Information Security and Access Control Design for NSX-T Data Center for the Management Domain
You design authentication access, controls, and certificate management for the NSX-T Data Center instance in the management domain in VMware Cloud Foundation according to industry standards and the requirements of your organization.
Identity Management
Users can authenticate to NSX Manager from several sources. Role-based access control is not available with local user accounts.
- Local user accounts
- Active Directory by using LDAP
- Active Directory by using Workspace ONE Access
- Principal identity
For more information on identity and access management, see VMware Cloud Foundation のための ID およびアクセス管理.
Password Management and Account Lockout Behavior for NSX Local Manager and NSX Edge Nodes
Set passwords for the NSX-T Data Center components according to the requirements of your organization for security and compliance. Changing the passwords for the NSX-T Data Center components periodically or when certain events occur, such as an administrator leaving your organization, reduces the likelihood of security vulnerabilities.
For more information on password management and account lockout behavior, see VMware Cloud Foundation のための ID およびアクセス管理.
Password Management and Account Lockout Behavior for NSX Global Manager
The version of SDDC Manager in this design does not support password rotation for the NSX Global Manager appliances. All password change operations must be done manually.
For more information on password management and account lockout behavior, see VMware Cloud Foundation のための ID およびアクセス管理.
Certificate Management
Access to all NSX Manager interfaces must use an Secure Sockets Layer (SSL) connection. By default, NSX Manager uses a self-signed SSL certificate. This certificate is not trusted by end-user devices or Web browsers.
As a best practice, replace self-signed certificates with certificates that are signed by a third-party or enterprise Certificate Authority (CA).
Certificate Management for Multiple VMware Cloud Foundation Instances
The version of SDDC Manager in this design does not support certificate replacement for NSX Global Manager appliances. When the certificate of the NSX Local Manager cluster is replaced, you must update the thumbprint of the new certificate on the connected NSX Global Manager.