You can create a vSphere reservation to assign external networks and routed gateways to network profiles for networks, specify the transport zone, and assign security groups to machine components.

If you have configured VMware NSX, and installed the NSX plug-in for vRealize Automation, you can specify NSX transport zone, gateway reservation policy, and app isolation settings when you create or edit a blueprint. These settings are available on the NSX Settings tab on the New Blueprint and Blueprint Properties pages.

The network and security component settings that you add to the blueprint design canvas are derived from your NSX configuration and require that you have installed the NSX plug-in and run data collection for the NSX inventory for vSphere clusters. Network and security components are specific to NSX and are available for use with vSphere machine components only. For information about configuring NSX, see NSX Administration Guide.

When vRealize Automation provisions machines with NAT or routed networking, it provisions a routed gateway as the network router. The routed gateway is a management machine that consumes compute resources. It also manages the network communications for the provisioned machine components. The reservation used to provision the routed gateway determines the external network used for NAT and routed network profiles. It also determines the reservation routed gateway used to configure routed networks. The reservation routed gateway links routed networks together with entries in the routing table.

You can specify a routed gateway reservation policy to identify which reservations to use when provisioning the machines using the routed gateway. By default, vRealize Automation uses the same reservations for the routed gateway and the machine components.

You select one or more security groups in the reservation to enforce baseline security policy for all component machines provisioned with that reservation in vRealize Automation. Every provisioned machine is added to these specified security groups.

Successful provisioning requires the transport zone of the reservation to match the transport zone of a machine blueprint when that blueprint defines machine networks. Similarly, provisioning a machine's routed gateway requires that the transport zone defined in the reservation matches the transport zone defined for the blueprint.

When you select a routed gateway and network profile on a reservation when configuring routed networks, select the network path to be used in linking routed networks together and assign it the external network profile used to configure the routed network profile. The list of network profiles available to be assigned to a network path is filtered to match the subnet of the network path based on the subnet mask and primary IP address selected for the network interface.

If you want to use a routed gateway in vRealize Automation reservations, configure the routed gateway externally in the NSX or vCloud Networking and Security environment and then run inventory data collection. For NSX, you must have a working NSX Edge instance before you can configure the default gateway for static routes or dynamic routing details for an Edge services gateway or distributed router. See NSX Administration Guide or vCloud Networking and Security product documentation.