Default Access Controls Configured in VMware Cloud Foundation
Each product can support a range of settings that must be evaluated and if necessary, modified to meet security and compliance requirements.
Frequently requested access control settings are listed with the default values in VMware Cloud Foundation 5.2. Configurations with a value of 0 are deactivated.
The default settings may not be the recommended values based on desired the compliance standard. This is the default out-of-the-box state of access controls in VMware Cloud Foundation.
Product | Configuration ID | Configuration Description | Default Setting |
|---|---|---|---|
NSX | VMW-NSXT-1416 | Configure NSX-T Manager to terminate idle sessions after a certain period of time. | 1800 seconds |
NSX | VMW-NSXT-1417 | Configure NSX-T Manager to block any login attempts after consecutive invalid login attempts for a certain period. | 900 seconds |
NSX | VMW-NSXT-1418 | Configure NSX-T Manager to block further login attempts after a number of consecutive failed login attempts. | 5 attempts |
NSX | VMW-NSXT-1419 | Configure NSX-T Manager locked accounts to automatically get unlocked after a period of time following the last failed login attempt. | 900 seconds |
NSX | VMW-NSXT-1421 | Configure a minimum password length for NSX-T Manager accounts. | 12 characters |
ESXi | VMW-ESXI-00034 | Set the maximum number of failed login attempts before an account is locked. | 5 attempts |
ESXi | VMW-ESXI-00038 | Configure the inactivity timeout to automatically terminate idle shell sessions. | 0 seconds (automatic termination is deactivated) |
ESXi | VMW-ESXI-00109 | Configure the password history to restrict the reuse of a certain number of previous passwords. | 5 |
ESXi | VMW-ESXI-00165 | Configure a time for automatic unlock of a locked user account. | 900 seconds |
ESXi | VMW-ESXI-00564 | Configure the inactivity timeout to automatically terminate idle Host Client sessions. | 900 seconds |
ESXi | VMW-ESXI-00168 | Configure the inactivity timeout to automatically terminate idle DCUI sessions. | 600 seconds |
vCenter Server | VMW-VC-00403 | Configure the password history to restrict the reuse of a certain number of previous passwords. | 5 passwords |
vCenter Server | VMW-VC-00421 | Configure vCenter Server to enforce a maximum password lifetime restriction. | 90 days |
vCenter Server | VMW-VC-00422 | Configure the inactivity timeout to automatically terminate vSphere Client sessions. | 120 minutes |
vCenter Server | VMW-VC-00428 | Configure vCenter Server to rotate the vpxuser auto-password periodically. | 30 days |
vCenter Server | VMW-VC-00427 | Configure a minimum password length for the vpxuser account. | 32 characters |
vCenter Server | VMW-VC-00410 | Configure the minimum number of characters for password length for any vCenter Server user. | 8 characters |
vCenter Server | VMW-VC-00408 | Configure the minimum number of uppercase characters in the password for any vCenter Server user. | 1 character |
vCenter Server | VMW-VC-00413 | Configure the minimum number of lowercase characters in the password for any vCenter Server user. | 1 character |
vCenter Server | VMW-VC-00433 | Configure the minimum number of numeric characters in the password for any vCenter Server user. | 1 character |
vCenter Server | VMW-VC-00432 | Configure the minimum number of special characters in the password for any vCenter Server user. | 1 character |
vCenter Server | VMW-VC-01271 | Configure the maximum number of identical adjacent characters policy. | 3 characters |
vCenter Server | VMW-VC-00436 | Limit the maximum number of failed login attempts for vCenter Server users. | 5 attempts |
vCenter Server | VMW-VC-00434 | Configure the number of failed login attempts in a period of time before an account gets locked. | 180 seconds |
vCenter Server | VMW-VC-00435 | Configure a timer for automatic account unlock for accounts locked after failed login attempts. | 300 seconds |
vCenter Server | VMW-VC-00096 | Deactivate console connection sharing on the virtual machine. | 1 (deactivated) |