This section elaborates Folder Scoping for SE Placement and Host and Data Store Scoping in NSX-T Cloud.

Folder Scoping for SE Placement

To select the folder to place all the SE virtual machines in vCenter,

  1. From the UI, navigate to Infrastructure > Service Engine Group.

  2. Select the NSX-T cloud.

  3. Edit the service engine group required.

  4. Click on the Advanced tab.

  5. Select a value from the Service Engine Folder drop-down menu.


    The folder to be configured has to be pre-created in the respective vCenter. NSX Advanced Load Balancer does not auto-create the folders.

Host and Data Store Scope

Host Scope:

SEs may be deployed on any host that most closely matches the resources and reachability criteria for placement. This setting directs the placement of SEs.

By default, NSX Advanced Load Balancer allows SEs to be deployed to any host that best fits the deployment criteria. However, you can specify the preferred hosts as shown below:

To specify the hosts,

  1. Under Host Scope Service Engine Within, click Host.

  2. Select Include to deploy SEs only on the specified hosts or click Exclude for not deploying SEs on the specified host.


    All the hosts from vCenter are listed here.

  3. Select the required hosts to be included/ excluded from the drop-down menu.

Data Store Scope:

Under Data Store Scope, set the storage location for SEs. By default, NSX Advanced Load Balancer will determine the best option for data storage. However, you can select specific shared data stores to be included or excluded.

To specify the shared data store,

  1. Under Data Store Scope for Service Engine Virtual Machine, select Shared.

  2. Select Include to select the data stores to be included or Exclude to select the data stores to be excluded.

  3. Select the shared data stores to be included or excluded.

  4. Click Save.

Creating the Virtual Service

To create a new virtual service,

  1. Navigate to Application > Virtual Services.

  2. Click Create Virtual Service > Basic Setup.

  3. Select the NSX-T cloud cloud and click Next.

  4. Configure the virtual service. Under Add Servers, click Security Groups and select the NSX Security Group.


    The front-end (VIP) IP supports an IPv6 address.

  5. Click Save.

In the aforementioned steps, IPAM is used. Therefore, the segment, subnet and T1 logical route had to be selected. If IPAM is not configured, you must specify the VIP and select the T1 logical route.


If the virtual service is scaled out with N+M or Active/Active Mode, enable the se_tunnel_mode from 0 to 1 under SE Group properties.

[admin:1234]: > configure serviceenginegroup <SEG Name>
[admin:1234]: serviceenginegroup> se_tunnel_mode 1
Overwriting the previously entered value for se_tunnel_mode
[admin:1234]: serviceenginegroup> save

After enabling se_tunnle_mode, NSX Advanced Load Balancer will make sure that the reverse path is from backend to secondary to primary and then to the client and thereby DFW will not drop it.