Configuring password policies includes the configuration of password expiration, complexity and account lockout policies according to the requirements of your organization which might be based on industry compliance standards. In VMware Cloud Foundation, this activity is performed manually.
Password Policy Configuration and Password Management
VMware Cloud Foundation does not prescribe or automate the process of configuring a password policy across the system. However, your organization might have specific requirements defined either by the organization itself or through an industry compliance standard that prescribes the changes that you must make to the default policy configuration.
After you configure the password policy, you can use SDDC Manager to rotate or manually update the passwords of the management components in VMware Cloud Foundation by using automation. See Password Management in VMware Cloud Foundation Administration Guide.
For information about password policy design including the details and justification for the configuration of password expiration, complexity and account lockout policies, see the Information Security and Access Control Design for VMware Cloud Foundation in the Identity and Access Management for VMware Cloud Foundation validated solution.
Password Policy |
Support by Management Component |
---|---|
Password expiration |
|
Password complexity |
|
Account lockout |
|
Manual and Automated Password Policy Configuration
To configure password policies in VMware Cloud Foundation, you can follow a step-by-step approach by using product user interface or an automated approach by running PowerShell commands that are available in the VMware.CloudFoundation.PasswordManagement module in PowerShell Gallery.
If you want to learn more details about, provide feedback, report an issue with automation, or contribute to the VMware.CloudFoundation.PasswordManagement module, go to the VMware.CloudFoundation.PasswordManagement open-source project in GitHub.
Approaches to Password Policy Configuration
For initial configuration of the password policy in VMware Cloud Foundation, you usually configure all password policies on a management component and then proceed with the next one. You can also configure a specific property in a password policy across several management components.
Management Component |
|
---|---|
ESXi |
|
vCenter Single Sign-on |
|
vCenter Server |
|
NSX Manager |
|
NSX Edge |
|
SDDC Manager |
Prerequisites
To perform the configuration associated with password policy configuration, verify that your system fulfills the following prerequisites.
Category |
Prerequisite |
---|---|
Environment |
|
Infrastructure-as-code | To use the infrastructure-as-code method for password policy configuration, verify that your system fulfills the prerequisites, described in the documentation of the VMware.CloudFoundation.PasswordManagement open-source project in GitHub. |