Information security and access control design details the design decisions for both users and groups, for integration authentication, access controls, and for password management.

Identity Management Design for Cloud-Based Ransomware Recovery for VMware Cloud Foundation

As an Organization owner, you add users to your organization and provide access to the VMware Cloud Disaster Recovery and the VMware Cloud on AWS services.

As the cloud administrator for VMware Cloud services, you establish an integration with the identity provider of your organization. With this integration, you can use your organization's directory services for authentication to VMware Cloud. After the integration is established, you can control authorization to your organization and services by assigning an organization and service roles to users. The Organization owner role allows you to add users to your organization and to provide access to the VMware Cloud Disaster Recovery and the VMware Cloud on AWS services.

As an Organization owner, you can add and change the role assignment for users. In this solution, you assign an organization and service roles to users.

Table 1. Design Decisions on Identity Management for Cloud-Based Ransomware Recovery

Decision ID

Design Decision

Design Justification

Design Implication

CBR-IAM-SEC-001

Limit the use of local accounts for interactive or API access and solution integration.

Local accounts are not specific to user identity and do not offer complete auditing from an endpoint back to the user identity.

You must define and manage service accounts, security groups, group membership, and security controls in Active Directory.

CBR-IAM-SEC-002

Limit the scope and privileges for accounts used for interactive or API access, and for solution integration.

The principle of least privilege is a critical aspect of access management and must be part of a comprehensive defense-in-depth security strategy.

You must define and manage custom roles and security controls to limit the scope and privileges used for interactive access or solution integration.

CBR-IAM-SEC-003

Assign VMware Cloud Disaster Recovery service roles to designated users.

To provide access to VMware Cloud Disaster Recovery service, you assign users to service roles.

You must maintain the service roles required for users of your organization.

CBR-IAM-SEC-004

Assign VMware Cloud on AWS service roles to designated users.

To provide access to VMware Cloud on AWS service, you assign users to service roles.

You must maintain the service roles required for users of your organization.

CBR-IAM-SEC-005

Assign VMware Carbon Black Cloud service roles to designated users.

To provide access to VMware Carbon Black Cloud service, you assign users to service roles.

You must maintain the service roles required for users of your organization.

Service Account Design for Cloud-Based Ransomware Recovery for VMware Cloud Foundation

To provide and control the integration between VMware Cloud Disaster Recovery and vCenter Server endpoints across VMware Cloud Foundation instances, you configure service accounts.

This solution ensures that the context of each integration uses the least privilege and permissions scope required for the integration.

Table 2. Design Decisions on Service Accounts for Cloud-Based Ransomware Recovery

Decision ID

Design Decision

Design Justification

Design Implication

CBR-IAM-SEC-006

Define a custom vCenter Server role for VMware Cloud Disaster Recovery with minimum privileges required to support the registration of a vCenter Server.

VMware Cloud Disaster Recovery integrates with each workload domain vCenter Server instance using a minimum set of privileges required to support registration.

  • You must maintain the privileges required by the custom vSphere role.

  • If additional workload domain vCenter Server instances are not in the same vCenter Single Sign-On domain, you must apply the custom role to each vCenter Single Sign-On domain.

CBR-IAM-SEC-007

Assign the custom vCenter Server role to a user from the vsphere.local domain as a service account for each VI workload domain vCenter Server instance for application-to-application communication between VMware Cloud Disaster Recovery and vCenter Server.

  • Provides integration and data collection of objects managed by the vCenter Server for a given VI workload domain.

  • Limiting the use of a service account reduces the risk in the case of either a security or a password-related event.

  • Using a named vsphere.local account provides for auditability unlike generic administrative accounts.

You must maintain the life cycle, availability, and security controls for the account in the vsphere.local domain.

Password Management Design for Cloud-Based Ransomware Recovery for VMware Cloud Foundation

Password management design details the design decisions covering password management of the DRaaS Connector appliance. Password policy configuration cannot be performed on the DRaaS Connector appliances.

Password Management Design for Cloud-Based Ransomware Recovery for VMware Cloud Foundation

Changing the passwords periodically or when certain events occur, such as an administrator leaving your organization, increases the security posture and health of the system. To ensure continued access, you must manage the life cycle of the service account password used by the DRaaS Connector appliances for connecting to the workload domain vCenter Server.

If a password expires, you must reset the password in the component.

Table 3. Design Decisions on Password Management for Cloud-Based Ransomware Recovery

Decision ID

Design Decision

Design Justification

Design Implication

CBR-IAM-SEC-008

For each vCenter Server, change the VMware Cloud Disaster Recovery service account password on a recurring or event-initiated schedule.

To maintain a secure platform, you should rotate the VMware Cloud Disaster Recovery service account passwords on a regular basis.

Performing password rotation for a service account is a manual process. You update the associated credentials in the VMware Cloud Disaster Recovery service.