This particular use-case is to implement network security to allow or block network access to certain applications/servers in the datacenter, depending on the logged-on user in a horizon view environment.
This we will achieve using a feature of VMware NSX that is Identity based firewalling.
Let’s first connect NSX to Active Directory. This step can be completed on the NSX Manager under manage -> domains. Add the domain you want to use to NSX:
Once AD sync is completed. now , we need to chose an AD group inside NSX “Grouping Object”.
- Go to Grouping Objects
- Click on + sign, a New Window will open, provide a proper Name.
- Click on + sign
- Choose “Entity” from drop down.
- Click on the next box , it will open a list of AD groups.
- Choose your AD group
Go to IP Sets and lets create an IP set , these will contain the list of IPs which we don’t want users to access.
- Click on + Sign.
- Enter descriptive Name.
- Enter IP address to block.
- Click OK.
Now Lets’ go to Firewall and create a Rule.
- Click in Firewall
- Click on + Sign.
- Give a descriptive Name.
- Chose Group , that we have created in Grouping Object , in our case it is “Demo”.
- Choose IP Set , that we have created in IP set , in our case “no_access_server”.
- Chose “Block” as we would need to block the traffic.
I hope this should be useful and helpful. Please Review and comment.
Pingback: VMware NSX Firewalling using AD Groups | VMTECHIE