Introduction

Illumio Core products have a simple, easy-to-use functional configuration that can contribute to the realization of sustainable microsegmentation.

The core principles of Zero Trust from The Open Group, a global IT standards organization, state clearly that one of the key points is "simple and maintainable."

This time, we will be introducing the Illumio Core product features and how to proceed with implementation over several posts in order to convey the key points that make the Illumio Core product simple and easy for anyone to use.

In this first article, we will introduce the basic information you need to know to gain a better understanding of Illumio Core products.

PCE and VEN

The Illumio Core product consists of two components: PCE (Policy Compute Engine) and VEN (Virtual Enforcement Node). When using the SaaS version of PCE, the product prepares, maintains, and upgrades the PCE environment itself. This means that users no longer need to perform these tasks.

Providing functions and linking with PCE

Illumio Core products are comprised of a functional configuration centered around PCE. The management screen provided by PCE allows users to check visualized communication information and set communication control policies. In addition, the API provided by PCE allows users to link with external systems.

In Illumio, the servers and client terminals to be managed are called "Workloads." VENs installed on a Workload periodically communicate with PCEs to exchange communication control policies and collected information.

VEN: Communication control using OS standard firewall

Illumio Core products use the OS's standard firewall to achieve communication control in the Workload. The VEN installed on the Workload only instructs the OS's standard firewall to set the necessary firewall rules, and is not involved in the communication control process itself. Therefore, even if a problem occurs with the VEN installation or upgrade, or with the VEN itself, there is no impact on communications on the Workload.

Communication Control Mode

Illumio offers four communication control modes:

Basically, communication control is deepened in stages from left to right, but the level of control can be selected according to requirements and operational aspects. Communication control modes can be specified at the very least for each workload, and workloads with different communication control modes can coexist.

Steps for implementing microsegmentation using Illumio Core

The typical implementation steps for implementing microsegmentation using Illumio Core products are as follows. First, install VEN on each server and client terminal and register them as a workload to visualize the communications occurring on each workload. Considering the information obtained through Illumio and known communication requirements, such as the communications occurring, the listening ports of each workload, and the control status of communication protocols that are often exploited by ransomware, communication control is implemented in stages starting from what is possible, and the content of that control is deepened.

in conclusion

This article has provided basic information to help you better understand the Illumio Core product.
In the next article and beyond, we will introduce in detail the functions used in each implementation step and the required settings.
Please contact us for more information about Illumio Core product features and implementation steps.