VCF Networking 9.1: Simpler VPC Connectivity Control

VMware Cloud Foundation (VCF) provides a robust suite of self-service networking capabilities (as covered in our previous post: [Link to: VCF 9.1 – Network Services])

In this blog, we zoom in on a powerful new feature introduced in VCF 9.1: Connectivity Policy for Virtual Private Clouds (VPCs).

Taking Control of Cross-VPC Communication

By default, applications in a VPC can communicate freely with other applications in other VPCs. Restricting this traffic used to mean relying on the vDefend Firewall Add-on.

Starting with VCF 9.1, you can natively manage cross-VPC communication using Connectivity Policy to your VPCs, and dictate their routing boundaries without any firewall.

The Three Connectivity Policies

VCF 9.1 introduces three distinct policy types to govern how your VPCs interact within a project:

• Community: Group specific VPCs together under a shared community policy. Applications within these VPCs can communicate seamlessly with others in the exact same community, but are strictly isolated from any VPCs outside of it.

• Promiscuous: VPCs assigned this policy act as open VPC. A promiscuous VPC is allowed to communicate with any other VPC in the project.

• Isolated: VPCs in this group are highly restricted. An isolated VPC cannot communicate with other community VPCs; it can only communicate with VPCs designated as Promiscuous.

Real-World Use Case: Shared Services

These connectivity policies provide a remarkably simple way to architect project environments.

For example, imagine you need a Shared Services VPC (housing DNS, Active Directory, or logging tools) that every application in their VPC needs to access, while keeping those isolated from one another.

You can simply set your Shared Services VPC to Promiscuous and set all the other VPCs to Isolated. You achieve perfect architectural isolation through simple grouping — no firewalling required.
And if you have a few applications in VPCs that need to communicate between each other, place these in a specific Community.

Summary

VCF 9.1 drastically streamlines cloud architecture by managing cross-VPC communication natively at the network level.

By eliminating the need to use firewall-based isolation for basic traffic boundaries, it keeps your VMware vDefend environment lean and your security operations highly efficient.

VCF 9.1 VPC Connectivity Demo

Seeing is believing!

Check out the quick demo below to watch these connectivity policies in action.
We will walk you through assigning Community policies to real VPCs, demonstrating exactly how simple it is to lock down your project traffic natively without touching a single firewall rule.