Projects help you to isolate networking and security configurations across tenants in a single NSX deployment.

Prerequisites

You must be assigned the Enterprise Admin role.

Procedure

  1. From your browser, log in to an NSX Manager at https://nsx-manager-ip-address.
  2. Click Default, and then click Manage.
  3. Click Add Project.
  4. (Required) Enter a name for the project.
  5. Select a tier-0 or a tier-0 VRF gateway that the workloads in this project can use for north-south connectivity with the physical network outside NSX.

    You can select multiple gateways, if required. If no gateway is selected, the workloads in the project will not have north-south connectivity.

    Note: The tier-0 gateways running on edge clusters that are associated with the default transport zone of the system are supported in the project.

    By default, a tier-0 or a tier-0 VRF gateway can be assigned to multiple projects. That is, allocating a tier-0/VRF gateway to one project (say project 1) does not prevent you from allocating it to other projects (say project 2 and project 3).

  6. Select an edge cluster to associate with this project.

    The selected edge clusters can be consumed inside the project in the future. For example, the edge clusters can be consumed for running centralized services such as NAT, Gateway Firewall, DHCP, and so on, that you configure on the tier-1 gateways inside the project. The edge clusters that are associated with the project need not necessarily run the tier-0 gateways that are associated with the project.

    If you want to use tier-1 gateways in the project only for distributed routing, but not for centralized services, you might want to skip this step.

    If you are planning to configure centralized services, such as NAT, N-S firewall rules, or DHCP in the NSX VPCs within the project, an edge cluster must be assigned to the project.

    An edge cluster can be assigned to multiple projects. That is, allocating an edge cluster to one project (say project 1) does not prevent you from allocating it to other projects (say project 2 and project 3).

    Note: The edge clusters that are associated with the default transport zone of the system are supported in the project.
  7. (Starting with NSX 4.1.1): In the External IPv4 Blocks field, select one or more existing IPv4 blocks.

    The selected IPv4 blocks will become available to you when you add public subnets in the NSX VPCs within the project. The system will assign CIDR blocks to the public subnets in the NSX VPCs from these external IPv4 blocks. VPC users can also use the external IP blocks for adding NAT rules in the NSX VPCs.

    If no IPv4 blocks are available for selection, click Actions menu, and then click Create New to add an IP address block.

    A maximum of five external IPv4 blocks can be added in a project. The external IPv4 blocks must not overlap each other within a project, and they must not overlap on the same tier-0 gateway.

    For example, let us assume that project A is connected to tier-0 gateway A and project B is connected to tier-0 gateway B. The tier-0 gateways of these two projects are isolated. In this case, projects A and B can use the same or overlapping external IP blocks because they are connected to separate tier-0 gateways.

  8. In the Short log identifier text box, enter a string that the system can use to identify the logs that are generated in the context of this project.

    The short log identifier is applied to the security logs and audit logs.

    (Starting in NSX 4.1.2): If you have dedicated a tier-0/VRF gateway to a project by configuring the dedicated_resources parameter in the project API, the short log identifier is appended to the log messages that are generated in the edge syslog for the centralized services, which are running on the tier-0/VRF gateway. To learn more, see Enabling Project Context in NSX Edge Syslog.

    The identifier must be unique across all the projects in your NSX environment.

    The identifier must not exceed eight alphanumeric characters. If it is not specified, the system autogenerates it when you save the project. After the identifier is set, you cannot modify it.

  9. Optionally, enter a description for the project.
  10. Click Save.