Information security and access design details the design decisions covering authentication and access controls for ESXi, vCenter Server, NSX, and SDDC Manager.
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
IAM-VCF-SEC-001 |
Limit the use of local accounts for both interactive or API access and solution integration. |
Local accounts are not specific to user identity and do not offer complete auditing from an endpoint back to the user identity. |
You must define and manage service accounts, security groups, group membership, and security controls in Active Directory. |
IAM-VCF-SEC-002 |
Limit the scope and privileges for accounts used for both interactive or API access and solution integration. |
The principle of least privilege is a critical aspect of access management and must be part of a comprehensive defense-in-depth security strategy. |
You must define and manage custom roles and security controls to limit the scope and privileges used for interactive access or solution integration. |
IAM-VCF-SEC-003 |
Assign Active Directory user accounts to security groups following your organization's access policies. |
Allows Active Directory security groups to be assigned to roles in SDDC components for streamlined management of access and administrative privileges. |
You must define and manage security groups, group membership, and security controls in Active Directory. |
IAM-VCF-SEC-004 |
Assign Active Directory security groups to default or custom roles, as applicable, for interactive or API access to solution components based on your organization's business and security requirements.
|
|
|