Skip to main content

Security Policy Guide 24.5

Workload Setup Using PCE Web Console

After you pair workloads, you can view details by clicking a single workload. You can name the workload from the Workload Summary page, write a description, and change the workload's policy state.

Creating Managed Workloads by Installing VENs

When you install a VEN on a workload and pair it to the PCE, it becomes a managed workload because it can be managed using the PCE. For more information, see VEN Installation and Upgrade Guide.

Unmanaged Workloads

Unmanaged workloads extend rule-writing capabilities to network entities not paired with the PCE and do not have an installed VEN. Adding unmanaged workloads to the PCE allows you to write rules so that workloads paired with the PCE can communicate with those other entities. The policy between workloads with a VEN and unmanaged workloads is enforced using the outbound rules on the workloads where the VEN is running. For unmanaged workloads, enforcement is displayed blank.

For example, when you want to ensure that a network file server belonging to an HRM application is only accessible from the database workloads of the HRM application, you can add unmanaged workloads for the file servers and use label-based rules to enforce the policy. The PCE uses the outbound rules on the database workloads running the VEN to ensure that only the databases labeled HRM are allowed to make outbound connections to the network file servers.

Adding Unmanaged Workloads

You can add unmanaged workloads from the Workloads list. After assigning labels, write label-based rules that apply to unmanaged workloads.

Tip

You can also create an unmanaged Workload from a blocked traffic IP address. See Create Unmanaged Workload from Blocked Traffic for information.

  1. In the Servers & Endpoints category, click Workloads.

  2. Click Add > Add Unmanaged Workload.

  3. GENERAL: In the Add Unmanaged Workload details page, enter a name and description for the unmanaged workload.

  4. LABEL ASSIGNMENT: In the Label Assignment section, select the labels you want to be applied to the unmanaged workload.

  5. HOST ATTRIBUTES: In the Host Attributes section, enter all the relevant information about the unmanaged workload, such as its hostname, location, OS Family, Release, and Public IP.

  6. MACHINE AUTHENTICATION: (Optional) In the Machine Authentication ID field, enter all or part of the DN string from the Issuer field of the end entity certificate (CA Subject Name). Complete this field when you plan to use this unmanaged workload with the AdminConnect feature because the unmanaged workload is a laptop running Windows or Linux.

  7. VEN TO PCE AUTHENTICATION: When using Kerberos for encryption, type a SPN to authenticate VEN

  8. Click Save.