In a dedicated appliance deployment type, the administrative sessions to all VMware Cloud Director Availability services are restricted by default when originating from public networks.

The restriction applies to the following administrative accounts:
  • Login sessions by using the appliance root user credentials
  • Login sessions by using VMware Cloud Director system administrator credentials
  • Login sessions by using a single sign-on user with vCenter Server Administrator credentials

When VMware Cloud Director Availability restricts the external administrative access, attempts to establish a login session from a public IP result in a 401 Not Authenticated response, which is identical to a wrong password error. To improve the appliance security further, the appliance denies the external administrative login session without counting it as an unsuccessful login attempt.