You configure NSX-T Manager to backup audit records to logging server, session timeouts, maximum authentication failures, password length. Also, you configure NSX-T Edge nodes to backup audit records to central audit server.

Procedure

  1. NIST80053-VI-NET-CFG-01414 Send audit records to a central audit server.
    1. Open the VM console of the NSX-T Manager appliance in vCenter Server and log in with credentials authorized for administration.
    2. Enter set logging-server your_server_hostname proto tcp level info and press Enter.

      You can configure the logging server with one of the following protocols: tcp, li-tls, or tls.

  2. NIST80053-VI-NET-CFG-01430 Configure the NSX-T Tier-0 and Tier-1 firewall to protect traffic log records from unauthorized access while in transit to the central audit server.
    1. Open the VM console of the NSX-T Edge appliance in vCenter Server and log in with credentials authorized for administration.
    2. Enter set logging-server your_server_hostname proto tcp level info and press Enter.

      You can configure the logging server with one of the following protocols: tcp, li-tls, or tls.

  3. Configure login sessions settings for the NSX-T manager.
    1. Open the VM console of the NSX-T Manager appliance in vCenter Server and log in with credentials authorized for administration.
    2. NIST80053-VI-NET-CFG-01416 Configure session lock after a 15-minute period of inactivity.

      set service http session-timeout 900

    3. NIST80053-VI-NET-CFG-01418 Prevent an account from further login attempts after three consecutive failed login attempts.

      set auth-policy api max-auth-failures 3