For security reasons, you can change passwords for the built-in accounts that are used by your Cloud Foundation system. Chainging these passwords periodically or when certain events occur, such as an administrator leaving your organization, reduces the likelihood of security vulnerabilities occurring.

Many of the physical and logical entities in your Cloud Foundation system have built-in accounts. The passwords for these accounts as well as the passwords of the rack's components are changed during bring-up. You can also change these passwords on-demand.

Passwords are changed for the following accounts:

  • Accounts used for service consoles, for example the ESXi root account

  • Single sign-on administrator account

  • Default administrative user account used by virtual appliances

  • Cumulus Account used by switches running Cumulus Linux, for example, the management switches

  • Network-admin roles used by switches not running Cumulus Linux

  • Internal database service accounts, such as the JDBC account

  • BMC

  • SDDC Manager Utility VM

The change process generates randomized passwords for the accounts. The SDDC Manager Controller VM root password is not changed during this process.

Only modify these passwords via the SDDC Manager UI. Do not manually modify these passwords. Manually modifying these passwords breaks the SDDC Manager software's ability to manage the physical and logical entities.