In a dedicated appliance deployment type, the administrative sessions to all VMware Cloud Director Availability services are restricted by default when originating from public networks.
- Login sessions by using the appliance root user credentials
- Login sessions by using VMware Cloud Director system administrator credentials
- Login sessions by using a single sign-on user with vCenter Server Administrator credentials
When VMware Cloud Director Availability restricts the external administrative access, attempts to establish a login session from a public IP result in a 401 Not Authenticated response, which is identical to a wrong password error. To improve the appliance security further, the appliance denies the external administrative login session without counting it as an unsuccessful login attempt.