Schedule Password Rotation for VMware Cloud Foundation Products

With SDDC Manager, you can schedule password rotation automatically for some of the managed components. You set the password rotation interval to a period shorter than the period in your password expiration policy.

To avoid password expiry before the automated rotation triggers, ensure that the next password rotation occurs between the last modified date and the password expiration date.

If your environment has more than one VMware Cloud Foundation instance joined to a single vCenter Single Sign-On domain, do not schedule password rotation for the [email protected] account. For manual rotation in such cases, see VMware Knowledge Base artcle 85485.

You can configure a password rotation schedule for the following products:


Product	Account
vCenter Server	root
vCenter Single Sign-On	For VMware Cloud Foundation 5.1 and later: [email protected] svc-`<sddc_manager_hostname>`-`<vcenter_server_hostname>`@vsphere.local svc-`<nsx_manager_hostname>`-`<vcenter_server_hostname>`@vsphere.local [email protected]
vCenter Single Sign-On	For VMware Cloud Foundation 5.0 and earlier: [email protected] svc-`<nsx_manager_hostname>`-`<vcenter_server_hostname>`@vsphere.local [email protected]
NSX Local Manager	admin root audit
NSX Edge Nodes	root admin audit

Note:

Auto rotate is automatically enabled for vCenter Server. It may take up to 24 hours to configure the auto-rotate policy for a newly deployed vCenter Server.

Procedure

VMware Cloud Foundation 4.5 or later

Log in to SDDC Manager at https://<sddc_manager_fqdn> with a user assigned the Admin role.
In the left pane, click Security > Password management.
On the Password management page, from the components list, select the component.
In the table, select the check box for the root accounts.
From the Schedule rotation drop-down menu, select the rotation interval.
In the Confirm changes dialog box, click Yes.
Repeat the procedure for the remaining accounts.
Repeat the procedure for the remaining products.

VMware Cloud Foundation 4.4 or earlier

Log in to SDDC Manager at https://<sddc_manager_fqdn> with a user assigned the Admin role.
In the left pane, click Administration > Security > Password management.
From the Component drop-down menu, select the component.
Select all root accounts and, from the Schedule rotation drop-down menu, select the rotation interval.
In the Confirm changes dialog box, click Yes.
Repeat the procedure for the remaining accounts.
Repeat the procedure for the remaining components.