VMware Cloud Foundation 4.5

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Configure Security Settings for vCenter Server from the vSphere Client

You perform the procedure on all vCenter Server instances to configure password policies, lockout policies, alarms, proxy, login banners, LDAP, and other configurations.
  1. In a Web browser, log in to vCenter Server by using the vSphere Client.​
    Setting
    Value
    URL
    https:/
    /management-domain-vcenter-server-fqdn
    /ui​​​
    User name​
    administrator@vsphere.local​
  2. Configure the password policies.
    1. From the
      Home
       menu of the vSphere Client, click
      Administration
      .
    2. Under
      Single Sign-On
      , click
      Configuration
      .
    3. On the
      Local accounts
       tab, under
      Password policy
      , click
      Edit
      .
    4. In the
      Edit password policies
       dialog box, configure the settings and click
      Save
      .
      Configuration ID
      Setting
      Value
      VMW-VC-00421
      Maximum lifetime
      60
      VMW-VC-00410
      Minimum Length
      15
  3. Configure the lockout policies.
    1. On the
      Local accounts
       tab, under
      Lockout policy
      , click
      Edit
      .
    2. In the
      Edit lockout policies
       dialog box, configure the settings and click
      Save
      .
      Configuration ID
      Setting
      Value
      VMW-VC-00436
      Maximum number of failed login attempts
      3
      VMW-VC-00434
      Time interval between failures
      900 seconds
      VMW-VC-00435
      Unlock time
      0 seconds
  4. VMW-VC-01219
     Configure an alert for the appropriate personnel about SSO account actions
    1. In the
      Hosts and clusters
       inventory, select the vCenter Server that manages the ESXi host you configure.
    2. Click the
      Configure
       tab, select
      Alarm definitions
       under
      Security
      .
    3. Click
      Add
      .
      The
      New alarm definition
       wizard opens.
    4. On the
      Name and targets
       page, enter the settings and click
      Next
      .
      Setting
      Value
      Alarm name
      SSO account actions - com.vmware.sso.PrincipalManagement
      Target type
      vCenter Server
    5. On the
      Alarm rule 1
       page, under
      If
      , enter
      com.vmware.sso.PrincipalManagement
       as a trigger and press Enter.
    6. Configure the remaining settings for the alarm, click
      Next
      , and follow the prompts to finish the wizard.
      Setting
      Value
      Trigger the alarm and
      Show as warning
      Send email notifications
      Off
      Send SNMP traps
      On
      Run script
      Off
  5. VMW-VC-00418
     Configure a proxy for the download of the public Hardware Compatibility List.
    1. In the
      Hosts and Clusters
       inventory, select the vCenter Server that you configure.
    2. Click the
      Configure
       tab and under
      vSAN
      , click
      Internet connectivity
      .
    3. On the
      Internet connectivity
       page, click
      Edit
      .
    4. Select the
      Configure the proxy server if your system uses one
       check box.
    5. Enter the proxy server details and click
      Apply
      .
  6. VMW-VC-01236
     Remove the privilege to use the virtual machine console for the standard virtual machine user role.
    1. On the
      Home
       page of the vSphere Client, click
      Administration
       , and click
      Roles
      .
    2. From the
      Roles provider
       drop-down menu, select the vCenter Server that you configure.
    3. Select the
      Virtual machine user (sample)
       role and click
      Edit role action
      .
    4. In the
      Edit role
       dialog box, select the
      Virtual machine
       group and under
      Interaction
      , deselect the
      Console interaction
       check box.
    5. Click
      Next
       and click
      Finish
      .
  7. VMW-VC-01209
     Configure a login message.
    1. From the
      Home
       menu of the vSphere Client, click
      Administration
      .
    2. Navigate to
      Single sing-on
      Configuration
      .
    3. Click the
      Login message
       tab and click
      Edit
      .
    4. Activate the
      Show login message
       toggle.
    5. In the
      Login message
       text box, enter the login message.
    6. Activate the
      Consent checkbox
       toggle.
    7. In the
      Details of login message
       text box, enter the site-specific banner text and click
      Save
      .
  8. VMW-VC-01212
     Configure Mutual CHAP for vSAN iSCSI targets.
    1. In the
      Hosts and Clusters
       inventory, select the vSAN-enabled cluster.
    2. Click the
      Configure
       tab and under
      vSAN
      , click
      Services
      .
    3. In the
      vSAN iSCSI target service
       tile, click
      Enable
      .
    4. Activate the service from the toggle switch.
    5. From the
      Authentication
       drop-down menu, select
      Mutual CHAP
    6. Configure the incoming and outgoing users and secrets appropriately and click
      Apply
      .
  9. Set SDDC deployment details on the vCenter Server instances.
    1. In the
      Global inventory lists
       inventory, click
      vCenter Servers
      .
    2. Click the vCenter Server object and click the
      Configure
       tab in the central pane.
    3. Under
      Settings
      , click
      Advanced settings
       and click
      Edit settings
      .
    4. In the
      Edit advanced vCenter Server settings
       dialog box, enter the settings and click
      Add
      .
    Setting
    Value
    Name
    config.SDDC.Deployed.ComplianceKit
    Value
    VCF-NIST-800-53
  10. VMW-VC-00422
     vCenter Server must terminate vSphere Client sessions after 10 minutes of inactivity.
    1. From the
      Home
       menu of the vSphere Client, click
      Administration
      .
    2. Under
      Deployment
      , click
      Client configuration
      .
    3. Click
      Edit
      , for
      Session timeout
      , enter
      10
       minutes, and click
      Save
      .

Content feedback and comments