Free Trial: Pairing Workloads

Pairing Workloads Lesson

Installing the Illumio agent on compute assets in your data center or private or public cloud so that you can apply micro-segmentation policies.

Essential concepts

Before you begin the tutorial, you need to be familiar with the following concepts.

Policy Compute Engine (PCE): The brain of the Illumio ASP. The ASP stores its program logic and the information it collects in the PCE. The PCE generates and distributes segmentation policies for each VEN connected to it.

Virtual Enforcement Node (VEN): The local control point of the Illumio ASP installed on each workload. It provides information about the workload and enforces policy rules by controlling the Linux iptables or Windows Filtering Platform (WFP) tables on a workload.

Workload: The Illumio generic term for anything with an operating system, such as a bare-metal server, VM, or container (e.g., Docker container).

Pairing: The process of installing the Illumio VEN software on a workload by using a unique secure pairing key.

 

Lesson prerequisites

This lesson requires you to have the following data, access, and systems.

Understand essential concepts: To complete this lesson, you must understand what the Illumio VEN is and how the process of pairing workloads works.

5 to 20 hosts: Bare-metal servers or VMs in your data center or a public cloud. They can be running Windows or Linux.

Installed packages: The hosts must have the required packages installed.
Supported operating systems and required packages

Development or test applications: The hosts need to have running applications that are generating traffic data. A distributed application is recommended.

Root or Admin access: You must have Root or Admin access on the hosts to install the VEN. Windows hosts must have PowerShell installed.

Internet HTTPS access over TCP port 443: The hosts must be able to connect outbound over TCP port 443.

 

 BACK TO TUTORIAL PAGE

Instructions

Log into your Illumio ASP Free Trial

When you apply for the Free Trial, Illumio emails you credentials and the Free Trial URL.

Free Trial URL
https://ci-trial.ilabs.io:8443/login

When you log into the Illumio web console the first time, you see the Welcome page, which directs you to pair workloads or add Illumio users.

Dashboard

The next time you log into the web console, the Illumination map appears.

 

Generate a pairing key and script

The PCE web console provides a default pairing profile containing a pairing key and pairing script so that you can begin pairing workloads. You have the option to create a new pairing profile if you want to configure your own workload pairing settings. This lesson directs you to use the default pairing profile.

You can configure a pairing profile so that it assigns labels to the workloads you pair. The default pairing profile does not contain any labels. You will learn how to apply labels to workloads in a later lesson during this tutorial. The policy state is set to Build mode in the default pairing profile. You will learn about policy states in a later lesson.

The default pairing profile provides unlimited pairing for an unlimited time. You can change this behavior by editing the pairing limit and time. In this lesson, you will use the default settings.

 

 

1. If this is your first time logging in, click Pair Workloads in the Welcome page. Otherwise, from the left navigation menu, select Workloads. The Workloads page appears.

2. Select AddPair Workload with Pairing Profile.

 

Selection

The Pairing Profile page appears with a generated pairing key and scripts for Windows and Linux workloads.

 

Pair a Linux workload

On the Pairing Profile page, you see only one pairing profile named “default” if this is your first time pairing.

1. In the Pairing Script section, copy the Linux pairing script.

2. SSH into the Linux workload you want to pair. Root access on the workload is required for installation of the Linux VEN.

 

Linux

 

3. In the shell window on the Linux workload, paste the script you copied from the pairing profile and run it.

 

 

The workload starts the pairing process. As the pairing script runs, you will see success messages appear.

Wait until you see the message “Workload has been SUCCESSFULLY paired with Illumio,” which means your VEN pairing is complete.

 

Pair a Windows workload

On the Pairing Profile page, you see only one pairing profile named “default” if this is your first time pairing.

1. In the Pairing Script section, copy the Windows pairing script.

2. On the Windows workload you want to pair, open the Windows PowerShell as an Administrator user.

 

Windows

 

4. Paste the pairing script you copied into the PowerShell command prompt and run it.

The workload starts the pairing process. As the pairing script runs, you will see success messages appear.

Wait until you see the message “Workload has been SUCCESSFULLY paired with Illumio,” which means your VEN pairing is complete.

 

VEN Windows

 

NOTE: When the Illumio VEN is being installed on a Windows workload, all internet group management protocol IGMP traffic will be blocked. Windows servers typically use IGMP for things like Windows internet naming service (WINS), Windows Deployment Services (WDS), IGMP Router Proxy Mode, or network load balancing (NLB) in multicast mode.

 

Repeat pairing procedure

You can pair as many workloads as you have in your application. The default pairing profile provides unlimited pairing for an unlimited time. You can change this behavior by editing the pairing limit and time.

 

Validate workload pairing

After the workload is paired, you can validate that the workload is managed by Illumio.

1. From the left navigation menu, select Workloads.

2. If necessary, click the refresh icon to load the workload you just paired.

 

Workloads

NOTE: When using the default pairing profile in the pairing process, the Label columns are blank as shown above.

3. Additionally, you can view the workloads in the Illumination map. Select Illumination from the left navigation menu.

 

Illumination

That’s it! Pair as many workloads as you like.

You will learn all about working with the Illumination map in one of the next lessons.

Next Lesson: Labeling

You will learn about visualizing your application environment and the traffic impacting your workloads.

Start Lesson

Questions?

Any questions, please contact us at
free-trial@illumio.com.

Swag Request

Illumio Free Trial