Illumio — Platform overview¶
Illumio is a microsegmentation platform that segments applications using a host-based firewall. It follows an allowlist model: only explicitly authorized communications are permitted. Without an allow rule, traffic cannot reach the workloads in your environment.
What Illumio delivers¶
- Visibility: understand workload communications (“who talks to whom”).
- Policy: define allowed communications using labels (App / Env / Role / Location / OS), not fragile IP rules.
- Enforcement: apply allow/deny decisions on each workload, close to the traffic.
Core components (quick glossary)¶
- PCE (Policy Compute Engine): management plane and policy authority (labels, policy compute, visibility/audit, APIs).
- VEN (Virtual Enforcement Node): agent on workloads; syncs with the PCE and enforces policy locally.
- Workloads: managed servers/endpoints in scope.
- Labels: identity + scope, used to group workloads and define rulesets.