VMware Cloud on AWS network administrators can use NSX-T inventory objects to define collections of services, groups, context profiles, and virtual machines to use in firewall rules.

Firewall rules typically apply to a group of VMs that have certain common characteristics including:
  • names that follow a naming convention (like Win* for Windows VMs or Photon* for Photon VMs)
  • IP addresses within a specific range or CIDR block
  • tags
They can also apply to network services, which are distinguished by characteristics like service type and network protocol. The NSX-T Inventory page simplifies the process of creating groups of VMs that have similar needs for firewall protection. It also allows you to add new network services to the built-in list of services, so that you can include those services in firewall rules.

VMware Cloud on AWS creates management groups and a service inventory in all new SDDCs. It also maintains a list of your workload VMs and their tags. You can add or modify your own inventory groups of management or compute VMs.

See Inventory in the NSX-T Data Center Administration Guide.