VMware

NSX

Access Requests

Device object selection

Add Access

Risk Analysis
Designer
Provisioning
Provisioning in automatic step
Verifier

Remove Access

Designer
Provisioning
Provisioning in automatic step
Verifier

Server Decommission

Impact Analysis

Clone Server Policy

Designer
Provisioning (or) Provisioning and Committing
Verifier

Rule Recertification

Update metadata

Notes for VMware NSX:

  • Device support is provided for a single NSX Manager managing a single vCenter.

  • For Access Requests, Topology must be enabled for Designer to make suggestions.

  • Designer will suggest using an existing Security Group in rules and will not suggest creating a new Security Group object.

  • For IPs and network objects included in an Access Request, Designer will suggest that you create implicit objects.

  • NSX devices can add pre-existing Security Group objects to an Access Request.

  • Rules which allow jumps are not supported.

  • For NSX-T devices that work with declarative APIs:

    • SecureChange automatically creates a "placeholder" rule before the Cleanup rule in the default policy. This enables provisioning of rules by SecureChange.

    • For NSX-T devices that work with declarative APIs, real time monitoring (accountability) is supported only for syslogs which were received with the default messageid.

    • For Access Requests with a Security Group as a Source or Destination, Designer can provide more specific suggestions for the Applied to field based on the relevant security groups in the request, instead of using DFW.

    • In the Device Manager, the name of a device with a declarative API has (Declarative) included in the device name.