You can specify settings that apply to the entire blueprint, including some NSX settings, by using the New Blueprint page when you create the blueprint. After you create the blueprint, you can edit these settings on the Blueprint Properties page.

General Tab

Apply settings across your entire blueprint, including all components you intend to add now or later.

Table 1. General Tab Settings




Enter a name for your blueprint.


The identifier field automatically populates based on the name you entered. You can edit this field now, but after you save the blueprint you can never change it. Because identifiers are permanent and unique within your tenant, you can use them to programmatically interact with blueprints and to create property bindings.


Summarize your blueprint for the benefit of other architects. This description also appears to users on the request form.

Deployment limit

Specify the maximum number of deployments that can be created when this blueprint is used to provision machines.

Lease days: Minimum and Maximum

Enter a minimum and maximum value to allow users to choose from within a range of lease lengths. When the lease ends, the deployment is either destroyed or archived. If you do not specify a minimum or maximum value, the lease is set to never expire.

Archive days

You can specify an archival period to temporarily retain deployments instead of destroying deployments as soon as their lease expires. Specify 0 (default) to destroy the deployment when its lease expires. The archive period begins on the day the lease expires. When the archive period ends, the deployment is destroyed.

Propagate updates to existing deployments

When checked, specifies that any broadening of the limits that you make to the CPU, Memory, and Storage minimum or maximum settings in the blueprint are pushed to all active deployments that were provisioned from the blueprint. For example, if you specify a minimum of 2 and maximum of 4 (2,4) originally, a change such as (1,4) or (2,5) would take effect upon reconfiguration but a change of (3,4) or (2,3) would not.

The changes takes effect upon the next reconfigure action. For related information about reconfigure actions, see Action Menu Commands for Provisioned Resources.

NSX Settings Tab

If you have configured NSX you can specify NSX transport zone, Edge and routed gateway reservation policy, and app isolation settings when you create or edit a blueprint. These settings are available on the NSX Settings tab on the Blueprint and Blueprint Properties pages.

For information about configuring NSX, see NSX Administration Guide.

Table 2. NSX Settings Tab Settings



Transport zone

Select an existing NSX transport zone to contain the network or networks that the provisioned machine deployment can use.

A transport zone defines which clusters the networks can span. When provisioning machines, if a transport zone is specified in a reservation and in a blueprint, the transport zone values must match. Only the transport zones that are applicable to the current tenant are available.

A transport zone is only required for blueprints that have an on-demand network. For security groups, security tags, and load balancers, the transport zone is optional. If you do not specify a transport zone, the endpoint is determined by the location of the security group, security tag, or network that the load balancer connects to.

Edge and routed gateway reservation policy

Select an NSX Edge or routed gateway reservation policy. This reservation policy applies to routed gateways and to all edges that are deployed as part of provisioning. There is only one edge provisioned per deployment.

For routed networks, edges are not provisioned, but you can use a reservation policy to select a reservation with the routed gateways to be used for routed network provisioning.

When vRealize Automation provisions a machine with NAT or routed networking, it provisions a routed gateway as the network router. The Edge or routed gateway is a management machine that consumes compute resources like other virtual machines but manages the network communications all machine in that deployment. The reservation used to provision the Edge or routed gateway determines the external network used for NAT and load balancer virtual IP addresses. As a best practice, use separate management clusters for management machines such as NSX Edges.

App isolation

Select the App isolation check box to use the app isolation security policy configured in NSX. The app isolation policy is applied to all vSphere machine components in the blueprint. You can optionally add NSX security groups and tags to allow vRealize Orchestrator to open the isolated network configuration to allow additional paths in and out of the app isolation.

Properties Tab

Custom properties you add at the blueprint level apply to the entire blueprint, including all components. However, they can be overridden by custom properties assigned later in the precedence chain. For more information about order of precedence for custom properties, see Understanding Custom Properties Precedence.

Table 3. Properties Tab Settings




Property Groups

Property groups are reusable groups of properties that are designed to simplify the process of adding custom properties to blueprints. Your tenant administrators and fabric administrators can group properties that are often used together so you can add the property group to a blueprint instead of individually inserting custom properties.


Add one or more existing property groups and apply them to the overall blueprint.

The following Containers-related property groups are supplied:

  • Container host properties with certificate authentication

  • Container host properties with user/password authentication

Move up /Move down

Control the order of precedence given to each property group in relation to one another by prioritizing the groups. The first group in the list has the highest priority, and its custom properties have first precedence. You can also drag and drop to reorder.

View properties

View the custom properties in the selected property group.

View merged properties

If a custom property is included in more than one property group, the value included in the property group with the highest priority takes precedence. You can view these merged properties to assist you in prioritizing property groups.

Custom Properties

You can add individual custom properties instead of property groups.


Add an individual custom property and apply it to the overall blueprint.


Enter the property name. For a list of custom property names and descriptions, see Custom Properties and the Property Dictionary.


Enter the value for the custom property.


You can choose to encrypt the property value, for example, if the value is a password.


You can specify that the property value can be overridden by the next or subsequent person who uses the property. Typically, this is another architect, but if you select Show in request, your business users are able to see and edit property values when they request catalog items.

Show in request

If you want to display the property name and value to your end users, you can select to display the property on the request form when requesting machine provisioning. You must also select overridable if you want users to provide a value.