Quarantine VMs

When a VM should no longer be able to communicate with the rest of the network, it can be placed into quarantine. Once a VM is quarantined, its network interfaces are disconnected and it can't connect to any network until the quarantine has been cleared. Even if a user reconfigures the VM so that its network adapter is connected, Commander will continue to enforce the quarantine: Commander will instantly detect a network access attempt and force a disconnect.

This is true even when a policy has automatically quarantined a VM. For example, if you had a tag compliance policy set to quarantine VMs without the custom attribute SOX Applicable set, setting a value for SOX Applicable won't clear the quarantine. A user must still clear the quarantine, or it remains in effect, even if the policy which placed the VM into quarantine is deleted. For more information, see Manage Service Tag Compliance.

The quarantine state for a VM is displayed the Lifecycle section of the Summary tab for the VM.


Views > Infrastructure or Applications

Available to:

Administrator, Operator with Approval Access Rights

  1. Select a VM, then select one of the following:
    • Actions > Policy Enforcement > Quarantine VM
    • Actions > Policy Enforcement > Unquarantine VM
  2. Click OK.