Define an Application Individually

This topic explains how to manually define an individual application in CloudSecure. To automatically define an application with application discovery rules, to edit application definitions, or to export application definition reports, see Define an Application Automatically.

For an explanation of CloudSecure application definitions and how they relate to deployments, see Deployments and Applications.

Prerequisites

Before you define an application, you must have onboarded at least one cloud account. Defining a deployment is optional. For information about defining a deployment, see Define a Deployment.

Define Applications Manually

  1. From the left navigation, choose Application Discovery > Application Definitions.

  2. Click Add. A page with the fields to define the application appears.
  3. Enter a name and description (optional) for the application.

    This name is what appears in CloudSecure. The name should be descriptive so that you can easily identify it in CloudSecure.

    Though optional, providing a description helps other members of your organization understand the purpose of this application.

  4. Click Add Resources Using Cloud Metadata.

    Cloud metadata contains information about the instances of your running cloud resources and can include subnets and virtual networks. CloudSecure obtains your cloud tags directly from your cloud accounts. This data is the label that you assigned to a cloud resource along with an optional tag value.

    You do not define your application instances using Illumio CloudSecure labels. Your applications are defined for CloudSecure purely based on cloud properties.

    The Application Definition dialog box appears.

  5. In the top-most drop-down list, choose whether to use cloud tags, virtual networks and subnets, or accounts to define the application.

  6. In the Filter By Cloud Accounts field, select the accounts that are hosting the application resources. Continue selecting accounts until you've specified them all. To clear an account from the field, click backspace or click the X to clear them all.
  7. In the Select field, select the specific tags or metadata (depending on the type your chose) that defines the application.

    TIP:

    The list is pre-populated with values that CloudSecure discovered after you onboarded your cloud accounts. Depending on the size of your cloud environments, the list can get quite long. You can scroll the list to locate the values you want or type a value in the Select field to filter the list. The list refreshes with values matching your search criteria.

    When done adding data, click Add to Selection. The tags or metadata move to the selected section.

    You can continue this process to add as many tags or metadata as required to define this application.

  8. When done, click Confirm Selection. The dialog box closes, and your selected tags or metadata appears in the Selected section.

    If necessary, repeat the process using the other type of data until you've fully defined all resources for the application. For example, you chose to locate all the relevant clouds tags first and then repeated the process adding the relevant metadata.

  9. Click the Auto Approve Setting toggle to ON if you want CloudSecure to automatically approve all discovered deployments and resources for this application. This skips the manual approval process for applications.
    If you click the toggle to OFF, you must approve the application definition manually. See View and Approve an Application for information.
  10. When you have defined the application with enough specificity, click Save.

The Application Definitions page refreshes and includes the new application: The Deployments column indicates that CloudSecure is discovering any defined deployments that host this application.

When the discovery process finishes, the list includes any deployments where CloudSecure discovered matching cloud tags or metadata.

CloudSecure does not populate the Deployments column if you choose not to define any for that application.

When CloudSecure finishes discovering your saved application definition, and your application is listed as pending approval, you can still modify the resources defined for the application. For instance, you can add or drop cloud tags in the application definition in such a way that it applies to an additional resource, and CloudSecure automatically re-synchronizes the application to include the new resource. Once an application is approved i.e., no longer pending, any subsequent resource modifications could trigger a new pending approval state for the application deployment.

Delete Individually Created Application Definitions

When you delete applications that are pending approval, CloudSecure simply deletes the application definitions.

When you delete approved applications, CloudSecure deletes the application definitions and the rulesets (policies) associated with the application definitions and the application instances. CloudSecure also disassociates any related resources from the application definitions being removed.

  1. From the left navigation, choose Application Discovery > Application Definitions. The Applications Definitions page appears and the Application Definitions tab is selected.
  2. Select all the application definitions that you want to delete and click Remove.

    A confirmation dialog box appears displaying the applications you are deleting.

  3. Verify that you are deleting the correct applications and click Remove in the dialog box.

What's Next

Approve your application. (Each instance of the application in different deployments requires approval.) See View and Approve an Application for information.

Begin creating policy for your application. See Writing Application Policy for information.