Securing vCenter Server includes ensuring security of the machine where vCenter Server is running, following best practices for assigning privileges and roles, and verifying the integrity of the clients that connect to vCenter Server.
Control vCenter Server administrator privileges strictly to increase security for the system.
- Remove full administrative rights to vCenter Server from the local Windows administrator account, and grant them only to a special-purpose local vCenter Server administrator account. Grant full vSphere administrative rights only to those administrators who are required to have it. Do not grant this privilege to any group whose membership is not strictly controlled.
- Do not allow users to log in to the vCenter Server system directly. Allow access only to those users who have legitimate tasks to perform and confirm that their actions are audited.
- Install vCenter Server using a service account instead of a Windows account. A service account or a Windows account can be used to run vCenter Server. Using a service account allows Windows authentication to SQL Server, which provides more security. The service account must be an administrator on the local machine.
- Check for privilege reassignment when restarting vCenter Server. If the user or user group that is assigned the Administrator role on the root folder of the server cannot be verified as a valid user or group, the administrator privileges are removed and assigned to the local Windows Administrators group.
Grant minimal privileges to the vCenter Server database user. The database user requires only certain privileges specific to database access. In addition, some privileges are required only for installation and upgrade. These can be removed after the product is installed or upgraded.