You perform the procedures on different components of NSX-T Data Center. Procedure Security Best Practices for Securing NSX-T Data CenterYou must follow multiple best practices at all times when you operate your NSX-T Data Center environment. Configure Security Settings for NSX-T Data Center by Using the User InterfacesYou perform the procedure in NSX-T Data Center to configure logging servers, configure logging for distributed and gateway firewall rules, and configure port binding for the spoofguard profile. Configure the settings for all NSX-T Data Center instances in your VMware Cloud Foundation environment. Configure Security Settings for NSX-T Data Center by Using CLI CommandsYou configure NSX Manager to back up audit records to a logging server. Also, you configure NSX-T Edge nodes to back up audit records to a central audit server. Configure Security Settings for NSX-T Data Center by Using NSX-T APIYou configure TLS 1.2 protocol and disable TLS 1.1 for NSX Manager. Optional Security Configurations for NSX-T Data CenterThe use of the NSX-T Data Center gateway firewall requires additional evaluation. This guidance does not cover the use of the gateway firewall to protect components deployed on overlay port groups. You can use the NSX-T Data Center gateway firewall to protect vRealize Automation and vRealize Operations Manager. Such configurations must be additionally evaluated based on your architecture. Similary, the edge configurations must be evaluated if you deploy an NSX-T Edge cluster.
