The Identity and Access Management for VMware Cloud Foundation validated solution has objectives to deliver prescriptive content about the solution so that it is fast to deploy and is suitable for use in production environments.

Objective

Description

Main objective

Provide role-based access control for VMware Cloud Foundation infrastructure components through an organization's directory services as the authentication source.

VMware Cloud Foundation architecture support

  • vSAN ReadyNodes

    • Consolidated

    • Standard

  • VxRail Nodes

    • Consolidated

    • Standard

Workload domain type support

  • Management Workload domain

  • VI Workload domain

Scope of implementation

  • Configuration of role based access control for VMware Cloud Foundation components:

    • ESXi

    • vCenter Server

    • NSX

    • SDDC Manager

  • Deployment and configuration of solution components:

    • Workspace ONE Access

Scope of guidance

  • Deployment and initial configuration of identity access and management components for management and VI workload domains.

  • Operational guidance for the identity access and management components such as operational and post-maintenance validation.

  • Solution interoperability with solution components, such as monitoring and alerting, logging, and life cycle management.

Cloud type

Private cloud

Availability

99%

Authentication, authorization, and access control

  • Use of Microsoft Active Directory over LDAP as the identity provider.

  • Use of security groups and roles for least-privilege access control.

  • Use of service accounts and least-privilege access control for solution integration.

The configuration of Microsoft Active Directory Federation Services as the external identity provider is not included in this solution.

Certificate signing

Certificates are signed by a certificate authority (CA) that consists of a root and intermediate certificate authority layers.