation with XOS

VMware ESXi guest segmentation with XOS

Kent
New Contributor

‎05-03-2019 09:32 AM

Hi all,

Are there any features in the XOS series (X460, X590) to provide per guest policy based segmentation (ACLs) within the ESXi hypervisor?

ie ACL per guest on the v-switch ideally driven by ExtremeControl policy.

Thanks in advance for any advice.
Kent.
0 Kudos
3 REPLIES 3

Tomasz
Valued Contributor II

‎07-11-2019 08:40 PM

Hi Antonio,

I didn't play with EAC-VMware integration personally, but another approach would be integrating EXOS with VMware with Direct Attach feature (aka EVB, VEPA), that would imply VM traffic going straight to an EXOS switch without being switched by a vSwitch so you have more EXOS-based control on the traffic - alongisde Policy, ACL and else. Have in mind per-switch and per-port scalability in terms of authentications and Policy roles.

Hope that helps,
Tomasz
0 Kudos

Antonio_Opromol
Contributor II

‎07-07-2019 08:46 AM

Is there an example on how use ExtremeControl for authorize the VMs in the integration with ExtremeControl?
In my demolab based on demokit, I've configured the ExtremeConnect as follow

fa4a4b00e13e40a38bd5998ef72e9154_2b8da04e-0e8f-46bc-b2e4-1d047bbb4f56.png


And I have the following viw in the dashboard:

fa4a4b00e13e40a38bd5998ef72e9154_39d20df7-38ff-46cb-bf9c-b20f26a394ca.png


and the end-systems of my vmware host:

fa4a4b00e13e40a38bd5998ef72e9154_7da2121a-10cc-4100-b357-12f63b320914.png


Based on the configuration made in my ExtremeConnect module for vsphere, in ExtremControl I've got now the following new rules, profiles, end-systems groups, automatically created from the ExtremeConnect module:

fa4a4b00e13e40a38bd5998ef72e9154_7e91e20a-eabe-488b-8a7e-3a7ef6ee2a6b.png


fa4a4b00e13e40a38bd5998ef72e9154_9bafcf6e-aa55-4255-a59c-b8a6620c39ce.png


fa4a4b00e13e40a38bd5998ef72e9154_a4fb1f77-e505-4f45-82ee-87cbbcf2f808.png


fa4a4b00e13e40a38bd5998ef72e9154_aff6981c-5aa5-4c7e-8767-5f55b4fa8efd.png


fa4a4b00e13e40a38bd5998ef72e9154_7d7ec87a-9817-41f4-aa0c-5b80ec0e058a.png


fa4a4b00e13e40a38bd5998ef72e9154_30d6f468-a9ba-4eb0-b754-2a7d9a9530c2.png


fa4a4b00e13e40a38bd5998ef72e9154_873555c1-f614-400a-ab61-e72cb8e3cad0.png


fa4a4b00e13e40a38bd5998ef72e9154_573b2340-897c-4261-81f8-0534d0ce47b3.png


All these ed-systems have authentication set to Auto Tracking and I can't change anything. If for example I try to add an end-system in a different group, I have the following error:

fa4a4b00e13e40a38bd5998ef72e9154_3486d958-1b00-49c1-adc0-7b9e419e739d.png


The new authomatic rules are never matched in Access Control.
How can have control of the VM authentication in manner to build my own rules for the VM?
0 Kudos

Christoph
Contributor

‎05-03-2019 11:16 AM

It's possible to integrate ESXi / vSphere with XMC and use ExtremeControl to authorize the VMs / users.
You integrate it with the ExtremeConnect module of XMC (part of Advanced version) and use NAC in conjunction with Policy Framework.

Kind regards
Christoph
0 Kudos
GTM-P2G8KFN