VMware Cloud Foundation 5.2

5.2 5.1 5.0 4.5
Deutsch Français Italiano 日本語 English

Configure the Local User Password Expiration Policy for NSX Edge

Configure password expiration for NSX Edge local users in
VMware Cloud Foundation
. You configure it on a per-user basis for the built-in NSX accounts.
User
Setting
Default Value
root
Maximum number of days between password change
90
admin
Maximum number of days between password change
90
audit
Maximum number of days between password change
90
guestuser1
Maximum number of days between password change
90
guestuser2
Maximum number of days between password change
90

UI Procedure

  1. If you are configuring an NSX Edge virtual appliance, open the appliance console by using the Web console in the vSphere Client.
    1. Log in to the vCenter Server instance for the workload domain at
      https://<vcenter_server-fqdn>/ui
       by using an account with
      Administrator
       privileges.
    2. In the
      VMs and templates
       inventory, navigate to and expand the VM folder containing the NSX Edge nodes for the workload domain.
    3. Select the first node of the NSX Edge cluster and click
      Launch web console
      .
  2. If you are configuring a bare-metal NSX Edge appliance, open the appliance console by using an out-of-band management interface, such as iLO or iDRAC.
  3. Log in to the NSX Edge node as
    admin
    .
  4. Change the maximum number of days between password change using the following command.
    set user root password-expiration <your_value>
  5. Repeat this procedure for the remaining local accounts.
  6. Repeat this procedure on the remaining NSX Edge nodes in the cluster of the workload domain.
  7. Repeat this procedure on all NSX Edge clusters in the remaining workload domains.

PowerShell Procedure

You can use the PowerShell command for configuring the password expiration policies only on the NSX Edge nodes in
VMware Cloud Foundation
 that are deployed by using SDDC Manager. For NSX Edge virtual appliances that are deployed manually and for bare-metal NSX Edge appliances, configure the policies manually according to the
NSX documentation
.
  1. Start PowerShell.
  2. Replace the values in the sample code and run the commands in the PowerShell console.
    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io"
$sddcManagerUser = "administrator@vsphere.local"
$sddcManagerPass = "VMw@re1!"

$sddcDomainName = "sfo-m01"

$maxDays = "90"
  3. Perform the configuration by running the command in the PowerShell console.
    Update-NsxtEdgePasswordExpiration -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -maxdays $maxDays
  4. Repeat this procedure for all NSX Edge clusters in the remaining workload domains.

Content feedback and comments