You can specify settings that apply to the entire blueprint. After you create the blueprint, you can edit these settings on the Blueprint Properties dialog box.

General Tab

Apply settings across your entire blueprint, including all components you intend to add now or later.

Table 1. General Tab Settings




Enter a name for your blueprint.


The identifier field automatically populates based on the name you entered. You can edit this field now, but after you save the blueprint you can never change it. Because identifiers are permanent and unique within your tenant, you can use them to programmatically interact with blueprints and to create property bindings.


Summarize your blueprint for the benefit of other architects. This description also appears to users on the request form.

Archive days

You can specify an archival period to temporarily retain deployments instead of destroying deployments as soon as their lease expires. Specify 0 (default) to destroy the deployment when its lease expires. The archival period begins on the day the lease expires. When the archive period ends, the deployment is destroyed.

Lease days: Minimum and Maximum

Enter a minimum and a maximum value to allow users to choose from a range of lease lengths. When the lease ends, the deployment is either destroyed or archived.

NSX Settings Tab

If you have configured VMware NSX, and installed the NSX plug-in for vRealize Automation, you can specify NSX transport zone, Edge and routed gateway reservation policy, and app isolation settings when you create or edit a blueprint. These settings are available on the NSX Settings tab on the New Blueprint and Blueprint Properties pages.

For information about configuring NSX, see NSX Administration Guide.

Table 2. NSX Settings Tab Settings



Transport zone

Select an existing NSX transport zone to contain the network or networks that the provisioned machine deployment can use.

A transport zone defines which clusters the networks can span. When provisioning machines, if a transport zone is specified in a reservation and in a blueprint, the transport zone values must match.

A transport zone is only required for blueprints that have an on-demand network. For security groups, security tags, and load balancers, the transport zone is optional. If you do not specify a transport zone, the endpoint is determined by the location of the security group, security tag, or network that the load balancer connects to.

Edge and routed gateway reservation policy

Select an NSX Edge or routed gateway reservation policy. This reservation policy applies to routed gateways and to all edges that are deployed as part of provisioning. There is only one edge provisioned per deployment.

For routed networks, edges are not provisioned, but you can use a reservation policy to select a reservation with the routed gateways to be used for routed network provisioning.

When vRealize Automation provisions a machine with NAT or routed networking, it provisions a routed gateway as the network router. The Edge or routed gateway is a management machine that consumes compute resources like other virtual machines but manages the network communications all machine in that deployment. The reservation used to provision the Edge or routed gateway determines the external network used for NAT and load balancer virtual IP addresses. As a best practice, use separate management clusters for management machines such as NSX Edges.

App isolation

Select the App isolation check box to use the app isolation security policy configured in NSX. The app isolation policy is applied to all vSphere machine components in the blueprint. You can optionally add NSX security groups and tags to allow vRealize Orchestrator to open the isolated network configuration to allow additional paths in and out of the app isolation.

Properties Tab

Custom properties you add at the blueprint level apply to the entire blueprint, including all components. However, they can be overridden by custom properties assigned later in the precedence chain. For more information about order of precedence for custom properties, see Understanding Custom Properties Precedence.

Table 3. Properties Tab Settings




Property Groups

Property groups are reusable groups of properties that are designed to simplify the process of adding custom properties to blueprints. Your tenant administrators and fabric administrators can group properties that are often used together so you can add the property group to a blueprint instead of individually inserting custom properties.

Move up /Move down

Control the order of precedence given to each property group in relation to one another by prioritizing the groups. The first group in the list has the highest priority, and its custom properties have first precedence. You can also drag and drop to reorder.

View properties

View the custom properties in the selected property group.

View merged properties

If a custom property is included in more than one property group, the value included in the property group with the highest priority takes precedence. You can view these merged properties to assist you in prioritizing property groups.

Custom Properties

You can add individual custom properties instead of property groups.


For a list of custom property names and behaviors, see Understanding Custom Properties Precedence.


Enter the value for the custom property.


You can choose to encrypt the property value, for example, if the value is a password.


You can specify that the property value can be overridden by the next or subsequent person who uses the property. Typically, this is another architect, but if you select Show in request, your business users are able to see and edit property values when they request catalog items.

Show in request

If you want to display the property name and value to your end users, you can select to display the property on the request form when requesting machine provisioning. You must also select overridable if you want users to provide a value.