You must follow multiple best practices at all times when you operate your SDDC Manager instances.

Table 1. Security Best Practices for Securing SDDC Manager
Best Practice Description

SDDC Manager backup

VMW-SDDC-1600

You must back up SDDC Manager regularly to avoid downtime and data loss in case of a system failure. You can back up and restore SDDC Manager with an image-based or a file-based solution. File-based backup is recommended for customers who are comfortable with configuring backups by using APIs, and are not using composable servers or stretched clusters.

For image-based backups of SDDC Manager, use a solution compatible with VMware vSphere Storage APIs - Data Protection.

For file-based backups, configure an external SFTP server as a target backup location.

Install security patches and updates for SDDC Manager

VMW-SDDC-1602

Install all security patches and updates. To apply patches and updates to SDDC Manager, follow the guidance in the VMware Cloud Foundation Lifecycle Management document.
Use an SSL certificate issued by a trusted certificate authority for SDDC Manager

VMW-SDDC-1603

The use of a trusted certificate on the SDDC Manager appliance assures clients that the service they are connecting to is legitimate and trusted. To update the SDDC Manager certificate, refer the following URL: Install Certificates with External or Third-Party Certificate Authorities.
Do not expose SDDC Manager directly to the internet

VMW-SDDC-1604

Allowing external access to the SDDC Manager appliance can expose the server to denial of service attacks or other penetration attempts. Security Architect (SA) should work with the network or boundary team to ensure proper firewall rules are configured or other mechanisms are in place to protect the SDDC Manager appliance.
Assign least privileges to users and service accounts in SDDC Manager

VMW-SDDC-1605

Users and service accounts must be assigned only privileges they require. To reduce risk of confidentiality, availability, or integrity loss, least privilege requires that these privileges must be assigned only if needed.

From the SDDC Manager UI, under Administration > Users, review the users and groups assigned a role in SDDC Manager and verify that an appropriate role is assigned.

Dedicate an account for downloading updates and patches in SDDC Manager

VMW-SDDC-1607

When access is allowed to download updates online, using a dedicated My VMware account ensures consistent access to updates and security patches in the event of system administrator turnover or account access issues.

To configure a dedicated account that is not associated with a particular system administrator, from the SDDC Manager UI, go to Administration > Repository settings.

Deploy SDDC Manager with FIPS security mode activated

VMW-SDDC-1608

FIPS mode must be activated during bring-up and cannot be activated post bring-up.

Refer to the VCF deployment guide for details on activating FIPS mode on SDDC Manager.

Caution: This option is only available for new VMware Cloud Foundation installations and the setting you apply during bring-up are used for future upgrades. You cannot change the FIPS security mode setting after bring-up.