Workload Setup Using PCE Web Console

After you pair workloads, you can view details by clicking a single workload. From the Workload Summary page, you can name the workload, write a description, and change the workload's policy state.

About Creating Managed Workloads by Installing VENs

When you install a VEN on a workload and pair it to the PCE, it becomes a managed workload because it can be managed using the PCE. For more information, see VEN Installation & Upgrade Using VEN Library in the VEN Installation and Upgrade Guide.

Unmanaged Workloads

Unmanaged workloads extend rule-writing capabilities to network entities that are not paired with the PCE and do not have an installed VEN. Adding unmanaged workloads to the PCE allows you to write rules so that workloads that are paired with the PCE can communicate with those other entities. The policy between workloads with a VEN and unmanaged workloads is enforced using the outbound rules on the workloads where the VEN is running. For Unmanaged workloads, enforcement is displayed blank.

For example, when you want to ensure that a network file server belonging to an HRM application is only accessible from the database workloads of the HRM application, you can add unmanaged workloads for the file servers and use label-based rules to enforce the policy. The PCE uses the outbound rules on the database workloads running the VEN to ensure that only the databases labeled HRM are allowed to make outbound connections to the network file servers.

Add an Unmanaged Workload

You can add unmanaged workloads from the Workloads list. After assigning labels, write label-based Rules that apply to unmanaged workloads.

TIP:

You can also create an unmanaged Workload from a blocked traffic IP address. See Create Unmanaged Workload from Blocked Traffic for information.

  1. From the PCE web console menu, choose Workloads and VENs > Workloads.
  2. Click Add > Add Unmanaged Workload.
  3. In the Add Unmanaged Workload details page, enter a name and description for the unmanaged workload.
  4. In the Label section, select the labels you want to be applied to the unmanaged workload.
  5. In the Attributes section, enter all the relevant information about the unmanaged workload, such as its hostname, IP addresses, location, and OS.
  6. In the Processes section, enter the name and the port and protocol for the process.
  7. (Optional) In the Machine Authentication ID field, enter all or part of the DN string from the Issuer field of the end entity certificate (CA Subject Name). Complete this field when you plan to use this unmanaged workload with the AdminConnect feature because the unmanaged workload is a laptop running Windows or Linux. See Secure Laptops with AdminConnect for information.
  8. Click Save.