NSX Cloud allows you to use the public cloud tags assigned to your workload VMs.
Tags terminology
A tag in NSX Manager refers to what is known as value in a public cloud context. The key of a public cloud tag, is referred to as scope in NSX Manager.
Components of tags in NSX Manager |
Equivalent components of tags in the public cloud |
---|---|
Scope |
Key |
Tag |
Value |
Tag Types and Limitations
NSX Cloud allows three types of tags for NSX-managed public cloud VMs.
-
System Tags: These tags are system-defined and you cannot add, edit, or delete them. NSX Cloud uses the following system tags:
- azure:subscription_id
- azure:region
- azure:vm_rg
- azure:vnet_name
- azure:vnet_rg
- azure:transit_vnet_name
- azure:transit_vnet_rg
- aws:account
- aws:availabilityzone
- aws:region
- aws:vpc
- aws:subnet
- aws:transit_vpc
-
Discovered Tags: Tags that you have added to your VMs in the public cloud are automatically discovered by NSX Cloud and displayed for your workload VMs in NSX Manager inventory. These tags are not editable from within NSX Manager. There is no limit to the number of discovered tags. These tags are prefixed with dis:azure: to denote they are discovered from Microsoft Azure and dis:aws from AWS.
When you make any changes to the tags in the public cloud, the changes are reflected in NSX Manager within three minutes.
By default this feature is enabled. You can enable or disable the discovery of Microsoft Azure or AWS tags at the time of adding the Microsoft Azure subscription or AWS account.
-
User Tags: You can create up to 25 user tags. You have add, edit, delete privileges for user tags. For information on managing user tags, see Manage Tags for a VM in Manager Mode.
Tag type | Tag scope or predetermined prefix | Limitations | Enterprise Administrator Privileges |
Auditor Privileges |
---|---|---|---|---|
System-defined | Complete system tags:
|
Scope (key): 20 characters Tag (value): 65 characters Maximum possible: 5 |
Read only | Read only |
Discovered | Prefix for Microsoft Azure tags that are imported from your VNet: dis:azure: Prefix for AWS tags that are imported from your VPC: dis:aws: |
Scope (key): 20 characters Tag (value): 65 characters Maximum allowed: unlimited
Note: The limits on characters excludes the prefix
dis:<public cloud name>. Tags that exceed these limits are not reflected in
NSX Manager.
Tags with the prefix nsx are ignored. |
Read only | Read only |
User | User tags can have any scope (key) and value within the allowed number of characters, except:
|
Scope (key): 30 characters Tag (value): 65 characters Maximum allowed: 25 |
Add/Edit/Delete | Read only |
Examples of Discovered Tags
Public Cloud tag for the workload VM |
Discovered by NSX Cloud? | Equivalent NSX Manager tag for the workload VM |
---|---|---|
Name=Developer | Yes | dis:azure:Name=Developer |
ValidDisTagKeyLength=ValidDisTagValue | Yes | dis:azure:ValidDisTagKeyLength=ValidDisTagValue |
Abcdefghijklmnopqrstuvwxyz=value2 | No (key exceeds 20 chars) | none |
tag3=AbcdefghijklmnopqrstuvwxyzAb23690hgjgjuytreswqacvbcdefghijklmnopqrstuvwxyz | No (value exceeds 65 characters) | none |
nsx.name=Tester | No (key has the prefix nsx) | none |