Universal Objects explanation

Author :

URL : http:////

Topic Name : Universal Network and Security Objects

Publication Name : NSX Administration Guide

Product/Version : VMware NSX for vSphere/6.4

Question :

The following sentence seems odd and/or unclear to me, may it can get corrected or rewritten to be more precise and understandable? Many thanks!  "Only active standby deployments can have universal security groups with dynamic membership based on VM name static membership based on universal security tag" Especially the second half seems off.

VCIX-DCV, VCIX-NV, VCI (Level 2) since 2009
1 Reply

Pre NSX 6.2, NSX does not support universal dynamic membership in Cross-vCenter deployment. After NSX 6.2, NSX support Universal dynamic membership but with a limit, you can only use it in Active/Standy DR environment, only one site can have active VMs (refer to  Working with Security Groups ).

And the only thing that supports dynamic membership is Universal Security Group, which can be composed by two dynamic things : VM name static membership or Universal security tags.

I know you may say that VM name static membership is not dynamic, but in DR environment, there's always a pair of VMs that have same names, Though it's a static rule, but it dynamically contains two VMs.

Please consider marking this answer "correct" or "helpful" if you think your query have been answered correctly. Cheers, Matt Zhang VCIX-NV | VCP-NV-CMA-DTM | CCDA | CCIE R&S