Tags help you to label NSX-T Data Center objects so that you can quickly search or filter objects, troubleshoot and trace, and do other related tasks.

You can create tags using both the UI and APIs. Each tag has the following two attributes:
  • Tag (refers to the tag name. It is required, must be unique and case-sensitive.)
  • Scope (optional)
Tag scope is analogous to a key and tag name is analogous to a value. For example, let us say, you want to label all virtual machines based on their operating system (Windows, Mac, Linux). You can create three tags, such as Windows, Linux, and Mac, and set the scope of each tag to OS. Other examples of tag scope can be tenant, owner, name, and so on.

After you save a tag, you cannot update the name and scope. However, you can unassign or remove tags from objects.

For information about the maximum number of tags supported in NSX-T Data Center objects, see the VMware Configuration Maximums tool at https://configmax.vmware.com/home.

Following are some of the operations that you can do with tags:
  • Assign or unassign tags to an object.
  • Assign or unassign a single tag to multiple objects simultaneously (supported only for VMs).
  • View a list of all tags in the inventory.
  • Filter the list of tags by tag name, tag source, and tag scope.
  • View a list of objects that are assigned a specific tag.

Use Cases of Tags

The following table describes some use cases of using tags.
Use Case Description
Manageability
  • Simplify searching of objects in a large-scale inventory management.
  • Provide more information to differentiate objects that share similar or unclear names.
Third-party sharing and context sharing
  • Annotate objects with custom information.
  • Allow third-party non-NSX systems to add metadata information in an automated fashion. For example, metadata from partners, cloud management providers, container platforms, and so on.
  • Capture attributes or properties and relationships that are learned using NSX discovery agent, inventory collection, public cloud agent, Guest Introspection, VM Tools, and so on.
Security
  • Create grouping membership criteria.
  • Specify the firewall source and destination.
Troubleshooting (Traceability)
  • Trace a firewall rule into the logs (Rule tags)
  • Trace and correlate objects back to an OpenStack network.

System Tags

System tags are tags that are system-defined, and you cannot add, edit, or delete them.

Table 1. System Tags in Public Cloud Manager Objects
Objects System Tags

Logical Switch

Node

Logical Router

Logical Router Uplink Port

Static Route

DHCP Profile

Firewall Section Rule List
  • CrossCloud
  • CloudType
  • CloudScope
  • CloudRegion
  • CloudVpcld
  • PcmId
  • EntityType

NAT Rule
  • CrossCloud
  • CloudType
  • CloudScope
  • CloudRegion
  • CloudVpcld
  • PcmId
  • EntityType
  • DefaultSnatRule
  • DefaultLinkLocalSNatRule/Cloud-Public-IP
  • DefaultSiNatRule
Table 2. System Tags in Cloud Service Manager (CSM) Objects
Objects System Tags

BFD Health Monitoring Profile

Transport Zone

Uplink Host Switch Profile

Transport Node

Edge Cluster
  • CrossCloud
  • CloudType
  • CloudScope
  • CloudRegion
  • CloudVpcld
  • PcmId
  • EntityType
Table 3. System Tags in NSX Cloud VMs
Tag Source System Tags

Amazon
  • aws:account
  • aws:availabilityzone
  • aws:region
  • aws:vpc
  • aws:subnet
  • aws:transit_vpc

Microsoft Azure
  • azure:subscription_id
  • azure:region
  • azure:vm_rg
  • azure:vnet_name
  • azure:vnet_rg
  • azure:transit_vnet_name
  • azure:transit_vnet_rg
Table 4. System Tags in Other NSX-T Data Center Objects
Objects System Tags
Group
  • autoPlumbing
  • abstractionPath
  • NLB-VIP_ID
  • NLB-Lb-ID
  • NLB-Pool_ID
Segment
  • subnet-cidr

IP Address Pool

IP Address Block
  • abstractionPath

Discovered Tags

NSX-T Data Center can discover and synchronize tags from Amazon and Microsoft Azure.

Discovered tags are tags that you have added to your VMs in the public cloud and are automatically discovered by NSX Cloud. The discovered tags are displayed for your workload VMs in the NSX Manager inventory. You cannot edit these tags in the UI.

The prefix for discovered AWS tags is "dis:aws", and the prefix for discovered Azure tags is "dis:azure". When you make changes to the tags in the public cloud, the changes are reflected in NSX Manager. By default, this feature is enabled.

You can enable or disable the discovery of AWS tags at the time of adding the AWS account. Similarly, you can enable or disable Microsoft Azure tags at the time of adding the Microsoft Azure subscription.