The complexity of creating and managing smaller (VM to VM) zones or enclaves of security has long be the reason for not implementing granular VM or application level network security. With the microsegmentation feature Nutanix not only allows policy and enforcement around very granular network communication policy, we introduce the concept of categories which greatly simplifies the policy definition and ongoing management. Network policies are not restricted to only using network endpoint identifiers, like IP address. Policy writers need only define the policy containers (e.g. production, dev/test, DMZ) and set rules around the allowed or denied communication between those containers. VMs are easily added and removed from those categories and will automatically inherit the correct policy. To further simplify the policy generation task, comprehensive visualization is provided so that even applications where the “correct” communication is unknown can be observed to ensure correct rule creation. Micro-segmentation is included in AOS 5.5 as a technology preview so that all customers can try the feature and provide feedback.