Dynamic sources of data represent conditions and changes of the system and abstraction layer will define on a higher level to respond to conditions and changes. We use vCenter and active directory to represent information about the servers and users in a specific solution. Service Composer in the NSX manager dynamically translates service definitions and FW rules into interface rule sets and pushes them down.

We own the vCenter with the necessary data for abstraction. NSX DFW Service Composer helps customers react immediately to changes and declares the strategy with every imperative, tactical move. The admin cannot remotely control the actions of each individual component, but instead they define a strategy—a set of abstract rules and measures—to control and follow the compliance policy:

The controller in turn is responsible for translating the strategy into tactical moves and orchestrating them and keeping oversight as they are especially responsible for changing tactics immediately when the situation changes. Each component in the data center plays its individual role, which is assigned by the controller. We should automate inter-data-center traffic and all N/S traffic as well, from the perspective of the local data center or, inter-data-center traffic which is N/S traffic.

Automating the local data center is pointless if deployments or changes are kept from going live ASAP by the necessary changes of N/S FW ruleset. The N/S Firewall could consume the VMware objects in their rules, as these objects would be dynamic and wouldn't touch the ruleset of the N/S firewall for daily changes when an instance comes or goes. NSX security groups can be dynamically consumed by third-party firewalls that automate changes to their ruleset objects.