Harness microsegmentation with HPE Morpheus VM Essentials Software & HPE Aruba Networking CX distributed services switch integration. Streamline VLANs, policies, & security for a secure data center.
Why microsegmentation?
Microsegmentation dramatically reduces the attack surface by ensuring that workloads can only communicate with what they absolutely need to—no more open campus–style networks. This:
- Limits lateral movement for attackers inside your data center
- Enables compliance with security standards requiring strict segmentation
- Simplifies troubleshooting by isolating traffic flows
- Provides dynamic, scalable security as workloads move or change
With the VM Essentials + HPE Aruba Networking CX 10000 Switch Series integration, microsegmentation becomes a frictionless part of your data center fabric, freeing up your team to focus on innovation rather than manual network chores.
What’s the deal with VM Essentials and CX DSS integration?
At its core, the integration is designed to automate and simplify the creation of microsegments in your network fabric. Traditionally, setting up VLANs, switched virtual interfaces (SVIs), and firewall rules across multiple hosts and switches can be tedious, error-prone, and manual. With this integration, it’s orchestrated automatically, saving time and headaches.
Getting started: Download and upload the integration
Before any magic happens, you first need to download the CX DSS plug-in. Once you have it, the next step is to upload it into the VM Essentials manager. This acts as the central control point where you manage your virtual environment.
Figure 1. HPE Aruba Networking CX DSS plug-in uploaded
Connecting the integration to HPE Aruba Networking Fabric Composer
Here’s a crucial part: This integration requires HPE Aruba Networking Fabric Composer version 7.2 or higher and the Pensando Policy and Services Manager (PSM) module. Also, you’ll need at least two CX 10000 switches configured in a data fabric topology to provide the physical networking foundation.
Once the integration is uploaded into the VM Essentials manager, you need to connect it to the HPE Aruba Networking Fabric Composer. To do so, navigate to Infrastructure and select Networks and Integrations. Click the Add button and select HPE Aruba CX DSS.
Figure 2. Registering the HPE Aruba Networking CX DSS integration
Then, provide the HPE Aruba Networking Fabric Composer information.
Figure 3. Registering HPE Aruba Networking Fabric Composer with VM Essentials
Some validations are implemented to make sure the integration can reach HPE Aruba Networking Fabric Composer, that a fabric of data type exists, and that the fabric has at least 2 x CX 10000 switches.
What happens next?
Upon integration, a new port group is added under your VM Essentials cluster.
Figure 4. Adding a new port group to the VM Essentials cluster
This port group is like a logical container for managing VLANs and network segments related to the workloads.
Figure 5. Creating a network
When you create a port group, the integration automatically:
- Provisions the necessary configurations on each VM Essentials host in the cluster—no manual host configuration needed
- Creates the corresponding VLAN on the CX DSS fabric
- Assigns the VLAN to the correct switch ports where the hosts are physically connected
- Creates the SVI if it doesn’t already exist—so routing and Layer 3 services are ready
- Defines networks in VM Essentials for workload connectivity
And here’s the exciting part—everything happens automatically without any manual network intervention.
Creating policies and firewall rules with HPE Aruba Networking Fabric Composer
Once the networking groundwork is laid, it’s time to tighten down security using policies and firewall rules.
In the HPE Aruba Networking Fabric Composer console, you navigate to the Policies. This is where you’ll create granular firewall policies for your workload.
Figure 6. Existing policies
When creating the policy, make sure to select Distributed Firewall.
Figure 7. Creating a new policy
Add or create new Rules. In this case, a rule is created to allow SSH communication between VMs.
Figure 8. Adding a rule to the policy
Add the Enforcers and complete the creation of the policy. Now, at this point, you can create VMs on this network and validate that the rules within the policy are working as expected.
Wrapping up
Integrating VM Essentials with CX DSS switches through HPE Aruba Networking Fabric Composer 7.2 and PSM brings automation and deep network visibility that make microsegmentation straightforward and scalable. From automatic VLAN and SVI creation to policy-driven firewall enforcement, the platform takes care of the heavy lifting—helping you build a secure and agile data center environment.
Got any questions or want to explore the setup in more detail? Contact us.
Learn more at:
Getting started with HPE Morpheus VM Essentials Software
HPE Morpheus VM Essentials Software product documentation
Meet the author:
Frederick Gagne, Distinguished Technologist, HPE
StorageExperts
Our team of Hewlett Packard Enterprise storage experts helps you dive deep into relevant data storage and data protection topics.
