Information security and access design details the design decisions covering authentication and access controls for the NSX Advanced Load Balancer.

Table 1. Design Decisions for Information Security and Access of the VMware NSX Advanced Load Balancer

Decision ID

Design Decision

Design Justification

Design Implication


Create a strong password for the local admin account on NSX Advanced Load Balancer:

  • Minimum 8 char long

  • Contains at least one char in each of 3/4 of the following categories:

    • Uppercase letters

    • Lowercase letters

    • Digits

    • Special characters

This reduces the risk of the account being compromised.

This is a requirement to setup user accounts, including the admin account.



Rotate passwords at least every 3 months.

Ensures security of the user accounts.



Limit the use of the local accounts for both interactive or API access and solution integration.

Local accounts are not specific to user identity and do not offer complete auditing from an endpoint back to the user identity.

You must define and manage service accounts, security groups, group membership, and security controls in Active Directory.


Create user accounts with desired Roles on the Controller to limit the scope and privileges for accounts used for both interactive or API access and solution integrations.


A custom ‘Role’ might be created if a user account needs to have specific permissions that are not available out of the box on the Controllers.

The principle of least privilege is a critical aspect of access management and should be part of a comprehensive defense-in-depth security strategy.

You may need to define and manage custom roles and security controls to limit the scope and privileges used for interactive access or solution integration.