Types of Illumio Xpress Policy
This section explains adaptive policy in the Illumio Xpress.
Adaptive Policy
Without adaptive security, enterprises face an overwhelming number of firewall rules, manual changes required to policies, and the possibility of errors leading to outages or serious vulnerabilities and breaches. Adaptive security automatically accounts for moves, scale, and changes to the applications and infrastructure that are typical of modern datacenters.
Because Illumio Xpress bases workload security on a policy model, it enables adaptive security that continuously adjusts to changes in the environment and to changed workload relationships. When a change occurs, the PCE responds dynamically by re-computing the OS-level firewall rules for the impacted workloads. The PCE alerts the VENs of the new OS-level firewall rules. The VENs request the new rules and apply them immediately.
The Illumio Xpress dynamically adapts and updates security policy when events, such as the following ones, occur in the managed environment.
- Workloads are added to or removed from your environment.
- Workloads change their IP addresses.
- Managed workloads come online and go offline.
- The labels on workloads change.
The PCE does not require Illumio Xpress users or automated processes to provision these changes for the PCE to re-compute the OS-level firewall rules for the impacted workloads and transmit them to the VENs.
See the following related topics:
- Pairing in the VEN Installation and Upgrade Guide for VEN for information about adding workloads to your environment
- IP Lists for information about using them in security policies
- Provisioning for information about provisioning, which is a manual process
- Types of Illumio Xpress Policy for information about how provisioning differs from adaptive policy