Skip to main content

Getting Started with Illumio Core

  • Getting Started with Illumio Core
  • Application Ringfencing

Application Ringfencing

The Application Ringfencing tutorial is divided into a series of lessons. The lessons correspond to the major phases of creating an application ringfence in your environment and are organized according to the workflow for creating an application ringfence.

Before You Begin

This tutorial walks you through installing Illumio agents on hosts in your environment.

The Illumio platform operates in a secure environment with secure communication between Illumio agents installed in your environment and the Illumio platform. The Illumio agents are lightweight and designed for low resource utilization.

Illumio recommends you work through this tutorial using hosts running in your testing or staging environments.

About Application Ringfencing

With Illumio Core, you can model and test segmentation policies at different levels: from course-grained to extremely fine-grained segmentation. Most Illumio customers start by applying application ringfencing to their high-value applications.

The best initial policies start with ringfencing unless the initial deployment must satisfy stated compliance or regulatory guidance. Ringfencing shrinks the security perimeter from a subnet or VLAN to a single application. It provides the most significant impact with the least amount of work, requiring only one line of security policy per application to close off 90 percent of the potential attack surface for east-west traffic movement.

Additionally, application ringfencing provides the greatest flexibility to application owners and developers. Because there is a “permit-any” rule active within the ringfence, changes to the application’s internal communication will always work. An application ringfence allows all workloads within an application group to communicate over any port.

hva-lowres.jpg

Essential Concepts

Understanding these concepts will help you complete the solutions in this tutorial and give you a deeper understanding of the Illumio technology.

Tutorial Prerequisites

This tutorial requires you to have the following data, access, and systems.

  • 5 to 20 hosts: Bare-metal servers or virtual machines (VMs) in your data center or a public cloud. They can be running Windows or Linux.

  • Installed packages: The hosts must have the required packages installed.

  • Development or test applications: The hosts need to have running applications that are generating traffic data. A distributed application is recommended.

  • Internet HTTPS access over TCP port 443: Illumio Core needs an outward communication connection for HTTPS using TCP port 443.

See also: