An IaaS administrator can use a reservation to assign external networks and routed gateways to network profiles for basic and multi-machine networks, specify the transport zone, and assign security groups to multi-machine components.

When vRealize Automation provisions a multi-machine service with NAT, routed, or private networking, it provisions a routed gateway as the network router for that service. The routed gateway is a management machine that consumes compute resources. It also manages the network communications for the multi-machine components. The reservation used to provision the routed gateway determines the external network used for NAT and routed network profiles. It also determines the reservation routed gateway used to configure routed networks. The reservation routed gateway links routed networks together with entries in the routing table.

You can specify a routed gateway reservation policy in the multi-machine blueprint to identify which reservations to use when provisioning the multi-machine routed gateway. By default, vRealize Automation uses the same reservations for the routed gateway and the multi-machine components.

You select one or more security groups in the reservation to enforce baseline security policy for all component machines provisioned with that reservation in vRealize Automation. Every component machine provisioned with the relevant reservation is added to these specified security groups.

Successful provisioning of components requires the transport zone of the reservation to match the transport zone of a multi-machine blueprint when that blueprint defines multi-machine networks. Similarly, provisioning a multi-machine router gateway requires matching transport zones for the reservation and the multi-machine blueprint.

When you select a reservation routed gateway and network profile on a reservation for configuring routed networks, select the network path to be used in linking routed networks together and assign it the external network profile that was used to configure the routed network profile. The list of network profiles available to be assigned to a network path is filtered to match the subnet of the network path based on the subnet mask and primary IP address selected for the network interface.

The routed gateway must be configured in the NSX or vCloud Networking and Security environment. For NSX, you must have a working NSX Edge instance before you can configure the default gateway for static routes or dynamic routing details for an Edge Services Gateway or Distributed Router. See NSX Administration Guide. Inventory data collection must have run.