VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Configure the Local User Account Lockout Policy for NSX Manager

Set the maximum number of failed login attempts and the time that must pass before an account is automatically unlocked for the local users of the NSX Manager appliances in
VMware Cloud Foundation
.
Method
Setting
Default Value
API
max-auth-failures
5
lockout-reset-period
180 seconds
lockout-period
900 seconds
CLI
max-auth-failures
5
lockout-period
900 seconds

UI Procedure

  1. Log in to the management domain vCenter Server at
    https://<management_vcenter_server_fqdn>/ui
     by using an account with
    Administrator
     privileges.
  2. In the
    VMs and templates
     inventory, expand the management domain vCenter Server tree and expand the management domain data center.
  3. Expand the VM folder containing the NSX Manager cluster.
  4. Select the first node of the NSX Manager cluster and click
    Launch web console
    .
  5. Log in to the NSX Manager node as
    admin
    .
  6. To configure the account lockout policy for logging in or making an API request to the NSX Manager UI according to your organization's requirements, run the following commands.
    set auth-policy api lockout-period <lockout-period>
set auth-policy api lockout-reset-period <lockout-reset-period>
set auth-policy api max-auth-failures <auth-failures>
  7. To configure the account lockout policy for logging in to the NSX CLI according to your organization's requirements, run the following commands.
    set auth-policy cli lockout-period <lockout-period>
set auth-policy cli max-auth-failures <auth-failures>
  8. Repeat this procedure on the remaining NSX Local Manager nodes in the management domain.
  9. Repeat this procedure on the NSX Local Manager nodes for all VI workload domains.
  10. Repeat this procedure on all NSX Global Manager clusters.

PowerShell Procedure

  1. Start Windows PowerShell.
  2. Replace the values in the sample code and run the commands in the PowerShell console.
    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "administrator@vsphere.local"
$sddcManagerPass = "VMw@re1!"

$sddcDomainName = "sfo-m01"

$cliMaxFailures = "5"
$cliUnlockInterval = "900"
$apiMaxFailures = "5"
$apiUnlockInterval = "900"
$apiFailureInterval = "180"
  3. Perform the configuration by running the command in the PowerShell console.
    Update-NsxtManagerAccountLockout -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -cliFailures $cliMaxFailures -cliUnlockInterval $cliUnlockInterval -apiFailures $apiMaxFailures -apiFailureInterval $apiFailureInterval -apiUnlockInterval $apiUnlockInterval
  4. Repeat this procedure for all NSX Local Manager clusters in the VI workload domains.
  5. Configure the account lockout policies on all NSX Global Manager clusters manually in the appliance console of each node.

Content feedback and comments