Create and assign least privilege access to an Active Directory user account as a service account in each SDDC Manager instance for application-to-application communication between VMware Aria Operations and SDDC Manager.

Provides integration and data collection of objects managed by SDDC Manager for a VMware Cloud Foundation instance.

You must maintain the life cycle, availability, and security controls for the account in Active Directory.

Define a custom vCenter Server role for VMware Aria Operations that has minimum privileges required to support a vCenter Server cloud account.

VMware Aria Operations integrates with each workload domain vCenter Server instances using a minimum set of privileges required to support the cloud account.

• You must maintain the privileges required by the custom vSphere role.

• If additional workload domain vCenter Server instances are not in the same vCenter Single Sign-On domain, the custom role must be applied to each vCenter Single Sign-On domain.

Create and assign the custom vCenter Server role to an Active Directory user account as a service account for each workload domain vCenter Server instance for application-to-application communication between VMware Aria Operations and vCenter Server.

• Provides integration and data collection of objects managed by the vCenter Server for a given workload domain.

• Limiting the use of a service account reduces the risk in the case of either a security or a password-related event.

• Using a named Active Directory account provides for auditability unlike generic administrative accounts.

You must maintain the life cycle, availability, and security controls for the account in Active Directory.

Use the vCenter Server service account for data collection on vSAN cloud accounts.

As a service managed by vCenter Server, vSAN does not require separate credentials for the integration to function.

None.

Create and assign the Enterprise Admin role using an NSX Principal Identity for each workload domain NSX Local Manager instance for application-to-application communication between VMware Aria Operations and NSX Manager.

• Provides integration and data collection of objects managed by NSX Manager for a given workload domain.

• Limiting the use reduces the risk in the case of either a security or a password-related event.

• Principal Identity accounts remove the need to protect and maintain either a local or Active Directory Domain account and password.

You must manage the credential and the life cycle management of certificates and their corresponding private keys.