Power of Labels and Scope Trees

Labels drive the power of Secure Workload, and the scope tree created from your labels is more than just a summary of your network. Few of the benefits of using labels are:

• Labels let you instantly understand your policies, for example:

  "Deny all traffic from Pre-Production to Production"
  

  Compare the same policy without labels, which is:

  "Deny all traffic from 172.16.0.0/12 to 192.168.0.0/16"
  

• Policies based on labels automatically apply (or stop applying) when you add labeled workloads to (or removed from) inventory. Over time, these dynamic groupings based on labels greatly reduce the amount of effort required to maintain your deployment.

• Workloads are grouped into scopes based on their labels. These groupings let you easily apply policy to related workloads. For example, you can easily apply policy to all applications in the Pre-Production scope.

• After you create policies in a single scope, the policies can automatically be applied to all workloads in descendant scopes in the tree, minimizing the number of policies you must manage.

  For example, you can easily define and apply policy broadly to all workloads in your organization or narrowly (which is on just the workloads that are part of a specific application) or to any level in between, for example, to all workloads in a data center.

• You can assign responsibility for each scope to different administrators, delegating policy management to the people who are more familiar with your network.