Management applications, such as VMware vRealize Automation Proxy Agents, VMware vRealize Operations Remote Collectors, and vRealize Log Insight, reside on Application Virtual Networks.

Table 1. Isolated Management Applications Design Decisions

Decision ID

Design Decision

Design Justification

Design Implications

ROBO-VI-SDN-026

Place the following management applications on an application virtual network.

  • vRealize Automation Proxy Agents

  • vRealize Business collectors

  • vRealize Operations Manager remote collectors

  • vRealize Log Insight

  • Update Manager Download Service

Access to the management applications is only through published access points.

Direct access to application virtual networks is controlled by distributed firewall rules.

ROBO-VI-SDN-027

Create a single application virtual network.

Using only a single application virtual network simplifies the design by placing all management components on the same virtual wire.

A single /24 subnet is used for the application virtual network. IP management becomes critical to ensure no shortage of IP addresses will appear in the future.

Having software-defined networking based on NSX in the management stack makes all NSX features available to the management applications.

This approach to network virtualization service design improves security and mobility of the management applications, and reduces the integration effort with existing customer networks.

Figure 1. Virtual Application Network Components and Design




Certain configuration choices might later facilitate the tenant onboarding process.

  • Create the primary NSX ESG to act as the tenant PLR and the logical switch that forms the transit network for use in connecting to the DLR.

  • Connect the primary NSX ESG uplinks to the external networks

  • Connect the primary NSX ESG internal interface to the transit network.

  • Create the NSX DLR to provide routing capabilities for tenant internal networks and connect the DLR uplink to the transit network.

  • Create any tenant networks that are known up front and connect them to the DLR.