In VMware Cloud Foundation 9.0, the introduction of the Virtual Private Cloud (VPC) model within VCF Automation (formerly Aria Automation) simplifies multi-tenancy. When an administrator creates an organization and configures regional networking, the system automates the deployment of several high-level NSX objects to provide isolated networking for that organization's applications.
According to the VCF 9.0 Automation and Networking Guide:
A Provider Tier-0 Gateway (C): This is the top-level logical router in the VCF environment. During the regional networking setup, the system identifies or configures the Provider T0 to act as the primary exit point for North-South traffic for the organization.
A Virtual Private Cloud (VPC) connectivity profile (F): This profile defines the networking "flavor" (such as IP blocks, DNS, and security settings) that will be applied to the organization's VPCs. It acts as the template for how the VPC interacts with the provider's physical and logical infrastructure.
A Default Virtual Private Cloud (VPC) (B): Upon completing the organization setup, VCF Automation provisions a default VPC for that organization. This VPC serves as the logical container for the tenant's subnets, security groups, and routing.
An outbound Source Network Address Translation (SNAT) rule (A): To allow virtual machines within the newly created VPC to access external resources (the internet or corporate network) while using private IP space, the system automatically creates an outbound SNAT rule on the gateway associated with the VPC or the Provider T0.
Why other options are incorrect:
A Virtual Distributed Switch (VDS) (D): The VDS is a foundational component of the VCF VI Workload Domain created during Day 1 operations. It is not "automatically configured" during the high-level regional networking step of a VCF Automation organization; it must already exist.
An NSX Transit Gateway (E): While NSX uses Tier-0 and Tier-1 gateways for transit, "Transit Gateway" is a specific term often associated with public cloud (AWS) integrations. In the context of VCF 9.0 regional networking for a VPC, the core constructs are the T0/T1 and VPC profiles.
An outbound Destination Network Address Translation (DNAT) rule (G): DNAT is typically used for inbound traffic (mapping a public IP to a private internal IP). Outbound traffic uses SNAT to mask the internal IP as it leaves the organization.
[References:, VMware Cloud Foundation 9.0 Administration Guide: Configuring Organizations and VPCs in VCF Automation., VMware NSX (VCF 9.0) Guide: Automated VPC Provisioning and Connectivity Profiles., , , ]
Submit