The security of the environment depends on the validity and trust of the management components certificates. If the certificates are approaching expiration, expired, compromised, or certificate attributes require changes, regenerate and replace the certificates.
Decision ID |
Design Decision |
Design Justification |
Design Implication |
---|---|---|---|
INV-VAON-SEC-011 |
Use a CA-Signed certificate containing the fully qualified domain names (FQDNs) of each VMware Aria Operations for Networks platform and collector node in the SAN attributes, when deploying VMware Aria Operations for Networks |
Configuring a CA-Signed certificate ensures that the communication to the externally facing Web UI and API for VMware Aria Operations for Networks is encrypted. |
|
INV-VAON-SEC-012 |
Use a SHA-2 or higher algorithm when signing certificates. |
The SHA-1 algorithm is considered less secure and has been deprecated. |
Not all certificate authorities support SHA-2. |