By default, VMware Cloud Director Availability restricts the administrative sessions to all services when originating from public networks. As a provider, you can allow the administrative access from public networks.
The restriction applies to the following administrative accounts:
- Login sessions by using the appliance root user credentials.
- Login sessions by using VMware Cloud Director system administrator credentials.
- Login sessions by using a single sign-on user with vCenter Server Administrator credentials.
With restricted external administrative access, attempting to establish a login session from a public IP results in a 401 Not Authenticated response. This response is identical to a wrong password error. To improve the appliance security further, the appliance denies the external administrative login session without counting it as an unsuccessful login attempt.