With SDDC Manager, you can schedule password rotation automatically for some of the managed components. You set the password rotation interval to a period shorter than the period in your password expiration policy.
To avoid password expiry before the automated rotation triggers, ensure that the next password rotation occurs between the last modified date and the password expiration date.
If your environment has more than one VMware Cloud Foundation instance joined to a single vCenter Single Sign-On domain, do not schedule password rotation for the [email protected] account. For manual rotation in such cases, see VMware Knowledge Base artcle 85485.
You can configure a password rotation schedule for the following products:
| Product |
Account |
|---|---|
| vCenter Server |
|
| vCenter Single Sign-On |
For
VMware Cloud Foundation 5.1 and later:
|
|
For
VMware Cloud Foundation 5.0 and earlier:
|
|
| NSX Local Manager |
|
| NSX Edge Nodes |
|
Auto rotate is automatically enabled for vCenter Server. It may take up to 24 hours to configure the auto-rotate policy for a newly deployed vCenter Server.
Procedure
- VMware Cloud Foundation 5.2.1 or later
-
- Log in to SDDC Manager at https://<sddc_manager_fqdn> with a user assigned the Admin role.
- In the left pane, navigate to .
- On the Password management page, filter the list to include the accounts for which you want to schedule the password rotation.
- Select the check boxes for all accounts and, from the Schedule rotation drop-down menu, select your desired rotation interval.
- In the Confirm changes dialog box, click Yes.
- VMware Cloud Foundation 5.2 or earlier
-
- Log in to SDDC Manager at https://<sddc_manager_fqdn> with a user assigned the Admin role.
- In the left pane, navigate to .
- On the Password management page, from the components list, select the desired component.
- In the table, select the check boxes for all accounts and, from the Schedule rotation drop-down menu, select your desired rotation interval.
- In the Confirm changes dialog box, click Yes.
