Information security and access design details the design decisions covering authentication and access controls for ESXi, vCenter Server, NSX, and SDDC Manager.

Table 1. Design Decisions on Information Security

Decision ID

Design Decision

Design Justification

Design Implication

IAM-VCF-SEC-001

Limit the use of local accounts for both interactive or API access and solution integration.

Local accounts are not specific to user identity and do not offer complete auditing from an endpoint back to the user identity.

You must define and manage service accounts, security groups, group membership, and security controls in Active Directory.

IAM-VCF-SEC-002

Limit the scope and privileges for accounts used for both interactive or API access and solution integration.

The principle of least privilege is a critical aspect of access management and must be part of a comprehensive defense-in-depth security strategy.

You must define and manage custom roles and security controls to limit the scope and privileges used for interactive access or solution integration.

IAM-VCF-SEC-003

Assign Active Directory user accounts to security groups following your organization's access policies.

Allows Active Directory security groups to be assigned to roles in SDDC components for streamlined management of access and administrative privileges.

You must define and manage security groups, group membership, and security controls in Active Directory.

IAM-VCF-SEC-004

Assign Active Directory security groups to default or custom roles, as applicable, for interactive or API access to solution components based on your organization's business and security requirements.

  • SDDC Manager

  • ESXi (as applicable)

  • vCenter Servers

  • NSX Managers

  • Using Active Directory security group membership provides greater flexibility in granting access to roles across solution components.

  • Ensuring that users log in with a unique Active Directory user account provides greater visibility for auditing.

  • Evaluate the needs for additional role separation in your organization and implement mapping from Active Directory users to Active Directory security groups and default or custom roles.

  • You must manage privileges assigned to custom roles.

  • You must manage the assignment and scope of custom roles based on the business and security requirements.

  • Additional Active Directory security groups must be created in advance to assigning roles.

  • You must maintain the life cycle and availability of Active Directory security groups outside of the SDDC stack.

  • The principle of least privilege is only one aspect of access management and must be part of a comprehensive defense-in-depth security strategy aligned with organization personas.