Identity-Based Microsegmentation Guide
LAST UPDATED: November 8, 2021

Before you begin

Domain name

We strongly recommend using a fully qualified domain name for the Microsegmentation Console.

You will require three different DNS records, for example:

  • or for the web interface
  • for the API
  • for the monitoring if you choose to deploy it (recommended)


Most Kubernetes providers assign service IPs and URLs only at the time of deployment. You will then need to make the link between the URL above and what is assigned. Voila will help you with that process.


If you are using an Amazon ELB you cannot use its URL as the full qualified domain name for the services as it will cause issues with cookie policies in the web browser.

Using custom certificates

By default, the Microsegmentation Console uses a certificate signed by a certificate authority (CA) generated in the Voila environment. They won’t be trusted by browsers and other clients unless you choose to deploy and trust the certificate authority (CA) to the machine that will access the web interface or the API.

If you wish to supply the Microsegmentation Console with custom certificates, complete the following preliminary steps.

Given the following Microsegmentation Console DNS records above:

  • User interface accessible from or
  • API accessible from
  • (optional) Monitoring accessible from

Request an X.509 certificate issued by a trusted CA with the following information:

  • Common name (CN):
  • Subject alternative names (SAN):,


Note: You can use a wildcard * as well if needed.

Once done you should have the following certificates in X.509 format:

  • A CA chain with intermediate chain if any named public-ca.pem
  • A certificate issued the above CA named public-cert.pem
  • A private key not protected by passphrase named public-key.pem