When talking with customers about our vSphere Distributed Switch I often find that they don't know about a feature in the Traffic Filtering policy engine that allows for creation of Access Control Lists or ACLs. This is in additional to being able to tag traffic and pass Quality of Service (QoS) or Differentiated services Code Point (DSCP) values up to the physical network for prioritization.
ACL's allow you to create fine grain control of what traffic is allowed in or out of a VM, set of VM's or an entire port group. The feature is configured at the port group level and allows for an unlimited number of rules. The rules are processed in the VMkernel, meaning no external appliance is needed which equates to no single point of failure and faster processing of rules and in some cases reduced network traffic since rule processing happens before the traffic leaves the ESXi host.
Watch the video below for a quick how-to:
I've also created a Traffic Filtering Walkthrough which guides you step by step in creating an ACL.
If you want to test out the VDS remember we have Hands-on Labs available, specifically for VDS check out HOL-SDC-1302 – vSphere Distributed Switch from A to Z.