IDENTITY-BASED MICROSEGMENTATION DOCUMENTATION

Processing units

A processing unit represents a unit of computation that the enforcer will protect by enforcing network policies. It can be:

  • A Kubernetes pod
  • An entire host

The enforcer reports the processing units and the network interactions it protects to Microsegmentation Console so you can visualize your application flows.

It will apply default Microsegmentation tags to the processing units according to what it finds. For example, a container will be tagged with the image name, a host with its hostname, a pod with its namespace, and so on. This set of predictable tags can be used to write network policies.

Processing units