Skip to content

This project helps to build a zero-trust environment that micro-segments an existing EPG of an ACI.

Notifications You must be signed in to change notification settings

highopes/microseg

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

microseg

Description

This application helps to build a zero-trust environment that micro-segments an existing EPG of an ACI. The segmentation is based on analytics from AppDynamics. It can also support manual pre-configured JSON file to present your segmentation idea.

Installation

The microseg dosen't need to install. It's a python script directly running in your python environment.

Environment

Required

  • Python 2.7+
  • ACI and compatible ACI Cobra SDK

Optional

  • AppDynamics 4.3+

Usage

Directly running the script with ‘python microseg.py’, the usage tips will be shown. If you want to micro-segment the ACI EPG in which the application resides, you should provide the name of ACI Tenant, Application Profile. If the application is AppDynamics(AppD) monitored, just give the name of the application in AppDynamics. For example:

        python microseg.py --tenant hangwe-tn --approfile hangwe-useg-ap --application courseback

If the application name omits, you will need JSON files for manual application definition. For example:

  • ‘app_mapping.json’ for application tiers/hosts mapping
{
  "Web": [
    "172.16.1.14",
    "172.16.1.15",
    "172.16.1.16"
  ],
  "App": [
    "172.16.1.24"
  ],
  "DB": [
    "172.16.1.34"
  ]
}
  • ‘tier_relationship.json’ to build the application tiers relationships
{
  "Web": {
    "app2web": [
      "consume"
    ]
  },
  "App": {
    "db2app": [
      "consume"
    ],
    "app2web": [
      "provide"
    ]
  },
  "DB": {
    "db2app": [
      "provide"
    ]
  }
}

Currently the microseg is used only for demo purpose. For productive usage, please contact the author at: [email protected]

About

This project helps to build a zero-trust environment that micro-segments an existing EPG of an ACI.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages