Skip to main content

Illumio Security Policy Guide 25.4

  • Illumio Security Policy Guide 25.4
  • Workloads
  • Workload Setup Using PCE Web Console

Workload Setup Using PCE Web Console

After you pair workloads, you can view details by clicking a single workload. From the Workload Summary page, you can name the workload, write a description, and change its policy state.

Creating Managed Workloads by Installing VENs

When you install a VEN on a workload and pair it to the PCE, it becomes a managed workload because it can be managed using the PCE. For more information, see VEN Installation and Upgrade Guide.

Unmanaged Workloads

Unmanaged workloads expand rule-writing capabilities to network entities not connected to the PCE and lacking an installed VEN. Integrating unmanaged workloads into the PCE allows you to craft rules enabling communication between workloads connected to the PCE and other entities. The policy between workloads with a VEN and unmanaged workloads is enforced through outbound rules on the workloads running a VEN. In the case of unmanaged workloads, the enforcement display remains blank.

For instance, unmanaged workloads representing the file servers can be added to restrict access to a network file server linked to an HRM application solely to the HRM application's database workloads. Label-based rules can then enforce the communication policy. The PCE employs outbound rules on the database workloads with a VEN to ensure that only the databases labeled HRM can establish outbound connections to the network file servers.

Adding Unmanaged Workloads

You can add unmanaged workloads from the Workloads list. After assigning labels, write label-based rules that apply to unmanaged workloads.

Tip

You can also create an unmanaged Workload from a blocked traffic IP address.

  1. In the Servers & Endpoints category, click Workloads.

  2. Click Add > Add Unmanaged Workload.

  3. In the Add Unmanaged Workload details page, enter a name and description for the unmanaged workload.

  4. In the Label Assignment section, select the labels you want to be applied to the unmanaged workload.

  5. In the Host Attributes section, enter all relevant information about the unmanaged workload, such as its hostname, location, OS Family, Release, and Public IP.

  6. (Optional) In the Machine Authentication ID field, enter all or part of the DN string from the Issuer field of the end entity certificate (CA Subject Name). Complete this field when you use this unmanaged workload with the AdminConnect feature, as it involves a Windows or Linux laptop.

  7. When using Kerberos for encryption, type a SPN to authenticate VEN.

  8. Click Save.