How vShield App updates rules on appliances
While working on a recent project this question came up. If you create new vShield App rules in vShield manager how does it push these rules out to the vShield App appliances?
As an example you have a large environment with several clusters and you create and publish some new rules that affect only a couple of VMs. Will vShield manager push the rules out to every App appliance in the vCenter Datacenter, every cluster or just the cluster or host that has the VMs affected?
The answer is vShield manager only pushes out the rule updates to the vShield appliances that are affected. So only the ones that are protecting the VMs that the new rules apply to. As an example you can create vShield App rules at the datacenter level, cluster level, port group or per vNic. So based on what level the rule was created at and which App appliances are protecting that level determines where the rules are pushed to.
About Brian Suhr
Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design