Micro-segmentation is a manner of logically grouping and applying policies to workloads on a network. Micro-segmentation is primarily implemented in virtualized computing environments where host computing systems host guests that are networked. A guest may include a guest operating system (OS) executing within a virtual machine, a containerized application, such as one implemented with Docker® technology available from Docker, Inc., or some other form of virtualizing a computing element hosted by a host computing system—including combinations thereof. Implementing micro-segmentation in host computing systems allows each guest on a host computing system to be in a different micro-segmentation group, if necessary or desired. The host computing system therefore handles packets being exchanged with the respective guests in accordance with the network policies associated with each guest's group.
Many networks will include both virtualized computing elements and physical, non-virtualized, computing elements (e.g., servers not acting as hosts). While those physical computing systems may execute similar workloads (e.g., applications) as those executed by guests in a virtual computing environment, micro-segmentation of the workloads may be limited to those workloads executing within virtualized computing elements of a virtualized computing environment. Thus, the policies implemented via micro-segmentation may be less effective since they are only applied in the virtual portion of a network unless the virtual computing environment has an agent executing on each physical computing system workload.