Typical Workflow
Illumio suggests this typical workflow for deploying Endpoint VENs:
Task 1: Create Labels for Endpoints
To help you distinguish endpoints from other workloads on the PCE, Illumio recommends that you assign them a common Application label such as "Endpoints" and use the Role label type for endpoint sub-groups. Use these conventions consistently throughout your implementation.
Important
See Label Endpoints for guidance on labeling endpoints. For general information about labeling, see also "Labels and Label Groups" in the Security Policy Guide.
Task 2: Add Corporate Public IPs if Using Azure AD
See Add Public IP addresses to the Corporate Public IPs list.
Task 3: Create or Modify a Ruleset for Endpoints
Create or modify a ruleset to define the allowed communication between endpoints and servers. See Create Rulesets that Use Workload Subnets for Endpoints.
Task 4: Install and Activate VENs in Endpoint Mode
For most installation and activation tasks, you can refer to topics in the VEN Installation and Upgrade Guide and the VEN Administration Guide. The procedures and concepts in those guides apply almost equally to Endpoint VENs and Server VENs.
Important
When creating a Pairing Profile for an Endpoint VEN, you must select Endpoint VEN in the Servers & Workloads > Pairing Profiles > Enforcement Node Type setting. (Conversely, the Enforcement Mode Type for for Server VENs requires the Server VEN setting.) Endpoint mode is required for visualizing and segmenting endpoints from the Core PCE.
Tip
You can also install VENs remotely on multiple endpoints using a network provisioning tool. See Install and Deploy Multiple macOS Endpoint VENs.