It is easy to manage objects in universal security groups across the various VMware vCenter and NSX deployments. VMware Aria Operations for Networks supports the generation and the import of the universal artifacts for the Application and Tier groups only. With the universal security groups, it becomes easy to deploy and manage the firewall rules easily in the cross VMware vCenter scenarios. Ensure that you import the universal artifacts on the primary NSX manager. You can manage the membership of the universal security group only through the primary NSX manager.

A universal security group can consist of:
  • Other universal groups
  • Universal IP sets
  • Universal Security Tag

When you export the rules as XML, in addition to the NSX manager specific folders, a universal folder is created which consists of the NSX DFW universal artifacts. The corresponding universal security groups, universal IP sets, universal security tags, and universal DFW firewall rules are created after importing the NSX DFW universal artifacts.

  • The universal security tag is supported in only active-standby mode.
  • The universal IP set is supported in both active-active and active-standby modes.

You can create universal IP set or universal security tag based on your requirement. If you create the universal security tag, then you can map the application VM to the security tag. Else, the universal IP set is used.

You can use the following flags in the import tool:

Flag Name Description
-uni To import artifacts from the universal folder.
-utag To import the universal artifacts with the universal security tags in the membership of the universal security groups.
-log To create rules in which logging is enabled.
Note: This flag is not specific to universal option.