To provide role-based access control for the SDDC, you configure an identity provider in vCenter Server. That becomes the identity provider for both vCenter Server and SDDC Manager. You then integrate NSX Manager with Workspace ONE Access to activate the use of Microsoft Active Directory over LDAP with SSL.

To implement and configure role-based access control for the SDDC, two alternative methods exist: by using the user interface of each component in the solution or by using the open-source PowerShell cmdlets. You can directly reuse the PowerShell commands by replacing the provided sample values with values from your VMware Cloud Foundation Planning and Preparation Workbook.

Active Directory security groups and users are assigned to default and custom roles. Password and account lockout policies are configured based on the security and compliance standards used by your organization.

For information on the role-based access control (RBAC) design, see Detailed Design of Identity and Access Management for VMware Cloud Foundation.

Prerequisites

To complete the implementation of Identity and Access Management for VMware Cloud Foundation validated solution, verify that your system fulfills the following prerequisites.

Table 1. Prerequisites for Implementation of Identity and Access Management for VMware Cloud Foundation

Category

Prerequisite

Environment

Software

  • Download the Workspace ONE Access .ova file and make it available on the machine that you use to access the vSphere Client.

Active Directory

  • Verify that Active Directory Domain Controllers are available in the environment.

  • Verify that the required service accounts are created in Active Directory.

  • Verify that the required security groups are created in Active Directory.

Certificate Authority

If you want to use the open-source infrastructure-as-code method for the implementation and configuration of the Identity and Access Management for VMware Cloud Foundation validated solution, verify that your system fulfills the following prerequisites.

Table 2. Prerequisites for CLI Implementation of Identity and Access Management for VMware Cloud Foundation

CLI Method

Prerequisite

PowerShell

  • Verify that your system has Microsoft PowerShell 5.1 installed. See Microsoft PowerShell.
  • Verify that your system has VMware OVF Tool version 4.3.0 or higher installed to the default path (C:\Program Files\VMware\VMware OVF Tool\).

  • Verify that your system has OpenSSL version 1.0.2g or higher installed and added to the Windows PATH system variable.
  • Install the PowerValidatedSolutions PowerShell module together with the supporting modules from the PowerShell Gallery by running the following commands.
    Install-Module -Name VMware.PowerCLI -MinimumVersion 13.0.0
    Install-Module -Name VMware.vSphere.SsoAdmin -MinimumVersion 1.3.9
    Install-Module -Name ImportExcel -MinimumVersion 7.8.4
    Install-Module -Name PowerVCF -MinimumVersion 2.3.0
    Install-Module -Name PowerValidatedSolutions -MinimumVersion 2.3.0
  • Import the PowerValidatedSolutions and the PowerCLI PowerShell modules by running the following commands.
    Import-Module -Name VMware.PowerCLI -MinimumVersion 13.0.0
    Import-Module -Name PowerValidatedSolutions -MinimumVersion 2.3.0
Note: To report issues, obtain support, or suggest enhancements to the open-source PowerShell Module, use GitHub Issues in the GitHub repository.