VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Password Management

For security reasons, you can change passwords for the accounts that are used by your
SDDC Manager
 instance. Changing these passwords periodically or when certain events occur, such as an administrator leaving your organization, reduces the likelihood of security vulnerabilities.
For information on password policy design, see Information Security and Access in the
Identity and Access Management for VMware Cloud Foundation
 validated solution. For step-by-step instructions on configuring password policies, see Password Policy Configuration for VMware Cloud Foundation in
VMware Cloud Foundation Operations Guide
.
You entered passwords for your
VMware Cloud Foundation
 system as part of the bring-up procedure. You can rotate and update some of these passwords using the password management functionality in the
SDDC Manager UI
, including:
  • Accounts used for service consoles, such as the ESXi root account.
  • The single sign-on administrator account.
  • The default administrative user account used by virtual appliances.
  • Service accounts that are automatically generated during bring-up, host commissioning, and workload creation.
    Service accounts have a limited set of privileges and are created for communication between products. Passwords for service accounts are randomly generated by SDDC Manager. You cannot manually set a password for service accounts. To update the credentials of service accounts, you can rotate the passwords.
To provide optimal security and proactively prevent any passwords from expiring, you must rotate passwords every 80 days.
Do not change the passwords for system accounts and the
administrator@vsphere.local
 account outside SDDC Manager. This can break your
VMware Cloud Foundation
 system.
You can also use the VMware Cloud Foundation API to look up and manage credentials. In the
SDDC Manager UI
, click
Developer Center
API Explorer
 and browse to the APIs for managing credentials.

Password Expiration Notifications

The
SDDC Manager UI
 provides a banner notification for any passwords managed by
VMware Cloud Foundation
 that are expiring within the next 14 days. For example:
Banner notification showing an alert about expiring passwords.
You can also click
Security
Password Management
 in the navigation pane to view password expiration information. For example:
Password Management page showing passwords that are expiring within 14 days.
Expired passwords will display a status of
Disconnected
. For example:
An image showing expired passwords with a "Disconnected" status.
For an expired password, you must update the password outside of
VMware Cloud Foundation
 and then remediate the password using the
SDDC Manager UI
 or the
VMware Cloud Foundation
 API. See Remediate Passwords.
Password expiration information in the
SDDC Manager UI
 is updated once a day. To get real-time information, use the VMware Cloud Foundation API.

Content feedback and comments