Locker Design for vRealize Suite Lifecycle Manager

The vRealize Suite Lifecycle Manager Locker allows you to secure and manage passwords, certificates, and licenses for vRealize Suite product solutions and integrations.

Passwords

vRealize Suite Lifecycle Manager stores passwords in the locker repository which are referenced during life cycle operations on data centers, environments, products, and integrations.

Table 1. Life Cycle Operations Use of Locker Passwords in vRealize Suite Lifecycle Manager
Life Cycle Operations Element	Password Use
Data Centers	vCenter Server credentials for a vRealize Suite Lifecycle Manager-to-vSphere integration user.
Environments	Global environment default configuration administrator,configadmin. Environment password, for example, for product default admin or root password.
Products	Product administrator password, for example, the admin password for an individual product. Product appliance password, for example, the root password for and individual product.

Table 2. Design Decisions on Locker Passwords in vRealize Suite Lifecycle Manager
Decision ID	Design Decision	Design Justification	Design Implication
VCF-VRS-vRSLCM-SEC-008	Replace the default store passwords in the locker repository for use by life cycle operations.	You can reference specific passwords for use across life cycle operations elements, such as: vCenter Server registration and updates (Management Domain vCenter Servers) Environment creations Product deployments and updates VMware Customer Connect registration and updates	Password items in the locker cannot be edited or deleted from the UI; however, they can be deleted by using the API. You must register and use a new locker password when rotating a password.

Certificates

vRealize Suite Lifecycle Manager stores certificates in the locker repository which can be referenced during product life cycle operations. Externally provided certificates, such as Certificate Authority-signed certificates, can be imported or certificates can be generated by the vRealize Suite Lifecycle Manager appliance.

The certificate validity - such as the issued date, expiration date, time remaining - and certificate details - such as the issuer, subject, and subject alternative names - are available for reference along with the certificate health based on the expiration date. Additionally, you can review the certificate reference to see where the certificate is in use across environments and products. As certificates need to be replaced, such as with expiration or a cluster scale-out, the locker provides the ability to replace certificates on referenced entities.

Table 3. Design Decisions on Locker Certificates in vRealize Suite Lifecycle Manager
Decision ID	Design Decision	Design Justification	Design Implication
VCF-VRS-vRSLCM-SEC-009	Import Certificate Authority-signed certificates to the locker repository for product life cycle operations.	You can review the validity, details, and the environment and deployment usage for the certificate across the vRealize products. You can reference and use Certificate Authority-signed certificates during product life cycle operations, such as deployment and certificate replacement.	When using the API you must specify the locker ID for the certificate to be used in the JSON payload.

Licenses

vRealize Suite Lifecycle Manager stores licenses in the locker repository which can be referenced during product life cycle operations. Licenses can be validated and added to repository directory or imported through an integration with VMware Customer Connect.

The license details - such as the issued date, expiration date, time remaining - and license details - such as the type, quantity, unit, and expiration - are available for reference. Additionally, you can review the license references to see where the license is in use across environments and products. Because a license must be replaced, for example, with workload domain expansion, the locker provides the ability to replace licenses on referenced entities.

Table 4. Design Decisions on Locker Licenses in vRealize Suite Lifecycle Manager
Decision ID	Design Decision	Design Justification	Design Implication
VCF-VRS-vRSLCM-SEC-010	Import vRealize Suite product licenses to the locker repository for product life cycle operations.	You can review the validity, details, and the environment and deployment usage for the license across the vRealize Suite products. You can reference and use licenses during product life cycle operations, such as deployment and license replacement.	When using the API, you must specify the locker ID for the license to be used in the JSON payload.