icon-zpa.svg
Secure Private Access (ZPA)

Configuring Resource Groups

Resource groups are used in configuration of Microsegmentation policies so that the policy rule has a foundation of data to start on. Therefore, admins must configure resource groups in order to configure policies. To learn more, see About Resource Groups and About Microsegmentation Policies.

Prequisites

Enable policy enforcement for your organization. To learn more, see Enabling Microsegmentation Policy Settings.

Configuring a Resource Group

To configure a resource group:

  1. Go to Microsegmentation > Resource Management.
  2. Click the Resource Groups tab.
  3. Click Add Resource Group.
    The Add Resource Group window appears.
  4. In the Add Resource Group window:
    1. In the General Information section, set the following settings:
      1. Name: Enter a name for the new Rule.
      2. Description (Optional): Enter a description.
      3. Click Next.
    2. In the Criteria section, set the following settings:
      1. Resource Group Type: Managed or Unmanaged.
        • Managed means the resources have agents and are actively protected.
        • Unmanaged means the resources are not actively protected by agents. Unmanaged resource groups are defined as CIDR blocks or IP ranges.
      2. Static Membership: Select any or all resources from the dropdown menu.

      3. Dynamic Membership: Enter Host, Environment, or Custom object data.

        • Host: When Host is selected, it allows user to define criteria for Host Name, Platform, Platform Distro, Platform Version, and CPU Architecture.
        • Environment: When Environment is selected, it allows user to define criteria for AMI ID, Account/Subscription ID, Cloud Provider, Cloud Region, VPC/VNET ID, Subnet ID, and Security Group ID.
        • Custom: When Custom is selected, it allows the admin to define criteria based on user-defined cloud tags. To define custom criteria, the admin must first define the key part of the tag. Then define the value part of the tag.

        The Static and Dynamic Membership options are only for Managed resource groups.

    3. In the Review section, check your chosen configurations:
      1. General Information: Click the pencil icon to edit any of the fields.
      2. Criteria: Click the pencil icon to edit any of the fields.
  5. Click Save.

Your new resource group appears in the list.

Related Articles
Configuring Resource GroupsEditing Resource GroupsDeleting Resource Groups