Topic Name : Universal Network and Security Objects
Publication Name : NSX Administration Guide
Product/Version : VMware NSX for vSphere/6.4
The following sentence seems odd and/or unclear to me, may it can get corrected or rewritten to be more precise and understandable? Many thanks! "Only active standby deployments can have universal security groups with dynamic membership based on VM name static membership based on universal security tag" Especially the second half seems off.
Pre NSX 6.2, NSX does not support universal dynamic membership in Cross-vCenter deployment. After NSX 6.2, NSX support Universal dynamic membership but with a limit, you can only use it in Active/Standy DR environment, only one site can have active VMs (refer to Working with Security Groups ).
And the only thing that supports dynamic membership is Universal Security Group, which can be composed by two dynamic things : VM name static membership or Universal security tags.
I know you may say that VM name static membership is not dynamic, but in DR environment, there's always a pair of VMs that have same names, Though it's a static rule, but it dynamically contains two VMs.