You can drag network and security components onto the design canvas to make their settings available for machine component configuration in the blueprint. After you have defined network and security settings for the machine, you can optionally associate settings from a load balancer component.

After you add an NSX network or security component to the design canvas and define its available settings, you can open the network and security tabs of a vSphere machine component in the canvas and configure its settings.

You can drag an on-demand NAT network component onto the design canvas and associate it with a vSphere machine component or NSX load balancer component in the blueprint.

The network and security component settings that you add to the design canvas are derived from your NSX configuration and require that you have run data collection for the NSX inventory for vSphere clusters. Network and security components are specific to NSX and are available for use with vSphere machine components only. For information about configuring NSX, see NSX Administration Guide.

If a blueprint contains one or more load balancers and app isolation is enabled for the blueprint, the load balancer VIPs are added to the app isolation security group as an IPSet. If a blueprints contains an on-demand security group that is associated to a machine tier that is also associated to a load balancer, the on-demand security group includes the machine tier and the IPSet with the load balancer VIP.

For information about using NAT rules to allow a TCP or UDP port to map from the external IP address of an Edge (source port) to a private IP address in the NAT network component (target port), see Creating and Using NAT Rules.