VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Configure the Local User Account Lockout Policy for NSX Edge

Set the maximum number of failed login attempts and the time that must pass before an account is automatically unlocked for the local users of the NSX Edge appliances in
VMware Cloud Foundation
 .
Method
Setting
Default Value
CLI
max-auth-failures
5
lockout-period
900 seconds

UI Procedure

  1. If you are configuring an NSX Edge virtual appliance, open the appliance console by using the Web console in the vSphere Client.
    1. Log in to the management domain vCenter Server at
      https://<management_vcenter_server_fqdn>/ui
       by using an account with
      Administrator
       privileges.
    2. In the
      VMs and templates
       inventory, expand the management domain vCenter Server tree and expand the management domain data center.
    3. Expand the VM folder containing the NSX Edge cluster.
    4. Select the first node of the NSX Edge cluster and click
      Launch web console
      .
  2. If you are configuring a bare-metal NSX Edge appliance, open the appliance console by using an out-of-band management interface, such as iLO or iDRAC.
  3. Log in to the NSX Edge node as
    admin
    .
  4. To configure the account lockout policy for logging in to the NSX CLI according to your organization's requirements, run the commands.
    set auth-policy cli lockout-period <lockout-period>
set auth-policy cli max-auth-failures <auth-failures>
  5. Repeat this procedure on the remaining NSX Edge nodes in the management domain.
  6. Repeat this procedure on all NSX Edge nodes in the VI workload domains.

PowerShell Procedure

You can use the PowerShell command for configuring the account lockup policies only on the NSX Edge nodes in
VMware Cloud Foundation
 that are deployed by using SDDC Manager. For NSX Edge virtual appliances that are deployed manually and for bare-metal NSX Edge appliances, configure the policies manually according to the
NSX-T Data Center documentation
.
  1. Start Windows PowerShell.
  2. Replace the values in the sample code and run the commands in the PowerShell console.
    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "administrator@vsphere.local"
$sddcManagerPass = "VMw@re1!"

$sddcDomainName = "sfo-m01"

$cliMaxFailures = "5"
$cliUnlockInterval = "900"
  3. Perform the configuration by running the command in the PowerShell console.
    Update-NsxtEdgeAccountLockout -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -cliFailures $cliMaxFailures -cliUnlockInterval $cliUnlockInterval
  4. Repeat this procedure for all VI workload domains.

Content feedback and comments