Access to the VMware Aria Operations for Logs user interface and API require an SSL connection. By default, VMware Aria Operations for Logs uses a self-signed certificate. To provide secure access to the VMware Aria Operations for Logs user interface, replace the default self-signed certificate with a CA-signed certificate.
Decision ID |
Design Decision |
Design Justification |
Design Implication |
|---|---|---|---|
ILA-VAOL-SEC-010 |
Use a CA-signed certificate containing the VMware Aria Operations for Logs cluster node FQDNs, and the ILB FQDN in the SAN attributes, when deploying VMware Aria Operations for Logs in each VMware Cloud Foundation instance. |
Configuring a CA-signed certificate ensures that the communication to the externally facing UI and API for VMware Aria Operations for Logs, and cross-product, is encrypted. |
Using CA-signed certificates from a certificate authority might increase the deployment preparation time as certificate requests are generated and delivered. |
ILA-VAOL-SEC-011 |
Use a SHA-2 or higher algorithm when signing certificates. |
The SHA-1 algorithm is considered less secure and has been deprecated. |
Not all certificate authorities support SHA-2. |
