NSX Security Groups are configured in the VMware vSphere Web Client console. You must include all virtual machines that you want to protect with Kaspersky Security into one or multiple NSX Security Groups.
To configure an NSX Security Group:
In the VMware vSphere Web Client console, start the NSX Security Group Wizard in the Networking & Security →Service Composer section on the Security Groups tab.
Using the Wizard, enter the name of the new NSX Security Group (for example, "Kaspersky Security Group" or "Protected by Kaspersky") and configure the rules for including virtual machines into the group.
Virtual machines can be included into an NSX Security Group using the following methods:
Dynamic inclusion of virtual machines into the NSX Security Group. The group includes all virtual machines that meet these criteria.
Inclusion of specified VMware virtual infrastructure objects into the NSX Security Group. You can select objects to be included in the group, such as a Datacenter object, VMware cluster, resource pool, or individual virtual machines. By default, the group includes all child objects of the specified object. You can also specify individual virtual infrastructure objects to be excluded from the NSX Security Group.
You can combine these methods when configuring rules for including virtual machines into the NSX Security Group. For example, you can configure dynamic inclusion of virtual machines into the group based on specific criteria, and specify VMware inventory objects that must be excluded from the group.
For more details on configuring NSX security groups, please refer to the Knowledge Base.