Manage the passwords of the components deployed according to the design objectives and design guidance of the Health Reporting and Monitoring for VMware Cloud Foundation validated solution.
Password management activities include the configuration of password policies, such as password expiration, password complexity or account lockout, and password rotation and remediation.
Changing the passwords periodically or when certain events occur, increases the security posture and health of the system. To ensure continued access, you must manage the life cycle of the service accounts passwords for SDDC Manager and VMware Aria Operations.
Change the Service Accounts for the Python Module for the Integration between the Host Virtual Machine, SDDC Manager, and VMware Aria Operations for Health Reporting and Monitoring for VMware Cloud Foundation
To change the service accounts for SDDC Manager and VMware Aria Operations, you must reconfigure the env.json file of the Python Module for VMware Cloud FoundationHealth Monitoring in VMware Aria Operations.
Procedure
- Photon OS
-
-
Log in to the host virtual machine at <host_virtual_machine_fqdn>:22 as the admin user by using a Secure Shell (SSH) client.
- Edit the env.json configuration file.
vi /opt/vmware/
hrm-<sddc_manager_vm_name>
/env.json - Update the users for SDDC Manager and VMware Aria Operations.
Note: The user for VMware Aria Operations must be in the format user@domain@authsource, where authsource must match the Source display name of your vIDM source in VMware Aria Operations. The sample user name for this validated solution is [email protected]@vIDMAuthSource.
"vrops":{ "fqdn":"xint-vrops01.rainpole.io", "user":"[email protected]@vIDMAuthSource" }, "sddc_manager":{ "fqdn":"sfo-vcf01.sfo.rainpole.io", "user":"[email protected]" }
- Save the file.
Repeat this procedure for each VMware Cloud Foundation instance.
-
- Windows Servver
-
-
Log in to the host virtual machine at <host_virtual_machine_fqdn> as the Administrator user by using a Remote Desktop Connection (RDC) client and open a PowerShell console.
- Edit the env.json, located in C:\vmware\
hrm-<sddc_manager_vm_name>
folder.notepad env.json
- Update the users for SDDC Manager and VMware Aria Operations.
Note: The user for VMware Aria Operations must be in the format user@domain@authsource, where authsource must match the Source display name of your vIDM source in VMware Aria Operations. The sample user name for this validated solution is [email protected]@vIDMAuthSource.
"vrops":{ "fqdn":"xint-vrops01.rainpole.io", "user":"[email protected]@vIDMAuthSource" }, "sddc_manager":{ "fqdn":"sfo-vcf01.sfo.rainpole.io", "user":"[email protected]" }
- Save the file.
-
Repeat this procedure for each VMware Cloud Foundation instance.
-
Encrypt the Service Accounts Passwords for the Python Module for the Integration with SDDC Manager and VMware Aria Operations for Health Reporting and Monitoring for VMware Cloud Foundation
When you change or reset the service account passwords, you must regenerate the encrypted passwords for the Python Module for VMware Cloud Foundation Health Monitoring in VMware Aria Operations.
Procedure
- Photon OS
-
-
Log in to the host virtual machine at <host_virtual_machine_fqdn>:22 as the admin user by using a Secure Shell (SSH) client.
- Navigate to
hrm-<sddc_manager_vm_name>/main/
folder and encrypt the service accounts passwords.cd /opt/vmware/
hrm-<sddc_manager_vm_name>
/main/ python encrypt-passwords.py - Enter the password for the VMware Aria Operations service account.
- Enter the password for the SDDC Manager service account.
-
Enter the password for the SDDC Manager appliance local user.
- Repeat this procedure for each VMware Cloud Foundation instance.
-
- Windows Servver
-
-
Log in to the host virtual machine at <host_virtual_machine_fqdn> as the Administrator user by using a Remote Desktop Connection (RDC) client and open a PowerShell console.
- Navigate to the hrm-<sddc_manager_vm_name>\main\ folder and encrypt the service account passwords.
cd C:\vmware\
hrm-<sddc_manager_vm_name>
\main\ python encrypt-passwords.py - Enter the password for the VMware Aria Operations service account.
- Enter the password for the SDDC Manager service account.
-
Enter the password for the SDDC Manager appliance local user.
- Repeat this procedure for each VMware Cloud Foundation instance.
-