NSX supports the creation of groups when setting up multi-tenancy in your environment.
A default group is created by the system for every Project you create. The default group represents the Project itself. All the segments created in a Project are added to the Project’s default group by the system. Only those VMs that are attached to the segments of the group are added to the group. The default group helps restrict the scope of the rules to a particular Project.
Default Group
The default group has a group scope expression that defines the path of the group scope. Administrators can apply rules from the /infra
space only to Projects under the Default group, either directly or through a static membership in a group from the /infra
space.
Custom Groups
The following are supported for any additional groups that you create:
- Static members – VM, segments, segment ports, IP addresses
- Dynamic members - VM
PATCH /policy/api/v1/orgs/default/projects/<project-id>/infra/domains/default/groups/<group-id>Sample request for creating a VM-based group:
PATCH https://{{nsx-manager-ip}}/policy/api/v1/orgs/default/projects/project-1/infra/domains/default/groups/group-1Body:
{ "expression": [ { "member_type": "VirtualMachine", "key": "Name", "operator": "CONTAINS", "value": "App", "resource_type": "Condition" } ], "description": "my group", "display_name": "g1", "_revision": 0 }