View and Approve an Application

This topic explains how to approve an application definition after you've created it. See Define an Application for information.

Prerequisites

This topic assumes that you've already onboarded your cloud accounts and have created an application definition.

Why is Approval Required?

CloudSecure separates the process of defining an application from the ability to create policy for it.

After you define an application, it appears in the Application Definitions list. First, if you have defined a deployment, CloudSecure discovers any environments where the application is running. See CloudSecure Discovers Your Application Environments for information.

When the discovery process finishes, the list will include any deployments where CloudSecure discovered matching cloud tags or metadata.

NOTE:The Application Definition page lets you toggle whether you want CloudSecure to automatically approve all discovered applicable deployments and resources. Similarly, the Application Discovery Rule page lets you toggle whether you want CloudSecure to automatically approve all discovered application definitions, as well as any updates made to their deployments and resources. See the Define an Application Automatically documentation on the portal.

Either of these methods will skip the manual approval process for applications as described here.

For applications definitions that are not automatically approved, you can see that each of the application instances needs to be approved; meaning, you've defined an application but the status is still Pending Approval.” In this way, CloudSecure ensures other key stakeholders are in the loop to approve your application definitions.

CloudSecure will not populate the Deployments column if you choose not to define any deployments for that application.

Approve a Given Application Definition

  1. From the left navigation, choose Application Discovery > Application Definitions.
  2. The list of defined applications appears.
  3. Select the application that you want to review and/or approve. Note that if you select just one application definition, it will allow you to approve it if it is pending approval. However, if you select more than one application, the Approve button will become grayed-out because bulk application approval is not supported at this time.
  4. The Approve button becomes enabled.
  5. Click Approve. A confirmation dialog box appears displaying the application you are approving.
  6. Verify that you are approving the correct application and click Confirm.

The dialog box closes and the Approval Status column updates and shows that the application definition is approved.

The application becomes part of the applications displayed in the Applications page, meaning you can now create policy for that application.

Approve Application Deployments and Resources in Bulk

You can have a single application that has multiple resources or deployments, such as staging and production. For example, you could have two application definitions associated with that application, one for each deployment. CloudSecure lets you approve two or more such application deployments in bulk.

  1. From the left navigation, choose Application Discovery > Application Definitions.
  2. The list of defined applications appears.
  3. Select the application that you want to review and/or approve.
  4. Click Approve. A confirmation dialog box displays the application's associated deployments and/or resources..
  5. Select the checkboxes for the deployments and resources you wish to approve. For example, you may wish to choose an AWS us-west -1 resource on staging and production, but not development.
  6. Verify your selections and click Confirm. Illumio will then create the approved definitions for that application based on the deployments and resources you selected. Using the above example, you would have two approved definitions for the application, one using the staging deployment and the other using the production deployment.

CloudSecure does not let you bulk approve application definitions associated with different applications as their basis.

Viewing Application Information

Once you have approved an application, you can view various information about the application beyond what the Application page lists in the table. When you click on an application listed on the Application page, you will see the following tabs for that application:

  • Summary: This gives you general information about the application, such as the following:
    • Name
    • All Owners
    • All Cloud Accounts
    • Created With (This indicates whether the application was created manually or with a particular discovery rule.)
    • Associated Labels
    • Resources by Deployment (This circle graph indicates service categories, service roles, resources, security controls, and firewall rules. Click on the graph to see details, such as the security control count. The security control count for each resource is the total number of Security Groups, Network Security Groups, and Network ACLs associated directly with the resource with the subnet of which the resource is a part .)
  • Inventory: This gives you an application-specific view of what you would see on the Inventory page. See Inventory.
  • Traffic: This gives you an application-specific view of what you would see on the Traffic page. See Traffic.
  • Map: This gives you an application-specific view of what you would see on the Cloud Map page. See Cloud Map.
  • Policy: This gives you a list of active policies for the application. See CloudSecure Policy Model.

Exporting an Application Report

  1. Click Export on the Applications page.
  2. Edit the report name and select the format.
  3. Click the Scheduling Section toggle to the on position to schedule the export unless you want to export the report immediately.
  4. If you choose to schedule your report, select your recurrence and time.
  5. Click Save when done.
  6. Go to the Generated Reports page to download the exported report.

What's Next

Once you have approved an application, you can map your cloud tags to Illumio labels and write policy rules for it. Although mapping cloud tags to Illumio labels is not strictly required for creating policies, it will assist you in making your policies specific.

See Cloud Tag to Label Mapping.

See Writing Application Policy.