A subset of NSX Services are available for universal synchronization in cross-vCenter NSX. Services that are not available for universal synchronization can be configured for use local to the NSX Manager.

Table 1. Support matrix for NSX Services in cross-vCenter NSX

NSX Service

Details

Supports cross-vCenter NSX synchronization?

Logical switch

Transport zone

Yes

Logical switch

Yes

L2 bridges

No

Routing

Logical (distributed) router

Yes

Logical (distributed) router appliance

No by design. Appliances must be created on each NSX Manager if multiple appliances are required per universal logical router. This allows for different configurations per appliance, which may be required in an environment with local egress configured.

NSX Edge services gateway

No

Logical firewall

Distributed firewall

Yes

Exclude list

No

SpoofGuard

No

Flow monitoring for aggregate flows

No

Network service insertion

No

Edge firewall

No

VPN

No

Logical load balancer

No

Other edge services

No

Service composer

No

Network extensibility

No

Network and security objects

IP address groups (IP sets)

Yes

MAC address groups (MAC sets)

Yes

IP pools

No

Security groups

Yes, but membership configuration differs from non-universal security groups membership. See "Create a Security Group" in the NSX Administration Guide for details.

Services

Yes

Service groups

Yes

Security tags

Yes

Hardware Gateway (also known as Hardware VTEP)

No. See "Hardware Gateway Sample Configuration" in the NSX Administration Guide for details.