What are NSX Projects and VPCs and how are they used in VMware Aria Automation

In previous releases, VMware Aria Automation could only use NSX networks and security groups that are part of the /infra branch included in the Default view of the NSX Manager UI. Starting with 8.18.1, VMware Aria Automation supports the discovery of networks and security groups included in all NSX Projects and Virtual Private Clouds (VPCs) configured in NSX Manager. These networks and security groups can be added to network profiles which can be selected for allocation to your cloud templates.

An NSX Project enables multi-tenancy for NSX network and security objects where each project is analogous to a tenant. A NSX VPC is an additional layer of tenancy that you can configure within an existing project. Both NSX Projects and VPCs are primarily configured and managed in NSX Manager by an administrator. For more information on NSX Projects and VPCs and how to add them in your NSX Manager environment, go to NSX Multi-tenancy.

VMware Aria Automation collects information about three types of NSX Project and VPC infrastructure objects:

• NSX Project segments
• NSX VPC subnets
• NSX Project and VPC groups

Within VMware Aria Automation segments and subnets are treated as networks, while groups are treated as security groups.

Modifying VPC subnets can have certain limitations in VMware Aria Automation depending on their IP configuration. Subnets with a manual IP configuration include CIDR routing which cannot be modified in VMware Aria Automation. However, you can still update the IP range of these subnets by clicking the Manage IP Ranges button. Subnets with an automatic IP configuration in NSX cannot be modified in VMware Aria Automation. You cannot create IP ranges of these subnets since the IPAM is managed by NSX and the Manage IP Ranges button is greyed out.

Information regarding segments and subnets is displayed under Infrastructure > Resources > Networks. Information regarding security groups is displayed under Infrastructure > Resources > Security. If a given network or security group is part of an NSX Project or VPC, this information is displayed in the NSX Project/VPC column.

Networks and security groups that are part of an NSX Project and/or VPC include three new custom properties.

Allocation logic for Network Interface Controllers (NICs)

VMware Aria Automation allocation logic prioritizes security groups based on the hierarchy of the networks to which the NIC or NICs are connected. The highest priority is given to /infra level segments, followed by Project segments, and finally VPC subnets. /infra level security groups are always prioritized if available. However, if the deployment selects security groups from either NSX Projects or VPCs, certain limitations apply. If a NSX Project security group is selected, for example, all NICs assigned to this security group must land on segments in this specific NSX Project or subnets in the VPC or VPCs included under the NSX Project. If a VPC security group is selected, all NICs assigned to this security group can only land on subnets in this specific VPC. If you select multiple security groups in a network profile, only those that follow this allocation logic are selected for the NIC based on the network selection.

Operation: 'Update.Network': Unable to find a valid subnet for network 'Network_Name_' of type 'EXISTING' with constraints '[{"tag":"public:subnetType"},{"tag":"DEV-VPC:vpc"}]' in network profile 'NetP'. Filtered subnets [DEV-VPC-PUBLIC-SUB] NSX projects [DEV-PRO / DEV-VPC] are not compatible with NSX projects [DEV-PRO / DEV-VPC1, DEV-PRO] of security groups [DEV-VPC1-GRP1, DEV-PROJ-GRP].