If you use AWS Transit Gateway, you can deploy the PCG in any VPC and connect this VPC with the Transit Gateway.
Follow instructions at Deploy PCG in a VPC.
Any other VPCs connected to the Transit Gateway can have their workload VMs managed by NSX for micro-segmentation.
NSX Cloud does not manage networking between the Transit and Compute VPCs or the workload VMs. All
NSX networking constructs are created upon
PCG deployment but only the Security constructs are valid if you are working with AWS Transit Gateway. See
Security Entities for a list of auto-created security policies after
PCG deployment.
- Currently only NSX Enforced Mode is supported. You must install NSX Tools in your workload VMs. See NSX Enforced Mode in the NSX Administration Guide for instructions.
- The VPC where you deploy PCG – Transit VPC – must have the same subnets as required by a Transit VPC that is not using the AWS Transit Gateway. See Subnets Required in Your VPC/VNet to deploy PCG for details.
- You must link compute VPCs to the Transit VPC. See Link to a Transit VPC or VNet for instructions.
- You must ensure that workload VMs with NSX Tools installed on them have connectivity with the management subnet of the Transit VPC.
- To utilize micro-segmentation, you must add a Forwarding Policy with the following values:
See Add or Edit Forwarding Policies in the NSX Administration Guide for details about Forwarding Policies.Option Value Sources A Group in NSX Manager that contains all NSX-Managed VMs from your Transit and Compute VPCs Destinations All (0.0.0.0/0) Services Any Action Route to Underlay
