VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Configure Security Settings for NSX by Using CLI Commands

You configure NSX Manager to back up audit records to a logging server. Also, you configure NSX Edge nodes to back up audit records to a central audit server.
  1. VMW-NSX-01401
     Synchronize internal information system clocks using redundant authoritative time sources.
    1. Open the VM console of the NSX Manager appliance in vCenter Server and log in with credentials authorized for administration.
    2. Run the following commands:
      #remove any unknown or nonauthoritative NTP servers 
del ntp-server <server-ip or server-name> 
#configure ntp server 
set ntp-server <server-ip or server-name>
  2. VMW-NSX-01414
     Configure NSX Manager to send logs to a central log server.
    You can configure the logging server with one of the following protocols: TCP, LI-TLS, or TLS. If you use the protocls TLS or LI-TLS to configure a secure connection to a log server, the server and client certificates must be stored in the
    /image/vmware/nsx/file-store/
     folder on each NSX Manager appliance.
    1. Open the VM console of the NSX Manager appliance in vCenter Server and log in with credentials authorized for administration.
    2. If you want to configure a TCP or UDP syslog server, run
      set logging-server
      <server-ip_or_server-name>
       proto
      <tcp or udp>
       level info
       and press Enter.
    3. If you want to configure a TLS syslog server, run
      set logging-server
      <server-ip_or_server-name>
       proto tls level info serverca ca.pem clientca ca.pem certificate cert.pem key key.pem
       and press Enter.
    4. If you want to configure an LI-TLS server, run
      set logging-server
      <server-ip_or_server-name>
       proto li-tls level info serverca root-ca.crt
       and press Enter.
  3. VMW-NSX-01421
     Enforce a minimum of 15 characters for password length on the NSX Manager nodes.
    1. Open the VM console of an NSX Manager appliance in vCenter Server and log in with credentials authorized for administration.
    2. Run the command and press Enter.
      set password-complexity minimum-password-length 15
  4. VMW-NSX-01530
     NSX Manager must require that when a password is changed, the characters are changed in at least eight of the positions within the password.
    1. Open the VM console of an NSX Manager appliance in vCenter Server and log in with credentials authorized for administration.
    2. Run the command and press Enter.
      set password-complexity max-repeats 8
  5. Configure login sessions settings for the NSX Manager.
    1. Open the VM console of the NSX Manager appliance in vCenter Server and log in with credentials authorized for administration.
    2. VMW-NSX-01416
       Configure session lock after a 10-minute period of inactivity.
      Set service http session-timeout 600
    3. VMW-NSX-01418
       Prevent an account from further log in attempts by using the UI or API after three consecutive failed log in attempts.
      Set auth-policy api max-auth-failures 3
    4. VMW-NSX-01498
       Prevent an account from further log in attempts by using CLI after three consecutive failed log in attempts.
      set auth-policy cli max-auth-failures 3

Content feedback and comments