NSX DFW Universal
Artifacts
It is easy to manage objects in universal security
groups across the various
VMware
vCenter
and
NSX deployments. VMware Aria
Operations for Networks
supports the generation and the import of the universal artifacts for the Application
and Tier groups only. With the universal security groups, it becomes easy to deploy and
manage the firewall rules easily in the cross VMware
vCenter
scenarios. Ensure that you import the universal artifacts on
the primary NSX manager. You can manage the membership of the universal security group
only through the primary NSX manager. A universal security group can
consist of:
- Other universal groups
- Universal IP sets
- Universal Security Tag
When you export the rules as
XML, in addition to the NSX manager specific folders, a universal folder is
created which consists of the NSX DFW universal artifacts. The corresponding
universal security groups, universal IP sets, universal security tags, and
universal DFW firewall rules are created after importing the NSX DFW universal
artifacts.
- The universal security tag is supported in only active-standby mode.
- The universal IP set is supported in both active-active and active-standby modes.
You can create universal IP set
or universal security tag based on your requirement. If you create the
universal security tag, then you can map the application VM to the security
tag. Else, the universal IP set is used.
You can use the following flags in the import tool:
Flag Name | Description |
|---|---|
-uni | To import artifacts from the universal folder.
|
-utag | To import the universal artifacts with the universal
security tags in the membership of the universal security groups.
|
-log | To create rules in which logging is enabled. This flag is not specific
to universal option. |